During one of my training sessions someone asked me:
Why is it that none of our providers can give us a ping shorter than 150ms to the “internet”?
And the simple answer is: We can’t beat the physics!!
Let me explain:
From very early in my networking career I have been fascinated by protocol details, packet captures and the features of my top 3 application troubleshooting tool: Wireshark.
Getting the captures on the endpoints (clients/servers) is relatively easy but things can get difficult when you want to capture traffic somewhere in between and is hard to do port mirroring (SPAN) on some remote switch.
Packet Capture Capabilities of Cisco Routers and Switches is an old video (4 years is old right?) posted on the Cisco Support Forums that highlights different methods to get on box packet captures in Wireshark .pcap format or in text output.
KRACK is the short name for an attack to the WPA (Wi-Fi Protected Access) security protocol, both WPA1 and WPA2. The vulnerability allows Wi-Fi traffic to be decrypted withouth knowledge of any keys even when using “secure” encryption like WPA2 (personal or enterprise).Continue reading →
Ever since I was a young man my father always told me:
“The best way for you to learn something is to accept the challenge to teach someone”
Teaching was never on my list of strenghts. I ran away from it the best I could until years ago, where I learned that the above statement was in fact true and I started to lose the fear of public speaking. It is only when you try to teach someone you find out the little details we are still missing.
Recently I started a similar challenge, not because I was asked to, but because I offered myself to strengthen the knowledge on both sides, the one who teaches and the one who learns. Its a “win-win situation”. A “customized training” to a small group of employees about the fundamentals of routing and the OSPF protocol up to CCNP level.
So… It’s now time to find out a bit about what I still know and refresh whatever has already run away.
Back to the basics!
“Knowledge is nothing unless shared and put into practice”
I recently came across a podcast called Network Collective which is know into its 6th episode. Of course these days there are millions of podcasts but this one in particular is interesting because it touches on a few points with which I agree.
The topic for this 6th episode was “What I Wish I Had Known” and the conversation is around what guests, with many years of work experience, know now but they wish they would know in the beginning of their careers. Continue reading →
My studies of Cisco Data Center technologies have led me to Cisco UCS (Unified Computing Systems). To manage a UCS domain Cisco provides us with the UCS Manager software. This software runs on switch-like devices called Fabric Interconnects acting as the “doorways” between the UCS domain and “the world”.
For all of us studying and needing to understand it without access to a bunch of expensive servers, Cisco was kind enough to create the UCSPE (UCS Platform Emulator) as a free downloadable virtual machine.
Since I’m not a good friend of VMWare and can’t have a bare metal hypervisor, my “playing” focuses mostly on Virtualbox but there is a small detail that must be taken care of:
Problem: After importing the UCSPE appliance you can’t access the GUI even after changing adapter 1 to Host-only or Bridge. Continue reading →
Well… seems I have been sleeping for a while. Draft BGP Large Communities about which I wrote a little while ago here already go to it’s final stage about a month ago. RFC 8092 was published mid February/2017.
Looking at the differences between draft 06 (published October/2016) and RFC 8092 little was changed except for small language corrections and the “Reserved Large BGP Community values” section.
Will you be able to play with Cisco routers? Not yet! The “big ones” like Cisco and Juniper have not implemented any draft or the RFC. But if you want to stay updated please keep looking at the implementations page. IXPs (Internet Exchange Point) thatfrequently use servers running opensource routing software can already upgrade their code and start testing and defining policies and community values. This Internet Draft is a good start.
To better understand what this new BGP attribute is, have a look at my post from 2016: Large BGP Communities (Internet Draft).
If you’ve been in IT and networking in the last 5 years, you definitely know the 1st family of Cisco ISR (Integrated Service Routers) 1800, 2800 and 3800. If that’s true, you also seen the transition to ISR G2 (1900, 2900 and 3900) and felt the frustration of the new licensing model.
Lately (15 years?) Cisco has been introducing new routers working with new operating systems:
All of these new OS’s are modular and bring only advantages when compared to the old IOS (Internetwork Operating System).
ISR 4000’s are no longer running IOS but IOS XE. ASR 9000 – recommended for the replacement of 7600’s – runs IOS XR. 2960 and 4500 switches have left IOS and have been running IOS XR for some years now.
This trend clearly shows us that the well known “classic” and monolithic IOS we came to love and hate since the 90’s is coming to an end. After these announcements, there are very few that still run “pure” IOS.
No. Fortunately, NX-OS and especially IOS XE is keeping syntax and CLI (Command Line Interface) similarities with the original IOS. The notable differences are underneath in software architecture (Linux Kernel), modularity, memory protection and high availability. Only IOS XR has big differences but you can get the hang of it quickly with a few month’s practice (have a look at XRv)
Difference between IOS, IOS XE and IOS XR
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide: Software Packaging and Architecture
This week I was mindlessly going around “the internet” and stumbled upon an interesting IETF RFC draft from the Inter Domain Routing Working Group (IDR WG). The draft is for Large BGP Communities and is currently its 6th version.
You probably heard of BGP communities. This BGP attribute is defined in RFC 1997 is one of the most used attributes to help service providers apply specific routing policies to a group of prefixes sharing some common property.
BGP Communities are 4 Byte (32bit) values represented as A:B, where A is the decimal representation of the first 2 Bytes and B the decimal representation of the lower 2 Bytes. It is common practice to use the first 2 Bytes as an AS number and the last 2 Bytes to convey information to upstream routers (such as a Local Preference value to be set).
But there is a problem with this. RFC 1997 has been in use since 1996 and since then a lot has changed. One of these changes is the RFC6793 which defined the capability of BGP speakers to use 4 Byte (32bit) AS numbers instead of the shorter 2 Byte (16 bit) AS numbers. Continue reading →