0

Fast Restoration on IP – MPLS Fast ReRoute

Service providers that have a lot of real-time traffic through their network, like mobile network operators (MNOs), are very keen on a fast restoration of service once a failure occurs in the network. In the past a lot of networks were based on SDH/SONET transport networks, which took care of sub-second (50ms) failovers. Nowadays Ethernet is THE standard for any transport within a service provider network. This introduces an issue, as Ethernet is not built for automatic failover when certain things fail.

Now there are many ways to solve this and I want to dig deeper in these technologies in several posts.  I will discuss various protocols that can solve the fast restoration requirement in different ways. Some are used in local situations (so failover to local neighbor, like a twin sibling) and others can be used in inter-site locations or can be an end-to-end protection for certain traffic.

The posts are broken down as follows:

1. MPLS Fast ReRoute (this post)
2. IP Loop Free Alternate
3. BGP PIC Core/Edge
4. Hierarchical Forwarding

Please be aware that these technologies are all related to fast restore the layer 3 forwarding path, therefore restoring the MPLS forwarding path. The MPLS forwarding path may be Continue reading

0

LLDP / 802.1AB-2009 blows

If you're designing L2 discovery protocol, I suppose one of your mandatory requirements is, that you can 'machine walk' the network, after you find one box. I.e. you are able to know your neighbor devices and their ports. LLDP makes no such guarantees

You have 4 mandatory TLVs, [0123], End of LLDPDU, Chassis ID, Port ID and TTL. Chassis ID has 7 subtypes which implementation is free to choose, EntPhysicalAlias (two distinct cases), IfAlias, MAC address, networkAddress, ifName or locally assigned. Port ID also has 7 subtypes which implementation is free to choose, ifAlias, entPhysicalAlias, MAC address, networkAddress, ifName, agent circuit ID, locally assigned.

Now you can send what ever trash via locally assigned and be fully compliant implementation. It seems that it would be wise to mandate sending management address (networkAddress) in ChassisID and SNMP ifindex in PortID (and any _additional_ ones you may want to send, i.e. more than 1, which is not allowed). This way you'd immediately know what OID to query and from which node. Obviously this makes assumption that we have IP address always and SNMP implementation always. If we absolutely must support some corner cases where this is not true, we should Continue reading

0

JNCIE-ENT lab set-up

As I’m preparing for the various exams (up to the Expert lab) of the Enterprise Routing & Switching track of Juniper I needed a lab to support this. In this blogpost I would like to explain my choice of hardware and software and how I’m going to use this set-up to prepare for the written exams and the lab exam.

Hardware and Software

Based on the blueprint, available on the Juniper website (http://www.juniper.net/us/en/training/certification/resources_jncieent.html), I needed to select hardware and software. The current software version used in the lab is JUNOS 10.4. On the various communities I heard that they want to upgrade this to a JUNOS 11.x (probably 11.4, which is a long-term-support version) software track somewhere this year, but until that time I chose the latest version of 10.4. At time of this writing this is JUNOS 10.4R9.

On the official blueprint there is no real indication of which hardware is used on the lab exam, but when you find your ways through the community sites and with the help from some community friends (special thanks to Chris ;-) I decided to use the SRX100H as router and EX4200 Continue reading

0

OAM LFM: Part 2 – Junos implementation

This post covers: - OAM implementation on Junos - Default value of OAM LFM parameter (in relation with the Part 1) - Configuration / understanding: Neighbor discovery phase - Configuration / understanding: Remote loopback operation - Configuration / understanding:...

0

OAM LFM: Part 2 – Junos implementation

This post covers: - OAM implementation on Junos - Default value of OAM LFM parameter (in relation with the Part 1) - Configuration / understanding: Neighbor discovery phase - Configuration / understanding: Remote loopback operation - Configuration / understanding:...

0

Nexus load intervals

This is a interesting but a trivial post. Everybody know about the interface command “load-interval” that changes the time period over which the interface packet-rate and throughput statistics are averaged. I discovered an addition to this command on the Nexus the other day while poking around. NX-OS allows multiple counter intervals to be configured on […]

0

OAM LFM: Part 1 – The theory

1/ Some terms, before: OAM for Operations Administration and Maintenance LFM for Link Fault Management EFM for Ethernet in the First Mile 2/ Introduction: OAM is intended for point-to-point or emulated p2p Ethernet links. The OAM block is optional, so...

0

OAM LFM: Part 1 – The theory

1/ Some terms, before: OAM for Operations Administration and Maintenance LFM for Link Fault Management EFM for Ethernet in the First Mile 2/ Introduction: OAM is intended for point-to-point or emulated p2p Ethernet links. The OAM block is optional, so...

0

HTTP Request Methods and Functions

0

EAP Functionality and Requirements

0

Logging – Levels

There are 8 different logging levels. Enabling higher level messages enables all lower level messages. EX: enabling Debugging level 7 enables all messages.


Level     Level Name         Description                                     Syslog Definition
0           Emergencies         The system is unusable                    LOG_EMERG
1           Alerts                   Immediate action is needed             LOG_ALERT
2           Critical                 Critical condition                             LOG_CRIT
3           Errors                  Error condition                                LOG_ERR
4          Warnings              Warning Condition                           LOG_WARNING
5     Continue reading

0

Stream Ciphers Examples

Here is a list of some of the more common Stream Ciphers

SEAL (Software Encryption Algorithm)
RC4
DES and 3DES leveraging OFB (Output Feedback) or CFB (Cipher Feedback)

0

Block Ciphers Examples

Here is a list of some of the more common Block Ciphers

Blowfish
RSA
DES and 3DES leveraging ECB (Electronic Code Block) or CBC (Cipher Block Chaining)
AES
IDEA
Skipjack
SAFER (Secure and Fast Encryption Routine)

0

Cisco Nexus 7000 upgrade to 8Gb

When upgrading a Nexus 7000 to NX-OS version 5.2 (using more than 1 VDC) or to NX-OS v6+, Cisco claims the need to upgrade the system memory to 8Gb. Note I have run on v5.2 using only 4Gb per SUP using 2 VDCs and it has worked just fine, but I should mention that the […]

0

Symmetric and Asymmetric Algorithms – Basic Differences

Symmetric uses only one key for both encryption and decryption. Sender and receiver share the same shared secret to transfer data securely. Algorithms include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. Also referred to as "secret key" encryption.

DES - 56bit keys
3DES - 112bit and 168bit keys
AES - 128bit, 192bit, and 256bit keys
IDEA (International Data Encryption Alogrithm) - 128bit keys
RC2 - 40bit and 64bit keys
RC4 - 1bit to 256bit keys
RC5 - 0bit to 2040bit keys
RC6 - 128bit, 192bit, and 256bit keys
Blowfish - 32bit to 448bit keys


Asymmetric uses one key for encryption and another key for decryption referred to as public key infrastructure encryption. Key lengths generally ranging from 512 to 4096bits.

Example of asymmetric encryption RSA,EIGamal, Eliptical Curves, and Diffie Hellman

0

Symmetric and Asymmetric Algorithms – Basic Differences

Symmetric uses only one key for both encryption and decryption. Sender and receiver share the same shared secret to transfer data securely. Algorithms include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. Also referred to as "secret key" encryption.

DES - 56bit keys
3DES - 112bit and 168bit keys
AES - 128bit, 192bit, and 256bit keys
IDEA (International Data Encryption Alogrithm) - 128bit keys
RC2 - 40bit and 64bit keys
RC4 - 1bit to 256bit keys
RC5 - 0bit to 2040bit keys
RC6 - 128bit, 192bit, and 256bit keys
Blowfish - 32bit to 448bit keys


Asymmetric uses one key for encryption and another key for decryption referred to as public key infrastructure encryption. Key lengths generally ranging from 512 to 4096bits.

Example of asymmetric encryption RSA,EIGamal, Eliptical Curves, and Diffie Hellman

0

Net-SNMP and snmpd Coexistence on OpenBSD

Although it would be awesome to ditch Net-SNMP altogether now that the base OpenBSD SNMP daemon has support for all of the OpenBSD-related MIBS (CARP, PF, kernel sensors), reality is that Net-SNMP still offers some features that are needed. OpenBSD doesn't have any SNMP tools (snmpwalk, snmpset, etc) so these are still required from Net-SNMP. There's also some unique features in the Net-SNMP daemon that are still useful if you want to do things like monitor BIND9 or Postfix statistics.

Here's how to run both at the same time and leverage snmpd for the OpenBSD-related MIBs and the Net-SNMP daemon for its ability to retrieve data from scripts and extend itself using loadable modules and smux sub-agents.

0

Switching from Net-SNMP to snmpd for CARP, PF and Sensor Monitoring

Update: For help running both snmpds at the same time, see Net-SNMP and snmpd Coexistence on OpenBSD

Now that OPENBSD-CARP-MIB and OPENBSD-PF-MIB have been added to the base snmpd in OpenBSD (CARP-MIB will be in 5.1-release, PF-MIB in 5.2, and the SENSOR MIB has been there since 4.5), I wanted to document the differences between these MIBs and the corresponding implementation of the MIBs that I wrote for Net-SNMP.

Both implementations provide the same set of OIDs and allow the same data to be retrieved. Whatever you were querying via Net-SNMP is available via snmpd.

What has changed is the base OID where the CARP and PF MIBs are rooted at as well as the name of certain OIDs.

0

Netapp CNA Link Redundancy with a Single Nexus Switch

I ran into a configuration recently where I had a Netapp storage array with the UTA cards installed, so there two CNA ports on each filer for a total of 4 ports. However, instead of a dual-switch design, there was only a single Nexus 5000, and therefore, no vPC configuration. I needed to achieve some level of redundancy on an interface level, but ran into some problems which I’ll discuss.

0

Netapp CNA Link Redundancy with a Single Nexus Switch

I ran into a configuration recently where I had a Netapp storage array with the UTA cards installed, so there two CNA ports on each filer for a total of 4 ports. However, instead of a dual-switch design, there was only a single Nexus 5000, and therefore, no vPC configuration. I needed to achieve some level of redundancy on an interface level, but ran into some problems which I’ll discuss.