NetworkingNexus.net

Routing Considerations in DDoS Protection Environments

Lately I have done some studying for the CCDE and one of the things I was
looking at is how to protect against DDoS attacks. I’m not expecting it
to be a big topic for the CCDE but it has some interesting concepts relating
to routing. Take a look at the following topology:

There is an attacker at the top left. R1 is the edge device and then there are a
few more routers, all peering BGP with the RR, which is R5. The server of interest
is 100.100.100.100 and there is a scrubbing device to the far right. All routers
peer iBGP from their loopbacks to the RR, including the scrubbing device.

Normally traffic to 100.100.100.100 would flow through R1 to R4 and then to the
server.

The attacker now starts to flood the server with malicious traffic. This is detected
by the DDoS scrubbing device which starts to announce via BGP a more specific route
than the one advertised by R4. R4 normally advertises 100.100.100.0/24 but the
scrubbing device advertises 100.100.100.100/32. All the other routers will start
to forward traffic to 100.100.100.100 towards Continue reading

Advertising a Default Route Into EIGRP

Let’s get an IPv4 default route into EIGRP. There are a few methods to do it. I hate most of them, though. I think it will be obvious which one I like.

Here’s the lab I have set up to test everything. I want R4 to generate the default in each case.

Default Network – Candidate default. I don’t think I’ve ever used that all my years in networking, but here’s how to use it in EIGRP for a default route. You basically say “If you don’t know where to send a packet, send it to where network X lives.” We’re going to set the 192.168.1.0/24 as the default network, so, in our case X = 192.168.1.0. R4 will tag that route as a default candidate when it advertises it to the rest of the network. The config is easy but requires a stateful (yes, stateful) network to beconfigured as the default.

R4 config:
R4(config)#ip default-network 192.168.1.0
!
R1 routes:
R1#sh ip route
...
     4.0.0.0/24 is subnetted, 1 subnets
D       4.4.4.0 [90/435200] via 192.0.2.3, 00:08:33, FastEthernet0/0
                [90/435200] via 192.0.2.2,  Continue reading

Using Cisco’s DevNet “All-in-One VM” as a Free Router Lab

I know many have been [not so patiently] waiting for the arrival of a Cisco virtual lab. Although I haven’t heard any official release date for VIRL or CML, there is a small scale virtual router lab available today. This lab is the All-in-One Virtual Machine made available on the Cisco DevNet site.

While not a comprehensive lab, it is a quick and easy way to get some real command line experience or test smaller layer 3 challenges. This VM includes 3 routers with a total of 10 routed interfaces in use. There is no access to layer 2, so the topology can only be manipulated by shutting down interfaces on the routers.

Using the DevNet All-in-One Virtual Machine

Download the OVA File
Import into VMWare
Launch the Virtual Machine
Set Passwords
Access the Routers

This product downloads as an OVA file. The file is easily imported into VMWare. In my case, I used VMWare Fusion running on OSX. Once downloaded and imported, the VM is launched like any other virtual machine. As it boots, you will notice that this is running in Ubuntu. The initial credentials are cisco/cisco123 and the operating will prompt to change the password.

Once installed and logged in, you will be Continue reading

Asking for Clarity

I have a lot of discussions with vendors, peers and other friends in the business. One of the things that I find challenging is the nuances with the language of technology. Our conversations include things like traffic flow, NAT, SDN, Cloud and many of the other industry buzzwords. Our use of terminology often has different meanings to different people (and in different contexts).

While I don’t fully subscribe to the, There is no bad question philosophy, I believe questions should be asked liberally. The only questions I hate to hear are from those trying to prove their [superior] knowledge. Beyond that, individual research can help with the learning process. However, everyone should have the confidence to ask those questions necessary to grasp the conversation at hand. More than likely others will benefit from the clarification as well.

No related content found.

The post Asking for Clarity appeared first on PacketU.

Response: IP PBX sales decline 10% | Dell’Oro

The IP PBX business is shrinking as mobile phones replace desk phones. More importantly, voice calls are replaced with chat applications like Skype, FaceTime, SnapChat. Modern companies are using messaging platforms like Slack to replace time wasting telephone calls – we run the Packet Pushers business zero telephone calls. I’ve been predicting this for a year […]

The post Response: IP PBX sales decline 10% | Dell’Oro appeared first on EtherealMind.

Getting ready for next-gen IRF !

HP Comware switches have had IRF (Intelligent Resilient Framework) for years, and it was the basis of more simplified network topologies. Now it seems HP is preparing a next-generation of IRF ! The current IRF implementation (known as IRF2) supports … Continue reading →

The crux of the matter

I’ve initially joined Juniper Networks in 2001 and over the years i’ve had the opportunity to establish a relationship with a few of the field people, specially in Europe where i just happen to know a lot of the old timers that built up Juniper’s business in the region.
Over the past few weeks i’d a couple of conversations with some of them that forced me to try to distill my perspective on the current trends in the networking industry to a small set of observations. Often the question that starts the conversation is how I see the applicability of OpenStack and OpenContrail to the key networking markets: carrier, enterprise and cloud/content provider. The question often implies a certain doze of healthy skepticism.

OpenStack and OpenContrail are tools; the evolution that we are seeing at that moment in the industry is deeper than that.
The traditional workflow for a network deployment is to go through architecture, design and operations phases. Traditionally the architecture group selects the top level goals and the technology approach for the deployment and produces an architecture document; from that document the design team then starts working on qualification of equipment, detailed design and operational guide; when Continue reading

HP Unified Wireless: R3507P22 includes Apple Bonjour gateway

HP has released firmware R3507P22 for the Unified wireless controller portfolio (830/850/870 appliance controllers and 20G module). Sample of the 870 controller: Several new features have been included, 2 interesting new features are: Support for vlan-pool at the AP-group configuration … Continue reading →

Community Spotlight — PacketLife.net

I’ve been reading articles by Jeremy Stretch for several years now. His site, PacketLife.net, may be best know for the useful cheat sheets that cover everything from IGP routing protocols to Wireshark Display filters. This site doesn’t end with cheat sheets. It also has many useful articles about all things networking. So if you’re looking for a site to add to you feedreader, check it out.

Links

Disclaimer–I continually get requests for a list of the blogs, podcasts and people I follow to “keep up” in this industry. As a result, I decided to start publishing some of the blogs I regularly read. Links to other content from PacketU or affiliated social channels should not be thought of as a universal endorsement or indication of independence or neutrality for a given external site. Readers should assess ALL applicable content before proceeding with actions that could adversely affect their environment.

Readers of this article may also enjoy:

The post Continue reading

Scripting Does Not Scale For Network Automation

Lots of people claiming that scripting works for automation and, for a few scripts or tasks, you can get a lot done for not much effort. My experiences with scripting have left me bitter and jaded. Here is why.

The post Scripting Does Not Scale For Network Automation appeared first on EtherealMind.

Do You Believe in Magic?

We don't. But we DO believe in insanity, which seems to be running rampant these days in the networked world. After reading Gartner's new 2014 Magic Quadrant for the Wired and Wireless LAN Access Infrastructure, we are feeling a bit...

Response: Extreme Charges License Fee When Using OEM SFPs, Limits Bandwidth

Extreme Network now charges a license fee for ports that have 40G/100G OEM or third party SFPs installed. If you don't purchase a license within 90 days, it will limit bandwidth to 25%. How crappy is that ? Hiding the full price of the switch in SFP pricing strategies is a dumb idea that all the vendors have, what about simply being honest and calling it what it is - a per-port licensing fee designed to extract more revenue from a shrinking market.

The post Response: Extreme Charges License Fee When Using OEM SFPs, Limits Bandwidth appeared first on EtherealMind.

Coffee Break -Show 11

Health week on the Coffee Break - we are drinking water instead of coffee or kool-aid. Everything else remains the same.

Coffee Break -Show 11

Health week on the Coffee Break - we are drinking water instead of coffee or kool-aid. Everything else remains the same.

The post Coffee Break -Show 11 appeared first on Packet Pushers.

Coffee Break -Show 11

Health week on the Coffee Break - we are drinking water instead of coffee or kool-aid. Everything else remains the same.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break -Show 11 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Simple Python Syslog Counter

Recently I did a Packet Pushers episode about log management. In it, I mentioned some of the custom Python scripts that I run to do basic syslog analysis, and someone asked about them in the comments.

The script I'm presenting here isn't one of the actual ones that I run in production, but it's close. The real one sends emails, does DNS lookups, keeps a "rare messages" database using sqlite3, and a few other things, but I wanted to keep this simple.

One of the problems I see with getting started with log analysis is that people tend to approach it like a typical vendor RFP project: list some requirements, survey the market, evaluate and buy a product to fit your requirements. Sounds good, right? The problem with log analysis is that often you don't know what your requirements really are until you start looking at data.

A simple message counting script like this lets you look at your data, and provides a simple platform on which you can start to iterate to find your specific needs. It also lets us look at some cool Python features.

I don't recommend pushing this too far: once you have a decent idea Continue reading

Simple Python Syslog Counter

Article Archives

Here are some of the most popular posts on Revolution Wi-Fi, grouped by topic.

Note - This is NOT a comprehensive archive of articles on this blog.

802.11ac Gigabit Wi-Fi Series:

High-Density Wi-Fi Design Series:

Wi-Fi Quality of Service Series:

Wi-Fi Roaming Analysis Series:

Hot Potatoes and Network Neutrality

Hot Potatoes and Network Neutrality

by Cengiz Alaettinoglu, CTO - July 1, 2014

If you are reading this blog, you probably know what I mean by hot potatoes. The routing in the Internet is often referred to as hot potato routing. This analogy comes from how BGP and IGP work together so that incoming IP packets to an Autonomous System (AS) are treated like hot potatoes. If someone hands you a hot potato, what do you do? You pass it to the next person as soon as possible. This is what BGP and IGP routing do. When IP packets enter a network, they are delivered to the next AS as soon as possible.

Since most of the network neutrality debate is regarding Netflix, Comcast and Verizon these days, let’s see how hot potato routing works in this scenario. Netflix buys transit services from Cogent, another service provider (see our related white paper on peering relationships). Their agreement is that Cogent will deliver Netflix’s IP packets to their destinations. I, as a consumer, buy “Internet service” from Time Warner. My agreement with them is for all-I-can-eat Internet access with up to 30Mbps download speeds for about $80 a month. Continue reading

Dock Dock. Who’s there?

In my previous post about Docker, I focused on an introduction to networking with Docker. That post had a fair amount of traction mainly due to it being #dockercon the week it was published, and seemingly, people had an interest in learning more about it. Following the post, there were a few folks (@hartley and others) that pointed me to some great links about more advanced concepts in Docker and a site that validated what I was speculating with leveraging overlay tunnels as means for connectivity between nodes running Docker.

After reading through a few posts and the links about libswarm and libchan, it was on my mental to-do list to learn more about them and test more advanced designs. In the meantime, the friendly folks at Digital Ocean let me know about a local meetup where James Turnbull, VP of Services at Docker, was presenting. The meetup was tonight. It was a short presentation, but for me, it was eye opening (it may be because I’ve been *mostly* focused on networking). So, you won’t find a deep dive here like the last post, but rather, some general thoughts on Docker motivated from Continue reading

« Previous 1 … 3,726 3,727 3,728 3,729 3,730 … 3,839 Next »