Cisco VIRL Troubleshooting
Find out how to resolve issues when modeling multiple devices using Cisco Virtual Internet Routing Lab.
Subscriber management on Juniper MX with FreeRadius
Quite often on my travels I sometimes encounter technologies I worked on a long time ago that I seem to bump into again later in life, in this case it’s terminating broadband subscribers. Many years ago I worked on large-scale Cisco platform terminating DSL business broadband users on Cisco 7200s over ATM, recently I’ve been involved in a couple of jobs where FTTC users are being terminated on Juniper MX480 routers, using double-tagging and PPPoE, this first post looks into how to setup a Juniper MX router from scratch and terminate PPPoE subscribers authenticated by RADIUS (in this case FreeRadius)
The topology:
Equipment used for this is as follows:
- MX-1 is a Juniper MX-5 router, acting as the BRAS or BNG
- MX-2 is also an MX-5 is a generic PE with simulated external connectivity
- EX-4500 is self explanatory, and is basically doing QinQ towards the BNG
- RADIUS is an Ubuntu server running FreeRadius (explained in more detail later)
- For Broadband subscribers, I’m lucky to have access to an IXIA XG12 tester
Before we get to the BNG side of things, lets take a look at the access network (EX-4500) essentially, this switch is doing several things:
- Each individual subscriber Continue reading
SDN 101: Centralized Control Plane
I spent the first half of the Introduction to SDN webinar explaining various attempts at defining SDN, and the obvious place to start was the centralized control plane mantra.
This part of the webinar is now public; to access the rest of the webinar, register on my web site.
CCIE – CCIE SPv4 Review by Nick Russo
My friend Nick Russo just took the SPv4 lab and passed it. This is his story.
On 8 March 2016, I passed Cisco’s CCIE Service Provider version 4 lab exam. It was my second attempt. I realize there is little information on the Internet about this test because it is still rather new. This blog post will detail my personal strategy for passing the CCIE SPv4 lab exam. Most CCIEs and CCDEs agree that a smart strategy is a critical part of passing any Cisco expert-level lab; many folks are technically proficient but need to remain organized to be effective.
Note: the views expressed in this blog post are mine alone and do not necessarily represent the views of Cisco. No correlation between my comments and Cisco’s recommendation study strategies should be made. Also note that no technical exam content is discussed here in accordance with Cisco’s CCIE NDA. Comments fishing for such information will be deleted.
First, the new blueprint has 3 sections: Troubleshooting (TSHOOT), Diagnostic (DIAG), and Configuration (CONFIG). The CCIE SPv4 program explains these topics in detail within the new blueprint so that is not discussed again here. Since each section is slightly different, one should have Continue reading
Can the Apple code be misused?
This post will respond to the tweet by Orin Kerr:The government is right that the software must be signed by Apple and made to only work on Farook's phone, but the situation is more complicated than that.Tech help: What are the best responses to DOJ claims in new Apple/FBI brief re whether code could be misused? Thks. pic.twitter.com/V08EcV9Rev— Orin Kerr (@OrinKerr) March 11, 2016
The basic flaw in this picture is jailbreaks. This is a process of finding some hack that gets around Apple's "signing" security layer. Jailbreaks are popular in the user community, especially China, when people want to run software not approved by Apple. When the government says "intact security", it means "non-jailbroken".
Each new version of iOS requires the discovery of some new hack to enable jailbreaking. Hacking teams compete to see who can ship a new jailbreak to users, and other companies sell jailbreaks to intelligence agencies. Once jailbroken, the signing is bypassed, as is the second technique of locking the software specifically to Farook's phone.
Details are more complicated than this. Each jailbreak is different, and many won't allow this secret Apple software to be run. Some will. The point Continue reading
Code is expressive. Full Stop. (FBIvApple)
I write code. More than a $billion of products have been sold where my code is the key component. I've written more than a million lines of it. I point this out because I want to address this FBIvApple fight from the perspective of a coder -- from the perspective of somebody who the FBI proposes to conscript into building morally offensive code. Specifically, I want to address the First Amendment issue, whether code is expressive speech.Consider Chris Valasek (@NudeHabasher), most recently famous for his car-hacking stunt of hacking into a Jeep from the Internet (along with Charlie Miller @CharlieMiller).
As Chris tells the story, he was on an airplane without WiFi writing code for his "CANbus-hack" tool that would hack the car. Without the Internet, he didn't have access to reference information, such as for strtok(). But he did remember from years earlier working on my (closed-source) code, and used the ideas he remembered to solve his immediate problem. No, he didn't remember the specifics of the code itself, and in any case, his CANbus-hack was unrelated to that code. Instead, it was the ideas expressed my code that he remembered.
What he came up with was this:
Continue reading
Junos Space – checking processes are running
After two miserable nights trying to upgrade Space 13.1R1.6 to 14.1R1.9, I finally called up JTAC for some assistance. For some reason the upgrade started, but never finished – the GUI remaining in ‘maintenance mode’ for several hours.
What they did:
Checked the services – all were showing as down:
service jmp-watchdog status
service jboss status
service jboss-dc status
Tried to start jboss-dc, but it complained that it couldn’t write or create /var/log/jboss.
Did the following to change ownership from root:root on the /var/log directory:
chown jboss:root /var/log
Did this:
service jboss-dc start
service jboss start
At this point the GUI started showing ‘Junos space is preparing to start up’, and after 20 minutes it changed to say the applications were deploying.
PHPBB and website integration
I needed to integrate a website login with a phpBB3 forum recently, and this blog post came in really useful: http://www.3cc.org/blog/2010/03/integrating-your-existing-site-into-phpbb3/
The only issue with it was the logout section – it uses $_GET, but when I implement this I get a message saying that this is an ‘illegal use of $_GET’.
Instead, the logout code that worked for me was this – it uses request_var() instead:
<?php
$cp = request_var('cp', '');
if ($cp == "logout") {
$user->session_kill();
$user->session_begin();
echo "Logged out";
}
?>
SANs Are a ‘Pain Point’ in Converged Data Centers, Says Plexxi
Plexxi has created a product and lined up resellers.
Going to CiscoLive US 2016? Don’t Forget Your Kilt!
I don’t recall the exact details of how “#KiltedMonday” started last year at CiscoLive US 2015.
I just know
- Erik (@ucgod), Steve (@wifijanitor), and JD (@subnetwork) were pivotal to the wonderfully fantastic and fun idea
- I’m SO joining this year! — Just ordered my kilt.
- Scott (@ScottMorrisCCIE) is not only planning on joining this year… but he is hoping it falls on the day he will be presenting
#SwarmWeek: Realtime Cluster Monitoring with Docker Swarm and Riemann
Lately I’ve become fascinated with Riemann, a piece of software written in Clojure for the purpose of supervising the health of distributed systems. Created by Kyle Kingsbury (a.k.a. aphyr) of Jepsen fame, Riemann is a powerful tool for montioring, processing, … ContinuedCisco Data Center Innovations Aim to Accelerate Hybrid Cloud Deployments
Cisco aims to make the data center more flexible and application-centric with new technologies for hybrid cloud services. Key innovations focus on networking hardware, hyperconverged infrastructure, and hybrid cloud orchestration.
Captain America Civil War — it’s us
The next Marvel movie is Captain America: Winter Soldier. The plot is this: after the Avengers keep blowing things up, there is pushback demanding accountability. Government should be in control when to call in the Avengers, and superhumans should be forced to register with the government. Ironman is pro-accountability, as you've seen his story arc evolve toward this point in the movies. Captain America is anti-accountability.This story arc is us, in cybersecurity. Last year, Charlie Miller and Chris Valasek proved they could, through the "Internet", remotely control a car driving down the freeway. In the video, we see a frightened reporter as the engine stalls in freeway traffic. Should researchers be able to probe cars, medical equipment, and IoT devices accountable to nobody but themselves? Or should they be accountable to the public, and rules setup by government?
This story is about us personally, too. In cyberspace, many of us have superhuman powers. Should we be free to do whatever we want, without accountability, or should be be forced to register with teh government, so they can watch us? For example, I scan the Internet (the entire Internet) with relative impunity. This is what I tweeted when creating my Continue reading