MC-LAG lab – advanced IRB functionality
For simplified Layer 3 gateway services, where Layer 3 routing protocols are not run on the MC-LAG peers, you simply configure the same Layer 3 gateway IP address on both MC-LAG peers and enable IRB MAC address synchronization. This IP address is used as the default gateway for the MC-LAG servers or hosts.
For more advanced Layer 3 gateway services, where Layer 3 routing protocols and Layer 3 multicast operations are required on the MC-LAG peers, you configure unique IRB interface addresses on each MC-LAG peer and then configured the virtual router redundancy protocol (VRRP) between the peers in an active/standby role.
To help with some forwarding operations, the IRB MAC address of each peer is replicated on the other peer and is installed as a MAC address with the forwarding next hop of the ICL-PL. This is achieved by configuring a static ARP entry for the remote peer.
IRB interfaces configurations:
irb {
unit 100 {
family inet {
address 172.16.0.1/24 {
arp 172.16.0.2 l2-interface xe-0/ Continue reading
Is DefCon Wifi safe?
DEF CON is the largest U.S. hacker conference that takes place every summer in Las Vegas. It offers WiFi service. Is it safe?Probably.
The trick is that you need to download the certificate from https://wifireg.defcon.org and import it into your computer. They have instructions for all your various operating systems. For macOS, it was as simple as downloading "dc25.mobileconfig" and importing it.
I haven't validated the DefCon team did the right thing for all platforms, but I know that safety is possible. If a hacker could easily hack into arbitrary WiFi, then equipment vendors would fix it. Corporations widely use WiFi -- they couldn't do this if it weren't safe.
The first step in safety is encryption, obviously. WPA does encryption well, you you are good there.
The second step is authentication -- proving that the access-point is who it says it is. Otherwise, somebody could setup their own access-point claiming to be "DefCon", and you'd happily connect to it. Encrypted connect to the evil access-point doesn't help you. This is what the certificate you download does -- you import it into your system, so that you'll trust only the "DefCon" access-point that has Continue reading
Last 10 days for the August 2017 CCDE Online Bootcamp
My Webex based, Online CCDE Bootcamp will start in 10 days. August 7, 2017 is the first day of my live CCDE Bootcamp. As the best CCDE Training, I will cover all CCDE Blueprint topics as usual. Before and after the Bootcamp, there are many other resources which you will go through. These […]
The post Last 10 days for the August 2017 CCDE Online Bootcamp appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
Moved to new house , Finished the new course but !
I have been very busy for last one month. I announced 2 , 3 months before Service Provider Design Workshop and conducted it at last two weekends. I moved to new house, lot’s of things to deal with, believe me. First time I will share the photos of it here. Meanwhile I […]
The post Moved to new house , Finished the new course but ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
Checkpoint Database and Policy
The Checkpoint database holds the network objects whereas the policy is how those objects are used.
The Supercomputing Slump Hits HPC
Supercomputing, by definition, is an esoteric, exotic, and relatively small slice of the overall IT landscape, but it is, also by definition, a vital driver of innovation within IT and in all of the segments of the market where simulation, modeling, and now machine learning are used to provide goods and services.
As we have pointed out many times, the supercomputing business is not, however, one that is easy to participate in and generate a regular stream of revenues and predictable profits and it is most certainly one where the vendors and their customers have to, by necessity, take the …
The Supercomputing Slump Hits HPC was written by Timothy Prickett Morgan at The Next Platform.
Reaffirming the Internet as a Force for Good: The Next 25 Years
To mark its 25th Anniversary, the Internet Society is beginning a global dialogue on the impact of the Internet on societies. So far, we have held discussions at Chatham House in London, and opened up the dialogue in a recent public forum with more than 100 participants from 30 countries across Africa, the Middle East, Europe & Central Asia, Latin America and the Caribbean, and South Asia.
Fortinet Posts Solid Q2, Stock Sags as Investors Wanted More
Stock price has sunk nearly 8 percent since results were released.
Worth Reading: IPv4 route lookup on Linux
The post Worth Reading: IPv4 route lookup on Linux appeared first on rule 11 reader.
ONF Continues its Work on Intent-Based Networking for ONOS
ONOS is the group's SDN controller.
SDxCentral Weekly News Roundup — July 28, 2017
Microsoft releases Azure Container Instances; ZTE and Intel publish a white paper about containerized vEPC.
GigaSpaces Plans to Unleash Cloudify Business Unit
News hints at potential future investment opportunities.
Gigamon Revenue is Down, But It’s Bullish on New Products
The new products have boosted the company's outlook.
AWS Cloud a Bright Spot in Amazon’s Q2 Earnings Miss
AWS remains the dominant cloud player, but Microsoft and Google are closing in.
Stuff The Internet Says On Scalability For July 28th, 2017s
Hey, it's HighScalability time:
- 1.8x: faster code on iPad MacBook Pro; 1 billion: WhatsApp daily active users; 100 milliamps: heart stopping current; $25m: surprisingly low take from ransomware; 2,700x: improvement in throughput with TCP BBR; 620: Uber locations; $35.5 billion: Facebook's cash hoard; 2 billion: Facebook monthly active users; #1: Apple is the world's most profitable [legal] company; 500,000x: return on destroying an arms depot with a drone;
- Quotable Quotes:
- Alasdair Allan: Jeff Bezos’ statement that “there’s not that much interesting about CubeSats” may well turn out to be the twenty first century’s “nobody needs more than 640kb.”
- @hardmaru: Decoding the Enigma with RNNs. They trained a LSTM with 3000 hidden units to decode ciphertext with 96%+ accuracy.
- @tj_waldorf: Morningstar achieved 97% cost reduction by moving to AWS. #AWSSummit Chicago
- Ed Sperling: Moore’s Law is alive and well, but it is no longer the only approach. And depending on Continue reading
Worth Reading: DNS Hijacking is Real
The post Worth Reading: DNS Hijacking is Real appeared first on rule 11 reader.
Show 349: Future Of Networking With Mark Townsley
Mark Townsley joins the Packet Pushers to talk about IPv6 and the research going on at Cisco s Paris Innovation and Research Lab on this Future Of Networking show. The post Show 349: Future Of Networking With Mark Townsley appeared first on Packet Pushers.
Want Great Software-Defined Storage? Pay Attention to the File System
What’s needed is an SDS solution that can accommodate all storage types.