Review: Ethernet Fabric Whitepaper by Brocade

I’ve been pretty deep into my CCNP ROUTE studies, which is mostly WAN and routing protocols, so I haven’t had much chance to dive any deeper when it comes to datacenter stuff. I’d seen several ads for the Brocade whitepaper titled “Five Reasons Classic Ethernet Switches Won’t Support the Cloud” and I figured I’d give it a shot. The whitepaper is not long, and is quite easy to understand. It contrasted well between traditional switches and Ethernet Fabric switches in terms of supporting SaaS application requirements, pointing out that while STP is a necessary evil in a classic Ethernet switched infrastructure, it creates several problems for “the cloud”.

Review: Ethernet Fabric Whitepaper by Brocade

I’ve been pretty deep into my CCNP ROUTE studies, which is mostly WAN and routing protocols, so I haven’t had much chance to dive any deeper when it comes to datacenter stuff. I’d seen several ads for the Brocade whitepaper titled “Five Reasons Classic Ethernet Switches Won’t Support the Cloud” and I figured I’d give it a shot. The whitepaper is not long, and is quite easy to understand. It contrasted well between traditional switches and Ethernet Fabric switches in terms of supporting SaaS application requirements, pointing out that while STP is a necessary evil in a classic Ethernet switched infrastructure, it creates several problems for “the cloud”.

EIGRP over NBMA Networks

Commonly used routing protocols like OSPF and EIGRP utilize multicast addresses to distribute hello messages, and routing information. In a broadcast-capable layer 2 network like Ethernet, EIGRP will send a packet containing a hello message to the address 224.0.0.10, which results in a corresponding layer2 destination 01:00:5e:00:00:0a. Something I used to wonder about all the time is how routing protocols work over Non-Broadcast Multi-Access networks like Frame Relay. In these networks, there are no broadcasts or multicasts.

EIGRP over NBMA Networks

Commonly used routing protocols like OSPF and EIGRP utilize multicast addresses to distribute hello messages, and routing information. In a broadcast-capable layer 2 network like Ethernet, EIGRP will send a packet containing a hello message to the address 224.0.0.10, which results in a corresponding layer2 destination 01:00:5e:00:00:0a. Something I used to wonder about all the time is how routing protocols work over Non-Broadcast Multi-Access networks like Frame Relay. In these networks, there are no broadcasts or multicasts.

Vyatta OSPF Designated Router Concepts

I was inspired by a (relatively) recent post by Jeremy Stretch at Packetlife.net that explained OSPF designated router configuration in Cisco IOS. I’d like to go into a bit more detail regarding the need for a designated router, and explore the same configuration steps on the Vyatta Core platform. I’ve already shown how easy it is to integrate a Cisco router with a Vyatta router using OSPF, so you can use a mix of Cisco and Vyatta gear if you wish.

Vyatta OSPF Designated Router Concepts

I was inspired by a (relatively) recent post by Jeremy Stretch at Packetlife.net that explained OSPF designated router configuration in Cisco IOS. I’d like to go into a bit more detail regarding the need for a designated router, and explore the same configuration steps on the Vyatta Core platform. I’ve already shown how easy it is to integrate a Cisco router with a Vyatta router using OSPF, so you can use a mix of Cisco and Vyatta gear if you wish.

Routing Information Protocol – Keeping It Classless Labs

Today we’ll be looking at Routing Information Protocol, or RIP. This is an easy-to-use protocol to distribute routing information around a network. We’ll explore how to configure it on a Cisco router, and some of the tweaks necessary to get it to perform well in a modern network. Download the Lab Outline Download the GNS3 Lab used in this video

Useful OpenFlow Resources

I wrote a post a while back introducing OpenFlow, and I informed you of my thoughts concerning this relatively new technology. Regardless of your need for a programmable network, the concept is certainly interesting and warrants some tinkering. It’s important to remember that OpenFlow itself is just a protocol definition, and until recently, there wasn’t a lot of software available that implemented it, and thus, no in-home tinkering. I’d like to point out a few new projects that are implementing OpenFlow and making it relatively easy to implement on your own.

Useful OpenFlow Resources

I wrote a post a while back introducing OpenFlow, and I informed you of my thoughts concerning this relatively new technology. Regardless of your need for a programmable network, the concept is certainly interesting and warrants some tinkering. It’s important to remember that OpenFlow itself is just a protocol definition, and until recently, there wasn’t a lot of software available that implemented it, and thus, no in-home tinkering. I’d like to point out a few new projects that are implementing OpenFlow and making it relatively easy to implement on your own.

IPv6 Prefix Lengths

For years, discussions regarding the appropriate prefix length for IPv6 subnets have been waged, with high profile organizations and bloggers chipping in their $0.02 for all kinds of opinions. IPv6 enthusiasts have long-adhered to their “A /64 for every subnet” approach, and they give many good reasons for this approach. There are others who recognize the sheer amount of waste from this method, and suggest much more restrictive prefixes, such as /126 for a point-to-point link, as that prefix allocates 2 addresses, identical to the /30 mask in the IPv4 world.

IPv6 Prefix Lengths

For years, discussions regarding the appropriate prefix length for IPv6 subnets have been waged, with high profile organizations and bloggers chipping in their $0.02 for all kinds of opinions. IPv6 enthusiasts have long-adhered to their “A /64 for every subnet” approach, and they give many good reasons for this approach. There are others who recognize the sheer amount of waste from this method, and suggest much more restrictive prefixes, such as /126 for a point-to-point link, as that prefix allocates 2 addresses, identical to the /30 mask in the IPv4 world.

Preparation Tips for the JNCIE-SEC Exam

Not a day that goes by since having passed the JNCIE-SEC exam that I don't receive an inquiry in one form or another regarding how I prepared for the exam.  It seems that there is an incredible amount of interest in this exam, especially from all those die-hard ScreenOS folks that are now converting to Junos.  So instead of constantly repeating myself, I figured I'd just put it up on the blog so others can benefit (leaving me more time to do other things, 'heh).

NOTE: For full disclosure, I must reveal that I am an Technical Trainer and Certification Proctor at Juniper Networks.  As such, I take EXTRA responsibility towards protecting the content and integrity of the exam and I take the certification credentials very seriously.  Not only that, I worked REALLY, REALLY hard to achieve my JNCIE certifications, and I believe everyone else should too! As such, I kindly ask that candidates refrain from asking me questions which would be considered a violation of the NDA.  Also, I should add that although I work for Juniper, the viewpoints expressed in this article are my own and may not necessarily be shared by my Continue reading

IPv6 Hacking – “thc-ipv6” [Part 2]

A while back I did a post called IPv6 Hacking - “thc-ipv6” Part 1 - it was, in fact, the first post here on Keeping It Classless. That post focused on the flood_router6 script, which unleashed a flood of IPv6 Router Advertisements (RAs) on a layer 2 network segment, bringing vulnerable operating systems like Windows 7 to their knees. The “fake_router6” script is another member of the “thc-ipv6” suite that grants a powerful weapon to a would-be attacker.

IPv6 Hacking – “thc-ipv6” [Part 2]

A while back I did a post called IPv6 Hacking - “thc-ipv6” Part 1 - it was, in fact, the first post here on Keeping It Classless. That post focused on the flood_router6 script, which unleashed a flood of IPv6 Router Advertisements (RAs) on a layer 2 network segment, bringing vulnerable operating systems like Windows 7 to their knees. The “fake_router6” script is another member of the “thc-ipv6” suite that grants a powerful weapon to a would-be attacker.

IPv6 Hacking – “thc-ipv6” [Part 2]

A while back I did a post called IPv6 Hacking - “thc-ipv6” Part 1 - it was, in fact, the first post here on Keeping It Classless. That post focused on the flood_router6 script, which unleashed a flood of IPv6 Router Advertisements (RAs) on a layer 2 network segment, bringing vulnerable operating systems like Windows 7 to their knees. The “fake_router6” script is another member of the “thc-ipv6” suite that grants a powerful weapon to a would-be attacker.