GRE Tunnel Between Cisco and Linux

Generic Routing Encapsulation - GRE is a tunneling protocol originally developed by Cisco that encapsulates various network protocols inside virtual point-to-point tunnel. It transports multicast traffic via GRE tunnel so it allows passing of routing information between connected networks. As it lacks of security it is very often used in conjunction IP SEC VPN that on the other hand is not capable to pass multicast traffic.

The goal of the tutorial it to show configuration of GRE tunnel on a Cisco router and a device with OS Linux. I have created GNS3 lab consisting of two local networks - 192.168.1.0/24 and 192.168.2.0/24 connected via GRE tunnel. GRE tunnel interface is configured on router R1 (Cisco 7206VXR) and Core Router (Core Linux with Quagga routing daemon installed). The both routers have their outside interfaces connected to a router R3 that is located in the "Internet". To prove that GRE tunnel is working and transporting multicast traffic, the OSPF routing protocol is started on R1 and Core routers and configured on tunnel interfaces and interfaces pointing to local networks.

Note: The Core Linux vmdk image is available for download here.

Picture1-TopologyPicture 1 - Topology

1. Initial Configuration

First we assign hostnames and Continue reading

Reaction: Openstack, snowflakes, and complexity

More recently, OpenStack luminary Randy Bias has candidly derided the silos that different vendors impose on OpenStack, containing “special features that only you have.” The result? “Every OpenStack deployment is its own unique snowflake,” Bias notes, due to the “hundreds upon hundreds of configuration options.” via infoworld

For all those who think opensource is going to take over the world, cleaning up (and destroying) the mess open standards have made, there is a lesson in here.

It won’t.

The problem isn’t open standards. The problem isn’t open source. We have met the problem, and it is… us. We are the problem here. What we keep thinking is that we can “solve” complexity in some way. Each time a new unicorn comes on the scene, we think, “here, at least, is the magical unicorn that will make the physical world work the way I always wanted it to.” But like real life unicorns, you won’t find one in your rose garden. Or any other garden, for that matter. Unicorns don’t exist. Get over it.

Instead of looking for the next magical unicorn, we need to get to work figuring out which problems need to be solved, which ones Continue reading

Premise vs. Premises

premises-not-premise-300x225

If you’ve listened to a technology presentation in the past two years that included discussion of cloud computing, you’ve probably become embroiled in the ongoing war of the usage of the word premises or the shift of people using the word premise in its stead. This battle has raged for many months now, with the premises side of the argument refusing to give ground and watch a word be totally redefined. So where is this all coming from?

The Premise of Your Premises

The etymology of these two words is actually linked, as you might expect. Premise is the first to appear in the late 14th century. It traces from the Old French premisse which is derived from the Medieval Latin premissa, which are both defined as “a previous proposition from which another follows”.

The appearance of premises comes from the use of premise in legal documents in the 15th century. In those documents, a premise was a “matter previously stated”. More often than not, that referred to some kind of property like a house or a building. Over time, that came to be known as a premises.

Where the breakdown starts happening is recently in technology. We live Continue reading

Worth Reading: Negative vibes on the ICANN transition

It’s an unspoken truth that the reason it has taken 10 years longer than originally anticipated for the US government to hand over control of the “IANA functions” to ICANN is because the govt agency in charge – the National Technology and Information Administration (NTIA) – has always been mildly despairing of how its experiment in representational democracy has turned out. Far from creating an organization that was able to reflect the extraordinary collective effort that made the internet possible, ICANN has become an unwieldy monster: riven with politics, brimming with self-importance, driven almost entirely by status and insider concerns, and never looking outside its own bubble unless under threat. via the register

The post Worth Reading: Negative vibes on the ICANN transition appeared first on 'net work.

Newly found TrueCrypt flaw allows full system compromise

Windows users who rely on TrueCrypt to encrypt their hard drives have a security problem: a researcher has discovered two serious flaws in the program.TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. That keeps researchers interested in finding holes in the program and its spin-offs.James Forshaw, a member of Google's Project Zero team that regularly finds vulnerabilities in widely used software, has recently discovered two vulnerabilities in the driver that TrueCrypt installs on Windows systems.The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.To read this article in full or to leave a comment, please click here

Riverbed – Another Angle on SD WAN

Riverbed Logo

Riverbed’s entry –or perhaps “expansion”– into the SD WAN market is interesting to me primarily because the approach being taken is a little different from the other solutions I have seen so far.

The Rest

The solutions I’ve seen from vendors like Viptela, Silver Peak, Cisco, CloudGenix and VeloCloud mainly focus on providing reliable and optimized transport from spoke site to hub site, and in some cases also from spoke to spoke, and in fewer still, spoke to Internet. The underlying approach is to monitor various statistics for each of the available WAN links, and intelligently route data flows over the link that will best meet the application’s needs. Some solutions add error correction and/or packet duplication techniques to overcome packet corruption and loss as well. Let’s call this Link Selection, noting that both links are used so it’s not a “one or the other” kind of thing.

Riverbed SD WAN

Riverbed has come at this problem from the angle they know best, WAN optimization. The presentation Riverbed gave at Networking Field Day 10 was not about how to choose which link to use, but more about how to effectively manage a hybrid WAN (say, MPLS for corporate access in Continue reading

Takeaways from VMUG in Chicago

Bob getting ready - blog

Last week, I had the opportunity to travel to Chicago to attend the VMware User Group conference. It was a great event where I had the opportunity to meet and speak with many server, storage and network team members. One point that struck me was that the importance of the network is becoming clearer to everyone with a stake in the data center — and we couldn’t be happier to be leading the way.

Here are a couple of my observations from Chicago’s installation of the show:

  • Beyond applications: In the past, VMUG conferences have been heavily attended by application and server teams. This year, I found that many of the attendees were networking and storage decision-makers and administrators. To me, that signals how much storage is being virtualized and how important the network has become in virtualized environments. The success of these environments will soon depend on the network and the need for cooperation and interdependency of the applications, storage and networking teams is clear.
  • Hyperconverged layers: There’s a continued emphasis on the hyperconvergence of storage and compute—and the network is getting into the mix. I had a lot of conversations on why a converged network is a Continue reading

DockerCon EU 2015: Hands-On Labs

We know how busy everyone gets at DockerCon – there’s so much to do between conference talks, meeting members of the community and chatting with sponsors! We took all of the feedback from our pilot Docker Tutorials at DockerCon 2015 … Continued

Real-time analytics and control applications

sFlow-RT 2.0 released - adds application support describes a new application framework for sharing solutions built on top of the real-time analytics platform. Application examples are provided on the sFlow-RT Download page.

The flow-graph application, shown above, generates a real-time graph of communication between hosts.  The application uses a simple sFlow-RT script to track associations between hosts based on their communication patterns and plots the results using the vis.js dynamic, browser based visualization library. This example can be modified to track different types of relationship and extended to incorporate other popular data visualization libraries such as D3.js.
The dashboard-example includes representative real-time metric and top flows trend charts. The example uses the jQuery-UI library to build build a simple tabbed interface. This example can be extended to build groups of custom charts.
The top-flows application supports the definition of custom flows and tracks the largest flows in a continuously updating table.

Each of the examples has a server-side component that uses sFlow-RT's script API to collect, analyze, and export measurements. An HTML5 client side user interface connects to the server and presents the data.

The sFlow-RT analytics engine is a highly scaleable platform for processing sFlow measurements Continue reading

Python – Lists and Dict(ionarie)s

One of the fist things you’ll most likely encounter with Python are the datatypes lists and dicts.  While they initially seem quite simple, things can get awfully complex, awfully fast when you start intermingling the two datatypes.  So we’ll start with the basics, then dive into some more complex examples. 

Lists
Lists are defined as ‘a collection of different pieces of information as a sequence under a single variable name’.  So that’s a fancy way of saying it’s just a list.  In Python, lists are defined by using the ‘[]’ brackets.  So for example…

# A list with one item
list = ["Jon"]

# A list with multiple items
list = ["Jon", "Matt", "Bill"]

# An empty list
list = []

Items in lists can be accessed by index.  For example…

# A list with multiple items
list = ["Jon", "Matt", "Bill"]

print "The second name in the list is " + list[1]

# Result
The second name in the list is Matt

We can also iterate through the list with a simple loop…

# A list with multiple items
list = ["Jon", "Matt", "Bill"]

for name in list:
    print name

# Result
 Continue reading

Network Automation: Be Bold!

I’ve had something on my mind concerning network automation, and I think it’s worth mentioning it here.

There’s been a lot of talk - including plenty from myself - about using tools like Ansible for creating network configuration files; that is, text files that contain configurations for network devices, usually a list of CLI commands. And this is a great first step, certainly if you’re new to network automation.

It’s really not that hard to generate configurations. You can do it in about five lines of Python, or you can stick with that Excel spreadsheet powered by macros (you know who you are). I challenge anyone to tell me that Ansible is better at generating config templates than Excel. The reality is that it’s not - and it’s hardly attempting to be.

So, for the sake of making a point, let’s say the generation mechanism doesn’t matter. Let’s concede that this is the wrong optimization to be making. The question becomes - what is the right optimization?

I think the bigger problem to address is that of treating our networks like fragile snowflakes. I can’t tell you how many times I’ve logged into a device, and felt like I was Continue reading

Network Automation: Be Bold!

I’ve had something on my mind concerning network automation, and I think it’s worth mentioning it here.

There’s been a lot of talk - including plenty from myself - about using tools like Ansible for creating network configuration files; that is, text files that contain configurations for network devices, usually a list of CLI commands. And this is a great first step, certainly if you’re new to network automation.

It’s really not that hard to generate configurations. You can do it in about five lines of Python, or you can stick with that Excel spreadsheet powered by macros (you know who you are). I challenge anyone to tell me that Ansible is better at generating config templates than Excel. The reality is that it’s not - and it’s hardly attempting to be.

So, for the sake of making a point, let’s say the generation mechanism doesn’t matter. Let’s concede that this is the wrong optimization to be making. The question becomes - what is the right optimization?

I think the bigger problem to address is that of treating our networks like fragile snowflakes. I can’t tell you how many times I’ve logged into a device, and felt like I was Continue reading

1 3,237 3,238 3,239 3,240 3,241 3,773