BGP VPNv4 Troubleshooting Commands

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
When working with MPLs Layer 3 VPN a lot of people get stuck with the verification, simply because they don’t know the bgp vpnv4 troubleshooting commands. This post will step through some of the verification you can use to verify the routes end to end through a simple MPLS Layer 3 vpn topology. The topology […]

Post taken from CCIE Blog

Original post BGP VPNv4 Troubleshooting Commands

Don’t forget to restart all your OpenSSL binaries

The wonder of UNIX is that you can delete running binaries and loaded shared libraries. The drawback is that you get no warning that you're still actually running old versions. E.g. old heartbleed-vulnerable OpenSSL.

Server binaries are often not forgotten by upgrade scripts, but client binaries almost certainly are. Did you restart your irssi? PostgreSQL client? OpenVPN client?

Find processes running with deleted OpenSSL libraries:

$ sudo lsof | grep DEL.*libssl
apache   17179      root  DEL       REG        8,1               24756 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0

Or if you're extra paranoid, and want to make sure everything is using the right OpenSSL version:

!/bin/sh
set -e
LIB="/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0"
if [ ! "$1" = "" ]; then
   LIB="$1"
fi
INODE="$(ls -i "$LIB" | awk '{print $1}')"
lsof | grep libssl.so | grep -v "$INODE"

A few points:
  • Run this as root in case lsof otherwise wouldn't be able to get at the data (e.g. if you run grsec)
  • This assumes all libssl is on one filesystem, since it only checks inode number
  • The easiest solution is of course to restart the whole machine, but there's really no reason to if you don't want to

HTIRW: DNS Lookups

Note: Some of this will be really basic for a lot of folks, but bear with me — in looking at the entire system as a system, there are going to be parts of each piece you’ll already know, and other parts you don’t know. Let’s begin where most users will recognize they’re interacting with […]

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

26 – Is VxLAN a DCI solution for LAN extension ?

One of the questions that many network managers are asking is “Can I use VxLAN stretched across different locations to interconnect two or more physical DCs and form a single logical DC fabric?”

The answer is that the current standard implementation of VxLAN has grown up for an intra-DC fabric infrastructure and would necessitate additional tools as well as a control plane learning process to fully address the DCI requirements. Consequently, as of today it is not considered as a DCI solution.

To understand this statement, we first need to review the main requirements to deploy a solid and efficient DC interconnect solution and dissect the workflow of VxLAN to see how it behaves against these needs. All of the following requirements for a valid DCI LAN extension have already been discussed throughout previous posts, so the following serves as a brief reminder.

DCI LAN Extension requirements

Strongly recommended:

  • Failure domain must be contained within a single physical DC
  • Leverage protocol control plane learning to suppress the unknown unicast flooding.
  • Flooding of ARP requests must be reduced and controlled using rate limiting across the extended LAN.
  • Generally speaking, rate limiters for the control plane and data plane must be Continue reading

Awesome Putty tips and tricks for work and the CCIE Lab!

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
If you use Putty on a daily basis or have only encountered it in the CCIE lab exam then you will know what a great tool it is. Simple and effective (with no tabs!) Most people though may not use putty on a daily basis preferring something like SecureCRT so will not be familiar with […]

Post taken from CCIE Blog

Original post Awesome Putty tips and tricks for work and the CCIE Lab!

NPM build error

NPM build error

NPM has a bunch of useful stuff on it, however you could in life while using NPM get this:

stack Error: "pre" versions of node cannot be installed, use the --node dir flag instead

This error basically says “Give me the node

Configuring Mellanox switches

The following commands configure a Mellanox switch (10.0.0.252) to sample packets at 1-in-10000, poll counters every 30 seconds and send sFlow to an analyzer (10.0.0.50) using the default sFlow port 6343:
sflow enable
sflow agent-ip 10.0.0.252
sflow collector-ip 10.0.0.50
sflow sampling-rate 10000
sflow counter-poll-interval 30
For each interface:
interface ethernet 1/1 sflow enable
A previous posting discussed the selection of sampling rates. Additional information can be found on the Mellanox web site.

See Trying out sFlow for suggestions on getting started with sFlow monitoring and reporting.

Coffee Break – Show 6

News of the Networking Industry in the time it takes to drink a coffee (more or less). This week we are joined by Amy Engineer to parse the news and dig into the business of technology.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 6 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

BGP Peer in wrong AS

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
When configuring BGP with a remote peer you might get the error message BGP peer in wrong AS *Apr 18 08:39:15.455: %BGP-3-NOTIFICATION: received from neighbor 10.0.12.2 passive 2/2 (peer in wrong AS) 2 bytes 0002 This means that you have mis-matched AS numbers in your BGP configuration. You can phone up the remote end and […]

Post taken from CCIE Blog

Original post BGP Peer in wrong AS

My Schedule for Cisco Live 2014

Everything is in order for my trip to Cisco Live 2014 in San Francisco.  Conference passes are purchased.  Hotels are reserved.  Flights are booked.  It’s going to be a great event, and I can’t wait!

Note:  My wife will be with me again this year, and she is trying to get a tour group going to look around the city while others are in sessions.  If you want to be in on the tourist action, contact her via Twitter.

As per tradition (a new tradition, but a tradition nonetheless), here is my schedule for the week.  Also as tradition, I’m bound to only do about 20% of what’s documented here.  If you’ve ever been, you know what I mean.  Here we go.

<strong>Saturday, May 17</strong>
<strong>13:00</strong> - Arrive in SFO

<strong>Sunday, May 18</strong>
<strong>14:00</strong> - Exam
<strong>16:00</strong> or so - Tweetup

<strong>Monday, May 19</strong>
<strong>08:00</strong> - <a href="https://www.ciscolive2014.com/connect/sessionDetail.ww?SESSION_ID=2182">BRKCRT-2001 - NX-OS, IOS, IOS-XR, 
</a>     <a href="https://www.ciscolive2014.com/connect/sessionDetail.ww?SESSION_ID=2182">Unique and Similar at the Same Time</a> w/ <a href="https://www.ciscolive2014.com/connect/speakerDetail.ww?PERSON_ID=767D7F27ADC21F9EC5B18A984682E57E/?cid=000334090">Joseph Rinehart</a>
<strong>10:00</strong> - <a href="https://www.ciscolive2014.com/connect/sessionDetail.ww?SESSION_ID=3114">BRKCRT-2000 - HardCore IPv6 Routing - No Fear</a> 
     w/ Scott Morris, Donnie Moss
<strong>13:00</strong> - <a  Continue reading

What is the value proposition of Standards in the age of Open Source?

I’ve been thinking about this question quite a bit over the last year [0] and interestingly a debate over just this issue has recently erupted  in the blogosphere (and elsewhere). Vidya Narayanan, who reignited the discussion with her blog “Why I Quit Writing Internet Standards” [1], calls for a “radical restructuring” of the IETF, IEEE and what […]

Author information

David Meyer

David Meyer is currently CTO and Chief Scientist at Brocade Communications, where he works on future directions for Internet technologies. Prior to joining Brocade, he was a Distinguished Engineer at Cisco Systems, where he also worked as a developer, architect, and visionary on future directions for Internet technologies. He is currently the chair of the Technical Steering Committee of the OpenDaylight Project. He has been a member of the Internet Architecture Board (IAB) of the the IETF (www.ietf.org) and the chair/co-chair of many working groups. He is also active in the operator community, where he has been a long standing member of the NANOG (www.nanog.org) program committee (and program committee chair from 2008-2011). He is also active in other standards organizations such as ETSI, ATIS, ANSI T1X1, the Open Networking Foundation, and the ITU-T.

Mr. Meyer Continue reading

Networking and the Consumption Model

I’ve talked with all kinds of IT professionals in the past year or so about building an organization of various IT disciplines that are truly service-oriented towards each other and to the other parts of the business. While I will never claim to be an expert in business development and will always claim allegiance to the nerdy technical bits, it’s easy to see the value in such an organizational model, and very interesting to explore the changes that technical people can make to push for such an approach. Let’s bring this down to earth a bit.

 

Compute

Server Virtualization is old news now, so lets go back about 15 years before it was even really on the scene. You’ve heard the arguments for server virtualization, and the description of this “ancient age” – servers were provisioned on a 1:1 basis with applications, they took weeks to provision or replace, and the capex/opex costs were way too high because on the one hand, the sheer amount of hardware necessary to run your apps was outrageously expensive, and on the other hand, the power and cooling required to constantly run them was no better.

Lets think about the kind of resources Continue reading

It was Inevitable…

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area of network complexity with Addison Wesley, a book on innovation from within a Christian worldview, and he blogs at ntwrk.guru on network engineering.

The post It was Inevitable… appeared first on Packet Pushers Podcast and was written by Russ White.