OSPF Authentication – Part 1

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
There are three types of OSPF authentication. Type 1 – no authentication Type 2 – clear text Type 3 – cryptographic (MD5 or SHA) Lets explore each type in a lot more detail and then look at the router configuration for some real world examples. Authentication can be configured on a per area or per... [Read More]

Other pages of interest:

Post taken from CCIE Blog

Original post OSPF Authentication – Part 1

Cisco Reveals New Products – The Time of Multigigabit is Here

Wireless networks are becoming faster and faster. With 802.11ac Wave 2, wireless networks will be capable of achieving speeds up to 6.8 Gbps. This creates challenges when connecting APs to switches which normally run Ethernet at 1GE or 10GE. To meet these evolving demands, Cisco has as of today revealed some new products.

Cisco is releasing a new compact switch supporting multigigabit technology, the Cisco Catalyst 3560-CX. The most compelling new features are support for multigigabit interfaces, more power available for PoE, support for 10GE on the uplinks and being able to be deployed as an Instant Access switch. It also support PoE pass through which can help save on long cable runs. The Catalyst 3560-CX supports two multigigabit interfaces.

3560-CX-1

This device is fanless, so it can be deployed in cubicles to decrease the need for a wiring closet. It also has the support for role based security. Cisco’s goal is to provide for a better working environment, which they call “Next Generation Workspace”.

Next-gen-workspace-1

If you are a technical person, you are probably wonder about the multigigabit ports. IEEE only has 1GE, 10GE and so on. Cisco started the NBASE-T Alliance with Aquantia, Freescale, and Xilinx. Other members Continue reading

Making Your Wireless Guest Friendly

Wireless

During the recent Virtualization Field Day 4, I was located at a vendor building and jumped on their guest wireless network. There are a few things that I need to get accomplished before the magic happens at a Tech Field Day event, so I’m always on the guest network quickly. It’s only after I take care of a few website related items that I settle down into a routine of catching up on email and other items. That’s when I discovered that this particular location blocked access to IMAP on their guest network. My mail client stalled out when trying to fetch messages and clear my outbox. I could log into Gmail just fine and send and receive while I was on-site. But my workflow depends on my mail client. That made me think about guest WiFi and usability.

Be Our (Limited) Guest

Guest WiFi is a huge deal for visitors to an office. We live in a society where ever-present connectivity is necessary. Email notifications, social media updates, and the capability to look up necessary information instantly have pervaded our lives. For those of us fortunate enough to still have an unlimited cellular data plan, our connectivity craving Continue reading

DDoS Attacks in the Wake of French Anti-terror Demonstrations

On January 15th, France’s chief information systems defense official, Adm. Arnaud Coustilliere, announced a sharp rise in online attacks against French web sites:

“Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, …” [1].

As we’ve done in the recent past for North Korea [2], Hong-Kong [3], and Israel [4], we can leverage Arbor’s ATLAS initiative to observe how real world conflict is reflected in the digital realm. ATLAS receives anonymized Internet traffic and DDoS event data from over 330 participating Internet Service Providers worldwide. In particular, we are interested in DDoS attacks before and after Sunday, January 11th. As reported in [1],

“Coustilliere called the attacks a response to the massive demonstrations against terrorism that drew 3.7 million people into the streets Sunday across France.”

In order to gauge this response, we compare the DDoS attacks that took place between January 3rd and January 10th to the DDoS attacks that took place between January 11th and January 18th inclusive.

Attack Frequency

Between January 3rd and January 18th, a total of 11,342 Continue reading

That HP SDN App Store

HP SDN App Store Logo

December 2014 found me in Barcelona as a guest of HP at the “HP Discover” event. Nominally I went to see what was up in the world of networking, but as you can imagine with the breadth of products that HP produces, I found myself looking at all sorts of things. I’ll cover a few fun things in other posts, but I’ll start with a bit of networking because, well, this is MovingPackets after all.

HP SDN App Store

I mentioned the HP SDN App Store in a previous post about HP Openflow. One of the fears I raised was how an App Store would work in terms of support. Talking to a contact at HP made things a little clearer, and there’s actually quite a nice – and perhaps obvious – support plan for the Apps you can download. Effectively, there are three tiers of supported applications as I understand it, and a glance at the App Store shows that these are now called “Apps Circles”:

  1. App Circle 1: Apps that HP develops. These have full support direct from HP, as they are HP products, effectively.
  2. App Circle 2: Apps that are developed by HP AllianceOne partners Continue reading

Field Trip: Networking Field Day

Very excited to announce I was invited to participate in Networking Field Day #9. The first question is: What is Networking Day? Well it is an event where we (networkers) get to participate, listen, and interact with various different vendors. And I’ll be joining a great group, a few of which I’ve met at the […]

Brocade offering free SDN for one year

Brocade this week said it is shipping its SDN controller and offering it free for one year.Brocade’s Vyatta Controller was announced last September. It is based on the OpenDaylight open source “Helium” release.+ MORE ON NETWORK WORLD: Why SDN All-Stars are heading to Brocade +To read this article in full or to leave a comment, please click here

Drums of cyberwar: North Korea’s cyber-WMDs

People ask me if today's NYTimes story changes my opinion that North Korea didn't do the Sony hack. Of course it doesn't. Any rational person can tell that the story is bogus. Indeed, such stories hint the government is hiding something.

The story claims the NSA has thoroughly hacked North Korea since 2010, and that's what enabled the US government to tell who was responsible for the Sony hack. But if this were true, then we hacked first, and the Sony hack is retaliation -- meaning we had no justification for Obama's sanctions. But, if the story is false, then again sanctions against North Korea aren't justified, because we don't have the proof our government claims. True or false, this story means the U.S. sanctions against North Korea aren't justified.

The reason this story is nonsense is that it's not journalism. It relies almost entirely on anonymous sources in the government. These aren't anonymous whistle-blowers who fear retaliation, but government propagandists who don't want to be held accountable. The government exploits the New York Times, promising them exclusive breaking news in exchange for them publishing propaganda. This allows government to have a story that is simultaneous true and false, Continue reading

Wi-Fi: The jungle of the Unlisenced

This is a follow-up on the recently published Packet Pushers Show 221 – Marriott, Wifi, + the FCC with Glenn Fleishman & Lee Badman. Let me begin by stating my role in the ecospace: I am currently overseeing the expansion of broadband into Indianfield Co-operative Campground (indianfieldcampground.com) in the town of Salem (A less populous […]

Author information

Mitchell Lewis

Mitchell is a young technology professional with an interest in networking & communications. He takes an interest in the ever changing telecom space as well as other networking technologies (datacenter etc). His main hobby project is overseeing the expansion of broadband into a co-operative campground, shares of which are owned by a family member.

Mitchell currently is a Cisco Certified Entry Level Tech (CCENT Certified) with intentions of obtaining higher as time permits. He graduated from the Connecticut Technical High School system with a focus in Information Systems Technology (Combination of Higher Ed MIS & Computer Science). While there he developed the production computing platform for his academic department( servers, networking, desktop).

He is currently pursing higher education from the UCONN School of Business & welcomes any opportunity to further advance his experience in the IT Field & professional Continue reading

vLAG Caveats in Brocade VCS Fabric

Brocade VCS fabric has one of the most flexible multichassis link aggregation group (LAG) implementation – you can terminate member links of an individual LAG on any four switches in the VCS fabric. Using that flexibility is not always a good idea.

2015-01-23: Added a few caveats on load distribution

Read more ...

Docker Networking 101 – The defaults

We’ve talked about docker in a few of my more recent posts but we haven’t really tackled how docker does networking.  We know that docker can expose container services through port mapping, but that brings some interesting challenges along with it.

As with anything related to networking, our first challenge is to understand the basics.  Moreover, to understand what our connectivity options are for the devices we want to connect to the network (docker(containers)).  So the goal of this post is going to be to review docker networking defaults.  Once we know what our host connectivity options are, we can spread quickly into advanced container networking. 

So let’s start with the basics.  In this post, I’m going to be working with two docker hosts, docker1 and docker2.  They sit on the network like this…

 

image 
So nothing too complicated here.  Two basic hosts with a very basic network configuration.  So let’s assume that you’ve installed docker and are running with a default configuration.  If you need instructions for the install see this.  At this point, all I’ve done is configured a static IP on each host, configured a Continue reading

Validation Testing Matters

A couple of weeks ago, a CLN Member Posted a question with the heading Does ASA drop active session.

The specific question was as follows–

I have a time based ACL configured on a Cisco ASA. I need to know if the active sessions are dropped by the ASA when the time limit is over.

For example, users are allowed to connect between 12 and 1 PM. If there are any active connections just before 1 PM then will they be dropped at 1 PM?

Many network and security administrators would blindly assume that a time-based ACL would block or allow traffic based on the time-range attached to the individual ACE. Having quite a lot of experience with the ASA, I was skeptical and assumed that any ongoing connections would continue to allow the flow of traffic. I decided to do a little testing and here is what I found.

  1. Viewing the ACL, the time based ACE (line in the ACL) switched from active to inactive about 60-70 seconds after I expected it to
  2. When testing with sessionized ICMP (fixup protocol icmp–to enable ICMP inspection), ICMP Echoes were blocked as soon as the ACE switched to inactive
  3. Testing with TCP, a connection through Continue reading

Configuring a load balancer with VMware NSX

In the previous post a NAT has been configured to allow access from external networks:   Now the edge router will act as a load balancer too: connection to the edge router with destination port 2222 will be balanced on both internal VM using the port 22. Go to “Networking & Security -> NSX Edges”, […]
1 3,643 3,644 3,645 3,646 3,647 3,837