In a previous article I introduced a project for the configuration backups of F5 devices. It offered an automated, centralized backup service for F5 BigIP devices with a web interface. There was also several features mentioned in the road map. Now after 4 months of tireless work, version 3.0 of the Config Backup for F5 […]
The post F5 Configuration Backups 3.0 appeared first on Packet Pushers Podcast and was written by Eric Flores.
====================================The closure summary shows that operators took 8 hour 39 minutes to manually diagnose and remediate the problem with degraded networking infrastructure. The network related outage described in this example is not an isolated incident; other incidents described on this blog include: Packet loss, Amazon EC2 outage, Gmail outage, Delay vs utilization for Continue reading
Closure Summary: On Tuesday, June 24, 2014, at approximately 1:11 PM UTC, engineers received reports of an issue in which some customers were unable to access the Exchange Online service. Investigation determined that a portion of the networking infrastructure entered into a degraded state. Engineers made configuration changes on the affected capacity to remediate end-user impact. The issue was successfully fixed on Tuesday, June 24, 2014, at 9:50 PM UTC.
Customer Impact: Affected customers were unable to access the Exchange Online service.
Incident Start Time: Tuesday, June 24, 2014, at 1:11 PM UTC
Incident End Time: Tuesday, June 24, 2014, at 9:50 PM UTC
=====================================
I'm thinking about writing a book.
Obviously, there are a lot of networking books on the market today. Search for any mainstream certification on Amazon and you'll find titles from half a dozen publishers. The majority of these are oriented toward specific vendors (most commonly Cisco) and many parallel a given certification exam. These books are overall pretty great. Most of them.
There also exists a minority of books which cover topics outside of the vendor-driven mainstream, like Gary A. Donahue's Network Warrior published by O'Reilly, now in its second edition. I love this kind of independent title because its content isn't constrained to a particular mold. The author finds stuff he thinks is relevant and interesting, and he writes about it. This is the correct way to write a book.
But over the past few years it has become painfully evident to me that there are many areas of this field we simply don't talk about in print, at least not at the entry level where perhaps it would be most helpful. If you want a thirty-page lecture on subnetting or a terrible mnemonic for the OSI model, pick any CCNA book from the pile and you're good to Continue reading
Introduction
This post is inspired by a post at IEOC about Uplinkfast and TCN which
can be found here.
Before we get to those parts, let’s recap how Ethernet and STP work together.
Spanning Tree
The Spanning Tree Algorithm builds a loop free tree by comparing Bridge ID(BID) and
least cost paths to the root bridge. By doing this it blocks all links not leading
to the root.
MAC Learning
Switches learn where to forward frames by looking at the source MAC address of the frame
on the port that the frame was received on. This learning is done in the data plane
as opposed to routing where the routes are learned in control plane. I will come back
to this later in the post.
S4 learns that A is located on port 1 after A has sent a frame. This is stored in
the MAC address table located in Content Addressable Memory (CAM). The CAM is a
fast memory optimized for quick lookups in the table. By default there is a 300
second aging timeout for learned MAC addressesm, meaning that if the switch
does not see any traffic from a source MAC within five minutes the entry will
Continue reading
This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break.
The post Coffee Break – Show 10 appeared first on Packet Pushers.
This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Show Links Cisco Q1 Slump Drops Ethernet Switch Market HP Links SDN, OpenStack […]
The post Coffee Break – Show 10 appeared first on Packet Pushers Podcast and was written by Greg Ferro.
With all of the activity going on in the networking industry right now, and all of the new terminology (as well as old re-invented terminology), it’s quite easy to get messages mixed up. After all, there’s no centralized dictionary for all of this stuff. I’d like to address something that has bugged me for a while.
I’ve now heard from quite a few folks that SDN to them means the ability to automate network tasks. This almost totally misses the point, in my opinion. Network automation should literally be thought of a prerequisite for what we’ll likely be doing on our networks in 10 years; call it SDN if you want. My logic involved with coming to this conclusion is almost 100% about the people involved. Allow me to elaborate.
In my experience the main thing that’s missing from 90% of enterprise networks today is that networking teams have not properly defined their workflows, and/or have not formalized a service catalog to other parts of the business. As a result, everything is fire-fighting, or one-off requests.
Tracking changes historically, and pinning them to business processes is totally impossible (if it’s even attempted), and garbage collection does not occur. Continue reading
We cover all sorts of different topics on this site. Today, we are starting a multipart series on subnetting. These concepts are fundamental building blocks for network administrators, engineers and architects. The subnetting topics outlined in this series should be well understood prior to moving into advanced design or configuration topics. Moreover, the underlying technical concepts of this subject should be understood prior to utilizing any shortcuts to calculate subnet addresses and useable address space.
If I asked this as a multiple choice question, which one of the possible answers would you choose?
If you chose answer B, you are correct. A subnet is a subset of a Classful Network. So the next logical question is, “What is a Classful Network?”
As we answer these questions, we will use “Classful Network” and Network interchangeable. As we move to discussions about subnets, we will explicitly address them as such.
Classful Networks, in TCP/IP terminology are outline in RFC791. It specifically states the following–
Addresses are fixed length of Continue reading
As the infosec community waits for the researchers involved to present their Zeus Gameover take down spoils at the next big conference; ASERT wanted to profile a threat actor that uses both Citadel, “a particularly sophisticated and destructive botnet”, and Gameover, “one of the most sophisticated computer viruses in operation today”, to steal banking credentials.
Citadel Campaign
When a threat actor decides that they would like to start a Citadel campaign they: buy the builder software, build the malware, distribute it to the wild, and then, unfortunately, usually profit. A “login key” in Citadel parlance identifies a specific copy of the builder. This key is also copied into the generated binaries so a link between malware builder and malware is formed. Login keys are supposed to be unique, but due to builders being leaked to the public, some aren’t. For all intents and purposes though, malware researchers use login keys to distinguish between distinct Citadel campaigns.
On October 29, 2013, security researcher Xylitol tweeted that login key 5CB682C10440B2EBAF9F28C1FE438468 was not associated with any of the defendants in Microsoft’s Citadel botnet lawsuit:
ASERT has the following command and control (C2) URLs linked with that campaign. Most Continue reading
SDN/NFV Management and Orchestration
At last week’s Big Telecom Event in Chicago, Caroline Chappell, senior analyst with Heavy Reading (the sister organization of Light Reading) moderated a panel discussion on SDN/NFV Management and Orchestration. Readers of this blog will know that’s a subject near and dear to us at Packet Design, and Cengiz Alaettinoglu, our CTO, was a member of the panel. He was joined by speakers from Infoblox, Overture, UBIqube, and NTT America.
Packet Design CTO, Cengiz Alaettinoglu, speaks at the BTE Conference
Ms. Chappell opened the discussion by posing the question, “How real is SDN/NFV, and how quickly will network operators move from proofs of concept to production deployments?” In keeping with what we had heard in earlier conference keynotes and panel sessions, Doug Junkins with NTT America, the only operator on this panel, stated they are already implementing SDN/NFV in 50 data centers globally. He said the primary business drivers are: (1) driving down the cost of provisioning services and (2) new services creation. When asked how NTT views SDN in the context of NFV, he explained that they use the term network automation in Continue reading
Images – Messing with the stack
So we’ve had some time to digest what containers and images are. Now let’s talk in a little greater detail about images and how they layer. A key piece of docker is how the images stack. For instance, let’s quickly build a container that has 3 user image layers in it. Recall, images are the read-only pieces of the container so having 3 user layers implies that I have done 3 commits and any changes after that will be in the 4th read/write layer that lives in the container itself…
Note: Im using the term ‘user images’ to distinguish between base images and the ones that I create. We’ll see in a minute that a base image can even have multiple images as part of the base. I’m also going to use the term ‘image stack’ to refer to all of the images that are linked together to make a running image or container.
I’ve highlighted each user image creation to break it out. Essentially this is what happened…
-Ran the base CentOS image creating a container called stacking
-Created a file in the container called Continue reading
Global telecom giant Huawei continues to grow their substantial networking footprint by pushing into the enterprise and data center spaces with competitive products. In this podcast, Ian Foo, Director for Data Center Products & Solutions Enterprise Global Marketing at Huawei, joins co-hosts Ethan Banks and Greg Ferro in a discussion focused on Huawei’s CloudEngine switches […]
The post Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.
One of the things that I find both counterintuitive and often misunderstood is the role of the network command in interior gateway protocols. This command is used in the router configuration mode on Cisco devices. While there are some protocol specifics that should be understood, it behaves similarly between RIP, EIGRP and OSPF. The common misconception is that the network statement determines what will be advertised. While it can affect what is being advertised, that is not the direct purpose of this command.
If you have mistakenly thought the network command determines what is being advertised, you’re certainly not alone. We can even find verbiage in the output of “show ip protocols” that lends credibility to this position. Let’s take a look at the following configuration.
In the above example, I have enable EIGRP on all of the interfaces.
interface Loopback0 ip address 1.1.1.1 255.255.255.0 interface Loopback1 ip address 2.2.2.1 255.255.255.0 interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 router eigrp 1 network 1.1.1.1 0.0.0.0 network 2.2.2.1 0.0.0.0 network 192. Continue reading
As we work through this tutorial, we will learn how to use the cloonix graph interface to build a simulation scenario that includes two small IPv6 networks connected to each other by two routers via static routes. We will also learn how cloonix saves network topologies and guest virtual machine root filesystems.
Linux IPv6 network simulation running on the cloonix open-source network simulator
The cloonix open-source network simulator uses KVM virtual machines in the simulated network so, in this tutorial, we will demonstrate real Linux router and host configuration procedures.
First, let’s review the high-level steps we will execute to set up and configure a simulated IPv6 network and then save a network topology and node configurations.
We intend to create a scenario made up of static root filesystems Continue reading
This post is for anyone who’s thought about deploying VXLAN on their network and who like me thinks deeply about stuff, to the point of utter confusion, which hit me on a very hot sunny afternoon. The good news with confusion is, once you’ve cracked the issue (normally one’s correct understanding), the clouds clear and the birds sing.
Virtual Extensible Local Area Network functionality is beginning to hit a wide range of vendor devices. VXLAN provides 16 million (and then some) segments for Layer 2 networks. Some organisations, especially those providing cloud infrastructure currently have or will have problems with the number of VLANs available in 12 bits, which is 4096. In that 4096 number, some are not usable either are reserved for certain things like token-ring and platform specific internal communication.
VXLAN is a simple encapsulation method or a tunnel. It encapsulates the original payload in to UDP packets for transit across an IP network and adds another 50 bytes on to the header tax. At a very high level, VXLAN can be deployed in multicast mode and with unicast. Virtual Network IDs (VNIDs) represent VXLAN segment identifiers. In order to gain connectivity, a network construct Continue reading
