NetworkingNexus.net

Anycast DNS with IP SLA DNS

Recently I came across an idea to implement anycast DNS within an enterprise environment. The concept is similar to Google’s public DNS, but at an enterprise level. Using IP SLA DNS, a static tracked route and some redistribution it makes it an easy solution. The biggest benefits is that all internal clients can use the same DNS IP address no matter what locations they reside in; additional benefit is distributing the load when DNS attacks occur.

First you’ll have to configure the Cisco’s IP SLA. Using the DNS feature is much better than just ICMP. It will actually verify that the DNS server is responding to a specified query. In my example below I’m using a query for test001dns.me which is configured on the server as an A record. The DNS query is sent to a distinct IP address of the server 10.90.1.5. All local DNS server have two IP addresses: distinct and anycast. The anycast address is configured as a secondary IP (10.10.10.10) a numerous DNS servers throughout the enterprise.

Below is the IP SLA configuration using the DNS feature. It is configured on a LAN router.

ip sla 10
 dns test001dns. Continue reading

IPv6 First-Hop Security

How does the internet work - We know what is networking

All methods to mitigate IPv6 security issues Real life security intro I the process of configuring our corporate network test segment for IPv6 support there was direct demand to pay particular attention to security. In few weeks it was my mayor role to go trough all materials I could get in order to learn more […]

IPv6 First-Hop Security

Make yourself a standout

As people manage their careers, it is common sense that they need to stand above their peers if they want to outperform them from a career perspective. This is why you see people working 14- or 16-hour days. It’s become such common behavior that it is a central meme in just about every movie or […]

Author information

Michael Bushong

The post Make yourself a standout appeared first on Packet Pushers Podcast and was written by Michael Bushong.

Nuage Networks at Network Field Day 6

Nuage is tackling the “rapid provisioning” problem when it comes to networking. How can we convince customers or LoB owners to not push everything up to AWS, when the provisioning mechanisms behind a private solution are not nearly as good? The ultimate goal is to have the network immediately ready upon instantiating a workload, physical or virtual. The key focus we heard about is that an SDN solution must provide this policy automation framework across virtual AND non-virtual workloads.

Nuage Networks at Network Field Day 6

MPTCP – Multipath TCP

How does the internet work - We know what is networking

Intro Multipath TCP is an extension of TCP that will soon be standardized by IETF. It is a succesful attempt to resolve major TCP shortcomings emerged from the change in the way we use our devices to communicate. There’s particularly the change in the way our new devices like iPhones and laptops are talking across network. All the devices […]

MPTCP – Multipath TCP

OSPF Summary Routes and BGP

Recently I was in a situation where I needed to advertise some OSPF routes created using the area range command into BGP. When advertising routes into BGP there are a few considerations:

Does the routing table know the exact route you’re trying to advertise into BGP?
Is any route filtering being performed? Don’t forget to check at the source of the BGP route and the destination it’s being advertised to!
Is soft-reconfiguration supported on the software you’re running?
Will you need to do a “clear ip bgp neighbor”? Seems IOS 12.4 doesn’t require it but 12.2 does. I tested 12.4 on GNS3, and 12.2 on a live 6500.

Using the area range command will automatically generate an OSPF intra-area route to Null 0 IF the router the command is issued on is an ABR. This is visible here:

Switch#sh ip route 10.253.0.0 255.255.240.0 
Routing entry for 10.253.0.0/20
 Known via "ospf 1", distance 110, metric 0, type intra area
 Routing Descriptor Blocks:
 * directly connected, via Null0
 Route metric is 0, traffic share count is 1

This route will not be created on a non-ABR router, so watch Continue reading

Mind Your Q’s and P’s

In the midst of this series of posts around fast convergence, someone asked if I could explain p and q space a little better. The illustration here might help readers who have more of a visual mind to understand the concepts involved. (feel free to click through to a larger version) Essentially, we can think […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA

First Wind Energy is searching for a Network Administrator who will be a key member of the IT team and report to the Director of IT. This position is based in Boston, MA. The Network Administrator is a hands-on technical position focusing on the support and maintenance of the network infrastructure and end user support […]

Author information

Job Posting Service

This post is a paid service of Packet Pushers Interactive, LLC. Contact [email protected] if you'd like to post your job opportunity here and reach thousands of network engineers.

The post Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA appeared first on Packet Pushers Podcast and was written by Job Posting Service.

INTER-AS VPNs PART -1

MPLS is widely used technology within Service Providers and sometimes also within Enterprise networks. One of the mostly used application of MPLS is MPLS VPN. There are two flavors of MPLS VPN which is Layer 2 and Layer3 VPNs. Basically layer2 VPNs, service provider gives layer2 connectivity to the customer and PW established for each […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post INTER-AS VPNs PART -1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

Valuing IP Addresses

In the emerging IP address broker world it seems that one of the most widely cited address transactions was that of a US bankruptcy proceedings in 2011, where Microsoft successfully tendered $7.5M to purchase a block of 666,624 addresses from the liquidators of Nortel, which is equivalent to a price of $11.25 per address. Was that a "fair" price for IP addresses then, and is it a "fair" price now?

iOS7′s impact on networks worldwide

Apple releases an iOS update and the networks all across the world witness a spike of almost 100% in the average traffic that they receive. Apple delivers its content using Akamai, which allegedly handles 20% of world’s total web traffic. Akamai is thus in a unique position to provide a view of whats happening on the web, at any given instant in time. Akamai logs clearly show an over all increase in Internet traffic and the hotspots in Europe soon after Apple released its iOS7.

Akamai showing traffic hotspot in Europe

Most service providers saw Akami and Limelight traffic up by an average of 300-700% immediately after iOS7 was released.

Being an Android user myself, i found iOS7′s release with the massive increase in the Internet traffic reported all over the world quite insidious. Honestly, i was a trifle concerned with what iOS7 was internally doing to result this.

It turned out to be quite an anti-climax when i realized that the spurt in network traffic was just because of Apple devices upgrading to the newer iOS. The iOS7 upgrade for the phones is around 900MB, and that for the ipads is around 1.2GB. Given that there are quite Continue reading

Show 163 – Open Source perfSONAR Finds The Flaws Impacting The Flows

In this week’s show, we dive into the networking community ocean, and come up with Brian Tierney and Nick Buraglio for a discussion about perfSONAR. perfSONAR is an open-source package of network testing tools that can run in a mesh across diverse network infrastructure, and help determine why you’re not getting the network throughput on […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 163 – Open Source perfSONAR Finds The Flaws Impacting The Flows appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Stop The Rodent – Tackling Rogue Devices in the BYOD Era

There was a time when the network was flat – everything was interconnected, anyone could access everything and security was not a serious problem. And when security problems began to crop up, options like three-layered hierarchical model, firewalls and Intrusion Detection Systems helped you secure the network. Finally, when you were battling viruses, zero day […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post Stop The Rodent – Tackling Rogue Devices in the BYOD Era appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

SDN and Programming (a.k.a. What The Heck is a REST API??)

Early on in my IT career I was fortunate enough to work with a few technologies and projects that forced me to get some decent experience writing code. While I’ve definitely moved into more of an infrastructure focus since then, this experience allowed me to get a firm grasp on good software development practices, and working with open communication formats between software systems. If you’re in networking, and have never heard of an API (Application Programming Interface) or haven’t quite grasped the concept, it’s quite simple.

SDN and Programming (a.k.a. What The Heck is a REST API??)

Evolution Beats Revolution in the Software-Defined Data Center

Last week I participated in the Software-Defined Data Center (SDDC) Symposium and there were a number of interesting conversations generated from the presentations and panels. Topics included thoughts on SDN architectures, how applications are driving changes in the data center and where the money/budgets will flow from with changes in the data center. Craig Matsumoto of SDN Central covered some of the highlights in his piece on “What the SDDC Good for Anyway?”

One topic of discussion that got a strong reaction from panelists was around whether significant organizational changes are needed to build and support an SDDC, and more importantly, how to go about making those changes. Everyone agreed that changes should come, but as Craig pointed out in his article, several speakers advocated a “rip the Band-Aid off” approach to breaking down silos. I can understand why one might think getting changes made all at once makes sense. However, the Embrane team has spent a lot of time thinking this through and speaking to customers about their SDN and SDDC plans, and it’s just not realistic.

While it’s good for enterprises to have a long-term plan for redesigning organizations and operational procedures, a phased approach delivers many Continue reading

The Benefit of Infrastructure APIs

A lot of networking folks have heard of the concept of an API but have been too easily discouraged when they realize many of their favorite platforms don’t really have a good one. As a result, the scripting-savvy networking guy is typically relegated to what I lovingly refer to as “SSH scraping”, or the act of making a really nice script that, after it’s all said and done, just sends SSH commands to the devices in the same way that a human would, only……faster.

The Benefit of Infrastructure APIs

Understanding CME Overlays with Dual-Line DNs

Normally I talk about overlays in the context of data center/SDN/cloud but today I’m going out into left field and am going to talk about voice! :-)

I freely admit that I’m a noob when it comes to Cisco voice so I’m not sure if the behavior I’m about to describe is obvious or not. It wasn’t obvious to me and I only figured it out after running into the issue for real and troubleshooting it to resolution.

The issue stems from my misunderstanding about how dual-line ephone-dns function when used in an overlay.

The Desired Behavior

Here’s the scenario: Cisco Communications Manager Express (CME) with a handful of IP phones registered to it. There’s no Communications Manager (UCM); the dial plan lives entirely within CME. PSTN connectivity is via (4) POTS lines terminated on FXO ports on the router running CME.

The desired behavior is to have incoming calls from the PSTN ring on all the IP phones simultaneously. If a second call comes in, it should ring on all the remaining phones, and so on.

The Original CME Config

Here’s what the original CME config looked like. At least, the parts of the config relevant to this blog Continue reading

« Previous 1 … 3,720 3,721 3,722 3,723 3,724 … 3,784 Next »