Question : Is there always a feasible successor in EIGRP ? Background: An operational route is passive. If the path is lost, the router examines the topology table to find an FS. If there is an FS, it is placed in the routing table; otherwise, the router queries its neighbors, sending the route into active mode. Answer: There has to […]
The post Basics: Is there always a feasible successor in EIGRP ? appeared first on EtherealMind.
I was lucky enough (volunteering for very challenging work is luck, right? 
) to finish my third tour through Cisco CPOC last w
eek. CPOC is Cisco’s Customer Proof of Concept facility where customer’s can bring their network design, build it in Cisco’s lab, and beat the hell out of it. CPOC has tons of network and compute gear, all the right testing tools and processes, and excellent work areas that cater to collaborative work and information sharing. It’s also staffed by very senior and experienced engineers.
I know it’s cliche and I know I’m biased because I have an @cisco.com email address, but I’ve truthfully never seen anything like CPOC before. And the customer’s I’ve worked with at CPOC haven’t either. It’s extremely gratifying to take something you built “on paper” and prove that it works; to take it to the next level and work those final kinks out that the paper design just didn’t account for.
If you want more information about CPOC, get in touch with me or leave a comment below. Or ask your Cisco SE (and if they don’t know, have them get in touch with me).
Anyways, on to the point of this Continue reading
Put your detective hat on your head and your Network Detective badge on your lapel. It is time to SOLVE for the Case of the Failed IPv6 Ping.
Let’s review where we left off in our Part 1 of this case — “Case of the Failed IPv6 Ping – Part1: Facts and Clues“. At the end of Part 1…..we were ON R1 and unable to ping the IPv6 address of our directly connected interface gig0/0/3, 2001:db8:14:1::1.
As you recall the facts were as below. Interface up/up, OSPFv3 configured properly, proper IPv6 address configured on interface gig0/0/3. Still, we cannot ping R1’s directly connected IPv6 address from anywhere including from R1 itself.
Totally confused. Time to just stare at the list above, absorb the oddness, and think.
Wait one second!!!! “No valid route for destination” ??? Even the ping from R1 said that?
“That can’t be true“, I think to myself while I type show ipv6 route connected.
What the????….. Why don’t I have R1’s gig0/0/3 interface in the routing table? It is up/up and with the proper IPv6 address configured. Now Continue reading
Finally, Cisco has made the official announcement on the upcoming changes for CCIE Security Version 5. Both the written exam and the lab exam will be changes go live starting 31st of January 2017, which gives you the usual 6 months window to pass the Version 4 exam, before the change to Version 5 occurs. As opposed to the old blueprint, there are major changes in both the technical content and exam delivery format.
As expected, the new exam topics are inline with Cisco’s current Security product line with pretty much nothing missing. Yes, you got that right! Also, as expected, Cisco is trying to push the same exam delivery model for all CCIE tracks.
Blueprint Technical Topic Changes
We now have a Unified Exam Blueprint, covering topics for both the written and lab exam, similar to the change that was introduced with CCIE Data Center Version 2. The Blueprint for Version 5 is divided into 6 sections, with the last one being relevant only for the written exam:
*Written Continue reading
In this video, Tony Fortunato demonstrates how Cisco IOS can misrepresent FTP configuration issues.
Connected cloud apps can be both inherently malicious or become malicious, exposing enterprises to malware.
A blog post on Packet Pushers contained a quote by E. W. Dijkstra (of the SPF fame) and while trying to figure out whether that quote was real I stumbled upon his keynote address from a 1984 ACM conference (original). Not surprisingly, nothing has changed in the last 30+ years…
Read more ...
I know it's cliche and I know I'm biased because I have an @cisco.com email address, but I've truthfully never seen anything like CPOC before. And the customer's I've worked with at CPOC haven't either. It's extremely gratifying to take something you built “on paper” and prove that it works; to take it to the next level and work those final kinks out that the paper design just didn't account for.
If you want more information about CPOC, get in touch with me or leave a comment below. Or ask your Cisco SE (and if they don't know, have them get in touch with me).
Anyways, on to the point of this post. When I was building the topology for the customer, I kept notes about random things I ran into that I wanted to remember later or those “oh duh!” moments that I probably should've known the answer to but had forgotten or overlooked at the time. This post is just a tidy-up of those notes, in no particular order.
In this post, I’m going to talk about using Ansible to configure policy routing on Linux. If you’re not familiar with Linux policy routing, have a look at this post, and also review this post for one potential use case (I’m sure there are a number of other quite valuable use cases).
As you may recall from the policy routing introductory post, there are three steps involved in configuring policy routing:
/etc/iproute2/rt_tablesAll three of these tasks can be handled via Ansible.
To address step #1, you can use Ansible’s “lineinfile” module to add a reference to the new routing table in /etc/iproute2/rt_tables. For example, consider this Ansible task:
- lineinfile: dest=/etc/iproute2/rt_tables line="200 eth1"
This snippet of Ansible code would add the line “200 eth1” to the end of the etc/iproute2/rt_tables file (if the line does not already exist). This takes care of task #1.
For tasks #2 and #3, you can use a Jinja2 template. Because the creation of the policy routing rule and the routing table entries can Continue reading