AS-Path Filtering

2014-10-15 at 8.36 AM
Before we get into the how, let’s talk about the why. According to the CIDR Report, the global IPv4 routing table sits at about 525,000 routes, it has doubled in size since mid 2008 and continues to press upwards at an accelerated rate. This momentum, which in my estimate started around 2006, will most likely never slow down. As network engineers, what are we to do? Sure, memory is as plentiful as we could ask for, but what of TCAM? On certain platforms, like the 7600/6500 on the Sup720 and even some of the ASR1ks we have already surpassed the limits of what they can handle (~512k routes in the FIB). While it is possible to increase the TCAM available for routing information, there are other solutions that don’t include replacing hardware just yet.
Continue reading

Network Design — Keeping it simple

complexitySince the dawn of time people have skirted best practice and banged together networks, putting the proverbial square peg in the esoteric round hole. For example, new vendor XYZ’s solution has brought in new requirements for deployment. While it may seem easier for to throw together a new firewall, a switch, and maybe some additional routes, and of course Tom‘s favorite… NAT — but where does it stop!? As you continue to pile layer upon layer into your uninspired network design you will soon realize that your “beautiful network” has become the ugly duckling that you need help fixing.

That leads me to my first point. Complex systems are expensive, not only in CAPEX, but in OPEX. When you design and build a network, you have to ensure that you are not building something that no one else has dreamed up, or else your problems will also be unique. And without the additional money to hire top tier engineers, you could be short staffed, or worse yet, facing the problem on your own. The more complex your network becomes, the more likely it is to fail. As I’m often quoted as saying, “The complexity required for robustness, often goes again robustness…”, and those systems are often replaced.
Continue reading

Cisco ISR 4000 – Now with more licensing!

This week an Interop NYC, Cisco launched it’s ISR 4000 Series. This is a new approach for them focused on delivering services to your branch offices. Cisco has dubbed this new approach the Intelligent WAN (IWAN) — but before we talk about that, let’s talk about hardware. Those of us that have been paying attention remember that Cisco announced the ISR 4451 at Cisco Live 2013. The 4451 boasts a multi-core CPU architecture that runs the all to familiar by now IOS-XE. It’s 1-2 Gbps of throughput made it a perfect fit for those looking for something in between a 3945 and an ASR1k. Now Cisco that Cisco has brought the rest of the family into the spotlight it all makes sense.

Continue reading

HP talks SDN at Interop NYC 2014

I generally try to avoid combing my thoughts about presentations, but I have to mention that after sitting down with Glue Networks and their “SDN” presentation, it was truly a breath of fresh air to hear from HP. They went into some details on how they demonstrated the capabilities of their SDN platform. They purposely stretched their network out the limits of what they thought was possible.

On top of that, they spent some time talking about the launch of the very first SDN application ecosystem to market. I have to say, this is a fantastic idea and I’m glad that they brought it to fruition. Not only will the App Store help customers understand the real value behind SDN, as well as discover specific network applications that could help solve problems they’re facing today.

Take a few minutes to listen to Chris Young and Jeff Enters from HP give a fantastic white boarding session on the architecture behind the network they brought to Interop and the specific challenges of building it. Checkout for more info.

Standard TFD Disclaimer

While Cisco and HP were responsible for paying a portion of the travel and lodging costs for me during this Tech Field Day Extra event, they do not have input into what I write or say, if anything. And while I do appreciate being dragged across the US at last notice, I will not compromise my integrity.

Installing VMware tools on Cisco ACS

As of ACS v5.4 Cisco has finally included VMware tools for their ADE OS. Unfortunately, when you upgrade, they do not get installed automatically as the installation is triggered during the initial install. This post is for those of us that have upgraded to version 5.4 and didn’t choose to do a fresh install.

First of all, you need to get your hands on the Root Patch. This Root Patch allows you root shell access to the ADE OS, which is just a customized version of Redhat Linux. You can get this patch from TAC by asking them nicely, or telling them you need to install VMware tools on your ACS 5.4 install. I’m sure if you’re clever you can find a copy out in the wild as well. But your mileage may vary…

Installing the ACS Root Patch

This part is pretty simple. Using the ADE OS application installer, install the package using a predefined repository…

acs/eladmino# application install RootPatch-ACS-5-4.tar.gz ftp 
Save the current ADE-OS running configuration? (yes/no) [yes] ? 
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application installation...

Application successfully installed

Using the Root Patch

After the install, you have to logout and back in for the commands to show up in your session. Once you log back in you can run the root_enable command to set the root password. Once the password has been defined you can login using the root command.

Copyright (c) 2012 Cisco Systems, Inc. All rights Reserved

Last login: Fri Oct 18 15:34:48 2013 from
Copyright (c) 2012 Cisco Systems, Inc. All rights Reserved

acs/eladmino# root_enable
Password : 
Password Again : 

Root patch enabled

acs/eladmino# root
Enter root patch password : 
Starting root bash shell ... 
ade #

Installing VMware tools

Once you are in the root shell you can pretty much do whatever you want, including completely destroying your server. From here you simply have to navigate to the /opt/system/etc/vmware-tools-distrib/ directory and run the vmware-install script as shown below. The script should automagically configure itself and install vmware tools. Once complete exit ADE OS, and within a few momemnts VMware Tools should show as Running within the vSphere Client.

Continue reading