Assigning DMVPN tunnel interface addresses with DHCP

I posted previously about some of the inner workings of DHCP. The three key points from that post are critical building blocks for this discussion:
  • DHCP requests get modified in flight by the DHCP relay.
  • DHCP relay determines L2 destination by inspecting contents of relayed packets.
  • DHCP clients, relays and (sometimes) servers use raw sockets because the end-to-end protocol stack isn't yet available.
The basic steps to converting a DMVPN from static address assignment scheme to dynamic are:
  1. Configure a DHCP server. I'm using an external server1 in this example so that we can inspect the relayed packets while they're on the wire.
  2. Configure the hub router. There are some non-intuitive details we'll go over.
  3. Configure the spoke router. Ditto on the non-intuitive bits.
My DHCP server is running on an IOS router (because it's convenient - it could be anywhere) and it has the following configuration:
    1     no ip dhcp conflict logging  
    2     ip dhcp excluded-address 172.16.1.1  
    3     !  
    4     ip dhcp pool DMVPN_POOL  
    5      network 172.16.1.0 255.255.255.0

So, that's pretty straightforward.

The Hub Router has the following relevant configuration:
    1     ip dhcp support tunnel unicast  
    2     interface Tunnel0  
    3       Continue reading

Apple throws down the gauntlet with overhauled privacy policy

Apple is making it very clear how it uses your data with a revamp of its privacy policy, posted in full on the company’s website. In the process, Cupertino is also making it plain just how different it is from other tech companies.Apple affirmed its commitment to customer privacy a year ago, and Tuesday’s update covers everything new in iOS 9 and OS X El Capitan. The company isn’t just issuing platitudes about how great its privacy protections are—it dives into real detail about how its various services use and protect your data.To read this article in full or to leave a comment, please click here

A Linux botnet is launching crippling DDoS attacks at more than 150Gbps

A Linux botnet has grown so powerful that it can generate crippling distributed denial-of-service attacks at over 150 Gbps, many times greater than a typical company's infrastructure can withstand.The malware behind the botnet is known as XOR DDoS and was first identified in September last year. Attackers install it on Linux systems, including embedded devices such as WiFi routers and network-attached storage devices, by guessing SSH (Secure Shell) login credentials using brute-force attacks.The credentials are used to log into the vulnerable systems and execute shell commands that download and install the malicious program. To hide its presence, the malware also uses common rootkit techniques.To read this article in full or to leave a comment, please click here

UT Dallas researcher gets introspective about virtual machines

A University of Texas at Dallas researcher has come up with a way for virtual machines to have each others' backs in the name of better cloud network security.Dr. Zhiqiang Lin, an assistant professor of computer science at the Erik Jonsson School of Engineering and Computer Science at UT Dallas, has earned a National Science Foundation Faculty Early Career Development (CAREER) Award to support his efforts in the area of virtual machine introspection. The award includes $500,000 in funding for five years.MORE: Will containers kill virtual machines?To read this article in full or to leave a comment, please click here

Your privacy and Apple, Microsoft and Google

Within a span of a few days, two of three giants in the tech industry made changes that could directly affect your privacy; the third tried to clear up "privacy and Windows 10."Apple updates privacy policy, releases iOS security guideToday Apple published an updated privacy policy that explains, in detailed but easy-to-understand language, how it uses customers’ data. It begins with a message about Apple’s commitment to your privacy from Apple CEO Tim Cook. He promised Apple never "worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will." Apple also revealed that 94% of the government data requests it receives deal with cops trying to find stolen iPhones.To read this article in full or to leave a comment, please click here

Sponsored Post: iStreamPlanet, Close.io, Instrumental, Location Labs, Enova, Surge, Redis Labs, Jut.io, VoltDB, Datadog, SignalFx, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • As a Networking & Systems Software Engineer at iStreamPlanet you’ll be driving the design and implementation of a high-throughput video distribution system. Our cloud-based approach to video streaming requires terabytes of high-definition video routed throughout the world. You will work in a highly-collaborative, agile environment that thrives on success and eats big challenges for lunch. Please apply here.

  • As a Scalable Storage Software Engineer at iStreamPlanet you’ll be driving the design and implementation of numerous storage systems including software services, analytics and video archival. Our cloud-based approach to world-wide video streaming requires performant, scalable, and reliable storage and processing of data. You will work on small, collaborative teams to solve big problems, where you can see the impact of your work on the business. Please apply here.

  • Close.io is a *profitable* fast-growing SaaS startup looking for a Lead DevOps/Infrastructure engineer to join our ~10 person team in Palo Alto or *remotely*. Come help us improve API performance, tune our databases, tighten up security, setup autoscaling, make deployments faster and safer, scale our MongoDB/Elasticsearch/MySQL/Redis data stores, setup centralized logging, instrument our app with metric collection, set up better monitoring, etc. Learn more and apply here.

  • Location Labs is Continue reading

Bridging Between Cisco VIRL and GNS3 for L2 and Serial Support

One of the known issue for anyone preparing for a Cisco exam is that the solutions available today don’t support all the needed features.  Cisco VIRL supports L2 switching out of the box, whereas GNS3 does not.  GNS3 supports the configuration of serial interfaces on routers whereas Cisco VIRL does not.  For someone starting out in this […]

The post Bridging Between Cisco VIRL and GNS3 for L2 and Serial Support appeared first on Packet Pushers.

GRE Tunnel Between Cisco and Linux

Generic Routing Encapsulation - GRE is a tunneling protocol originally developed by Cisco that encapsulates various network protocols inside virtual point-to-point tunnel. It transports multicast traffic via GRE tunnel so it allows passing of routing information between connected networks. As it lacks of security it is very often used in conjunction IP SEC VPN that on the other hand is not capable to pass multicast traffic.

The goal of the tutorial it to show configuration of GRE tunnel on a Cisco router and a device with OS Linux. I have created GNS3 lab consisting of two local networks - 192.168.1.0/24 and 192.168.2.0/24 connected via GRE tunnel. GRE tunnel interface is configured on router R1 (Cisco 7206VXR) and Core Router (Core Linux with Quagga routing daemon installed). The both routers have their outside interfaces connected to a router R3 that is located in the "Internet". To prove that GRE tunnel is working and transporting multicast traffic, the OSPF routing protocol is started on R1 and Core routers and configured on tunnel interfaces and interfaces pointing to local networks.

Note: The Core Linux vmdk image is available for download here.

Picture1-TopologyPicture 1 - Topology

1. Initial Configuration

First we assign hostnames and Continue reading

Reaction: Openstack, snowflakes, and complexity

More recently, OpenStack luminary Randy Bias has candidly derided the silos that different vendors impose on OpenStack, containing “special features that only you have.” The result? “Every OpenStack deployment is its own unique snowflake,” Bias notes, due to the “hundreds upon hundreds of configuration options.” via infoworld

For all those who think opensource is going to take over the world, cleaning up (and destroying) the mess open standards have made, there is a lesson in here.

It won’t.

The problem isn’t open standards. The problem isn’t open source. We have met the problem, and it is… us. We are the problem here. What we keep thinking is that we can “solve” complexity in some way. Each time a new unicorn comes on the scene, we think, “here, at least, is the magical unicorn that will make the physical world work the way I always wanted it to.” But like real life unicorns, you won’t find one in your rose garden. Or any other garden, for that matter. Unicorns don’t exist. Get over it.

Instead of looking for the next magical unicorn, we need to get to work figuring out which problems need to be solved, which ones Continue reading

Premise vs. Premises

premises-not-premise-300x225

If you’ve listened to a technology presentation in the past two years that included discussion of cloud computing, you’ve probably become embroiled in the ongoing war of the usage of the word premises or the shift of people using the word premise in its stead. This battle has raged for many months now, with the premises side of the argument refusing to give ground and watch a word be totally redefined. So where is this all coming from?

The Premise of Your Premises

The etymology of these two words is actually linked, as you might expect. Premise is the first to appear in the late 14th century. It traces from the Old French premisse which is derived from the Medieval Latin premissa, which are both defined as “a previous proposition from which another follows”.

The appearance of premises comes from the use of premise in legal documents in the 15th century. In those documents, a premise was a “matter previously stated”. More often than not, that referred to some kind of property like a house or a building. Over time, that came to be known as a premises.

Where the breakdown starts happening is recently in technology. We live Continue reading

Worth Reading: Negative vibes on the ICANN transition

It’s an unspoken truth that the reason it has taken 10 years longer than originally anticipated for the US government to hand over control of the “IANA functions” to ICANN is because the govt agency in charge – the National Technology and Information Administration (NTIA) – has always been mildly despairing of how its experiment in representational democracy has turned out. Far from creating an organization that was able to reflect the extraordinary collective effort that made the internet possible, ICANN has become an unwieldy monster: riven with politics, brimming with self-importance, driven almost entirely by status and insider concerns, and never looking outside its own bubble unless under threat. via the register

The post Worth Reading: Negative vibes on the ICANN transition appeared first on 'net work.

Newly found TrueCrypt flaw allows full system compromise

Windows users who rely on TrueCrypt to encrypt their hard drives have a security problem: a researcher has discovered two serious flaws in the program.TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. That keeps researchers interested in finding holes in the program and its spin-offs.James Forshaw, a member of Google's Project Zero team that regularly finds vulnerabilities in widely used software, has recently discovered two vulnerabilities in the driver that TrueCrypt installs on Windows systems.The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.To read this article in full or to leave a comment, please click here

1 3,271 3,272 3,273 3,274 3,275 3,808