0

Manually calculating MST digests

Switches sharing an MST region must agree on three things:

• The region name
• The region revision level
• The region's mapping of VLANs to STP instances

 lab-catalyst#show spanning-tree mst configuration  
 Name   [lab]  
 Revision 3   Instances configured 4  
 Instance Vlans mapped  
 -------- ---------------------------------------------------------------------  
 0     4-9,40-99,101-199,201-299,301-4094  
 1     1,10-19,100  
 2     2,20-29,200  
 3     3,30-39,300  
 -------------------------------------------------------------------------------  
 lab-catalyst#show spanning-tree mst configuration digest  
 Name   [lab]  
 Revision 3   Instances configured 4  
 Digest     0x37D94E0098E3418C046F217A71077FB1  
 Pre-std Digest 0xFC2190275BBB19CD9A6F1BB116DB10E7  
 lab-catalyst#  

Procurve:

 lab-procurve# show spanning-tree mst-config  
  MST Configuration Identifier Information  
  MST Configuration Name : different              
  MST Configuration Revision : 4    
  MST Configuration Digest : 0x37D94E0098E3418C046F217A71077FB1  
  IST Mapped VLANs : 4-9,40-99,101-199,201-299,301-4094  
  Instance ID Mapped VLANs  
  ----------- ---------------------------------------------------------  
  1      1,10-19,100  
  2      2,20-29,200  
  3      3,30-39,300  
 lab-procurve#  

Because their VLAN-to-instance mapping is the same, both switches arrived at the same digest value. Note that Continue reading

0

My Network Toolkit

A while back, Chris Marget of Fragmentation Needed posted a run-down of his comprehensive and extremely clever network toolkit. Because I'm something of a weight weenie, mine is a lot more slimmed down. I thought I'd post it here:




The contents:

1. Two random USB drives (in case I need to leave one with somebody).
2. Single-mode and multi-mode LC fiber loopback plugs.
3. Rack PDU plug adapter.
4. Awesome PicQuic compact screwdriver (thanks to Chris's post).
5. T1 loopback plug (red) (because we still have T1s out here in the boonies).
6. Cat-6 pass-through plug (white).
7. Crossover adapter (orange).
8. Sharpie.
9. Console setup:

1. USB-to-DB9 adapter.
2. DB9-to-RJ45 adapter.
3. Flat Cat-6 cable.
4. Rollover adapter.
5. Velcro tie
6. Flat Cat-6 cable with velcro tie.

The console setup could probably be improved by adding a DB9 null-modem adapter. The coolest thing (IMO) that I'm missing from Chris's setup is the Bluetooth console adapter -- maybe one day.

The Fenix AA light and Leatherman Skeletool CX almost always live in a pocket rather than the kit and go with me everywhere. The kit all fits into a small zippered case that used to hold a Dell laptop power supply.

My main goal here was to have all the hard-to-find professional stuff in Continue reading

0

My Network Toolkit

A while back, Chris Marget of Fragmentation Needed posted a run-down of his comprehensive and extremely clever network toolkit. Because I'm something of a weight weenie, mine is a lot more slimmed down. I thought I'd post it here:




The contents:

1. Two random USB drives (in case I need to leave one with somebody).
2. Single-mode and multi-mode LC fiber loopback plugs.
3. Rack PDU plug adapter.
4. Awesome PicQuic compact screwdriver (thanks to Chris's post).
5. T1 loopback plug (red) (because we still have T1s out here in the boonies).
6. Cat-6 pass-through plug (white).
7. Crossover adapter (orange).
8. Sharpie.
9. Console setup:

1. USB-to-DB9 adapter.
2. DB9-to-RJ45 adapter.
3. Flat Cat-6 cable.
4. Rollover adapter.
5. Velcro tie
6. Flat Cat-6 cable with velcro tie.

The console setup could probably be improved by adding a DB9 null-modem adapter. The coolest thing (IMO) that I'm missing from Chris's setup is the Bluetooth console adapter -- maybe one day.

The Fenix AA light and Leatherman Skeletool CX almost always live in a pocket rather than the kit and go with me everywhere. The kit all fits into a small zippered case that used to hold a Dell laptop power supply.

My main goal here was to have all the hard-to-find professional stuff in Continue reading

0

Friday News Analysis: “Size Matters” Tech Podcast for SMB’s Launching

I noticed a tweet about a new tech podcast that will be starting soon focused on the SMB space. I used to consult for SMBs, and I know the needs to be unique. SMBs often have many of the same technical needs of large organizations, but lack the scale requirements. Technology purchases are expensive, and business […]

0

Greg DeKoenigsberg’s Blog: A Good Year for Ansible

Ansible's VP of Community, Greg DeKoenigsberg, compiled a nice statistical look back at our 2014. 

Here is a nice example of Ansible's growth on GitHub:

Read the full post on Greg's blog.

0

Using the Junos Space REST API

Automation is going to be fundamental in all networking products. I’ve been working a lot on integrating Juniper products in existing and standard software. There are many different ways to automate something on a network running Junos. Using REST (or RESTful) APIs is one way of doing this. The reason I’m using REST is that it’s fairly easy to understand, but the best thing is that a large amount of existing products supports REST to integrate with it.

The goal of this blog is to explain how Junos products support REST, compatibility with older versions and how it scales.

What is REST?

REST (REpresentational State Transfer) is a simple stateless architecture that generally runs over HTTP. There are 4 commonly supported commands. When you issue a command your input data consists of a URL, HTTP headers and a body holding the data.

HTTP Headers are used for things like Authentication and a Content Type to let the application know what data format the body will contain.
The URL specifies which data you want to receive from the application or you want to change.
The body is empty in a request for data, when you want to change some data this Continue reading

0

Networking FAQ 1: Breaking into the Field

This post is the first in a series I plan to publish over the next few months regarding frequently asked questions in networking. Each post will cover a different subject, roughly following the outline I shared last summer. I hope people find this useful!

Continue reading · 2 comments

0

The Most Important Skill to learn for 2015

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
In this ever advancing world of technology there has never been a better time to be able to get things done anywhere, but there has also never been so many distractions stopping you getting things done. With the constant connectivity to the internet, facebook, twitter, etc etc we are now absorbing more information every hour... [Read More]

Post taken from CCIE Blog

Original post The Most Important Skill to learn for 2015

0

Anybody can take North Korea offline

A couple days after the FBI blamed the Sony hack on North Korea, that country went offline. Many suspected the U.S. government, but the reality is that anybody can do it -- even you. I mention this because of a Vox.com story that claims "There is no way that Anonymous pulled off this scale of an attack on North Korea". That's laughably wrong, overestimating the scale of North Korea's Internet connection, and underestimating the scale of Anonymous's capabilities.

North Korea has a roughly ~10-gbps link to the Internet for it's IP addresses. That's only about ten times what Google fiber provides. In other words, 10 American households can have as much bandwidth as the entire country. Anonymous's capabilities exceed this, scaling past 1-terabit/second, or a hundred times more than needed to take down North Korea.

Attacks are made easier due to amplifiers on the Internet, which can increase the level of traffic by about 100 times. Thus, in order to overload a 10-gbps link of your target, you only need a 100-mbps link yourself. This is well within the capabilities of a single person.

Such attacks are difficult to do from your home, because your network Continue reading

0

The GoP pastebin hoax

On 20 December, the GOP posted Pastebin messages that specifically taunted the FBI and USPER2 for the "quality" of their investigations and implied an additional threat. No specific consequence was mentioned in the posting.

Which was refering to this pastebin with the vague threat:

P.S. You have 24 hours to give us the Wolf.

Today, @DavidGarrettJr took credit for the Pastebin, claiming it was a hoax. He offered some evidence in the form of the following picture of his browser history:


Of course, this admission of a hoax could itself be a hoax, but it's more convincing than the original Pastebin. It demonstrates we have no reason to believe the original pastebin.

In the hacker underground, including pastebin, words get thrown around a lot. There was nothing in the pastebin that Continue reading

0

A Bright And Happy 2015 Ahead

Welcome to a new year finally divisible by five! This is a year devoid of extra February days, Olympics, or anything else. It’s a chance for us to take a look at technology and make things better and easier for users and IT staff. It’s also probably going to be called the year of VDI, NFV, and SDN. Again.

Rather than writing a wrap up post for the end of 2014 like so many other sites, I like to look at what I said I was going to do 365 days ago and see if I followed through on them. It’s a way to keep myself honest and also to see how the year transformed around me and my goals.

Looking at 2014

Thankfully, my goals for 2014 were modest. I wanted to get more involved with the people in the IT industry. And I did that in a big way. I went to a ton of conferences and events through the year. Cisco Live, VMworld, and HP Discover Barcelona were all on my list this year, as well as all of the Tech Field Day events I took part in as an organizer. It was a grand Continue reading

0

Docker Networking – Part2

This blog is part of my Docker series. This is a continuation from my previous blog on Docker Networking. In this blog, I will cover current Docker networking limitations, Pipework overview and a sample Docker application where I have linked containers in 2 different hosts. There are 4 networking options that Docker provides when creating … Continue reading Docker Networking – Part2 →

0

Using IPv6 to Defeat Multi-tenancy Separation

I’ve always advised my clients to  carefully plan the implementation of IPv6. The protocol opens new attack vectors on which ne’er-do-wells can assault your infrastructure. There are countless examples I’ve seen such as service providers locking down access to routers using IPv4 transport but leaving IPv6 transport completely open. About a year ago, I stumbled […]

Author information

The post Using IPv6 to Defeat Multi-tenancy Separation appeared first on Packet Pushers Podcast and was written by Jeff Loughridge.

0

Community Show – The Rash Came Back After 19 Hours

While Packet Pushers were covering the Barcelona HP Discover conference and we got together with some of the folks attending the event on the show floor. The result is non-coherent discussion about whatever topics each person wanted to raise and discuss.

The post Community Show – The Rash Came Back After 19 Hours appeared first on Packet Pushers.

0

Community Show – The Rash Came Back After 19 Hours

While Packet Pushers were covering the Barcelona HP Discover conference and we got together with some of the folks attending the event on the show floor. The result is non-coherent discussion about whatever topics each person wanted to raise and discuss.

Author information

The post Community Show – The Rash Came Back After 19 Hours appeared first on Packet Pushers Podcast and was written by Greg Ferro.

0

CloudFlare in 2014: Bigger, Faster, Securer

At the end of 2013 we posted a blog article titled 2013: Rebuild the Engine; 2014: Step on the Gas which explained how in 2013 we had been rebuilding the engine that powers CloudFlare and how we expected 2014 to be when we stepped on the gas.

In that blog post, we said that we'd be expanding our network to betters serve customers in China and Latin America (as well as continuing other global expansions), and that we'd be making a big announcement around SSL.

CC BY-ND 2.0 image by Do Hyun-Kim

Looking back at 2014, we did a whole lot more and many of those changes had a meaningful impact well beyond CloudFlare. Now when we make a change, the needles on the Internet's dials move: when we roll out support for new protocols, sites tracking those protocols see a sudden jump in usage.

Here's a month by month review of CloudFlare's 2014:

January 8: keeping our promise to Latin America, we opened our first data center there in Chile.

January 27: we published our first transparency report covering National Security Orders on the first day it became legal to discuss them.

February 13: we Continue reading

0

Junos PyEZ Installation & Initial Testing on Mac OS X

I am educating myself about network automation. As I spend a lot of time in the Juniper world, a natural  place to work on automation skills is by leveraging PyEZ. What is PyEZ? Juniper describes it this way in their techwiki. Junos PyEZ is a microframework for Python that enables you to remotely […]

0

My Review of 2014. Who Cares ?

I started to think about what happened in 2014 and decide which events changed networking.

The post My Review of 2014. Who Cares ? appeared first on EtherealMind.

0

Greenland

0

Docker Networking – Part1

This blog is part of my Docker series. In this blog, I will cover basics of Docker Networking that covers the ingress and egress connectivity for containers and how containers are linked together. I will cover advanced networking topics in next blog. When docker service is started, a linux bridge is created on the host machine. … Continue reading Docker Networking – Part1 →