iBGP Fall-over Trick

BGP fall-over is a neat BGP convergence optimisation technique whereby BGP peering is brought down as soon as the route to neighbor disappears from a routing table. The difference between external and internal BGP is that the former usually peers over a directly-attached interface so that when the interface to neighbor is disconnected, route is withdrawn from the routing table which triggers eBGP fall-over to bring down the neighborship. iBGP, on the other hand, normally uses device loopbacks to establish peering sessions. What this means is if a summary or a default route is present in the routing table (either static or learned via IGP), there is always a route to iBGP neighbor. In this case BGP has to wait for default 180 seconds (3 x keepalive timer) to bring down the neighborship and withdraw all the routes learned from dead neighbor.
To overcome that there’s a route-map option for a neighbor fall-over command which allows user to specify the exact prefix for which to look in the routing table. In the example below, the router will look for specific host routes representing neighbor’s loopbacks and will trigger reconvergence as soon as those routes disappear.

Continue reading

Outgoing Cisco CEO Chambers fesses up to mistakes, touts company’s grit

SAN DIEGO – Reflecting on a two-decade tenure as Cisco CEO marked by enviable success, John Chambers says he wishes the company could have moved faster. “Mistakes that I’ve made [have been] when I haven’t moved fast enough” into new market opportunities, Cisco’s outgoing CEO said to a room full of reporters during an open-ended question-and-answer session at the Cisco Live conference in San Diego. “Or I moved too fast without process behind it.” It was perhaps Chambers’ last meeting with the press as CEO given that he will step down in late July. Incoming CEO Chuck Robbins shared the stage and fielded questions along Chambers. (See How Chambers kept a high profile.)To read this article in full or to leave a comment, please click here

Microsoft Surface Hub goes on sale in September

Microsoft has a gigantic new member of its Surface family of touch-enabled devices called the Surface Hub, a widescreen all-in-one computer that can act as the focal point of conference-room meetings.Announced in January, the Surface Hub will go on sale in September, according to Brian Eskridge, senior manager for the Microsoft Surface Hub. Pre-orders for the computer begin Wednesday.The company is marketing the Surface Hub as a less expensive, and easier to maintain, replacement for the traditional assortment of office audio-video and computer equipment used in today’s conference rooms.To read this article in full or to leave a comment, please click here

Rethinking Centralization

In general, my line of thinking here is this: some things work well when they’re distributed, others work well when they’re centralized. Our bodies have a “central nervous system,” which is tied to a single point of failure (the brain), though our brains turn out to have some redundancy. On the other hand, other systems in our bodies are distributed, such as our reaction to being cut (and bleeding to death). What we need to start doing is thinking through what works well where, and figuring out how to move each one to that specific destination.

Another parallel in this space is what we’re facing now in application development. We like to say that we’re moving towards the cloud — which means thin clients and thick servers. The reality is, though, services are being broken down into microservices and distributed, and a lot of the processing that takes place does so on the client side by code pushed there from the server. In other words, our belief that the cloud “centralizes everything” is an oversimplification.

Taking one step back, we can always build centralized systems that scale to today’s requirements — the challenge is that we don’t know what tomorrow’s Continue reading

Structured Approach to Troubleshooting of L3VPN Networks

With the amount of configuration involved in a typical L3VPN configuration, troubleshooting process can get pretty chaotic, especially in a time-constrained environments like CCIE lab. That’s why it is extremely important to have a well-structured approach to quickly narrow down the potential problem area. I used the below algorithm while preparing for my lab exam. Like most of the networking problems, troubleshooting of L3VPNs can and must be split into two different phases - control plane and data plane. All steps must be done sequentially with each next step relying on the successful verification of all previous steps.

Problem definition
CE-1 (10.0.0.1) can not reach CE-2 (10.0.0.2)
Continue reading

European authorities bust cybercrime gang that hijacked business payments

Police in several European countries arrested 49 suspected members of a gang they say broke into corporate email accounts, using them to divert payments from business customers.The gang operated in Italy, Spain, Poland, the U.K., Belgium and Georgia, according to Eurojust and Europol, the two agencies that coordinated and provided support to the police operation on the ground.The gang’s members, who were mainly from Nigeria, Cameroon and Spain, used malware and social engineering to compromise the computers of various large European companies. They then gained access to corporate email accounts and monitored them for payment-related communications from customers.To read this article in full or to leave a comment, please click here

Cisco has an SDN for you

SAN DIEGO -- Cisco is out to prove it has an SDN for everyone.At its Cisco Live conference, the company unveiled offerings to drive programmability across its product line to address the requirements of enterprises, service providers and mega-scale data centers.The additions are to Cisco Application Centric Infrastructure (ACI), Border Gateway Protocol (BGP) EVPN and NX-OS programmable network options. ACI is targeted at the mass market – commercial, enterprise and public sector customers – while BGP EVPN is aimed at service providers and programmable NX-OS at mega-scale data centers.To read this article in full or to leave a comment, please click here

Cisco has an SDN for you

SAN DIEGO -- Cisco is out to prove it has an SDN for everyone.At its Cisco Live conference, the company unveiled offerings to drive programmability across its product line to address the requirements of enterprises, service providers and mega-scale data centers.The additions are to Cisco Application Centric Infrastructure (ACI), Border Gateway Protocol (BGP) EVPN and NX-OS programmable network options. ACI is targeted at the mass market – commercial, enterprise and public sector customers – while BGP EVPN is aimed at service providers and programmable NX-OS at mega-scale data centers.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, June 10

SpaceX working on satellite network to provide InternetSpaceX is working on a network of micro-satellites to provide Internet access, the company’s founder and CEO Elon Musk confirmed via Twitter. The project is in the early stages and will be announced in two to three months, and its aim is to provide Internet access at a low cost, he said.Do Apple’s deals with music labels break antitrust laws?There were murmurs in advance of the Apple Music debut this week that Apple was using the industry power it wields via iTunes to pressure music labels not to permit any free tier streaming through rivals like Spotify. Now it’s been confirmed that the attorneys general of New York and Connecticut are looking into just that issue, and whether Apple may have run afoul of antitrust law in hammering out its deals.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, June 10

Do Apple’s deals with music labels break antitrust laws? There were murmurs in advance of the Apple Music debut this week that Apple was using the industry power it wields via iTunes to pressure music labels not to permit any free tier streaming through rivals like Spotify. Now it’s been confirmed that the attorneys general of New York and Connecticut are looking into just that issue, and whether Apple may have run afoul of antitrust law in hammering out its deals. North Korea threatens U.S. with cyberattacksTo read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, June 10

Do Apple’s deals with music labels break antitrust laws? There were murmurs in advance of the Apple Music debut this week that Apple was using the industry power it wields via iTunes to pressure music labels not to permit any free tier streaming through rivals like Spotify. Now it’s been confirmed that the attorneys general of New York and Connecticut are looking into just that issue, and whether Apple may have run afoul of antitrust law in hammering out its deals. North Korea threatens U.S. with cyberattacksTo read this article in full or to leave a comment, please click here

Show 240 – Software Defined WAN – Night of Nerdery – Live From New York – Sponsored

A live show recorded with a panel of customers who are well advanced into projects to deploy SD-WAN in their Enterprise networks. The Packet Pushers were pleased to be invited to host and record a live recording in New York in partnership with Viptela.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Show 240 – Software Defined WAN – Night of Nerdery – Live From New York – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Top techie Father’s Day gifts

Happy Father’s Day!Even if you’re a huge disappointment of an offspring, you might be able to crack Dad’s stony façade with the right Father’s Day gift. After all, if you give a good enough present, he’ll at least have to pretend that he’s not ashamed of you, right? Or hey, maybe your dad is actually just the best and you want to get him something out of the sheer goodness of your heart, you terrific kid, you. Read on for our top 10 ideas.To read this article in full or to leave a comment, please click here

SweetCAPTCHA users complain of advertising pop-ups

Website owners are complaining that a free security tool started displaying unwanted advertising pop-ups to their visitors.The tool is made by SweetCAPTCHA. It requires users to correctly pick out and match images before they’re allowed to do some action on a website. CAPTCHAs are intended to prevent abuse by spammers and automated registrations by web bots.SweetCAPTCHA was busy Tuesday fielding complaints on Twitter from some who noticed a script that was injecting the pop-up ads. Sucuri, a security company, said the pop-ups promote tech support schemes and bogus dating sites.To read this article in full or to leave a comment, please click here

US House votes to ban Internet access taxes permanently

The U.S. House of Representatives has passed a bill to permanently extend a 17-year moratorium on taxing Internet access and other online services.By voice vote on Tuesday, the House agreed to pass the Permanent Internet Tax Freedom Act, which would prohibit states from taxing Internet access and from levying any new taxes that target Internet services but have no offline equivalent. The bill would prohibit taxes on bandwidth or email, for example.Congress has passed temporary moratoriums since 1998, and the current moratorium is set to expire Oct. 1.The House action sends the bill to the Senate. Some senators have resisted calls for a permanent tax moratorium in recent years.To read this article in full or to leave a comment, please click here

Mozilla doubles maximum bounty for Firefox flaws to $7,500

Mozilla is giving a raise to security researchers who spot Firefox browser vulnerabilities, more than doubling its maximum reward for information on the most high-risk flaws.The change comes as many major companies have launched lucrative bug bounty programs, which benefit software developers by attracting a more diverse set of eyes on their code.“The amount awarded was increased to $3,000 five years ago, and it is definitely time for this to be increased again,” wrote Raymond Forbes, an application security engineer at Mozilla.To read this article in full or to leave a comment, please click here

Instagram cleans up its desktop site, enlarging photos

Instagram is changing the look of its photo-sharing site on the desktop, streamlining the display of people’s photos while also enlarging them.The redesign essentially mirrors the look of profile pages in Instagram’s mobile app. Previously, on the desktop, users’ photos were laid out in rows of five under their bio, with an additional collage of photos above the bio. With the changes, the collage is removed and photos on profile pages are laid out in rows of three, just like in the app, and the photos are bigger.In addition, some of the borders and shading on the desktop site have also been removed. And users’ profile pics, as well as their posts, followers and following counts, appear in the same style as on mobile.To read this article in full or to leave a comment, please click here

1 3,422 3,423 3,424 3,425 3,426 3,819