Cisco and Juniper Routers : OSPF point to multipoint configurations

Today I am going to discuss on the OSPF configuration part, As you already know about the OSPF protocol and the network types in OSPF.

OSPF is a link state routing protocol and i wrote some of the articles on OSPF earlier as well. Please go through that articles to understand more about OSPF protocol

OSPF Basics
OSPF States
OSPF vs RIP protocols
Routing Basics : Distance Vector vs Link State Routing Protocol

Above are some of the articles on OSPF will help you more in the interview preparation.

OSPF Point to Multipoint Networks
In the point-to-multipoint configurations, we need to emulate broadcast capability, it seeks to organise the PVCs into a collection of point-to-point networks. In the case of OSPF point to multipoint networks, the hello packets must still be replicated and transmitted individually to each neighbor, but the multipoint approach offers two distinct advantages: no DR/BDR is needed, and the emulated point-to-point links can occupy a common subnet.

Apart from all these today I am going to have sample configurations on OSPF point to multipoint networks.

Here in this article I am going to take a topology of OSPF point to multipoint network and let you know the Continue reading

Even weak hackers can pull off a password reset MitM attack via account registration

At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable” to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.To read this article in full or to leave a comment, please click here

Even weak hackers can pull off a password reset MitM attack via account registration

At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable” to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.To read this article in full or to leave a comment, please click here

“Focusing on the Gift” (aka How Fish views Presenting)

CiscoLive starts today and so do my presentations.  If you have ever wondered what I’m thinking about right prior to a presentation…. I am imagining a small and beautifully wrapped gift that I want to give to each and every person in the audience. That is what I am doing.  I am “Focusing on the Gift”.

Have I always done that?  LOL.  Uh… no.  But fortunately I don’t think my 2006 Networkers presentation on EIGRP is available on video.   Otherwise I think I’d be truly embarrassed.  Why?  Because it was my first Networkers/CiscoLive presentation and I was beyond belief nervous.  Worried if I’d do okay… worried if you were enjoying the session… oh the list goes on and on as to everything I was thinking and worried about.

And then I realized something.  You know what? It really isn’t about me at all.  I am just a vehicle.  It is all about “The Gift”.  So in 2007 I went out and bought a tiny little Christmas tree sized ornament of a perfectly wrapped gift box.  Small enough that I could hide it up on the stage Continue reading

What is P4?

Recently I attended a workshop organised by the Open NFP organisation about Data Plane acceleration. The primary goal of the workshop was to get students and researchers (why was I there you may think) familiar with the P4 programming language.

P4 is a programming language created to simplify writing data planes for networking use cases.  Recently the P4-16 spec was released and could be considered a mature version of the language.

Now I’m not a hardcore developer. I know my way around in Python, GoLang and C#, but I never wrote anything more low level like C. P4 is created a little bit like GoLang, where I do not mean it as comparison, but as an architecture. P4 is designed so you only need to focus on the actual networking features that you want to make available on the hardware you are programming it for. Then when you compile it, it will generate runtime code for your hardware. Or as the creators explain it:

At one level, P4 is just a simple language for declaring how packets are to be processed. At another level, P4 turns network system design on its head.

There is no need to worry on low Continue reading

Cisco Catalyst 6500 Chassis VSS Configuration ( Switch1 and Switch2 )

Today I am going to talk about VSS and tell you guys how to configure the VSS in the live environment. I am going to explain VSS first and then we will come up with the VSS configuration for both the switches which will be participate in the VSS.

Although we have three switches who can be used as VSS, It can be 
  • Cisco catalyst 4500 Series Switches
  • Cisco Catalyst 6500 Series Switches
  • Cisco Catalyst 6800 Series Switches
In this article I am taking the example of Cisco 6500 Switches in the VSS. Lets talk about VSS first now followed by the configurations:


Cisco Catalyst 6500 Series Virtual Switching System (VSS) is a technique by which we are going to merge two physical Cisco Catalyst 6500 Series switches together into a single, logically managed entity. In the case of Cisco catalyst 6500 where you can manage two chassis as a single control plane  but you can have the dual data plane after enabling Cisco Virtual Switching System. 

Fig 1.1-Sample Topology Cisco VSS Physical and Logical View
It uses Cisco IOS Stateful Switchover (SSO) technology, as well as Non-Stop Forwarding (NSF) extensions to routing protocols, to provide a single, Continue reading

Docker image – Python for network engineers

Lately I’m looking more and more into Python, with respect to automation implementations useful for network engineers. In the learning process I’ve used different materials, like the excellent video trainings Python Programming for Network Engineers from David Bombal which are available free on Youtube.

This training in particular relies on a Ubuntu Docker image in order to support Python learning following interaction with Cisco devices in GNS3. Everything is great, just that the image doesn’t contain all necessary tools (like Paramiko, Netmiko, Ansible…). As you can guess, whenever you close / open the Project in GNS3, all the installed packages installed in the Ubuntu Docker image are gone.

Since we’re talking automation, I got bored to install the necessary tools everytime I wanted to start a new project or I had to close GNS3 for some reason. I’ve tried to find a Docker image that suits my needs, but I couldn’t (please point me to one if you know it).

So, I’ve build a Docker image, based on Ubuntu 16.04, which contains the necessary tools to start learning Python programming oriented for network engineers:

  • Openssl
  • Net-tools (ifconfig..)
  • IPutils (ping, arping, traceroute…)
  • IProute
  • IPerf
  • TCPDump
  • NMAP
  • Python 2. Continue reading

A kindly lesson for you non-techies about encryption

The following tweets need to be debunked:



The answer to John Schindler's question is:
every expert in cryptography doesn't know this
Oh, sure, you can find fringe wacko who also knows crypto that agrees with you but all the sane members of the security community will not.


Telegram is not trustworthy because it's closed-source. We can't see how it works. We don't know if they've made accidental mistakes that can be hacked. We don't know if they've been bribed by the NSA or Russia to put backdoors in their program. In contrast, PGP and Signal are open-source. We can read exactly what the software does. Indeed, thousands of people have been reviewing their software looking for mistakes and backdoors.

Encryption works. Neither the NSA nor the Russians can break properly encrypted content. There's no such thing as "military grade" encryption that is better than consumer grade. There's only encryption that nobody can hack vs. encryption that your neighbor's teenage kid can easily hack. There's essentially nothing in between. Those scenes in TV/movies about breaking encryption is as realistic as sound in space: good for dramatic presentation, but not how things work in the real world.

In particular, end-to-end encryption works. Continue reading

VPLS basic configurations in MPLS environment: Cisco Routers

Today I am going to tell you about the basic configurations of VPLS on the Cisco routers. Let's take an scenario where i can say that there is a MPLS network where we have PE1, PE2 and PE3 connected at the edges of the MPLS network and beyond that there are customer edge routers.

Let me explain little bit how Layer 2 split horizon enabled in the VPLS scenario. So on the edge of the MPLS PE routers VLAN packets received from the customer network can be forwarded to one or more local interfaces and or emulated VCs in the VPLS domain. To avoid broadcasted packets looping around in the network, no packet received from an emulated VC can be forwarded to any emulated VC of the VPLS domain on a PE router. That is, the Layer 2 split horizon should always be enabled as the default in a full-mesh network. 

Below is the topology showing the VPLS connectivity across the three Service Provider Edge routers that i mentioned above. We have three PE routers and named as PE1, PE2 and PE3 routers. Below the topology we have the configurations on all these PE routers step by step. All Continue reading

Cisco Catalyst 9400 Switches – A new Launch

As in my earlier article i talked about the new launch of the Cisco catalyst 9300 and explain the features of that catalyst switch. Now I am going to talk about the other 2 series which Cisco launches. Cisco understand the requirement of the market and also competing with the other vendors for Next generation networks like SDN where open APIs can be used to stitch third party applications.

Cisco come up with the solution for the campus where they are going to deploy the fabric network on the top of traditional IP network. I will come up with another article where I can explain the architecture of the SD-Access network for the campus network designed by Cisco Systems.

With the launch of Cisco 9300, 9400 and 9500 cisco is running ahead in the field of enterprise network architecture. For Cisco catalyst 9300 please check the below mentioned link

Cisco Catalyst 9300 Switches for Campus

Now let me talk about the other two series of switches launched by Cisco Systems for campus or enterprise network named Cisco catalyst 9400 and 9500 switches.

Cisco Catalyst 9400 Switch:
With the help of Cisco catalyst 9400 switch you will achieve Advanced persistent security threats, Continue reading

Converge your network with priority flow control (PFC)

Back in April, we talked about a feature called Explicit Congestion Notification (ECN). We discussed how ECN is an end-to-end method used to converge networks and save money. Priority flow control (PFC) is a different way to accomplish the same goal. Since PFC supports lossless or near lossless Ethernet, you can run applications, like RDMA, over Converged Ethernet (RoCE or RoCEv2) over your current data center infrastructure. Since RoCE runs directly over Ethernet, a different method than ECN must be used to control congestion. In this post, we’ll concentrate on the Layer 2 solution for RoCE — PFC, and how it can help you optimize your network.

What is priority flow control?

Certain data center applications can tolerate only little or no loss. However, traditional Ethernet is connectionless and allows traffic loss; it relies on the upper layer protocols to re-send or provide flow control when necessary. To allow flow control for Ethernet frames, 802.3X was developed to provide flow control on the Ethernet layer. 802.3X defines a standard to send an Ethernet PAUSE frame upstream when congestion is experienced, telling the sender to “stop sending” for a few moments. The PAUSE frame stops traffic BEFORE the buffer Continue reading

Worth Reading: The root of a robust Internet

On 26 December 2006, a magnitude-7.0 earthquake struck off the southwest coast of Taiwan. This was the Hengchun earthquake, and the quake and its aftershocks resulted in six of the seven submarine cables serving Hong Kong being cut, severely disrupting Internet services on the Special Administrative Region. PCCW, the largest Internet operator in Hong Kong, reported a reduction of 50% in data capacity, neighbouring Taiwan had a 100% outage to Hong Kong and South-East Asia, while China’s two main operators reported over 90% outages. —APNIC

The post Worth Reading: The root of a robust Internet appeared first on rule 11 reader.

IDG Contributor Network: How to handle risks of hypervisor hacking

Global cloud computing and digital systems today would not exist without virtualization and hypervisors. Virtualization and hypervisors are basic tools for implementing digital systems that respond from moment to moment to varying demands without slow and expensive physical reconfiguration of hardware and rebuilding of software execution stacks and heavy investment in hardware that is only used during peak loads.Last blog, I described the dangers of a hypervisor attack. How can such an attack occur? There are a number of ways.Resource simulations A hypervisor provides software simulations of basic computing resources — like CPUs, memory, storage and network connections — that isolate VMs from one another. But the isolation may have soft spots. For example, freed simulated memory for one VM might be the same physical memory the hypervisor allocates to another VM. If the hypervisor does not blank out the reallocated physical memory, the second VM has access to data from the first VM and a data breach ensues. All resource simulations are subject to dangerous implementation errors. Simulated CPU registers, storage buffers and network buffers, all present opportunities for coding mistakes that permit data or control breaches.To read this article in full or to leave Continue reading

IDG Contributor Network: What Amazon’s acquisition of Whole Foods means for enterprise IT operations

Amazon has announced that it is buying Whole Foods for $13.7 billion. The implications of this upon the grocery business have been widely written about in a variety of publications including Forbes, and Business Insider. The point of this post is not to rehash what Amazon will or will not do to the grocery business but rather to focus upon the lessons of this acquisition for Enterprise IT Operations.Every business is a digital business At the recent IT Operations Strategies Summit, Gartner released the results of a survey that it had done with the CEO’s of its clients. The results were that by 2020 these CEO’s expected the following:To read this article in full or to leave a comment, please click here

The inextricable link between IoT and machine learning

I met with a team of Microsoft AI researchers recently to discuss original adaptations of Resnet 50, a version of the convolutional network Microsoft used to win the Imagenet 2015 image recognition competition. The discussion about the scientists work caused me to reconsider the inextricable link between IoT and machine learning.Control loops are a fundamental principal of the internet of things (IoT.) If then, then that (ITTT) has a long history in conditionally controlling things dating to the invention of the electric relay in the 1830s. Over time, single relays were combined into state machines, and later, relays became transistors. During the glamorous growth of computers in IT, consumer and mobile sectors, less glamorous ITTT computers have been applied to many use cases such as controlling machines in factories and performing lab experiments.To read this article in full or to leave a comment, please click here

1 2,000 2,001 2,002 2,003 2,004 3,836