0

Spanning Tree Portfast – The Definitive Guide

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
The spanning tree portfast command is a very simple feature but often mis-understood. In this short post I will explore how this feature behaves, how it works and how to configure it on a cisco switch. Portfast is a Cisco Propietary feature that was originally developed to overcome an issue when a PC was trying... [Read More]

Post taken from CCIE Blog

Original post Spanning Tree Portfast – The Definitive Guide

0

Must bookmark: NSX Link-o-Rama

Brad Hedlund sent me a link to a fantastic list of NSX resources, from design and troubleshooting guides to videos and blog posts. A must-bookmark page if you're even remotely interested in VMware NSX.

0

Generating Web Docs for Ansible Modules

If you have ever worked with Ansible, it’s almost a guarantee that you have used their online docs to figure out what parameters a given module supports, how they should be used, or what their defaults are. Over the past few weeks, I’ve been working on a few custom modules and was trying to find a way to generate web docs for them, and have them locally accessible or easily posted to GitHub.

Ansible offers a way to “make webdocs,” but it generates the complete module inventory and truth be told, I didn’t get this work for my custom modules, so I figured I would explore a “simplified” way — a way that should be able to generate docs as needed for one or more modules on an as needed basis.

The outcome was the creation of an Ansible module and Jinja2 template that automatically generates a markdown file (that can then be viewed or posted anywhere).

How does it work?

The modules you’ve built or are local to your machine (even Ansible core modules) that you want to generate a web doc for must be documented according to Ansible standards. That’s the only major requirement.

From there, Continue reading

0

NAT, Security, and Repeating Myself

In a former post I pointed out that we need to think of obscurity as a tool in network security — that we shouldn’t try to apply rules that are perfectly logical in terms of algorithms to networks as a system. While I’m not normally one to repeat myself, this topic needs a little more […]

Author information

The post NAT, Security, and Repeating Myself appeared first on Packet Pushers Podcast and was written by Russ White.

0

Securing BFD now possible!

Confession Time.

I am guilty of committing several sins. One that egregiously stands out is writing two IETF specs for BFD security (here and here) without considering the impact on the routers and switches implementing those specs. Bear in mind that Bi-directional Forwarding Detection (BFD) is a hard protocol to implement well. Its hard to get into a conversation with engineers working on BFD without a few of them shedding copious quantities of tears on what it took them to avoid those dreaded BFD flaps in scaled setups. They will tell you how they resorted to clever tricks (hacks, if you will) to process BFD packets as fast as they could (plucking them out of order from a shared queue, dedicated tasks picking up BFD packets in the ISR contexts, etc) . In a candid conversation, an ex-employee of a reputed vendor revealed how they stage managed their BFD during a demo to a major customer since they didnt want their BFD to flap while the show (completely scripted) was on. So, long story short — BFD is hard when you start scaling. It just becomes a LOT worse, when you add security on top of it.

The reason BFD is hard is because of Continue reading

0

Securing BFD now possible!

Confession Time.

I am guilty of committing several sins. One that egregiously stands out is writing two IETF specs for BFD security (here and here) without considering the impact on the routers and switches implementing those specs. Bear in mind that Bi-directional Forwarding Detection (BFD) is a hard protocol to implement well. Its hard to get into a conversation with engineers working on BFD without a few of them shedding copious quantities of tears on what it took them to avoid those dreaded BFD flaps in scaled setups. They will tell you how they resorted to clever tricks (hacks, if you will) to process BFD packets as fast as they could (plucking them out of order from a shared queue, dedicated tasks picking up BFD packets in the ISR contexts, etc) . In a candid conversation, an ex-employee of a reputed vendor revealed how they stage managed their BFD during a demo to a major customer since they didnt want their BFD to flap while the show (completely scripted) was on. So, long story short — BFD is hard when you start scaling. It just becomes a LOT worse, when you add security on top of it.

The reason BFD is hard is because of Continue reading

0

News Analysis: CloudGenix, LightCyber, VMware, Meru

This week, Greg and I decided to do a review of some of the briefings we received via an audio recording. We published the audio on the Packet Pushers Community Show feed, which you can subscribe to specifically on iTunes or access via the Packet Pushers Fat Pipe iTunes feed. Here's a summary of my take on these briefings.

0

Exporting NetFlow from Linux to a collector over IPv6

There is another project out there in the ether that I have a hand in providing input for. One of the features that I felt was necessary for it is exporting NetFlow information from traffic the Linux machine handled, to a collector. This is dual-stack traffic, but I have the collector listening on IPv6.

Firstly, I needed something that would gather and export the data, so I found softflowd. My ubuntu server had it in the repo, so a quick apt install got it onto the machine easily enough. You need to edit /etc/default/softflowd and set what interface(s) you want it capturing & generating flow data from, and what options to feed to the daemon, like what server:port to export that data to:

INTERFACE="eth#"
OPTIONS="-v 9 -n [x:x:x:x::x]:9995"

Fill in the correct interface name you want to gather data from. The -v 9 option tells it to use Netflow v9, which has IPv6 support The -n option is used for specifying the collector machine’s IP and port, and fill in for the correct IPv6 address of that collector. Above is the format for specifying an IPv6 host running a collector, like nfcapd. Then you can fire up the softflowd daemon, Continue reading

0

CLUS Keynote Speaker – It’s a Dirty Job but Somebody’s Gotta Do It

Did you guess by the title who will be the celebrity keynote speaker for CLUS San Diego? It’s none other than Mike Rowe, also known as the dirtiest man on TV.

Mike is the man behind “Dirty Jobs” on the Discovery Channel. Little did he know when pitching the idea to Discovery that they would order 39 episodes of it. Mike traveled through 50 states and completed 300 different jobs going through swamps, sewers, oil derricks, lumberjack camps and what not.

Mike is also a narrator and can be heard in “American Chopper”, “American Hot Rod”, “Deadliest Catch”, “How the Universe Works” and other TV shows.

He is also a public speaker and often hired by Fortune 500 companies to tell their employees frightening stories of maggot farmers and sheep castrators.

Mike also believes in skilled trades and in working smart AND hard. He has written extensively on the country’s relationship with work and the skill gap.

I’m sure Mike’s speach will be very interesting…and maybe a bit gross…

The following two links take you to Cisco Live main page and the registration packages:

Cisco Live
Cisco Live registration packages

0

Install the CORE Network Emulator on Amazon AWS

Having set up an Ubuntu Linux server running on a free micro-instance in Amazon’s Web Services EC2 service, I’d like to see how some of the open-source network simulation tools I’ve been using work in the cloud.

First, I will install the CORE Network Emulator on my Amazon AWS EC2 virtual private server. Please read the rest of this post to see how it works.

I expect that the CORE Network Emulator will install and run on an Amazon EC2 instance because it uses Linux Containers (LXC) as its virtualization technology. I have already observed that LXC containers work when run inside a virtual machine on my Laptop computer. It should work the same when running in a virtual machine in Amazon’s EC2 cloud computing service.

Install CORE

I’ve already described how to install the CORE network emulator in previous posts so I will list the installation steps below without any explanation. For details, please see my post on how to install the CORE Network Emulator from source code.

Install prerequisite software

$ sudo apt-get update
$ sudo apt-get install bash bridge-utils ebtables 
  iproute libev-dev python tcl8.5 tk8.5 libtk-img 
  autoconf automake gcc libev-dev make python-dev 
   Continue reading

0

Networking Field Day 9: Brief Recap

I’m sitting in the San Francisco airport with nothing better to do than writing blog posts, so let’s see what we’ve seen and learned during the Networking Field Day 9.

Most videos recorded during the week are already online. You’ll find links to them in the Presentation Calendar section.

Read more ...

0

Yelp sues positive review provider Revleap

Yelp has filed a lawsuit against Revleap, a company that says it can help businesses improve their ratings, though Yelp says it actually spams them and cons them out of money.Revleap, based in Los Angeles, operates a paid service that it says can “create a large constant flow of positive reviews that stay on top of your profile, and remove fake reviews,” according to its website.These sorts of messages are knowingly false, Yelp contends in a lawsuit filed Friday, because Revleap has no way of removing bad reviews or getting good ones to appear more prominently.To read this article in full or to leave a comment, please click here

0

Yelp sues positive review provider Revleap

Yelp has filed a lawsuit against Revleap, a company that says it can help businesses improve their ratings, though Yelp says it actually spams them and cons them out of money.Revleap, based in Los Angeles, operates a paid service that it says can “create a large constant flow of positive reviews that stay on top of your profile, and remove fake reviews,” according to its website.These sorts of messages are knowingly false, Yelp contends in a lawsuit filed Friday, because Revleap has no way of removing bad reviews or getting good ones to appear more prominently.To read this article in full or to leave a comment, please click here

0

Cisco Live 2015 – Mike Rowe Announced as Keynote Speaker

Cisco just announced to the Cisco Champion community that the guest speaker for the keynote is going to be none other than …… Mike Rowe!! In case you don’t know, Mike Rowe is an American TV host, narrator, actor, and former opera singer. He is best-known for his extensive work on the Discovery Channel. He has starred on the shows Dirty Jobs, and narrated many shows including Deadliest Catch, American Hot Rod, and Ghost Hunters. He also did a quick stint on the QVC Shopping Network where he was hired after talking about a pencil for nearly eight minutes. According to his bio,  he worked the graveyard shift for just three years, until he was ultimately fired for making fun of products and belittling viewers. I’ve included one of my favorite videos from his time at QVC down below, be sure to check out some of the other ones if you haven’t seen them.

Mike also founded the mikeroweWORKS Foundation, which promotes hard work. Mike has long been a supporter of the skilled trades and his foundation works hard at awarding scholarships to men and women who demonstrate an aptitude for doing the work that America needs. He is also Continue reading

0

Vint Cerf worries about a ‘digital dark age,’ and your data could be at risk

In this era of the all-pervasive cloud, it’s easy to assume that the data we store will somehow be preserved forever. The only thing to fret about from a posterity perspective, we might think, is the analog information from days gone by—all the stuff on papers, tapes and other pre-digital formats that haven’t been explicitly converted.Vinton Cerf, often called “the father of the Internet,” has other ideas.Now chief Internet evangelist at Google, Cerf spoke this week at the annual meeting of the American Association for the Advancement of Science, and he painted a very different picture.Rather than a world where longevity is a given, Cerf fears a “digital dark age” in which the rapid evolution of technology quickly makes storage formats obsolete thanks to a phenomenon he calls “bit rot.”To read this article in full or to leave a comment, please click here

0

Vint Cerf worries about a ‘digital dark age,’ and your data could be at risk

In this era of the all-pervasive cloud, it’s easy to assume that the data we store will somehow be preserved forever. The only thing to fret about from a posterity perspective, we might think, is the analog information from days gone by—all the stuff on papers, tapes and other pre-digital formats that haven’t been explicitly converted.Vinton Cerf, often called “the father of the Internet,” has other ideas.Now chief Internet evangelist at Google, Cerf spoke this week at the annual meeting of the American Association for the Advancement of Science, and he painted a very different picture.Rather than a world where longevity is a given, Cerf fears a “digital dark age” in which the rapid evolution of technology quickly makes storage formats obsolete thanks to a phenomenon he calls “bit rot.”To read this article in full or to leave a comment, please click here

0

Cisco Live 2015 – Guest Keynote Speaker

The time has come to announce the guest closing Keynote speaker for Thursday!  This information is hot off the press so be prepared for some serious excitement! The closing Keynote speaker is going to be just AWESOME.  I have been asking, as well as have others, for a few years to get this man for the closing […]

The post Cisco Live 2015 – Guest Keynote Speaker appeared first on Fryguy's Blog.

0

Huawei faces outcry over telecom towers in Zambia

China’s Huawei Technologies is facing a growing backlash in Zambia, following revelations that the company is erecting telecom towers that do not adhere to technical specifications.Lawmakers and consumer rights groups have urged the Zambian government to withhold payments to the company until it brings the towers up to the required standard.The Zambian Information and Communication Technology Authority (ZICTA), awarded Huawei a contract to construct 169 telecom towers in rural areas of the country, at a cost of over $13.5 million. It has been established, however, that the coverage of the towers extends to a radius of 1.65 km (one mile) as opposed to the 5 km specification in the contract.To read this article in full or to leave a comment, please click here

0

IRS Banner Fail

So I go to the IRS Page that allows taxpayers to check status of a refund. This is under the number “3” at the following URL–

http://www.irs.gov/Refunds

The following banner pops up prior to setting a browser cookie.

I’m not a lawyer, so I have some questions regarding how to interpret this–

1. Should this be read as–
   1. Use of this system constitutes consent to monitoring, interception, recording, reading, copying or capturing by authorized personnel of all activities. (or)
   2. Use of this system constitutes consent to monitoring, interception, recording, reading, copying or capturing by authorized personnel of all activities.
2. And what does authorized personnel of all activities mean. If I use the system, I have to be authorized, or I’m breaking the law (as identified two sentences later–Unauthorized use is prohibited).
3. So based on #2 above (authorized user). When I use that definition of authorized user in #1, the IRS isn’t accepting responsibility if I somehow happened to perform the following on another user’s information –  monitoring, interception, recording, reading, copying or capturing. (doesn’t exclude my accountability, but it certainly alleviates the IRS accountability)
4. “There is no right to privacy in this system“?
   1. Continue reading

0

Apple is said to recruit engineers for car development project

Apple’s automotive ambitions may extend beyond CarPlay, its vehicle dashboard software.Managers from the company’s iPhone unit are leading employees in automotive research projects at a secret Silicon Valley lab, according to a report in the Financial Times Friday.Apple designers have met with executives and engineers at auto makers and in some cases recruited them, including the head of Mercedes-Benz’s Silicon Valley research and development division, the report says.If Apple is indeed building a car it will quickly run into one of its biggest rivals—Google, which is far along in its development of an autonomous vehicle. Traditional automakers are also getting smarter about incorporating technology in their vehicles. Chevrolet’s cars can come with built-in LTE hotspots, and in January Audi ferried journalists from Silicon Valley to Las Vegas in a self-driving car.To read this article in full or to leave a comment, please click here