Archive

Category Archives for "Networking"

LISP – OMP – BGP EVPN Interoperability – Part II: VPNv4 Update from Control Plane to Border-PxTR

 

The previous chapter describes how Edge-xTR-11 used LISP Map-Register message to advertise EID-to-RLOC information to MapServ-22. It also explained how MapSrv-22, as a role of Mapping Server, stores the information into Mapping Data Base. MapSrv-22 is also Map-Resolver. This means that when it receives the LISP Map-Requestmessage from the xTR device, it will respond with a Map-Reply message. If MapSrv-22 knows the EID-to-RLOC mapping, it places this information into the Map-Reply message. If MapSrv-22 doesn’t have mapping information, it instructs requesting xTR to forward traffic to its Proxy-xTR. This, however, is not the case in our example. What we want to do is advertise the EP1 reachability information to Border-PxTR. In order to do that, we need to a) export EID-to-RLOC information from the Mapping Data Base to instance-specific VRF_100 RIB. Then we can advertise it by using BGP and because we want to include virtual network identifier into update we use MP-BGP VPNv4 because there we have Route Target Attribute. The next sections describe the process in detail.

 

Phase 1: Map-Server - RIB Update

 

LISP Map-Server doesn’t install EID-to-RLOC mapping information from the Mapping Database into a RIB by default. To do that we need to export the information from the LISP Mapping DataBase to RIB by using the LISP Instance-specific command route-export site-registrations.  Example 1-6 illustrates the update process. Example 1-7 shows the RIB entry concerning EP1 IP address 172.16.100.10/32 in VRF 100_NWKT. Due to redistribution, the route is shown as directly connected, via Null0. If you take a look at the timestamps in example 1-6 and compare it to timestamps in example 1-3, you will see that the RIB update happens right after the unreliable EID-to-RLOC registration process.

 Complete device configuration can be found in chapter 1 Appendix 1.


Figure 1-10: EID-to-RLOC information from LISP to RIB.

 

Continue reading

Expanding Cloudflare to 25+ Cities in Brazil

Expanding Cloudflare to 25+ Cities in Brazil
Expanding Cloudflare to 25+ Cities in Brazil

Today, we are excited to announce an expansion we’ve been working on behind the scenes for the last two years: a 25+ city partnership with one of the largest ISPs in Brazil. This is one of the largest simultaneous single-country expansions we’ve done so far.

With this partnership, Brazilians throughout the country will see significant improvement to their Internet experience. Already, the 25th-percentile latency of non-bot traffic (we use that measure as an approximation of physical distance from our servers to end users) has dropped from the mid-20 millisecond range to sub-10 milliseconds. This benefit extends not only to the 25 million Internet properties on our network, but to the entire Internet with Cloudflare services like 1.1.1.1 and WARP. We expect that as we approach 25 cities in Brazil, latency will continue to drop while throughput increases.

Expanding Cloudflare to 25+ Cities in Brazil
25th percentile latency of non-bot traffic in Brazil has more than halved as new cities have gone live.
Expanding Cloudflare to 25+ Cities in Brazil

This partnership is part of our mission to help create a better Internet and the best development experience for all — not just those in major population centers or in Western markets — and we are excited to take this step on Continue reading

Cisco CCNA certification explained

The CCNA, which stands for Cisco Certified Network Associate, is Cisco's foundational certification for networking professionals.The CCNA is a commonly required prerequisite for associate-level networking jobs such as network engineer, network administrator, network support technician or help desk technician. There used to be 10 CCNA concentrations, specific to cloud, collaboration, security, data centers, wireless, and other areas. Then, in February of 2020, Cisco combined all of its foundational networking certifications into one comprehensive CCNA certification.To read this article in full, please click here

Hybrid cloud success: 5 things to forget about, 4 things to remember

OK, let's say you're a CIO who's promoted hybrid cloud computing in your company. Then along came all these news stories that call into question the whole notion of cloud economies. Do you send some covert IT team to block the news from the CFO's computer, or do you deal with it? Hopefully, the latter.I've examined audits of over four-dozen cloud projects, and the good news is that most cloud applications make the business case. The bad news is that a lot, a worrisome lot, don’t. If you want yours to succeed, there are some strategies that will help, in the form of five “forgets” and four “remembers”.To read this article in full, please click here

Infoblox: How DDI Can Help Solve Network Security and Management Ills 

Network connections can be likened to attending an amusement park, where Dynamic Host Configuration Protocol (DHCP), serves as the ticket to enter the park and the domain name system (DNS) is the map around the park. Network management and security provider Infoblox made a name for itself by collapsing those two core pieces into a single platform for enterprises to be able to control where IP addresses are assigned and how they manage network creation and movement. “They control their own DNS so that they can have better control over their traffic,” explained Infoblox: How DDI Can Help Solve Network Security and Management Ills  Also available on Google Podcasts, PlayerFM, Spotify, TuneIn Infoblox’s name for this unified service is DDI, which is

Full Stack Journey 056: Network Automation Progress And Problems

What's the latest with network automation? Where is the industry getting things right, and where is there more work to be done? How is public cloud influencing network automation? Scott Lowe welcomes Ethan Banks to the Full Stack Journey podcast for an update on the state of automation in networking.

The post Full Stack Journey 056: Network Automation Progress And Problems appeared first on Packet Pushers.

DDoS attack trends for 2021 Q2

DDoS attack trends for 2021 Q2
DDoS attack trends for 2021 Q2

Recent weeks have witnessed massive ransomware and ransom DDoS (Distributed Denial of Service) attack campaigns that interrupted aspects of critical infrastructure around the world, including one of the largest petroleum pipeline system operators, and one of the world’s biggest meat processing companies. Earlier this quarter, more than 200 organizations across Belgium, including the government and parliament websites and other services, were also DDoS’d.

And when most of the United States were celebrating Independence Day on July 4, hundreds of US companies were hit by a ransomware attack demanding 70 million USD in Bitcoin. Attackers known to be affiliated with REvil, a Russian ransomware group, exploited multiple previously unknown vulnerabilities in IT management software. The targets included schools, small public-sector bodies, travel and leisure organizations, and credit unions, to name a few. While the threat of ransomware and ransom DDoS is not new (read our posts on ransomware and ransom DDoS from 2021 Q1), the latest attacks on Internet properties ranging from wineries, professional sports teams, ferry services and hospitals has brought them from just being background noise to front page headlines affecting our day-to-day lives. In fact, recent attacks have propelled ransomware and DDoS to the top of US Continue reading

LISP – OMP – BGP EVPN Interoperability – Part I: LISP EID-to-RLOC Registration

I have written a couple of books about Network Virtualization Overlay over Layer 3 (NVO3). My first book was about Datacenter network virtualization based on BGP L2VPN EVPN. After that, I wrote a book about Campus networks based on LISP. In my latest book, I introduced the Cisco SD-WAN solution running OMP in Control-Plane. I wanted to write one more book where I combine these three different NVO3 solutions. I haven’t used pictures in the “About This Book” section in my previous books but now I decided to do that because one picture tells more than 1000 words. The figure below combines these three NVO3 solutions and illustrates what is needed to have IP connectivity between EP1 in the LISP domain and EP2 in the BGP EVPN domain. After reading this book you should be able to understand the processes of how IP reachability information about local hosts are advertised from the LISP domain over the SD-WAN to BGP EVPN domain and another way around. I wanted to keep this complex solution as simple as possible. That is why I didn’t include any redundancy.


Continue reading

WISP cheat sheet for MPLS/VPLS MTU

A guide for working with MTU and MPLS in a Wireless ISP

MPLS/VPLS MTU math can be complicated and is always a struggle to unravel.

To make it a little easier and put it into a WISP context, I designed this cheat sheet on 8.5 x 11 (to print for those that actually trust printers) and used common WISP equipment like MikroTik routers, Ubnt and Cambium radios with real world MTU values.

The MTU values are displayed in layers to make it easier to see where each value fits.

PDF is here

A starting point

These values are meant to be a starting point by representing the minimum values required for MPLS/VPLS with a single 802.1q VLAN tag.

In general, after going through hundreds of WISP migrations, I’ve found it to be easier to implement the minimum values required when working on a production WISP to identify the effective lowest MTU in the network.

Once the network equipment has been modified and has been running in a stable way on the minimum values, then higher values can be considered and implemented (now that the effective lowest MTU on the network is documented)

https://iparchitechs.com/contact

Find out what packages are installed on your Fedora system

If you're curious about how many packages are installed on your Fedora system or how you can check on them, you might be surprised at how much information you have at your fingertips. With just a few commands, you can find out just about anything you might want know about packages and the repositories they came from.What is a package? To get started, a Linux package is simply a collection of files that performs some particular tasks. For example, the popular image-editing program GIMP is installed as a package, and it includes all of the files that you need to do some impressive image editing. You can easily ask if GIMP is installed with a command like this:To read this article in full, please click here

Find out what packages are installed on your Fedora system

If you're curious about how many packages are installed on your Fedora system or how you can check on them, you might be surprised at how much information you have at your fingertips. With just a few commands, you can find out just about anything you might want know about packages and the repositories they came from.What is a package? To get started, a Linux package is simply a collection of files that performs some particular tasks. For example, the popular image-editing program GIMP is installed as a package, and it includes all of the files that you need to do some impressive image editing. You can easily ask if GIMP is installed with a command like this:To read this article in full, please click here

SD-WAN buyers guide: Key questions to ask vendors (and yourself)

Prior to the pandemic, SD-WAN was primarily a niche technology pitched to enterprises as a way to cut costs and improve WAN flexibility by allowing traffic to burst directly from the branch office to the Internet, rather than backhauling it over expensive MPLS links to a central site. SD-WAN resources What is SD-WAN and what does it mean for networking, security, cloud? 10 SD-WAN features you're probably not using but should be SD-WAN may be the key to smart network services SD-WAN and analytics: A marriage made for the new normal Native SD-WAN monitoring tools are not enough, survey says Today, SD-WAN has emerged as a key enabler of the post-COVID enterprise in which mission critical applications live in multiple clouds, employees connect and collaborate from everywhere, and remote access to applications like Office 365, Salesforce and Zoom must be fast, secure, reliable, optimized, and automated for maximum business productivity and end user satisfaction.To read this article in full, please click here

Another Portent of the Decline and Fall of the Telco

The Swedish carrier group Telia has recently announced the sale of its international wholesale business to Polhelm Infra, an infrastructure investment manager jointly owned by a number of Swedish pension funds. Why would a telco operator sell off what was a core part of its operation to a pension fund?

Tech Bytes: Instrumenting For Hybrid Work With AppNeta (Sponsored)

On today's sponsored Tech Bytes episode, we talk with AppNeta about instrumenting application performance to support on-prem and remote employees in today's hybrid work environment. Our AppNeta guests are Sean Armstrong, VP of Products; and Alec Pinkham Director of Product Marketing.

The post Tech Bytes: Instrumenting For Hybrid Work With AppNeta (Sponsored) appeared first on Packet Pushers.

Whatever it is, you need more (RFC1925 rule 9)

There is never enough. Whatever you name in the world of networking, there is simply not enough. There are not enough ports. There is not enough speed. There is not enough bandwidth. Many times, the problem of “not enough” manifests itself as “too much”—there is too much buffering and there are too many packets being dropped. Not so long ago, the Internet community decided there were not enough IP addresses and decided to expand the address space from 32 bits in IPv4 to 128 bits in IPv6. The IPv6 address space is almost unimaginably huge—2 to the 128th power is about 340 trillion, trillion, trillion addresses. That is enough to provide addresses to stacks of 10 billion computers blanketing the entire Earth. Even a single subnet of this space is enough to provide addresses for a full data center where hundreds of virtual machines are being created every minute; each /64 (the default allocation size for an IPv6 address) contains 4 billion IPv4 address spaces.

But… what if the current IPv6 address space simply is not enough? Engineers working in the IETF have created two different solutions over the years for just this eventuality. In 1994 RFC1606 provided a Continue reading

1 573 574 575 576 577 3,442