The Case of the Failed IPv6 Ping – Part 2: The Solution
Put your detective hat on your head and your Network Detective badge on your lapel. It is time to SOLVE for the Case of the Failed IPv6 Ping.
Review the Facts and Clues Again
Let’s review where we left off in our Part 1 of this case — “Case of the Failed IPv6 Ping – Part1: Facts and Clues“. At the end of Part 1…..we were ON R1 and unable to ping the IPv6 address of our directly connected interface gig0/0/3, 2001:db8:14:1::1.
As you recall the facts were as below. Interface up/up, OSPFv3 configured properly, proper IPv6 address configured on interface gig0/0/3. Still, we cannot ping R1’s directly connected IPv6 address from anywhere including from R1 itself.
Totally confused. Time to just stare at the list above, absorb the oddness, and think.
Wait one second!!!! “No valid route for destination” ??? Even the ping from R1 said that?
“That can’t be true“, I think to myself while I type show ipv6 route connected.
What the????….. Why don’t I have R1’s gig0/0/3 interface in the routing table? It is up/up and with the proper IPv6 address configured. Now Continue reading
CCIE Security v5 Blueprint Update Announced
Finally, Cisco has made the official announcement on the upcoming changes for CCIE Security Version 5. Both the written exam and the lab exam will be changes go live starting 31st of January 2017, which gives you the usual 6 months window to pass the Version 4 exam, before the change to Version 5 occurs. As opposed to the old blueprint, there are major changes in both the technical content and exam delivery format.
As expected, the new exam topics are inline with Cisco’s current Security product line with pretty much nothing missing. Yes, you got that right! Also, as expected, Cisco is trying to push the same exam delivery model for all CCIE tracks.
Blueprint Technical Topic Changes
We now have a Unified Exam Blueprint, covering topics for both the written and lab exam, similar to the change that was introduced with CCIE Data Center Version 2. The Blueprint for Version 5 is divided into 6 sections, with the last one being relevant only for the written exam:
- Perimeter Security and Intrusion Prevention
- Advanced Threat Protection and Content Security
- Secure Connectivity and Segmentation
- Identity Management, Information Exchange and Access Control
- Infrastructure Security, Virtualization and Automation
- Evolving Technologies*
*Written Continue reading
Troubleshooting Cisco IOS FTP Error Code
In this video, Tony Fortunato demonstrates how Cisco IOS can misrepresent FTP configuration issues.
The Cloud Malware Threat
Connected cloud apps can be both inherently malicious or become malicious, exposing enterprises to malware.
Complexity Sells
A blog post on Packet Pushers contained a quote by E. W. Dijkstra (of the SPF fame) and while trying to figure out whether that quote was real I stumbled upon his keynote address from a 1984 ACM conference (original). Not surprisingly, nothing has changed in the last 30+ years…
Read more ...Random Notes From My Third CPOC
I know it's cliche and I know I'm biased because I have an @cisco.com email address, but I've truthfully never seen anything like CPOC before. And the customer's I've worked with at CPOC haven't either. It's extremely gratifying to take something you built “on paper” and prove that it works; to take it to the next level and work those final kinks out that the paper design just didn't account for.
If you want more information about CPOC, get in touch with me or leave a comment below. Or ask your Cisco SE (and if they don't know, have them get in touch with me).
Anyways, on to the point of this post. When I was building the topology for the customer, I kept notes about random things I ran into that I wanted to remember later or those “oh duh!” moments that I probably should've known the answer to but had forgotten or overlooked at the time. This post is just a tidy-up of those notes, in no particular order.
Configuring Linux Policy Routing using Ansible
In this post, I’m going to talk about using Ansible to configure policy routing on Linux. If you’re not familiar with Linux policy routing, have a look at this post, and also review this post for one potential use case (I’m sure there are a number of other quite valuable use cases).
As you may recall from the policy routing introductory post, there are three steps involved in configuring policy routing:
- You must define the new routing table in
/etc/iproute2/rt_tables - You must add routes to the new routing tables
- You must define rules for when the new routing table is consulted
All three of these tasks can be handled via Ansible.
To address step #1, you can use Ansible’s “lineinfile” module to add a reference to the new routing table in /etc/iproute2/rt_tables. For example, consider this Ansible task:
- lineinfile: dest=/etc/iproute2/rt_tables line="200 eth1"
This snippet of Ansible code would add the line “200 eth1” to the end of the etc/iproute2/rt_tables file (if the line does not already exist). This takes care of task #1.
For tasks #2 and #3, you can use a Jinja2 template. Because the creation of the policy routing rule and the routing table entries can Continue reading
Cisco Unfurls its Tetration Data Center Analytics Platform
David Goeckeler is now GM of the Networking and Security Business Group at Cisco.