NetworkingNexus.net

NetCitadel and Software Defined Security

It’s been an exciting couple of weeks in the security realm, with a number of innovative startups appearing. That’s refreshing because recently most “innovation” in the security space has been something involving a new way of marketing a signature or reputation based system – and that’s just a bit rubbish, and not a little tiresome. Most […]

Author information

Neil Anderson

Neil is a freelance network security architect and contractor working with a number of clients in Scotland and Europe. He is CCIE #18705 and also holds a CISSP. He can often be found sampling beer in remote locations and ranting about tech to anyone too stupid to run away. If you're very unlucky, he may talk to you in Gaelic.

Neil can be occasionally be found on Twitter.

The post NetCitadel and Software Defined Security appeared first on Packet Pushers Podcast and was written by Neil Anderson.

Pull My Strings, I’m Your Puppet: Juniper Bringing DevOps to Networking

The buzzword in the industry of late is DevOps. It is one that I hope isn’t tarnished by the marketing machine where buzzwords go to die. DevOps is the shift in the paradigm of network and infrastructure management. Centralized infrastructure that is transparent to the administrator and end-user, IaaS, cloud – whatever you want to […]

Author information

Anthony Burke

ABOUT ANTHONY - Network Engineer, blogger and CCIE wannabe. I am a guest blogger on PacketPushers, my own content over at blog.ciscoinferno.net and on Twitter @pandom_

The post Pull My Strings, I’m Your Puppet: Juniper Bringing DevOps to Networking appeared first on Packet Pushers Podcast and was written by Anthony Burke.

Uplink Fast

Uplink Fast
___________

Cisco enhanced the original 802.1D specification with features such as Uplink Fast to speed up the convergence time of a bridged network.
The drawback is that these mechanisms are proprietary and need additional configuration. The UplinkFast feature is a Cisco proprietary technique that reduces the recovery time further down to the order f 1 sec

Normal Scenerio without Uplink fast
————————————
Assume SW1 = Root Bridge
SW3 = access switch with one of its uplinks in blocking mode
Uplink from SW3 to SW2 via port A is primary and SW3 to SW2 via port B is redundant uplink

SW1——————- SW2
–                             -
    –                         -
      –                    -
         –               -
             -SW3-

suppose uplink SW3 to SW1 fails,port A goes down immediatly.SW3 consider now link to SW2 as its still receiving BPDUs from root,but to get the link to forwrding state ,it will take 30 sec(learning and listening stage) Port B reaches forwarding state after 30 sec qnd network connectivity is established.

Scenerio with Uplink fast
—————————

Note: 1) The switch has only two uplinks.
2) The switch has more than two uplinks, but the STP parameters are set in such way, that Continue reading

What I’ve Been Doing Lately

Beside Cisco and my MBA, I work as managing director for a non-profit organization GEM Foundation that I founded last year along with other Indonesian professionals.

Our focus is to help preparing Indonesian students and young professionals, as the next generation leaders for my country, to be prepared for the global competition.

Our activity includes regular biweekly Webex session by experienced professionals and entrepreneurs, mostly live outside the country, to share their knowledge, wisdom, experience, tips and tricks in finding a job, getting a job, or creating a job.
In average 70-80 students and young professionals attended our session.

We always try to meet the students in person in order to provide inspiration and opportunity to have face-to-face and open discussion. Last year I met more than 400 students and professionals during my visit to 4 universities in Indonesia.

My activity won me spot in national news. But I didn't bother.

Early this month I went to one technical high school and couple of universities in one Indonesian city called Malang, to do something similar like last year. I was given honor to give keynote speech in the annual event arranged by the alumni of the high school.

I Continue reading

CCDE Group Study by INE

Over the weekend I attended the CCDE group study sponsored by INE in Chicago. Discussion and material were let by Petr Lapukhov and Brian McGahan. I’m very excited to see high level networking event in my hometown. We had about 15-20 people in the class. This was my first exposure to CCDE so it was a lot of information absorbing. The test is composed of 4 scenarios. You have about 8 hours to pass the computerized test. Just like in other written Cisco certifications, you can’t go back once you answer the question. The test seems to be based on mastering the design’s information extraction from pages and pages of information. Most of the technology focus is on MPLS, routing, QoS and some security.

In the group study we went through Cisco’s CCDE practice demo (https://learningnetwork.cisco.com/docs/DOC-2438). I thought the discussion was very interested, especially from people that have been studying for the test. If you take it and want to look at the solution you can find it at http://www.shafagh.net/2012/08/ccde-demomystery-solved.html. Next we went through INE’s CCDE practice scenarios written by Petr and Brian.

Mainly, I wanted to post some very interesting documents that Continue reading

Quiz #9 &#8211 BGP peering over a Cisco ASA

Your company has 2 offices that are interconnected via a firewall (Cisco ASA) as shown below. You received the task to configure a BGP session between the border routers but something does not go according to plans.

PBR – Policy-based Routing configuration example

How does the internet work - We know what is networking

Policy-Based Routing Configuration Here we will show different examples for configure specific PBR types: Enabling PBR on the Router Fast-Switched PBR Local PBR CEF-Switched PBR Enabling PBR This command will define that the router will use PBR and that the PBR will use route-map named TEST. R1(config)# route-map TEST permit 10 Defines a route map […]

PBR – Policy-based Routing configuration example

Show 136: Avaya – Considerations for Turning your Network into an Ethernet Fabric – Sponsored

We’ve done a few shows now on Ethernet Fabrics where we have been getting deep into the different technology options and different vendor implementations. Avaya has sponsored this show where we actually interview customers who were early adopters of fabric-based and talk about what drove these customers to implement a network fabric, how they went […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Show 136: Avaya – Considerations for Turning your Network into an Ethernet Fabric – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Network behind an IPSec VPN peer

In this lab, I tried to simulate an environment where there are two customers, each connected to their respective ISP. Now, in real world, this might not be the best way things are done, but this lab is for the sake of understanding how VPNs deal with networks behind a VPN peer.

PE: Provider Edge equipment

CPE: Customer Premise equipment

Following is the network diagram. CPE1 and CPE2 are customer edge routers. PE1 and PE2 are respective ISP provider edge routers. Each router connects to another over a /30 point to point link. Each router has a loopback (Lo0) with an IP address in the 192.168.0.0/16 range as shown.

CPE1 has a site to site VPN tunnel to PE1.

PE1 has two site to site VPN tunnels, one to CPE1 and another to PE2.

PE2 has two site to site VPN tunnels, one to PE1 and another to CPE2.

CPE2 has a site to site VPN tunnel to PE2.

I had a problem with VPN Hairpinning and wanted to build a lab to find possible solutions. I started off building the lab and after bringing up VPNs, I realized I built the lab wrong. Notice how Continue reading

Default route and RIB/FIB entries

If a router has multiple routes to a network over multiple routing protocols, it stores all routing information in the RIB. This information may not be necessarily used when determining best path to the network. To determine best path to the network, CEF uses the FIB. I understand this.

Consider a network where:

R2 ------- R1 ------- R3

R2 (10.0.0.2/24) connects to R1 (10.0.0.1/24)

R1 (192.168.0.1/24) connects to R3 (192.168.0.2/24)

On R2, R3: I have default routes pointing to R1:

R2: ip route 0.0.0.0 0.0.0.0 10.0.0.1

R3: ip route 0.0.0.0 0.0.0.0 192.168.0.1

Now, from R2, I can ping R3 fine.

R2#ping 192.168.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/39/44 ms

So, I try to see the route entry for 192.168.0.2

R2#sh ip route 192.168.0.2

% Network not in table

I don't see it. So I look at the CEF/FIB.

Recursive Routing with Tunnels – study case: GRE over IPsec

This post represents the solution and explanation for quiz-6. Running dynamic routing protocols over tunnels can result in recursive problems. Read more to understand the problem and some solutions.

A Cloud Without IPv6

As a Data Center junkie, I daily bear witness to the glorious transformations that are taking place all around me with respect to the “next-generation” of data center. Everyone who wants to move their DC to the next level are millions of dollars worth of DC networking gear that is EXTREMELY cutting edge, enabling virtualization and cloud to do things we only dreamed of being able to do mere years ago.

A Cloud Without IPv6

Using GNS3 for Switching Labs

For so long, I’ve heard - as have many of you I’m sure - that GNS3, though a GREAT emulator for Cisco IOS software, is not practical for studying anything related to switching. Routing is handled just fine, but because of the proprietary ASICs in Cisco switches, it is not something that can be easily reverse-engineered, thus GNS3 cannot do it. After all, all routing is essentially done in software in GNS3.

Using GNS3 for Switching Labs

Quiz #8 &#8211 MPLS: inside Provider’s Core

You are a network engineer of a company that provides MPLS services to more customers. Your teams tries to increase the redundancy, but instead they receive complaints that connectivity is broken. What's wrong?

The “D” in SDN

I have seen the conversation around SDN evolve over what amounts to the last few years from something that was barely whiteboard material, to something on everyone’s lips in this industry. Why? What’s so interesting about these three little letters? Well, if you’ve heard of it, you’ve undoubtedly heard from your local vendor account manager that their product is the leader in the SDN market, or that they just made a big acquisition that really puts them ahead in the SDN space, blah, blah, blah.

The “D” in SDN

TRIO Card: packet capture with pfe commands

During a complex case on Juniper platform, I looked for a tip to capture transit traffic on a MX960 with Trio cards. Indeed, I suspected a Junos box to rewrite transit mpls traffic with an unexpected exp value. As I love carry out reverse engineering,...

TRIO Card: packet capture with pfe commands

« Previous 1 … 3,646 3,647 3,648 3,649 3,650 … 3,680 Next »