0

Private VLAN Trunks :: Pt. 2: The Secondary (isolated) Trunk

Picking up where we left off on the first series, I want to discuss the other trunking option that we have in regards to PVLAN trunks. We might need a quick review on our PVLAN structure before we begin, however:

vlan 100
private-vlan primary
private-vlan association 200-201
vlan 200
private-vlan community
vlan 201
private-vlan isolated

This second trunk type is actually called the secondary, or isolated trunk. Much like the promiscuous trunk, this one has a pretty specific purpose, and that is to flip the VLAN tag when a frame is traversing a trunk. This time however, rather than removing the secondary VLAN tag, and replacing it with the primary tag, we are going to be doing the opposite! Remember how we were doing it with the promiscuous trunk? What happened here is the node with MAC A ingresses and is placed in VLAN 200. However, when it needs to reach the L3 GW (the router), we have to remove the secondary VLAN tag and replace it with the primary VLAN ID of 100 (so that it will hit the proper sub-interface on the router).

The routers return traffic will naturally be in VLAN 100 based on the sub-interface configuration. But Continue reading

0

Vendor Marketing as a Security Risk – Badge Scans and Sign-up Attack Vectors

Many old-style marketing people believe that capturing your contact information is the first step in making a sale. But any capture of your personal information is also leaking critical security information about your organisation, technology and personnel that are perfect for reconnaisance.

The post Vendor Marketing as a Security Risk – Badge Scans and Sign-up Attack Vectors appeared first on EtherealMind.

0

Why Your Presentation Stinks (Part 2)

Last time, we talked a little about making certain your presentation has a point — or a porpoise, as the case might be. This time I want to talk about a few other common mistakes I see network engineers make when building presentations, and actually presenting them.

First, you put too much text on your slides. I know you’re afraid you’re not going to remember everything you want to say, but that’s no excuse to have a 500 word essay on every slide. The bullet points on a slide are supposed to be just that — bullet points. They’re supposed to remind you of what you mean to say at this point in the presentation, not to be the actual words you’re planning on saying.

Okay, I understand we’re running head in to another problem here — what about folks who print my presentation out and take it home to read it later? That’s what hidden slides are for. Put all the text you really want to put into a slide on a hidden slide just after the slide itself. Then pull out just enough words for you to remember what’s on the hidden slide when you’re doing the presentation. Continue reading

0

BGPSEC: Replays, Timers, and Performance

Let’s return to our simple four AS network to look at a number of issues with BGPSEC — the bits you won’t often hear discussed in just about any forum. Assume, for a moment, that AS65000 advertises some route, say 192.0.2.0/24, to AS65001, and not to AS65002. For whatever reason, a few days pater, the […]

Author information

The post BGPSEC: Replays, Timers, and Performance appeared first on Packet Pushers Podcast and was written by Russ White.

0

That Spiegel NSA story is activist nonsense

Yet again activists demonstrate they are less honest than the NSA. Today, Der Spiegel has released more documents about the NSA. They largely confirm that the NSA is actually doing, in real-world situations, what we'ved suspected they can do. The text of the article describing these documents, however, wildly distorts what the documents show. A specific example is a discussion of something call "TUNDRA".

It is difficult to figure out why TUNDRA is even mentioned in the story. It's cited to support some conclusion, but I'm not sure what that conclusion is. It appears the authors wanted to discuss the "conflict of interest" problem the NSA has, but had nothing new to support this, so just inserted something at random. They are exploiting the fact the average reader can't understand what's going on. In this post, I'm going to describe the context around this.

TUNDRA was a undergraduate student project, as the original document makes clear, not some super-secret government program into cryptography. The purpose of the program is to fund students and find recruits, not to create major new advances in cryptography.

It's given a code-name "TUNDRA" and the paragraph in the document is labeled "TOP SECRET". The Continue reading

0

Docker for network engineers. Part 1 – What is Docker?

Forget OpenStack, forget VMWare, Docker is the new kid on the block.

TL;DR

Docker and Linux containers result in more dense VMs per physical servers, increasing the network load per physical server and developers use it to run more VMs than ever before.

Also, there is no vSwitch (that is the most important peace of information).

What is Docker?

Docker is an echo system built on top Linux containers. To tell the tale, we need to start with Hypervisors.

Hypervisors

The "regular" virtualization is a hardware virtualization. That means that a hypervisor such as ESX, or even your laptop running vmware/vbox, emulates several virtualized physical servers running side by side on a single physical machine.

Notice that each virtual machine is running it own OS. That is wasteful. Especially because it is very rare to find two applications running inside a single server, so for each application, we run the OS too.

The plus side is that you can run any mix of OSes side by side on the same physical server.You can run Windows, Linux, Solaris, IOSv, ASAv, CSR1000v, vMX, Alteon VA, F5, Vyatta, etc.... concurrently on one physical server.

Linux Continue reading

0

Docker Overview

Even though Linux container technology has been available for quite some time, Docker has revolutionized the container technology with its simple packaging that allows portability of applications. Docker packages the applications along with the dependencies like related libraries into an simple image. This single image can be then run on different locations like bare-metal, VM, … Continue reading Docker Overview →

0

Show 218 – OSPF Design Part 2

A long time ago, Packet Pushers ran an OSPF Design Part 1 show. That show went after the default design guides that network engineers have been reading for years, making the big point that you can scale a single OSPF area quite large indeed. But…that’s not the entire story about OSPF areas. Areas still have their use cases, […]

Author information

The post Show 218 – OSPF Design Part 2 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

0

How to configure GNS3 installed on Linux to support more than 8 NIC for Qemu Instances

Recently I have read a question on GNS3 forum asking whether Qemu supports more than 8 network adapters. According to Google search,

0

How to configure GNS3 installed on Linux to support more than 8 NIC for Qemu Instances

Recently I have read a question on GNS3 forum asking whether Qemu supports more than 8 network adapters. According to Google search, maximum number of adapters for Qemu virtual machines can be configured with a parameter #define MAX_NICS 8 in a file ./include/net/net.h under Qemu source tree. After you set desirable value you must compile and install Qemu from source.

However I have noticed that changing the integer value in the line #define MAX_NICS  has no effect on the maximum number of NIC allowed for Qemu VMs. I notice that I can start Core Linux Qemu machine with 18 network adapters even Qemu 2.2.0 was compiled with parameter #define MAX_NICS set to 1.

Now we know that Qemu itself does not limit the maximum network adapters to 8. We will go ahead and investigate GNS3. Navigate to Edit -> Preferences -> QEMU VMs and click on existing Qemu VM. Click on Edit button for this VM and navigate to Network tab. Increase the number of Adapters to 9.

The GNS3 1.2.1 allows to add maximum 8 NICs for a particular Qemu virtual machine. To avoid this limitation we have edit GNS3 source files and recompile GNS3 GUI and server. Here are the the steps for Linux.

1. Download and extract GNS3 1.2.1 Linux Continue reading

0

Don’t Let Wireshark’s Assumptions Mislead Your Troubleshooting

In an effort to educate myself on the inner workings of WebEx, I recently looked at a session with Wireshark. Knowing that WebEx audio has the ability to use UDP or TCP, I wanted to isolate the protocol being employed in my configuration. I watched for a new stream of traffic as I enabled the audio portion of a meeting. I found that the audio was using UDP port 9000.

I next applied a filter to see only this traffic. What immediately jumped out at me was what appeared to be malformed and fragmented packets. I also noticed a lot of strange IP addresses like 1.0.0.0, 1.0.0.1, 0.0.0.30, 0.0.0.31 and so on.

Knowing that the audio was working perfectly, I could have easily concluded that my eyes were deceiving me. When I looked closer, I quickly realized that Wireshark was recognizing and decoding this as if the packets were Lawful Intercept.

Changing the Decode Type

This is a common scenario and the solution is straightforward. In Wireshark, right-click any of the packets and choose Decode As…

At this point, a new window will appear. Make sure the Transport tab is selected then choose Do Continue reading

0

Group based policy in Opendaylight

This is a continuation of my previous blog on Group based policy(GBP). In this blog, I will cover the GBP features in Opendaylight helium release, Use-cases that are published in the Opendaylight wiki as well as different usecase that I tried out. Group based policy in Opendaylight: Following diagram is from Opendaylight GBP wiki: Openstack here … Continue reading Group based policy in Opendaylight →

0

Network Break 25

Another week of looking critically and cynically at the technology market, especially networking and storage.

Author information

The post Network Break 25 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

0

Merry Christmas from the iPexpert Family!

0

End of Year Training Promotions :: Extended

As a special year-end promotion, our 12 Days of Christmas AND our Black Friday promotions are back! 

Be sure to visit this URL for savings of upwards of 80%!:https://www.ipexpert.com/products/twelve-days for details.

0

Merry Christmas

I wanted to wish my readers a Merry and safe Christmas! If you don’t believe in Christmas, then Happy Hanukkah Happy Kwanzaa, Happy Holidays or whatever else you may believe in. We all need...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

0

How to integrate F5 BIG-IP VE with GNS3

I would like to start by saying Merry Christmas and Happy Holidays season to all. In between spending time with my family, decorating the Christmas three and opening presents, I did find some time to play around with my hobby and testing something in the lab.

Read more on How to integrate F5 BIG-IP VE with GNS3…

0

Group based policy

There is lot of work going on in both Openstack and Opendaylight projects on Group based policy and I will try to capture my learnings in the next few blogs. Group based policy(GBP) is an abstracted way of specifying interactions between the applications rather than using infrastructure specifics. In the networking context, for example, rather … Continue reading Group based policy →

0

The Next Network Transformation: We have only just begun

Whenever we get to the end of a year we have this tendency to reflect on what has happened in the past year and how we can improve in the coming year. It’s natural to use the change of calendar year as a point in time to think back, even though practically speaking it is usually the most chaotic time of the year between shopping, family and year and quarter end at work.

Almost every industry will go through waves of change and transformation. Real change and transformation is driven by powerful market forces of demand coupled with technology leaps that allow an escape from incremental changes that drive day to day improvements. Networking has gone through several of these transformations. From dedicated main frame based connectivity, to coax based shared ethernet to switches ethernet in local area networks. From 1200 baud dialup serial connections through X.25 (yes, that’s the European in me) to leased T1 to ATM, to Frame Relay, to Packet over SONET to MPLS and various flavors of wide area ethernet services. Some of these were incremental, some of them truly transformational.

When you look back, each of these changes in network technology was very much Continue reading

0

Resources for learning HP Comware

HP is making more resources available to help with learning Comware. They’ve added free labs and courses to the already published simulators and virtual routers. This is a good resource for those looking to get started with Comware.

HP Network Simulator (HNS, aka Simware)

HP’s Network Simulator (HNS) is a modelling tool for simulating HP Comware networks. It includes Layer-2 functionality, and lets you test things like LACP & IRF. I found it too slow when I first tried it, but this has improved significantly with current versions. It is free to download.

HP has now started publishing simple labs you can work through with HNS:

• Lab 1 – Basic management
• Lab 2 – Port and link management
• Lab 3 – Port-based and protocol-based VLANs

These are short labs that cover HNS setup, and device configuration. Quick and easy, they show how to use the tool, and give you a taste of Comware configuration. They’ve also released a free 1-hour online course that goes through how to use HNS.

VSR1000

I’ve covered the HP VSR1000 previously. This Continue reading