MC-LAG lab – advanced IRB functionality

For simplified Layer 3 gateway services, where Layer 3 routing protocols are not run on the MC-LAG peers, you simply configure the same Layer 3 gateway IP address on both MC-LAG peers and enable IRB MAC address synchronization. This IP address is used as the default gateway for the MC-LAG servers or hosts.
For more advanced Layer 3 gateway services, where Layer 3 routing protocols and Layer 3 multicast operations are required on the MC-LAG peers, you configure unique IRB interface addresses on each MC-LAG peer and then configured the virtual router redundancy protocol (VRRP) between the peers in an active/standby role.
To help with some forwarding operations, the IRB MAC address of each peer is replicated on the other peer and is installed as a MAC address with the forwarding next hop of the ICL-PL. This is achieved by configuring a static ARP entry for the remote peer.

IRB interfaces configurations:

vQFX1:
irb {
    unit 100 {
        family inet {
            address 172.16.0.1/24 {
                arp 172.16.0.2 l2-interface xe-0/ Continue reading

Is DefCon Wifi safe?

DEF CON is the largest U.S. hacker conference that takes place every summer in Las Vegas. It offers WiFi service. Is it safe?

Probably.

The trick is that you need to download the certificate from https://wifireg.defcon.org and import it into your computer. They have instructions for all your various operating systems. For macOS, it was as simple as downloading "dc25.mobileconfig" and importing it.

I haven't validated the DefCon team did the right thing for all platforms, but I know that safety is possible. If a hacker could easily hack into arbitrary WiFi, then equipment vendors would fix it. Corporations widely use WiFi -- they couldn't do this if it weren't safe.

The first step in safety is encryption, obviously. WPA does encryption well, you you are good there.

The second step is authentication -- proving that the access-point is who it says it is. Otherwise, somebody could setup their own access-point claiming to be "DefCon", and you'd happily connect to it. Encrypted connect to the evil access-point doesn't help you. This is what the certificate you download does -- you import it into your system, so that you'll trust only the "DefCon" access-point that has Continue reading

Last 10 days for the August 2017 CCDE Online Bootcamp

My Webex based, Online CCDE Bootcamp will start in 10 days.    August 7, 2017 is the first day of my live CCDE Bootcamp.   As the best CCDE Training, I will cover all CCDE Blueprint topics as usual. Before and after the Bootcamp, there are many other resources which you will go through. These […]

The post Last 10 days for the August 2017 CCDE Online Bootcamp appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Moved to new house , Finished the new course but !

I have been very busy for last one month.   I announced 2 , 3 months before Service Provider Design Workshop and conducted it at last two weekends.   I moved to new house, lot’s of things to deal with, believe me. First time I will share the photos of it here.   Meanwhile I […]

The post Moved to new house , Finished the new course but ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

The Supercomputing Slump Hits HPC

Supercomputing, by definition, is an esoteric, exotic, and relatively small slice of the overall IT landscape, but it is, also by definition, a vital driver of innovation within IT and in all of the segments of the market where simulation, modeling, and now machine learning are used to provide goods and services.

As we have pointed out many times, the supercomputing business is not, however, one that is easy to participate in and generate a regular stream of revenues and predictable profits and it is most certainly one where the vendors and their customers have to, by necessity, take the

The Supercomputing Slump Hits HPC was written by Timothy Prickett Morgan at The Next Platform.

Reaffirming the Internet as a Force for Good: The Next 25 Years

To mark its 25th Anniversary, the Internet Society is beginning a global dialogue on the impact of the Internet on societies.  So far, we have held discussions at Chatham House in London, and opened up the dialogue in a recent public forum with more than 100 participants from 30 countries across Africa, the Middle East, Europe & Central Asia, Latin America and the Caribbean, and South Asia. 

Konstantinos Komaitis

Worth Reading: IPv4 route lookup on Linux

During the lifetime of an IPv4 datagram inside the Linux kernel, one important step is the route lookup for the destination address through the fib_lookup() function. From essential information about the datagram (source and destination IP addresses, interfaces, firewall mark, …), this function should quickly provide a decision. —Vincent Bernat @MTU Ninja

The post Worth Reading: IPv4 route lookup on Linux appeared first on rule 11 reader.

Stuff The Internet Says On Scalability For July 28th, 2017s

Hey, it's HighScalability time:

 

Jackson Pollock painting? Cortical column? Nope, it's a 2 trillion particle cosmological simulation using 4000+ GPUs. (paper, Joachim Stadel, UZH)

If you like this sort of Stuff then please support me on Patreon.

 

  • 1.8x: faster code on iPad MacBook Pro; 1 billion: WhatsApp daily active users; 100 milliamps: heart stopping current; $25m: surprisingly low take from ransomware; 2,700x: improvement in throughput with TCP BBR; 620: Uber locations; $35.5 billion: Facebook's cash hoard; 2 billion: Facebook monthly active users; #1: Apple is the world's most profitable [legal] company; 500,000x: return on destroying an arms depot with a drone; 

  • Quotable Quotes:
    • Alasdair Allan: Jeff Bezos’ statement that “there’s not that much interesting about CubeSats” may well turn out to be the twenty first century’s “nobody needs more than 640kb.”
    • @hardmaru: Decoding the Enigma with RNNs. They trained a LSTM with 3000 hidden units to decode ciphertext with 96%+ accuracy. 
    • @tj_waldorf: Morningstar achieved 97% cost reduction by moving to AWS. #AWSSummit Chicago
    • Ed Sperling: Moore’s Law is alive and well, but it is no longer the only approach. And depending on Continue reading

Worth Reading: DNS Hijacking is Real

Over the years hackers have hijacked many domain names by manipulating their DNS records to redirect visitors to malicious servers. While there’s no perfect solution to prevent such security breaches, there are actions that domain owners can take to limit the impact of these attacks on their Web services and users. —Lucisn Constantin @ The New Stack

The post Worth Reading: DNS Hijacking is Real appeared first on rule 11 reader.

IT Starts with Docker

Happy SysAdmin Day! Cheers to all of you who keep your organizations running, keep our data secure, respond at a moment’s notice and bring servers and apps back to life after a crash. Today we say, “Thank You!”

Docker Sysadmin Day

Anniversaries are a great time to reflect on accomplishments of the last year: the projects you’ve completed, the occasions you’ve saved your company money or time, the new technology you’ve learned. In a role like IT, so much can change each year as technology progresses and becomes more challenging to stay ahead of that curve. So this SysAdmin Day, we at Docker want to congratulate your past successes and prepare you for the year to come.

Containers are not just for developers anymore and Docker is the standard for packaging all kinds of applications – Windows, Linux, traditional, and microservices. Over the next few months, we’ll be covering how SysAdmins like yourself are enabling their organizations to innovate faster while saving their companies’ money by embracing containers with Docker Enterprise Edition.

Sign up here to start your journey and learn how IT Starts with Docker. 

Docker for IT Pros

This multi-part series will include:

  • How Docker Enterprise Edition is helping IT organizations free up money Continue reading
1 1,960 1,961 1,962 1,963 1,964 3,836