Catalyst MLS QOS – part I

This post represents the solution and explanation for quiz-7. The junior network administrator tried to update the configuration on a switch by enabling mls qos and immediatelly created an outage. See what happened !

Tough Questions To Ask Network Vendors When Evaluating Products

Introduction In my previous post, I proposed investing in careful planning to extract the maximum value from your vendor meeting. But what happens when the presentation begins? In this post, I’ll outline a few high-level questions and lots of in-depth questions to help you get a better understanding of the ‘real’ product that’s being sold. High-level […]

Author information

John Harrington

John is an experienced data center engineer with a background in mobile telecoms. He works as a network test engineer for a large cloud service provider, and is gradually accepting that he's a nerd. He blogs about network technology and careers at theNetworkSherpa.com. You can reach him on twitter at: @networksherpa

The post Tough Questions To Ask Network Vendors When Evaluating Products appeared first on Packet Pushers Podcast and was written by John Harrington.

RADIUS server Infrastructure

How does the internet work - We know what is networking

In short RADIUS means Remote Authentication Dial-In User Service server or proxy.  This is the best technology and as far as I know the only technology for all centralized accounting and authorization for connecting to networks. It is a standard. This technology will help you control who will be able to connect to your network and who will not […]

RADIUS server Infrastructure

EIGRP Filtering with Offset-list and Delay

EIGRP Offset-list is usually used to increase the metric of routes being advertised over a link, but can it be used to filter EIGRP prefixes?

I thought about using offset-list in RIP to filter specific routes and thought how about doing the same thing in EIGRP? I haven’t run into any examples or blog posts of using Offset-list in EIGRP to filter routes so I thought about labing it out to see if that’s possible.

To test it, I went to the handy GNS3 with the following topology.

Three routes R1, R2 and R3. R1 advertises a Loopback0 subnet 10.1.1.1/32 which I will use to test filtering using offset-list. As you can see in the diagram, I changed the Delay for each interface to 1 just to make things easier for metric calculation (including loop0 interface). I also set the EIGRP metric weight to only consider delay and not to look at bandwidth for metric calculation, again to make things easier.

My goal is to set an offset-list on R2 to filter routes to R3 using Delay and offset-list commands only. Theoretically, if I know the max metric of EIGRP routes and I apply an offset-list with Continue reading

Vendor Certifications: A Career Jump Starter

“…I’d love to share how certifications have propelled me into a mid-level networking position. I can share my own personality, thoughts, and views on the subject… as long as I’m doing self-study. I don’t like having a teacher and same goes with a job, I personally really enjoy being my own technical lead, which I […]

Author information

Joey Lucero

Joey Lucero

Joey's a fairly recent college grad on the verge of a promising new career in networking. No matter how much he learns, it's never enough... So he spends the majority of his free time studying, labbing, and blogging.

The post Vendor Certifications: A Career Jump Starter appeared first on Packet Pushers Podcast and was written by Joey Lucero.

Webinar – Anuta Networks Demonstrates nCloudX – Register Now

This past January, Anuta Networks came out of stealth at Cisco Live in London, showing off their nCloudX platform, an SDN controller aimed at multitenant cloud providers. Anuta’s nCloudX controller can manage hardware common to many networks. As such, Anuta isn’t forcing providers to install OpenFlow switches, build a tunnel fabric, or otherwise disrupt their production environments […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Webinar – Anuta Networks Demonstrates nCloudX – Register Now appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Jumbo Frames Beyond the Broadcast Domain

I’ve run into many circumstances where jumbo frames are enabled, most notably in the data center. After all, allowing for a maximum tranmission unit of greater than 1500 bytes allows us to transmit more data per frame As I explained in Part 2 of my QoS Series, MTU can be a touch subject. Do it wrong, and you encounter one of two big network problems. One potential issue when configuring jumbo frames at L2 is that stuff just doesn’t work.

Jumbo Frames Beyond the Broadcast Domain

I’ve run into many circumstances where jumbo frames are enabled, most notably in the data center. After all, allowing for a maximum tranmission unit of greater than 1500 bytes allows us to transmit more data per frame As I explained in Part 2 of my QoS Series, MTU can be a touch subject. Do it wrong, and you encounter one of two big network problems. One potential issue when configuring jumbo frames at L2 is that stuff just doesn’t work.

Intenet Access with Dot1q Tunnel

Is there a way to provide internet service over a dot1q tunnel using VLAN tunneling? Yes, there is a way, it is not the most intuitive method but works nicely. Basically it has to do with what does the switch do with untagged frames when they arrive on a tunnel port. In this configuration, the untagged frames (native VLAN 200) are not tunneled but go to the routed interface for processing. As long as the provider’s switches has a routed interface for the customer ID VLAN and a default route, traffic should reach the Internet.

To explain this, I’ll use a basic topology with 4 switches and one router. SW1 and SW2 are service provider switches, with their interfaces Fa0/21 configured as dot1q-tunnels using access VLAN 100. SW3 and SW4 are customer switches and R1 is acting as the service-providers internet edge router.

 

Internet Access with Dot1q Tunnel
Service provider’s switches SW1 and SW2 relevant configuration:

interface FastEthernet0/21
 switchport access vlan 100
 switchport trunk encapsulation dot1q
 switchport mode dot1q-tunnel
 no cdp enable

Customer ID is VLAN 100 and the port fa0/21 is set to mode dot1q-tunnel.

Customer Site A’s SW3 relevant configuration:

interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 200
 switchport  Continue reading

Cisco ASA Packet Captures for Fun and Profit

As many of you know my background isn’t in enterprise, but I currently fill that role in my $job. In order to succeed I’ve had to develop many new skills including learning Cisco Wireless, UCS, a little Fibre Channel, and of course Cisco ASA. While I have been using firewalls for many years, I’ve never used the ASA for anything more than a user firewall, or for supporting a small branch. So yes, my skills are lacking in the ASA market compared to other technologies, and when you get deep into the grind with any product you’re going to need some new tricks to aid in your troubleshooting. This is where ASA paacket captures come into place.

Define Interesting Traffic

As with any packet capture, or even log viewing the amount of noise involved generally dwarfs the data you actually want to find. In order to ease your pain Cisco has allowed us filter out packet capture using an ACL.

FW# access-list FOO line 1 extended permit ip any host 10.2.1.5 
FW# access-list FOO line 2 extended permit ip host 10.2.1.5 any

Once you have your traffic defined, you need to setup your capture. Continue reading

IPv6 – SLAAC Stateless Address Autoconfiguration

How does the internet work - We know what is networking

As you will see here there are two kinds of IPv6 address autoconfiguration. One of them is the old well know way to automatically configure IP address from IPv4 world, DHCP. The other way to make the autoconfiguration in IPv6 world in new and really interesting as it leaves the host the ability to make the autoconfiguration by […]

IPv6 – SLAAC Stateless Address Autoconfiguration

Packet Design to exhibit at Cisco Live! 2013

Packet Design will be exhibiting at Cisco Live 2013, June 23-27 in Orlando, Florida. We'll be showcasing Route-Flow Fusion℠ from booth #1612 near the Cisco Live Lounge where you can pick up one of our new 'Now I know everything' T-shirts.

Plus, wear the shirt at the conference to enter a raffle to win a Beats-by-Dre Wireless Speaker.



Register to attend the event here:
www.ciscolive.com/us/registration-packages

Show 139 – Making Your Way Down The Path To Nirvana

Regular hosts Greg Ferro & Ethan Banks are joined by Brandon Carroll, Josh O’Brien, and Tom Hollingsworth in Packet Pushers Weekly Show 139. We translate all the SDN hype into a more practical conversation about what network engineers should be doing to update their skills. This is a mostly raw podcast with little editing – just […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 139 – Making Your Way Down The Path To Nirvana appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Quick Tip: Improvised File Transfer

The Python module "SimpleHTTPServer" is traditionally a quick and dirty way to test web code without the overhead of installing a full webserver. You can also use it as a quick way to transfer files between systems, if you have Python available:

jswan@ubuntu:~$ python -m SimpleHTTPServer 8080
Serving HTTP on 0.0.0.0 port 8080 ...

This causes Python to make all the files in the current directory available over HTTP on port 8080. From the client system, you can then use a browser, curl, or wget to transfer the file.

No, it's not secure, and yes, it may violate data exfiltration policies (and as an aside, Bro detects this by default). But I've used it fairly often to move files between Windows and Mac or Linux in situations where SCP isn't available and I don't feel like setting up a fileshare.

I've also used this in conjunction with the "time" command to test the effects of latency on various network protocols, and as an improvised way to test WAN optimization software.


Rambling on about IP fragmentation

Fragmentation! Squarely on-topic for this blog, I guess.

An issue on a customer's network had me thinking about IP fragmentation recently, and now I find myself pounding some things that I find interesting about fragmentation into my keyboard.

Where should an oversized datagram be sliced?
RFC791 suggests a scheme by which an IP datagram is sliced up so that the resulting fragments just fit out the constraining interface. This seems sensible, but there are some gotchas:
  • If we fragment a 1500 byte packet to fit into a PPPoE link, we might wind up with 1492 bytes in the first datagram (20 bytes header, 1472 bytes payload) and 28 bytes in the second packet (20 bytes header, 8 bytes payload). This works great until that first fragment tries to transit a GRE tunnel (MTU 1476) further along its path. If the PPPoE router had chopped the datagram in half, both fragments would fit through the GRE tunnel without any problem.
  • Depending on the MTU, we might not be able to make precisely MTU-sized fragments. This is because the fragment offset value in the IP header is expressed in terms of 8-byte chunks. Every IP fragment must have an offset that's a multiple Continue reading

Network Field Day 5

Yesterday kicked off the 5th iteration of Network Field Day. For those that haven’t heard of Tech Field Day, you need to check it out - there’s something for everyone, and it’s a great event that gets the technical details from vendors on their solutions. The delegates that are invited are what I consider thought leaders in each field. I’ve had the privileged of blogging, podcasting, and even meeting with them in person over the past few years, and they’re just the right kind of folks to help keep these vendors honest.

Network Field Day 5

Yesterday kicked off the 5th iteration of Network Field Day. For those that haven’t heard of Tech Field Day, you need to check it out - there’s something for everyone, and it’s a great event that gets the technical details from vendors on their solutions. The delegates that are invited are what I consider thought leaders in each field. I’ve had the privileged of blogging, podcasting, and even meeting with them in person over the past few years, and they’re just the right kind of folks to help keep these vendors honest.

Extracting The Most Value From Network Vendor Presentations

Vendors love nothing more than getting in front of their customers and talking about their products. You’ll always learn something from a presentation, but mostly they are an exercise in death-by-powerpoint. In this post, I’ll provide some some tips on getting the most from your time in these presentations. Vendor presentations can be really informative […]

Author information

John Harrington

John is an experienced data center engineer with a background in mobile telecoms. He works as a network test engineer for a large cloud service provider, and is gradually accepting that he's a nerd. He blogs about network technology and careers at theNetworkSherpa.com. You can reach him on twitter at: @networksherpa

The post Extracting The Most Value From Network Vendor Presentations appeared first on Packet Pushers Podcast and was written by John Harrington.

1 3,644 3,645 3,646 3,647 3,648 3,680