Using BFD to Track WAN Status and Change HSRP Priority

It’s been five years since I started this blog! Time flies and a lot has happened since. Thanks for being along for the ride. What better way to celebrate than a blog post?

This post is going to be short and to the point.

Many of us run HSRP or VRRP. It is quite common to run it in a topology where you have dual routers and dual exits to the WAN and you don’t want to black hole your traffic.

HSRP-BFD1

One traditional way of achieving this is by tracking the interface that goes towards the WAN. There are a couple of drawbacks to this approach though:

  • You may not get link down on failure (connecting to switch)
  • You may experience an error that does not produce link down event

The next option is to use IP SLA that sends ICMP Echo towards the next-hop of the WAN or some destination further into the network. Ehanced Object Tracking (EOT) can then be used to create a track object that decrements the priority of the HSRP active router when the ICMP Echo probe fails. This works better but there are still some drawbacks to this approach:

Maliciously crafted MKV video files can be used to crash Android phones

A malicious application or Web page could be used to crash Android devices, in some cases persistently, due to a vulnerability in a multimedia processing component.The announcement, by security researchers from Trend Micro, comes days after other Android media processing flaws were revealed. Those flaws could allow attackers to compromise devices with a simple MMS message.The latest vulnerability is located in Android’s mediaserver component, more specifically in how this service handles files that use the Matroska video container (MKV), the Trend Micro researchers said in a blog post Wednesday.To read this article in full or to leave a comment, please click here

Microsoft’s new privacy policy and Windows 10 troubleshooter to stop automatic updates

It’s the big Windows 10 launch day and Microsoft has reserved a huge amount of bandwidth for the massive rollout, reportedly “up to 40Tb/s per second of capacity from all of the third-party CDNs combined.” If you haven’t done so yet, then you should review Microsoft’s new privacy and service agreements as well as the privacy dashboard to consider making changes to your settings for Windows and Cortana, as well as Microsoft services such as Office 365, Xbox Live, Groove Music, Office Online, OneDrive, Skype, Outlook.com and Bing Rewards.According to Horatio Gutierrez, Microsoft’s deputy general counsel, the company’s updated Privacy Statement and Services Agreement were guided by simplicity, transparency, and privacy. Gutierrez said consumers need “clear terms and policies that both respect individual privacy and don’t require a law degree to read.” The new Privacy Statement, which kicks into effect on August 1 – mere days after Windows 10 – is supposed to have “straightforward terms and policies that people can easily understand.” Yet since the new privacy policy is 22 pages long and the service agreement is 23 pages long, the European Digital Rights (EDRi) group said, “So much for clearly understandable Continue reading

Is SD-WAN Simply WAN Optimization Evolved? Not Exactly.

Consumers evaluating SD-WAN shouldn't think of it as a WAN optimization replacement, at least not exactly. These are different technologies, although it might be fair to think of SD-WAN as the successor to WAN optimization. SD-WAN and WAN optimization are compatible technologies, but not interdependent technologies.

The Correct Mask for a PE’s Loopback0

As I’ve written about previously (The Importance of BGP NEXT_HOP in L3VPNs), the BGP NEXT_HOP attribute is key to ensuring end to end connectivity in an MPLS L3VPN. In the other article, I examine the different forwarding behavior of the network based on which of the egress PE’s IP addresses is used as the NEXT_HOP. In this article I’ll look at the subnet mask that’s associated with the NEXT_HOP and the differences in forwarding behavior when the mask is configured to different values.

There is a lot of (mis-)information on the web stating that the PE’s loopback address — which, as I explain in the previous article, should always be used as the NEXT_HOP — must have a /32 mask. This is not exactly true. I think this is an example of some information that has been passed around incorrectly, and without proper context, and is now taken as a rule. I’ll explain more about this further on in the article.

Example Network

Here’s the example network:

MPLS_PE_Loopback_MaskNote that R2 and R7 are the PEs and they each have a /24 mask on their loopback0 interfaces. The PEs are peering via their loopbacks. OSPF is running between R2, Continue reading

Reaction: Testing to the Cut Score (Certifications)

Tom has an interesting post over at The Networking Nerd on one of my favorite areas of discussion — certifications. To give you a sense —

Perhaps raising the cut scores to more than 900 points isn’t the answer. Maybe instead more complex questions or more hands-on simulations are required to better test the knowledge of the candidates. These are better solutions that take time and research. They aren’t the false panacea of raising the passing score. The rising tide can’t be fixed by making the buoys float just a little higher.

I think the problem exam writers face is the defensibility problem. The problem of defensibility has been so strongly pushed into my head, from my years working on the CCDE and CCAr, that I tend to apply the problem to just about everything I do any longer. To state the problem, within the certification space, as succinctly as possible —

If someone sues me because they failed this exam, what evidence can I bring forward to prove this specific person should not have passed the exam.

It’s actually not as easy of a question to answer as it might appear. Why is your cut score set to x? Continue reading

Worth Reading: The Uber Imperative

Silicon Valley likes nothing better than to “disrupt” existing systems. But they think they’re disrupting economic system. What they don’t realize is what they’re disrupting is a political system, and not just one part of it, but the core of it. And it’s a political system they’re not really ideologically prepared to take on. -via the Federalist

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: The Uber Imperative appeared first on 'net work.

Alibaba eyes cloud computing expansion with $1 billion investment

Enterprise customers can expect to hear more from e-commerce giant Alibaba Group. The Chinese company is accelerating the global expansion of its cloud computing business, with a US$1 billion investment.Alibaba announced the move on Wednesday, months after it opened its first data center in the U.S., in an effort to target customers there.The Chinese company clearly has more in store. Part of the $1 billion investment will go toward the international expansion. The rest will go to developing new products, and building up partnerships with other companies in the industry.To read this article in full or to leave a comment, please click here

Plexxi and Arrow Electronics Announce Distribution Agreement

To read the CRN Exclusive article on this announcement, please go here.

At Plexxi, we believe every network will be re-architected, not just upgraded to meet the needs of the changing IT application landscape. Seizing this opportunity requires more than great technology, you need strategic partners aligned and committed to this vision. Our partnership with Arrow Electronics

provides a game changing opportunity for Plexxi to deliver value to our partners and customers as we scale our business.

We’re pleased to announce today an exclusive distribution agreement with Arrow Electronics. Under this agreement, Arrow’s Enterprise Computing Business will become the sole distributor of our next-generation networking products and solutions for scale-out applications, agile datacenters and distributed cloud environments.

We are excited to have Arrow distribute Plexxi products and services to help accelerate the growth of our channel in the United States and Canada. This agreement opens the door to the next great era of IT for businesses to leverage and gain significant efficiencies and market growth.

Arrow is the perfect partner for this agreement. Aside from being one of the largest and most efficient distributors in the industry, the company prides itself on being forward thinking and innovative.

In their own Continue reading

3 Months on the Road: What I heard from VMware NSX Customers

After three consecutive months attending 75 customer meetings throughout the U.S., Europe and Asia, I came away Around-The-Worldwith plenty of frequent flyer miles and, more importantly, tons of insight to share with you.

What I learned from customers is that VMware NSX is truly a game-changer. And as we exit the second quarter, the list of customers excited about NSX is only getting bigger. We recently announced that we have grown from more than 150 VMware NSX customers a year ago, to more than 700 customers today. These customers are setting the stage for others to follow. They are providing best practices that we are feeding back to others, and giving us valuable insight into challenges they encounter along the way.

So as I promised, I’ve pulled together highlights from these meetings and condensed them into three key themes that emerged.  For you IT pros out there reading this, let me know if any of this sounds familiar.

1. The story remains the same

For years, IT has been complaining that it takes minutes to spin up applications, and weeks or months to provision the network and its associated services to support the application.  As one Continue reading

How should the U.S. respond to state-sponsored cyberattacks?

It's no secret that U.S. government agencies and businesses are the target of around-the-clock cyber intrusions, many carried out by or at the behest of foreign nation-states.But how exactly should the feds respond to those incursions?Ask a random sample of Americans and you'll likely get a very different answer than if you polled the State Department.In a recent flash survey of more than 1,000 U.S. adults commissioned by the security vendor Vormetric, a quarter of the respondents said that the United States should cut off all ties to any nation responsible for compromising U.S. government data.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, July 29

Intel and Micron unveil a new class of memory with 3D XPointIntel and Micron say they’ve developed the first new kind of memory since NAND flash was introduced in 1989. The new technology, 3D XPoint, is a form of non-volatile memory that’s as much as 1,000 times faster than NAND flash, the companies say. 3D XPoint should arrive in products next year, and it could change computing as much as SSDs have by powering better speech recognition, biometrics, and gesture-based interfaces.To read this article in full or to leave a comment, please click here

Mitigate DoS Attack using TCP Intercept on Cisco Router

How does Internet work - We know what is networking

This is really cool feature on Cisco router not usually mentioned until you dig a little deeper inside Cisco IOS. But first a bit of theory… What is TCP SYN flood attack TCP 3-way handshake SYN flood DoS attack happens when many sources start to send a flood of TCP SYN packets usually with fake source IP. This attack uses TCP 3-way handshake to reserve all server available resources with fake SYN requests thus not allowing legitimate users to establish connection to the server. SYN packet is the first step in TCP 3-way handshake where client sends connection synchronization request

Mitigate DoS Attack using TCP Intercept on Cisco Router

Ink-shooting game ‘Splatoon’ helps power Nintendo to profit

Japanese gaming icon Nintendo posted a profit for the April-June quarter on Wednesday thanks in part to surging sales of a game in which players can squirt ink all over the place and transform into squids.“Splatoon” for the Wii U console launched globally in May and has since sold over 1.62 million units, Nintendo said as it notched a profit of ¥8.3 billion (US$67 million) for the three months to June 30, a reversal of a ¥9.9 billion loss a year earlier.Hardware in the Nintendo 3DS lineup saw global sales reach 1.01 million units in the quarter and associated software reached 7.92 million units. Other factors that buoyed the company’s business were the weakness of the yen and strong sales of Amiibo, which are figurines that are designed to wirelessly communicate with the Wii U and 3DS, triggering in-game benefits.To read this article in full or to leave a comment, please click here

Big Flowering Things and Lego Bricks

Matt Oswalt wrote a great blog post complaining about vendors launching ocean-boiling solutions instead of focused reusable components, and one of the comments his opinion generated was along the lines of “I thought one of the reasons people wanted SDN, is because they wanted to deal with The Network – think about The Network's Performance, Robustness and Services instead of dealing with 100s or 1000s of individual boxes.

The comment is obviously totally valid, so let me try to reiterate what Matt wrote using Lego bricks ;)

Read more ...
1 3,382 3,383 3,384 3,385 3,386 3,845