Using GNS3 for Switching Labs
For so long, I’ve heard - as have many of you I’m sure - that GNS3, though a GREAT emulator for Cisco IOS software, is not practical for studying anything related to switching. Routing is handled just fine, but because of the proprietary ASICs in Cisco switches, it is not something that can be easily reverse-engineered, thus GNS3 cannot do it. After all, all routing is essentially done in software in GNS3.Quiz #8 – MPLS: inside Provider’s Core
You are a network engineer of a company that provides MPLS services to more customers. Your teams tries to increase the redundancy, but instead they receive complaints that connectivity is broken. What's wrong?
The “D” in SDN
I have seen the conversation around SDN evolve over what amounts to the last few years from something that was barely whiteboard material, to something on everyone’s lips in this industry. Why? What’s so interesting about these three little letters? Well, if you’ve heard of it, you’ve undoubtedly heard from your local vendor account manager that their product is the leader in the SDN market, or that they just made a big acquisition that really puts them ahead in the SDN space, blah, blah, blah.The “D” in SDN
I have seen the conversation around SDN evolve over what amounts to the last few years from something that was barely whiteboard material, to something on everyone’s lips in this industry. Why? What’s so interesting about these three little letters? Well, if you’ve heard of it, you’ve undoubtedly heard from your local vendor account manager that their product is the leader in the SDN market, or that they just made a big acquisition that really puts them ahead in the SDN space, blah, blah, blah.TRIO Card: packet capture with pfe commands
During a complex case on Juniper platform, I looked for a tip to capture transit traffic on a MX960 with Trio cards. Indeed, I suspected a Junos box to rewrite transit mpls traffic with an unexpected exp value. As I love carry out reverse engineering,...TRIO Card: packet capture with pfe commands
During a complex case on Juniper platform, I looked for a tip to capture transit traffic on a MX960 with Trio cards. Indeed, I suspected a Junos box to rewrite transit mpls traffic with an unexpected exp value. As I love carry out reverse engineering,...vSphere Network Security Policies
The idea of security in a vSphere vSwitch is a concept not usually discussed in vSphere peer groups or curricula. They are somewhat specialized features that are normally either not used, or irrelevant due to the presence of another switching architecture such as the vDS (including the Cisco Nexus 1000v) or VM-FEX, where these policies also exist and are much more feature-rich. Thus, the idea of performing these functions on a native vSwitch is usually not talked about.vSphere Network Security Policies
The idea of security in a vSphere vSwitch is a concept not usually discussed in vSphere peer groups or curricula. They are somewhat specialized features that are normally either not used, or irrelevant due to the presence of another switching architecture such as the vDS (including the Cisco Nexus 1000v) or VM-FEX, where these policies also exist and are much more feature-rich. Thus, the idea of performing these functions on a native vSwitch is usually not talked about.Quiz #7 – MLS QOS
You have recently moved to a new company as a network administrator and you've started doing an audit of the existing network. Your network uses an end-to-end QOS approach between multiple offices. Access switches trust QOS markings received from IP Phones and higher layer devices trust the markings received from access switches, as seen in diagram below.
Windows 2008/Vista/7 ARP Cache
1360422920.604391 00:00:0a:04:06:01 00:00:0a:04:06:c8 8100 78: 802.1Q vid 6 pri 0 10.4.6.1 > 10.4.6.8: icmp: echo request (id:0001 seq:152) (ttl 128, id 311, len 60) ...1360422949.068248 00:00:0a:04:06:01 00:00:0a:04:06:c8 8100 78: 802.1Q vid 6 pri 0 10.4.6.1 > 10.4.6.8: icmp: echo request (id:0001 seq:171) (ttl 128, id 330, len 60) ...1360422952.102077 00:00:0a:04:06:01 00:00:0a:04:06:c8 8100 78: 802.1Q vid 6 pri 0 10.4.6.1 > 10.4.6.8: icmp: echo request (id:0001 seq:173) (ttl 128, id 332, len 60)Password Recovery – Nexus 5548
Recently I had to recover the admin password on the Nexus 5548. The Cisco doc was a little bit uncleared so I figured I’ll make some notes on it.
First thing reboot the switch. The power supplies on these don’t have a on/off switch so you’ll have to pull the power cable.
When you see the output of “Loading system…” press the break command sequence Ctrl+]. This will bring you into the boot mode:
Version 2.00.1201. Copyright (C) 2009 American Megatrends, Inc. Booting kickstart image: bootflash:/n5000-uk9-kickstart.5.2.1.N1.1b.bin.... ............................................................................... ........................Image verification OK INIT: I2C - Mezz absent Starting system POST..... Executing Mod 1 1 SEEPROM Test:...done (0 seconds) Executing Mod 1 1 GigE Port Test:....done (32 seconds) Executing Mod 1 1 PCIE Test:.................done (0 seconds) Mod 1 1 Post Completed Successfully POST is completed can't create lock file /var/lock/mtab~193: No such file or directory (use -n flag to override) nohup: redirecting stderr to stdout autoneg unmodified, ignoring autoneg unmodified, ignoring Checking all filesystems....r. done. ^]Loading system <
I was interested to see what commands are available in this mode, there are few that I’ll use for the recovery (->):
switch(boot)# ? Continue reading
Layer 2 ASA And OSPF
So recently I had to configure an OSPF adjacency between two routers.
I thought simply permitting multicast traffic to the All Routers and All DR/BDR Routers would permit OSPF Hellos across the link and allow OSPF adjacencies to form. In fact what I saw was routers entering the EXSTART state and the neighbourship failing. I checked the manual, for an OSPF adjacency to form, the following conditions need to be satisfied:
- Area IDs need to match
- Neighbours need to be on the same subnet
- MTUs need to match
- Hello/Dead timers need to match
- Authentication (if any is configured)
So, what I saw was the routers entering the EXSTART state and the neighbourship dropping. Bear in mind, at this point, the only thing permitted through the firewall both ways was multicast traffic to 224.0.0.5 (the AllSPF Routers multicast address) using the OSPF protocol (IP protocol 89). So for some reason the DBD exchange was not taking place.
My initial reaction was to check MTU size. I’d seen a similar issue before where an MTU mismatch (jumbo frames on one side, 1500 bytes on the other side) meant while the non-backbone area’s routes made Continue reading
PBR – Policy Based Routing using Route map
How does the internet work - We know what is networking
About Policy-Based Routing Policy-Based Routing – PBR gives you very simple way of controlling where packets will be forwarded before they enter in the destination-based routing process of the router. It’s a technology that gives you more control over network traffic flow because you will not always want to send certain packets by the obvious […]
RFC’s to read for CCIE R&S Lab
As my lab date gets closer I am reading a lot more than I thought I would be, I thought it would be non-stop labbing but I have discovered that I am learning a lot more than I ever thought I would from reading. I have created a page for RFC’s here the list is by […]
The post RFC’s to read for CCIE R&S Lab appeared first on Roger Perkin - Networking Articles.
OSPF – P-bit Setting in Type-7 LSAs
This post represents the solution and explanation for quiz-5.
It explains one of the Loop Prevention mechanisms in OSPF by using the P-bit in the LSA.
Proxy and Reverse Proxy Server
How does the internet work - We know what is networking
This will be a short Reverse Proxy Caching Overview that will explain what proxy is and what is reverse proxy all about. Normal proxy cache topology is one where the server called proxy server will be some kind of intermediate device between client and server. Proxy will receive all requests from clients and it will […]
An Introduction to the Nexus 6000
There's a new Nexus in the family, the Nexus 6000. Here are the highlights.
| Nexus 6001 | Nexus 6004 | |
|---|---|---|
| Size | 1 RU | 4 RU |
| Ports | 48 x 10G + 4 x 40G | 48 x 40G fixed + 48 x 40G expansion |
| Interface type | SFP+ / QSFP+ | QSFP+ |
| Performance | Line rate Layer 2 and Layer 3 | |
| Latency | 1μs port to port | |
| Scalability | 128K MAC + 128K ARP/ND (flexible config), 32K route table, 1024-way ECMP, 31 SPAN sessions | |
| Features | L2/L3, vPC, FabricPath/TRILL, Adapter FEX, VM-FEX | |
| Storage | FCoE | |
| Visibility | Sampled Netflow, buffer monitoring, latency monitoring, microburst monitoring, SPAN on drop/high latency | |
Quiz #6 – Routing protocols over IPsec
Your company is extending their network with a Remote Office in a different city. You configure an IPsec tunnel between the HeadQuarters and the Remote Office, then you run EIGRP over it, but soon you find out that the tunnel flaps up and down continuously. What is the problem?