NetworkingNexus.net

Using the OSPF Forwarding Address for traffic-steering

In this fairly short post, id like to address a topic that came up on IRC (#cciestudy @ freenode.net). Its about how you select a route thats being redistributed into an OSPF NSSA area and comes into the OSPF backbone area 0.

For my post i will be using the very simple topology below. Nothing else is necessary to illustrate what is going on.

First off, id like to clarify a few things about what takes place when redistributing routes into an NSSA area.

What happens is that you have an external network, 4.4.4.4/32 in our example. This is _not_ part of the current area 1. When this network is being redistributed into area 1, its forwarding address will be set to the highest active interface of the redistributing router in the area (R4 in our case). The highest interface in the area local to the router is Loopback100 with an address of 44.44.44.44/32.

*A reader noted that a loopback address will beat a physical interface even if it has a lower address. This is true and goes for OSPF in general. Thanks!

Lets verify the configuration on R4 and the result of Continue reading

Optimized Roaming, RSSI Low Check, RX-SOP, Oh My!

In the Cisco landscape today, there are three features that usually come up in the same conversation. They all solve what I'd call "related" problems, but are not the same. They are incredibly useful features and do share one thing in common...you must know your RF environment before implementing them. I'll provide use-cases and examples below, but it should be noted that in the case of "Optimized Roaming", this is based on public information currently available and could change prior to the WLC AirOS version 8.0 release.

Optimized Roaming

The problem:
The well known "sticky client" issue. For the uninitiated, when a client refuses to roam to an assumedly "better" AP (closer, stronger RSSI, better SNR etc.) that client is being "sticky". Why is this bad? Consider the following example of a lecture hall:

As the client enters the room, it associates to AP-1. As it moves farther away from AP-1 it's RSSI gets weaker, SNR gets worse, retransmissions occur, dynamic rate-shifting happens, and you end up with a client communicating at a much lower data-rate. Lower data-rate consumes more air-time to transfer the same information, resulting in higher channel utilization. Ideally, the client would roam to Continue reading

400k Views in 4 Years – A Review of My Last 4 Years

Very often in our lives we are fully focused on what is going to happen in the
future. We rarely look back at what we have done and how we got to where we
are now. People that know me, know that I’m a very focused person that is always
looking to improve my skillset.

In July of 2010 I decided that I wanted to become a CCIE. I was a CCNP at that
time and I was working in a role where I did 2nd level support. I decided that
I wanted to blog to keep my notes for the CCIE online. I wrote my first blog
post on July 16, 2010. Today on August 16, 2014, almost four years later I passed
400k views on the blog. It’s been an amazing journey and here is a look back at
what has happened since then. This post is meant to be inspirational, to see
what can be accomplished in four years if you put your heart to it, please don’t
take it as boasting :)

For my CCIE studies I used INE workbooks, I decided that it would be good practice
to answer questions on their forums to keep Continue reading

CPUG, and The Risk of Single-Admin Communities

CPUG, a Check Point user forum, is near death. The owner has been forced to get rid of it, but rather doing a graceful handover, it has been shut down pending a possible sale. This is a great shame, and it highlights the risks of contributing to a forum controlled by a single person.

CPUG.org started out as an independent Check Point forum in around 2005. It was seeded with Phoneboy’s original FW–1 FAQs, and quickly became the premier independent source of Check Point information. If you had a Check Point problem, chances were you could get a quick answer there.

I used to do a lot of Check Point work, and so I knew a fair bit about it. I had the time, knowledge, and the desire to help the community, so I got involved with CPUG, and became a top contributor. I put a huge amount of effort into it over the years, and hopefully I helped solve a few people’s problems. I have moved away from contributing recently, for various reasons.

At its best, the forum was a fantastic resource, where many of the smartest people were working to help solve the trickiest issues. It became Continue reading

Host-MLAG: Don’t Let a Switch Bring Down Your Servers

How do you protect against failures in a data center? Selecting a stable location and using quality equipment is a good start.

But no matter how much you spend and how lofty the promises of the vendor, hardware does fail. And because systems do inevitably fail, redundancy is your friend when it comes to minimizing the impact of a failure. Systems have redundant power supplies and fans. The connections between systems are redundant. The systems themselves are redundant. And in some cases entire data centers are redundant in different geographical locations.

With the release of Cumulus Linux 2.2, there is now an open solution for redundant layer 2 top of rack, or ToR, switches. No longer will a single ToR switch failure take out your entire rack of servers. This is because Cumulus Linux 2.2 includes Host-MLAG, which allows servers to connect to redundant ToR switches using active-active LACP bonding. Some of the advantages of Host-MLAG include:

Unlike a single ToR solution, with Host-MLAG, the failure of one ToR switch still provides full connectivity to all of the servers.
With active-active connections to the ToRs, the bandwidth to and from the servers is doubled.
Host-MLAG requires no special Continue reading

HP OMW: Still Kicking, But Only Just

A year ago I asked “Has HP Abandoned Operations Manager?” There had been no significant development for a long time, and the signs were that HP was moving away from OM to OMi.

Last week HP made a move that confirms my original thinking: It’s dead (it just doesn’t know it yet). HP released a Customer Letter announcing an extension to the “End of Committed Support” date, from December 31, 2016 to June 30, 2018:

HP is committed to providing the highest level of customer care to you while you determine your future strategy for your HP Operations Manager for Windows 9.0x & HP Operations Manager for Windows Basic Suite 9.1x products.

(emphasis mine)

That’s right, no new version announcement, just extending support for the current version. Implication: no new versions coming any time soon.

Applying a few volts to OMW 9.0

HP has released patches OMW_00185 and OMW_00187 for OMW 9.0. These include the usual bugfixes, and these enhancements:

Web console enhancements resulting in feature parity with the MMC console while offering significant performance advantages
Management Server platform support extension to Windows Server 2012 and Windows Server 2012 R2
MMC Console Continue reading

Grow up, you babies

When I came home crying to my mommy because somebody at school called me "grahamcracker", my mother told me to just say "sticks and stones may break my bones but names will never hurt me". This frustrated me as a kid, because I wanted my mommy to make it stop, but of course, it's good advice. It was the only good advice back then, and it's the only solution now to stop Internet trolls.

In its quest to ban free speech, this NYTimes article can't even get the definition of the word "troll" right. Here's the correct definition:

"somebody who tries to provoke an emotional reaction"

The way to stop trolls is to grow up and stop giving them that emotional reaction. That's going to be difficult, because we have a nation of whiners and babies who don't want to grow up, who instead want the nanny-state to stop mean people from saying mean things. This leads to a police-state, where the powerful exploit anti-trolling laws to crack down on free-speech.

That NYTimes article claims that trolling leads to incivility. The opposite is true. Incivility doesn't come from me calling you a jerk. Instead, incivility comes from your inability to Continue reading

File encryption on the command line

This list is just a reference which hopefully saves some googling. Let's make it clear that we're talking about symmetric encryption here, that is, a password (or better, a passphrase) is supplied when the file is encrypted, and the same password can be used to decrypt it. No public/private key stuff or other preparation should […]

Where is Metadata Anyway?

There is an emerging picture that while networks, and network operators, make convenient targets for various forms of national security surveillance efforts, the reality of today’s IP network’s are far more complex, and Internet networks are increasingly ignorant about what their customers do. The result is that it's now quite common for Internet networks not to have the information that these security agencies are after. Not only can moderately well-informed users hide their activities from their local network, but increasingly this has been taken out of the hands of users, as the applications we have on our smartphones, tablets and other devices are increasingly making use of the network in ways that are completely opaque to the network provider.

Jr. Network Admin Willing to Work In Columbus, Ohio? Let’s Talk!

Carenection is where I currently work as the Senior Network Architect. We are looking for a Junior Network Administrator. If you’re an experienced network engineer with many years under your belt, this is not your opportunity. But if you’re just getting into the networking field and are looking for a position where you can learn […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Jr. Network Admin Willing to Work In Columbus, Ohio? Let’s Talk! appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Free Custom Handwriting Font for Network Designs

I've made my own handwritten font for those moments when you are "sketching" network diagrams and it is free for you to use.

The post Free Custom Handwriting Font for Network Designs appeared first on EtherealMind.

Cisco Nexus L3 daughter card

One of my customer had an issue regarding a Nexus 5K and its L3 daughtercard. Everything was fine on the switch except that no adjacency could be performed with its neighbors. I gave a quick look at the licensing and all was all right : [crayon-55aea0d9aae5e703354181/] Then I checked that some L3 features are Up […]

Cisco Cuts Another 6000 Jobs Q4 2014 – Should I Be Concerned ?

Cisco announced another 6000 job cuts in the Q4 2014 Results announcement yesterday in addition to the 5000 job cuts announced last quarter. Cisco has (or had) approx. 75000 employes so that’s a lot of jobs (more than 20%) in a short period of time and this leaves me pondering the impact to the products […]

The post Cisco Cuts Another 6000 Jobs Q4 2014 – Should I Be Concerned ? appeared first on EtherealMind.

Preliminary Book Topics

As I announced earlier this summer, I'm working on writing a book targeted to people entering the field of computer networking. I've got a fair amount of content fleshed out already, but figured it might help to get some feedback on the tentative structure. The book is being written in a question-and-answer style, organized into chapters by subject.

Below is the preliminary table of contents. It's still very much a work in progress, but I'm curious what people think of this approach. Constructive criticism and suggestions for additional content are welcome!

Continue reading · 45 comments

Internets of Interest – 13 August 2014

Collection of useful, relevant or just fun places on the Internets for 13 August 2014 and a bit commentary about what I've found interesting about them:

The post Internets of Interest – 13 August 2014 appeared first on EtherealMind.

Demystifying the IS-IS database

I’ve gone over the OSPFv2 and OSPFv3 databases in depth before. Now is the time for IS-IS. As always, I’ll start from a basic two router set up and add devices to the topology. Basic LSPs In OSPF we use the term LSA, Link-State Advertisement. In IS-IS we use the term LSP – Link-State PDUs. […]

Rolling back to Maven 3.0.X on OSX (Homebrew)

The current version of Maven in Homebrew at the time of writing is 3.2.2

This is great... unless one of the plugins in your project doesn't support it and then you have to downgrade :(

Fortunately it's not too painful

brew uninstall maven
brew tap homebrew/versions
brew install …

Rolling back to Maven 3.0.X on OSX (Homebrew)

The current version of Maven in Homebrew at the time of writing is 3.2.2

This is great... unless one of the plugins in your project doesn't support it and then you have to downgrade :(

Fortunately it's not too painful

brew uninstall maven
brew tap homebrew/versions
brew install maven30

@dave-tucker

Five Sinkholes of newGOZ

By Dennis Schwarz and Dave Loftus

It has been a few weeks since news broke of the Zeus Gameover variant known as newGOZ. As has been reported, the major change in this version is the removal of the P2P command and control (C2) component in favor of a new domain generation algorithm (DGA).

The DGA uses the current date and a randomly selected starting seed to create a domain name. If the domain doesn’t pan out, the seed is incremented and the process is repeated. We’re aware of two configurations of this DGA which differ in two ways: the number of maximum domains to try (1000 and 10,000) and a hardcoded value used (0×35190501 and 0x52e645).

Date based domain generation algorithms make for excellent sinkholing targets due to their predictability, and provides security researchers the ability to estimate the size of botnets that use them. With this in mind, we have gathered five days worth of newGOZ sinkhole data. Our domains are based on the first configuration, since this configuration seems to be used the most in the wild.

As with all sinkhole data, many variables can affect the accuracy of victims such as network topology (NAT and DHCP), timing, Continue reading

Introducing the Multicast “Dating Service” (aka the “RP”)

In February of 2001 I attended a 5 day multicast class within Cisco taught by none other than Beau Williamson! In both his book and during the class, he kept referring to the multicast rendezvous point (RP) as: “a meeting place for multicast receivers and senders (almost like a multicast dating service for multicast routers)” -Developing IP Multicast Networks, […]

Author information

Denise "Fish" Fishburne

CPOC Engineer at Cisco Systems

Denise "Fish" Fishburne, (CCIE #2639, CCDE #2009:0014, Cisco Champion) is a team lead with Cisco's Customer Proof of Concept Lab in Research Triangle Park, N.C. Fish loves playing in the lab, troubleshooting, learning, and passing it on.

The post Introducing the Multicast “Dating Service” (aka the “RP”) appeared first on Packet Pushers Podcast and was written by Denise "Fish" Fishburne.

« Previous 1 … 3,571 3,572 3,573 3,574 3,575 … 3,694 Next »