ACLs Supported on 3560&3750 Switches– Part II (VLAN Maps)
On 3560 and 3750 series switches, there are several ACL types that can be used, each with its own features and restrictions. This post represents the second part covering VLAN maps.
What Does The Cloud Mean To Your Network?
If you're an IT professional you've probably been hearing a lot about cloud computing lately. I know I've sat through a number of seminars and sales pitches where people have been touting public cloud services on the merits of lower cost, reducing infrastructure and quicker implementation of services. However, I've noticed that almost none of these presentations discuss the increased reliance on Internet connectivity. With all the focus on the benefits of cloud computing, it's easy to forget that there has to be a trade-off. In order to offer reliable, quality access to public cloud services, your Internet connectivity likely needs some tuning.
ACLs Supported on 3560 & 3750 Switches – Part I (Port ACL & Router ACL)
On 3560 and 3750 series switches, there are several ACL types that can be used, each with its own features and restrictions. This post represents the first part covering Port ACLs and Router ACLs.
JNCIE Tips from the Field :: Summarization Made Easy
Today we'll start with a series of articles covering tips and techniques that might be utilized by JNCIE candidates, whether pursuing the JNCIE-SP, JNCIE-ENT, or even the JNCIE-SEC. The tips and techniques I will be covering might prove to be useful during a lab attempt but could also be used in real-world scenarios to save time and minimize configuration burden in addition to eliminating mistakes that might otherwise be made. I want everyone to understand that what I am about to write is simply a technique. I am not divulging any materials or topics which are covered under NDA.
NOTE: For full disclosure, I must reveal that I am an employee of Juniper Networks in their Education Services department. As such, I take the responsibility of protecting the content and integrity of the exam as well as the certification credentials very seriously. I would never reveal anything which would allow a candidate to have in-depth knowledge of any specific topics or questions that may appear on the exam. Not only that, I worked REALLY, REALLY hard to achieve my JNCIE certifications, and I believe everyone else should too! It's certainly more rewarding that way too don't you think?!
Juniper as-path-expand with bgp communities
With working in an ISP enviroment I always find myself trying to automate or create process for others to follow so I don’t have to do the work ;-) I recently started to look at BGP communities and to see … Continue reading
Day One Guide: Junos Tips, Techniques, and Templates 2011
I am happy to announce that Juniper has just released a new Day One Guide entitled "Junos Tips, Techniques, and Templates 2011". For this particular Day One Guide, Juniper Networks Books and J-Net joined forces and requested the best and brightest Junos tips and techniques from the Junos user community. In fact, the book was created after a thorough selection process which included reviewing over 300 submitted tips by over 100 individuals on the J-Net community boards at forums.juniper.net.
I am honored that Juniper accepted my contributions and decided to include them in this guide. My contribution "Automatically Allow Configured BGP Peers in a Loopback Firewall Filter" covers how to configure a Junos prefix-list in conjunction with the apply-path features to parse a configuration and then dynamically build a list of matching prefixes for use in a firewall filter.
Outside of my meager contribution, this guide is chock full of dozens of useful tips and techniques and is an indispensable guide for anyone involved in managing Juniper platforms on a daily basis.
Junos Tips, Techniques, and Templates 2011 can be ordered on Amazon in hardcopy or Kindle edition, and is also available as a free download in PDF format. Enjoy!
Securely Wipe Your Hard Drive the Quick and Dirty Way
We’ve all heard about tools like Darik’s Boot and Nuke for performing secure hard drive wipes suitable for even the most paranoid. However, in a pinch, there’s an alternative that often goes overlooked, but is able to erase data at a level comparable to all the usual standards like DoD (or even the incredibly obnoxious 35-pass Guttmann method) The ‘shred’ utility exists on nearly every popular Linux live CD/DVD and can be executed in a live environment to do the job when it’s all you have.Securely Wipe Your Hard Drive the Quick and Dirty Way
We’ve all heard about tools like Darik’s Boot and Nuke for performing secure hard drive wipes suitable for even the most paranoid. However, in a pinch, there’s an alternative that often goes overlooked, but is able to erase data at a level comparable to all the usual standards like DoD (or even the incredibly obnoxious 35-pass Guttmann method) The ‘shred’ utility exists on nearly every popular Linux live CD/DVD and can be executed in a live environment to do the job when it’s all you have.Network 2.0: Virtualization without Limits
So the theme of the day is Network Virtualization, Software defined networks and taking virtualization to its logical conclusion i.e. server, storage and network in a giant resource pool that can be allocated/assigned any which way. Although its easier said then done. Server and Storage virtualization were a bit simpler since we were dealing with one OS that needed to provide the right abstraction layer. The H/W resource pool (disk, cpu, network, memory, etc) was managed by the single OS so provisioning it between various virtual machines or storage pool was a bit simpler. The network by definition is useful only when multiple devices are connected and trying to treat them as a single resource pool is harder. A virtual networks has to deal with not just links, bandwidth, latency and queues but also
higher level functionality like routing, load balancing, firewalling, DNS, DHCP, VPN, etc. etc. And we haven’t even talked about how this all will hook up together along with virtual machines and virtual storage pool in a easy manner. Now before you argue that every component is already virtualized (which is very true), one could argue that it still doesn’t give me a virtual network. It Continue reading
Net-SNMP 5.6.1 Missing hrSystemProcesses OID
I just upgraded a couple of machines to OpenBSD 4.9 and noticed the hrSystemProcesses OID was not being returned by Net-SNMP 5.6.1 (from the 4.9 ports/packages collection) . joel@theta:~% snmpwalk -v2c -c public theta .1.3.6.1.2.1.25.1.6.0 SNMPv2-SMI::mib-2.25.1.6.0 = No Such Instance currently exists at this OID I know for sure this worked on OpenBSD 4.8/Net-SNMP 5.4.2.1. Turns out there is a bug in Net-SNMP 5.6.1 (bug 3166568) that's causing this. It's been fixed in their SVN tree.Introduction to OpenFlow
Ah - I can finally breathe a sigh of relief, for I am finally done with my Senior Design sequence, as well as my undergraduate education. I’ve been feeling a little out of place, actually, since I’ve been in research mode for the last 9 months for my IPv6 project. So, after a short break, I decided to get back into things that I was just getting started with before all of that started.Introduction to OpenFlow
Ah - I can finally breathe a sigh of relief, for I am finally done with my Senior Design sequence, as well as my undergraduate education. I’ve been feeling a little out of place, actually, since I’ve been in research mode for the last 9 months for my IPv6 project. So, after a short break, I decided to get back into things that I was just getting started with before all of that started.Next Generation Mesh Networks
The proper design of a network infrastructure should allow for a number of key traits that are very desirable in an overall network design. First, the infrastructure needs to provide redundancy and resiliency without a single point of failure. Second, the infrastructure must be scalable in both geographic reach as well as bandwidth and throughput capacity.
Ideally, as one facet of the network is improved, such as resiliency; it should also improve on bandwidth and throughput capacity as well. Certain technologies work on the premise of an active/standby method. In this manner, there is one primary active link – all other links are in a standby state that will only become active upon the primary links failure. Examples of this kind of approach are 802.1d spanning tree and its descendants rapid and multiple spanning trees in the layer 2 domain and non-equal cost distance vector routing technologies such as RIP.
While these technologies do provide resiliency and redundancy they do so at the assumption that half of the network infrastructure is unusable and that a state of failure needs to occur in order to leverage those resources. As a result, it becomes highly desirable to implement active/active resiliency Continue reading
The Importance of Networking
Networking is constantly being promoted throughout a huge range of industries, and is generally being seen as more valuable than ever before. However, all too often, it can be swept under the carpet. Those of us who work with technical industries can be particularly prone to not making the most of our networking opportunities. However, […]Junoshere. For the masses?
It is amazing how sleepy you feel when sitting in a relatively dark auditorium after a buffet lunch. I sat through a presentation on Junosphere which looked fantastic and just what the community has been crying out for so we … Continue reading
World IPv6 Day: What It Is and What You Should Do
Arguably the most important day for IPv6 since it was created is World IPv6 Day, which falls on June 8th, 2010. This has been a highly publicized day when the top internet content providers like Google, Facebook, and Yahoo provide native IPv6 DNS records to their sites. But what does this mean? And how can you be prepared? Most of all, what will break, if anything? What will happen on World IPv6 Day?World IPv6 Day: What It Is and What You Should Do
Arguably the most important day for IPv6 since it was created is World IPv6 Day, which falls on June 8th, 2010. This has been a highly publicized day when the top internet content providers like Google, Facebook, and Yahoo provide native IPv6 DNS records to their sites. But what does this mean? And how can you be prepared? Most of all, what will break, if anything? What will happen on World IPv6 Day?OSPF on CE-PE links
A pretty long post that summarizes the characteristics of OSPF protocol when using it on a CE-PE link. Read along to review its features, learn about BGP extended communities and loop prevention mechanisms for OSPF on CE-PE links.