VRF Export Maps

VRFs are an excellent tool for maintaining segregated routing topologies for separate customers or services. I've previously covered inter-VRF routing using route targets, but what if we only want to export a subset of the routes within a VRF? Here's a scenario in which this would be desirable.

Customers A and B each have a site network and a colocation network, and both customers need access to the 192.168.0.0/24 network in the Services VRF. The customers must utilize unique IP space in order to prevent overlapping networks, so each customer has been allocated dedicated IP space from their common provider out o 10.0.0.0/8. Unfortunately, customer A is still has some networks within the 172.16.0.0/16. These networks need to access services in the host colo, but the service provider can't allow this space to be advertised into the Services VRF as it's not approved IP space.

Our goal is to export only the networks within the 10.0.0.0/8 space from the customer VRFs to the Services VRF. How can we accomplish this?

Let's have a look at the initial network state. (This lab was performed using a single router for Continue reading

Leveraging LISP for IPv6 internet connectivity

Introduction End hosts inside of the enterprise or home can be connected to the IPv6 internet using LISP’s powerful encapsulation mechanisms. This article is structured in three sections exploring the utilization of LISP as means of IPv6 internet connectivity. The first section dives into IOS LISP IPv6 configuration and verification of the control-plane/data-plane. The use […]

Author information

Pablo Lucena

The post Leveraging LISP for IPv6 internet connectivity appeared first on Packet Pushers Podcast and was written by Pablo Lucena.

Exploring OSPF Messages in a Multi-access Network

The following network is configured with OSPF with all interfaces in area 0.  Since this is a multi-access network, a Designated Router (DR) is elected which improves OSPF performance by reducing the amount of LSA flooding. R3 is the current DR, with R2 as the BDR.  R4’s interface to SW1 has been configured as a passive interface to prevent an adjacency from forming and simulate R4 being a “new” router on the network.  Wireshark is monitoring the link between R4 and SW1.

I won’t go into all the details regarding Wireshark output and the OSPF process.  If you want a more detailed analysis, take a look at my previous blog article here.  In this article, we’ll only be taking a closer look at what happens specifically in a multi-access environment.

Upon re-enabling R4’s interface for OSPF, we see R4 sends a Hello packet to the All OSPF Routers multicast address (224.0.0.5) and that no DR or BDR is listed.  R4 is “new” to the network as far as OSPF is concerned, so it has no idea about the current topology.

R1, R2, and R3 all send Hello packets with the Continue reading

OSPF Link State Advertisements (LSAs) and Areas – Part I

If every router in an enterprise environment was in a single OSPF area, at some point you’re going to encounter scalability issues due to any changes in the environment causing an SPF recalculation in all routers in that single area.

LSAs and their use within areas provide a mechanism for maximizing performance in OSPF by logically segmenting groups of contiguous links so that every router in the entire autonomous system does not have to have exact copies of the Link State Database (LSDB) and to reduce the amount of LSA flooding.  SPF calculations are also isolated to each individual area rather than the entire environment.  Different LSAs are used in different situations, and are treated differently depending on the type of OSPF area involved.

The following table represents the different LSA types, and was taken from the CCIE R&S OCG.

Anycast DNS with IP SLA DNS

Recently I came across an idea to implement anycast DNS within an enterprise environment. The concept is similar to Google’s public DNS, but at an enterprise level. Using IP SLA DNS, a static tracked route and some redistribution it makes it an easy solution. The biggest benefits is that all internal clients can use the same DNS IP address no matter what locations they reside in; additional benefit is distributing the load when DNS attacks occur.

First you’ll have to configure the Cisco’s IP SLA. Using the DNS feature is much better than just ICMP. It will actually verify that the DNS server is responding to a specified query. In my example below I’m using a query for test001dns.me which is configured on the server as an A record. The DNS query is sent to a distinct IP address of the server 10.90.1.5. All local DNS server have two IP addresses: distinct and anycast. The anycast address is configured as a secondary IP (10.10.10.10) a numerous DNS servers throughout the enterprise.

Below is the IP SLA configuration using the DNS feature. It is configured on a LAN router.

ip sla 10
 dns test001dns. Continue reading

IPv6 First-Hop Security

How does the internet work - We know what is networking

All methods to mitigate IPv6 security issues Real life security intro I the process of configuring our corporate network test segment for IPv6 support there was direct demand to pay particular attention to security. In few weeks it was my mayor role to go trough all materials I could get in order to learn more […]

IPv6 First-Hop Security

Make yourself a standout

As people manage their careers, it is common sense that they need to stand above their peers if they want to outperform them from a career perspective. This is why you see people working 14- or 16-hour days. It’s become such common behavior that it is a central meme in just about every movie or […]

Author information

Michael Bushong

The post Make yourself a standout appeared first on Packet Pushers Podcast and was written by Michael Bushong.

Nuage Networks at Network Field Day 6

Nuage Networks at Network Field Day 6

MPTCP – Multipath TCP

How does the internet work - We know what is networking

Intro Multipath TCP is an extension of TCP that will soon be standardized by IETF. It is a succesful attempt to resolve major TCP shortcomings emerged from the change in the way we use our devices to communicate. There’s particularly the change in the way our new devices like iPhones and laptops are talking across network. All the devices […]

MPTCP – Multipath TCP

OSPF Summary Routes and BGP

Recently I was in a situation where I needed to advertise some OSPF routes created using the area range command into BGP. When advertising routes into BGP there are a few considerations:

• Does the routing table know the exact route you’re trying to advertise into BGP?
• Is any route filtering being performed? Don’t forget to check at the source of the BGP route and the destination it’s being advertised to!
• Is soft-reconfiguration supported on the software you’re running?
• Will you need to do a “clear ip bgp neighbor”? Seems IOS 12.4 doesn’t require it but 12.2 does. I tested 12.4 on GNS3, and 12.2 on a live 6500.

Using the area range command will automatically generate an OSPF intra-area route to Null 0 IF the router the command is issued on is an ABR. This is visible here:

Switch#sh ip route 10.253.0.0 255.255.240.0 
Routing entry for 10.253.0.0/20
 Known via "ospf 1", distance 110, metric 0, type intra area
 Routing Descriptor Blocks:
 * directly connected, via Null0
 Route metric is 0, traffic share count is 1

This route will not be created on a non-ABR router, so watch Continue reading

Mind Your Q’s and P’s

In the midst of this series of posts around fast convergence, someone asked if I could explain p and q space a little better. The illustration here might help readers who have more of a visual mind to understand the concepts involved. (feel free to click through to a larger version) Essentially, we can think […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA

First Wind Energy is searching for a Network Administrator who will be a key member of the IT team and report to the Director of IT. This position is based in Boston, MA. The Network Administrator is a hands-on technical position focusing on the support and maintenance of the network infrastructure and end user support […]

Author information

Job Posting Service

This post is a paid service of Packet Pushers Interactive, LLC. Contact [email protected] if you'd like to post your job opportunity here and reach thousands of network engineers.

The post Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA appeared first on Packet Pushers Podcast and was written by Job Posting Service.

INTER-AS VPNs PART -1

MPLS is widely used technology within Service Providers and sometimes also within Enterprise networks. One of the mostly used application of MPLS is MPLS VPN.  There are two flavors of MPLS VPN which is Layer 2 and Layer3 VPNs. Basically layer2 VPNs, service provider gives layer2 connectivity to the customer  and PW established for each […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post INTER-AS VPNs PART -1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

Valuing IP Addresses

iOS7′s impact on networks worldwide

Apple releases an iOS update and the networks all across the world witness a spike of almost 100% in the average traffic that they receive. Apple delivers its content using Akamai, which allegedly handles 20% of world’s total web traffic. Akamai is thus in a unique position to provide a view of whats happening on the web, at any given instant in time. Akamai logs clearly show an over all increase in Internet traffic and the hotspots in Europe soon after Apple released its iOS7.

Akamai showing traffic hotspot in Europe

Most service providers saw Akami and Limelight traffic up by an average of 300-700% immediately after iOS7 was released.

Being an Android user myself, i found iOS7′s release with the massive increase in the Internet traffic reported all over the world quite insidious. Honestly, i was a trifle concerned with what iOS7 was internally doing to result this.

It turned out to be quite an anti-climax when i realized that the spurt in network traffic was just because of Apple devices upgrading to the newer iOS. The iOS7 upgrade for the phones is around 900MB, and that for the ipads is around 1.2GB. Given that there are quite Continue reading

Show 163 – Open Source perfSONAR Finds The Flaws Impacting The Flows

In this week’s show, we dive into the networking community ocean, and come up with Brian Tierney and Nick Buraglio for a discussion about perfSONAR. perfSONAR is an open-source package of network testing tools that can run in a mesh across diverse network infrastructure, and help determine why you’re not getting the network throughput on […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 163 – Open Source perfSONAR Finds The Flaws Impacting The Flows appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Stop The Rodent – Tackling Rogue Devices in the BYOD Era

There was a time when the network was flat – everything was interconnected, anyone could access everything and security was not a serious problem. And when security problems began to crop up, options like three-layered hierarchical model, firewalls and Intrusion Detection Systems helped you secure the network. Finally, when you were battling viruses, zero day […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post Stop The Rodent – Tackling Rogue Devices in the BYOD Era appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

SDN and Programming (a.k.a. What The Heck is a REST API??)

SDN and Programming (a.k.a. What The Heck is a REST API??)