0

JunOS and ARP Glean

I'm using Cisco vocabulary 'glean' here as I don't know better word for it. Glean is any IPv4 packet which is going to connected host which is not resolved. It is NOT an ARP packet, so ARP policers won't help you. They are punted, since you need to generate ARP packet and try to resolve them.

In 7600 we can use 'mls rate-limit unicast cef glean 200 50' to limit how many packets per second are punted to control-plane for glean purposes. How can we limit this in JunOS? As far as I can see, there is no way. But I remember testing this attack and was unable to break MX80, so why didn't it break?

First let's check what does connected network look like

[email protected]> show route forwarding-table destination 62.236.255.179/32 table default Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 62.236.255.0/24 intf 0 rslv 828 1 xe-0/0/0.42

Ok, fair enough. Type 'rslv', which we can guess means packet is punted to control-plane for resolving ARP. Let's try to ping some address rapidly which does not resolve and check what it looks like

[email protected]> show Continue reading

0

Comware: Port Link-mode Bridge vs Port Link-mode Route

Some HP L3 Switches Comware based, brings the concept of “switchports” as Bridge and Route mode.

The Bridge mode (port link-mode bridge) works the same way that any other access Switches.

When using Route mode (port link-mode route) the port is converted into a layer 3 interface, which need an IP address.  All STP messages will be ignored.

Example

#
interface GigabitEthernet4/0/1
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet4/0/2
port link-mode bridge
port link-type access
port access vlan 2
#

Regards

0

Secret CEF Attributes, Part 4

In Parts 1, Part 2 and Part 3 we saw we can use the CEF table to express all sorts of different QoS policies. In Part 4 we describe how to attach a policy to the packet that will follow it around the network. Like many policies (security, shaping, etc.) it’s best to classify the […]

Author information

The post Secret CEF Attributes, Part 4 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

0

Healthy Paranoia Show 22: The Three Ring Circus of Net Neutrality

Ladies and gentleman, unicorns of all ages, get ready for the greatest podcast on earth, Healthy Paranoia. Where the email is always encrypted and the firewalls are ever stateful. On this episode, we’ll be discussing Net Neutrality. Joining us is Sherry Lichtenberg, Principal for Telecommunications at the National Regulatory Research Institute; Andrew Gallo, network architect […]

Author information

The post Healthy Paranoia Show 22: The Three Ring Circus of Net Neutrality appeared first on Packet Pushers Podcast and was written by Mrs. Y.

0

ONS2014 Announces Finalists for SDN Idol 2014

Today the Open Networking Summit announced the five finalists for the SDN Idol 2014 competition:

0

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

• Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
• Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

0

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

• Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
• Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

0

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

• Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
• Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

0

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear.  The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms.  The response to this piece was phenomenal […]

0

JunOS ‘L3 incompletes’, what and why?

There is quite often chatter about L3 incompletes, and it seems there are lot of opinions what they are. Maybe some of these opinions are based on some particular counter bug in some release. Juniper has introduced also toggle to allow stopping the counter from working. It seems very silly to use this toggle, as it is really one of the few ways you can gather information about broken packets via SNMP.

What they (at least) are not

• Unknown unicast
• CDP
• BPDU
• Packet from connected host which does not ARP
• Packet from unconfigured VLAN

What they (at least) are

• IP header checksum error
• IP header error (impossibly small IHL, IP version 3, etc)
• IP header size does not match packet size

Troubleshooting

So if you are seeing them, what can you do? As it is aggregate counter for many different issues, how do you actually know which one is it and is there way to figure out who is sending them? Luckily for Trio based platforms answers and highly encouraging, we have very good tools to troubleshoot the issue.

To figure out what they exactly are, first you need to figure out your internal IFD index (not snmp ifindex)

im@ruuter> Continue reading

0

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

0

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

The post Coffee Break – Show 3 appeared first on Packet Pushers.

0

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

Author information

The post Coffee Break – Show 3 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

0

IPv6 radius accounting is still a mess

0

Configuration Backups for F5

As an administrator of network devices, keeping full backups is important for being able to recover from hardware failure. With F5 devices, backups come in the form of UCS files which is an archive that contains all configurations and SSL certificates. With a UCS file, you can take a replacement device, upload a UCS file […]

Author information

The post Configuration Backups for F5 appeared first on Packet Pushers Podcast and was written by Eric Flores.

0

Dell, Cumulus, Open Source, Open Standards, and Unified Management

On Thursday, at Network Field Day 7, Arpit Joshipura described Dell's networking strategy. He started by polling the delegates to see which topics were most on their mind.
The first topic raised by many of the delegates was the recently announced Dell/Cumulus partnership (listed as Open NW on the white board), see Dell Unlocks New Era for Open Networking, Decouples Hardware and Software. Next on the list was an interest in Dell's Open Source networking strategy, understanding Dell's Differentiation strategy, and plans for L3.
Dell's open networking strategy is described at time marker 14:55 in the video. Dell was one of the first vendors to move to merchant silicon, now they are opening up the switch platform, allowing customers to choose from standard merchant silicon based switch platforms (Broadcom, Intel) and switch software (currently FTOS / Cumulus).

Arpit suggests that customers will choose Cumulus Linux as the operating system for the layer 3 features and because they can use the same expertise and tools (Puppet, Chef etc.) to manage Linux servers and the switches connecting them. He also suggested that customers would choose FTOS for legacy networks and layer 2 features. Support for the Open Networking Install Environment Continue reading

0

Comware: Clearing an Interface Configuration

HP released the “default” command on interface-view in the latest version of Comware in order to restore to default configuration of an interface.

This command is useful when you want to clear an interface configuration and reuse the interface for some other task. Normally you would need to issue the “undo” command for each line.

Following below the configuration (the command was tested on HP 7500 Switches Release 6626P02)

 

[HP-GigabitEthernet1/0/1] display this
! checking interface configuration before clean up
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
return

[HP-GigabitEthernet1/0/1]default
This command will restore the default settings. Continue? [Y/N]:y
! Setup default command on interface
!
[HP-GigabitEthernet1/0/1]display this
#
interface GigabitEthernet1/0/1
port link-mode bridge
#

See you soon

0

Changing Data Center Workloads

Networking-wise, I’ve spent my career in the data center. I’m pursuing the CCIE Data Center. I study virtualization, storage, and DC networking. Right now, the landscape in the network is constantly changing, as it has been for the past 15 years. However, with SDN, merchant silicon, overlay networks, and more, the rate of change in a data center network seems to be accelerating.

Things are changing fast in data center networking. You get the picture

Whenever you have a high rate of change, you’ll end up with a lot of questions such as:

• Where does this leave the current equipment I’ve got now?
• Would SDN solve any of the issues I’m having?
• What the hell is SDN, anyway?
• I’m buying vendor X, should I look into vendor Y?
• What features should I be looking for in a data center networking device?

I’m not actually going to answer any of these questions in this article. I am, however, going to profile some of the common workloads that you find in data centers currently. Your data center may have one, a few, or all of these workloads. It may not have any of them. Your data center may have one of the Continue reading

0

Out with the old, in with the new

A few weeks ago I was asked to help a client turn up and move everything over to a new network. I have done this many times and this is not an uncommon type of project. In doing network assessments for clients I have found some old equipment still in service, still part of the […]

Author information

The post Out with the old, in with the new appeared first on Packet Pushers Podcast and was written by Charles Galler.

0

Big Switch, Cumulus, and OpenFlow

“The only way you can truly be successful in meeting the customer needs around OpenFlow is to be truly focused on a great OpenFlow agent that lives on the switch platform.   Trying to come up with a hybrid approach or half approach inevitably end up in unhappy customers… In general, when customers want to use OpenFlow, Cumulus will say, Continue reading