In this third entrant into the design & build series, Guilherme Goes & Jeff Carrell join Ethan Banks for a discussion of running IPv4 & IPv6 dual stack.
The post Show 244 – Design & Build #3 – Dual Stack IPv4 + IPv6 appeared first on Packet Pushers Podcast and was written by Ethan Banks.
Please join us in congratulating the following iPexpert students who have passed their CCIE lab!
Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!
CloudFlare operates a huge global network of servers that proxy our customers' web sites, operate as caches, inspect requests to ensure they are not malicious, deflect DDoS attacks and handle one of the largest authoritative DNS systems in the world. And where there's software there's configuration information.
CloudFlare is highly customisable. Each customer has a unique configuration consisting of DNS records, all manner of settings (such as minification, image recompression, IP-based blocking, which individual WAF rules to execute) and per-URL rules. And the configuration changes constantly.
We offer almost instant configuration changes. If a user adds a DNS record it should be globally resolvable in seconds. If a user enables a CloudFlare WAF rule it should happen very, very fast to protect a site. This presents a challenge because those configuration changes need to be pushed across the globe very quickly.
We've written in the past about the underlying technology we use: Kyoto Tycoon and how we secured it from eavesdroppers. We also monitor its performance.
DNS records are currently changing at a rate of around 40 per second, 24 hours a day. All those changes need to be propagated in seconds.
So we take propagation times Continue reading
This is a blog post that I had written for my employer CloudFlare You can find the full link here
CloudFlare operates a
I recently had to deploy and ASA pair. One of the pre-requisites is to make sure there’s an optic in the interface we’re going to use. On a switch you have the following options:
#show int te5/4 transceiver
Transceiver monitoring is disabled for all interfaces.
ITU Channel not available (Wavelength not available),
Transceiver is internally calibrated.
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).
Optical Optical
Temperature Voltage Current Tx Power Rx Power
Port (Celsius) (Volts) (mA) (dBm) (dBm)
---------- ----------- ------- -------- -------- --------
Te5/4 27.0 0.00 7.6 -- -2.2 -2.7
Or
#show int tenGigabitEthernet 5/4 capabilities
TenGigabitEthernet5/4
Model: VS-S720-10G
Type: 10Gbase-SR
Speed: 10000
Duplex: full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on),tx-(off,on)
Membership: static
Fast Start: yes
QOS scheduling: rx-(8q4t), tx-(1p7q4t)
QOS queueing mode: rx-(cos,dscp), tx-(cos,dscp)
CoS rewrite: yes
ToS rewrite: yes
Inline power: no
Inline power policing: no
SPAN: source/destination
UDLD yes
Link Debounce: yes
Link Debounce Time: yes
Ports-in-ASIC (Sub-port ASIC) Continue reading
Friday is SDxCentral Roundup Day. Get yours here.
Extending SDN programmability all the way across the WAN.
The responses of Internet Service Providers (ISPs) to lack of IPv4 address space range from outright denial (sometimes coupled with reassuringly-expensive large-scale carrier-grade NAT) to all-in IPv6-only designs using 464XLAT for residual IPv4 connectivity.
To understand the implications of these extremes and a few data points between them, watch the ISP IPv6 Transition Strategies video from Enterprise IPv6 – the First Steps webinar.
Enterprises are combining containers and VMs for production environments, backing up VMware's arguments.
