Proxy and Reverse Proxy Server

How does the internet work - We know what is networking

This will be a short Reverse Proxy Caching Overview that will explain what proxy is and what is reverse proxy all about. Normal proxy cache topology is one where the server called proxy server will be some kind of intermediate device between client and server. Proxy will receive all requests from clients and it will […]

Proxy and Reverse Proxy Server

An Introduction to the Nexus 6000

There's a new Nexus in the family, the Nexus 6000. Here are the highlights.

Nexus 6001 Nexus 6004
Size 1 RU 4 RU
Ports 48 x 10G + 4 x 40G 48 x 40G fixed + 48 x 40G expansion
Interface type SFP+ / QSFP+ QSFP+
Performance Line rate Layer 2 and Layer 3
Latency 1μs port to port
Scalability 128K MAC + 128K ARP/ND (flexible config), 32K route table, 1024-way ECMP, 31 SPAN sessions
Features L2/L3, vPC, FabricPath/TRILL, Adapter FEX, VM-FEX
Storage FCoE
Visibility Sampled Netflow, buffer monitoring, latency monitoring, microburst monitoring, SPAN on drop/high latency

Quiz #6 &#8211 Routing protocols over IPsec

Your company is extending their network with a Remote Office in a different city. You configure an IPsec tunnel between the HeadQuarters and the Remote Office, then you run EIGRP over it, but soon you find out that the tunnel flaps up and down continuously. What is the problem?

PVTD-VR

I have just published a virtual appliance with a free 30 hosts license. Enjoy. For more information about Private VLANs and what PVTD is all about, visit my website at http://marathon-networks.com

Quiz #5 &#8211 OSPFv3 Default Route into a NSSA Area

Your company's network consist of a CORE block running OSPF Area 0 and multiple buildings with 2x distribution switches per building running OSPF NSSA areas.
You have asked your junior colleague to configure OSPFv3 (for IPv6) to match the same design as OSPFv2 (for IPv4), but something goes awfully wrong.

TCP Handshakes, Routing, Hairpinning – Oh My!

I’m working on setting up a lab that consists of leading storage and compute products for testing, and I ran into some interesting issues with a few different things…some with respect to the way the Cisco ASA does hairpinning, as well as allowed connections in such a configuration. There were also some routing issues experienced as a result, and I want to explore my experience in all of this during this post.

TCP Handshakes, Routing, Hairpinning – Oh My!

I’m working on setting up a lab that consists of leading storage and compute products for testing, and I ran into some interesting issues with a few different things…some with respect to the way the Cisco ASA does hairpinning, as well as allowed connections in such a configuration. There were also some routing issues experienced as a result, and I want to explore my experience in all of this during this post.

TCP Handshakes, Routing, Hairpinning – Oh My!

I’m working on setting up a lab that consists of leading storage and compute products for testing, and I ran into some interesting issues with a few different things…some with respect to the way the Cisco ASA does hairpinning, as well as allowed connections in such a configuration. There were also some routing issues experienced as a result, and I want to explore my experience in all of this during this post.

Baby Bro, Part 3: Containers and Loops

Bro has four main container types, which I'm going to cover in somewhat nontraditional order:
  • tables
  • sets
  • vectors
  • records
Tables
A table is a collection of indexed key-value pairs: the same idea is referred to as a dictionary, associative array, or hash table in other languages. Here's a simple example that pairs letters with their place in the alphabet:


1
2
3
4
5
event bro_init()
{
local letters = table([1] = "a", [2] = "b", [3] = "c");
print letters;
}

Running it, we get this:

jswan@so12a:~/bro$ bro tables.bro
{
[3] = c,
[1] = a,
[2] = b
}


 Note that the output isn't in the same order as the script; in Bro, like in most other languages, hash tables are unordered.

Iterating over a table with a "for" loop returns the key, again like other languages:


1
2
3
4
5
6
7
8
9
event bro_init()
{
local letters = table([1] = "a", [2] = "b", [3] = "c");

for (key in letters)
{
print letters[key];
}
}

And the output:

jswan@so12a:~/bro$ bro tables.bro
Continue reading

Find link errors with op script

A new short post today for network support technicians, engineers... One thing that you usualy check when you manage a case regarding service disruption is packet loss! The first step is to check if you have packet loss at physical layer due to framing...

Find link errors with op script

A new short post today for network support technicians, engineers... One thing that you usualy check when you manage a case regarding service disruption is packet loss! The first step is to check if you have packet loss at physical layer due to framing...

Save multiple Artboards as indiviudal EMF or WMF files in Adobe Illustrator CS6

I've been creating a set of networking icons in Adobe Illustrator. To get these in a usable vector format for Visio and OmniGraffle stencils I need them in EMF or WMF format. Unfortunately the built-in Export function in Illustrator doesn't support Artboards for EMF/WMF but instead outputs one single file, so I needed to find a different solution...

First of all, I needed to split my main AI file in to individual files for each Artboard.

To do this, I went to File > Save As > Adobe EPS and selected the Artboard option.

Next was to individually export these to EMF and WMF.

First choice was to create a Workflow in Automator but for some reason. Automator's Watch Me Do action was unable to recognise that Illustrator was open - It returned some error about the application not being open (even though it was).

Second choice was AppleScript, but as it turns out Adobe don't have the EMF or WMF available as formats for the export action in their AppleScript library.

Finally I found the "Actions" menu in Illustrator.

I created a new folder called "My Actions"

Create a new Action called "Export to EMF" and started recording the Continue reading

Cisco Ironport WSA with WCCP and IP Spoofing

Recently I had to set up a transparent proxy with the Cisco Ironport Web Security Appliance (WSA) using WCCP on a Catalyst 6500 with a Sup720, with IP spoofing and web cache ACLs enabled. Like with many technologies, this turned out to be pretty simple but I couldn't find it documented all in one place. Perfect blog fodder!

The network topology looked like this (simplified, but not by much):



Normally when you set up a transparent proxy with WCCP, the IP address of the proxy server is used as the source of the HTTP requests. The problem in this topology is that I wanted the real source address of the client to appear in the firewall logs. The IP spoofing feature on the WSA allows this to happen, but it requires configuring bidirectional WCCP redirection on the Cat6k. If this had been a Cisco ASA firewall, we could have enabled WCCP there and saved some trouble, but in this case the network was using a firewall from another vendor that didn't support WCCP.

One important thing to realize about WCCP on the Catalyst 6500 with the Sup720 is that WCCP egress redirection is done with software switching rather than in Continue reading