by Tony Mattke on September 26, 2011
My most recently collection of interesting bits of data found out on the blogsphere/internets. Due to my lack of time, I’ve decided to recycle what I find out on the ‘net and share it here. Please bare with me while I try to come up with an interesting name for such an unoriginal type of post.
Juniper/Junos Portable Library
Greg Ferro ala Etherealmind.com posted an interesting link. Instead of hiding their documentation behind a pay-wall, Juniper has supplied all of it via a mutli-part zip files. As Greg mentioned, loading these on your iPad is a great option for the engineer on the go! [link]
Cisco’s failure to provide IPv6 – Updated!
Ivan Pepelnjak from ioshints.info has some pleasant surprises for us in the Cisco-land with an update on Cisco’s IPv6 support in their data center products. [link]
Nexus 1000v features
Yandy Ramirez aka Packet Maniac has put together a great Mindmap detailing the features of the Nexus 1000v. [link]
IOU – IOS on Unix
More news from Jeremy Gaddis ala Evilrouters.net. He has not only documented the use of, but improved the functionality of the iou2net.pl perl script that replaces the functionality of the hard to come by IOUlive. [link]
Cisco Phone Cheat Codes?
Yes, you had to read that title twice. Tom Hollingsworth aka Networkingnerd.net has put together a cheat sheet for those of us that tend to forget the keypad shortcuts for Cisco’s phone line. [link]
by Tony Mattke on September 6, 2011
Everyone has different views on hardening IOS, and while I do not claim to be an expert, these are the practices that I commonly use when bringing up a new device. If you see something I missed, please leave a comment and I’ll add it to the list and send the credit your way. I’ve also included general best practices that I follow that fall outside of the security realm. This is in no way a complete list of best practices, or a complete steb-by-step guide to hardening an IOS device.
[ read more... ]
by Tony Mattke on September 1, 2011
As many of you may know, I’m in the middle of a huge network redesign, last week our new firewalls finally arrived and it became time for us to start migrating services onto the edge network I’ve been building for the past couple months. Unfortunately, the first thing they wanted to move was a group of new proxy servers. Since they were already re-addressed and ready for the new infrastructure we figured some policy based routing (PBR) would do the trick until we were ready to flip the switch and change our default route to point out the new edge network.
I spent about a couple minutes writing up the configuration that we would need, nothing too complex. Since we planned out pointing the whole Vlan out the new infrastructure, I wrote 2 ACLs and a route-map that should’ve accomplished the following.
[ read more... ]
by Tony Mattke on August 29, 2011
I’ve never had the opportunity to really do much with F5 load balancers in the past, but recently one our system engineers needed some load balancing setup, and wanted to know if we could assign some static MAC addresses for his NLB. This obviously make us sick to our stomach, so my co-worker decided to dedicate a chuck of time to bringing some F5 BigIP boxes that we had laying around back from the grave. Once they were up and running and had VIPs setup for a couple sites for testing, I spent a few minutes looking at the configuration. Everything seemed rather simple, which explains how he was able to do all of it in just a couple hours. I had him go over the config with me since he has had several years of experience with F5 LTMs and I was rather impressed in their simplicity and flexibility.
Later that day the application owner for one of the test systems we setup asked if there was a decent way for him to troubleshoot with an end user which server they were having an issue with (as this has been a problem in the past when certain servers freak out). My coworker, who doesn’t enjoy any sort of programming or scripting, asked me to look into writing an iRule.
To make a long story short, I quickly found my way to the F5 Dev Central site and started digging in to their documentation. They have a great resource there, lots of examples, and tons of reference information. Within the hour I had a tested and working solution.
The following iRule briefly interrupts the streaming of the page from the server to client, and rewrites the HTML header adding the last octet of the server’s IP address with a bit of formatting to the title section. ie Home (s22)
when HTTP_RESPONSE {
STREAM::disable
if {[HTTP::header "Content-Type"] starts_with "text/"} {
STREAM::expression "@<\/title>@ (s[getfield [LB::server addr] "." 4])<\/title>@"
STREAM::enable
}
}
I really hope to have an opportunity to work with some F5 appliances again soon. I would definitely enjoy writing another iRule to add some custom functionality, but just learning a bit more about some of their advanced features would also be great.
by Tony Mattke on August 19, 2011
Next generation data centers across the world are taking advantage of Cisco’s Virtual PortChannel. As of recent, I’ve moved our core to a pair of Nexus 7010s running vPCs to the user edge, server edge, and some legacy systems. Over the past couple weeks I’ve also learned of a couple of features and wanted to bring them to light for everyone. I’ve also thrown in some information on some features that may not be new, but are still good to have in your tool bag.
Peer Gateway
vPC Peer Gateway allows devices to act as a gateway for packets that are destined to their vPC peer(s) MAC address. Typically this is used with NAS devices, or load-balancers that do not comply with Ethernet RFC standards. Such behavior can cause packets to be sent across the peer-link and end up being dropped on the other side.
The use of peer-gateway does not circumvent the exclusion from running L3 routing protocols over a vPC, or vPC enabled VLAN.
[ read more... ]
by Tony Mattke on August 1, 2011
Rather quietly, at least I never heard anything, on July 29th, Cisco released NX-OS Version 5.2(1) for the Nexus 7000 platform. (and the world rejoiced) This long awaited revision brings many new features to the 7k, one of those being MPLS support. (I’ll break the bad news to you now, it requires an additional license, so does FCoE. There is also a new SAN Enterprise License) But I digress, as I am upgrading my new (yet to be put into production redundant pair of 7010s) core to 5.2(1), I wanted to go down the list of new features that I find interesting…
- LISP — This is a hot topic right now, the session at Cisco Live ’11 was jammed packet with engineers chomping at the bit. Unforunately there are caveots here as well.. LISP functionality requires the use of the N7K-M132XP-12 or the N7K-M132XP-12L. LISP also requires the Transport Services Package license (N7K-TRS1K9).
- MPLS — In addition to basic MPLS support including LDP, Cisco is also offering IPv4/6 L3 VPNs, MPLS-TE, MPLS QoS, OAM, Multicast VPNs, and VRF route leaking.
- FCoE — Cisco requires the use of the N7K-F132XP-15 here. I’m not a storage guy, so I wont pretend to understand the details, but they’re also supporting storage VDC, and shared interfaces
- New OTV Features! — New features here include support for adjacency servers (allowing you to deploy without multicast enabled networks), IPv6 Clients (neighbor discovery via IPv6), Site Hardening (prevents accidental misconfigurations)
Looks like I’ve got less than 2 minutes left, time to wrap up!!
n7000-s1-dk9.5.2.1.bin 92% 142MB 124.5KB/s 01:41 ETA
Cisco has made a pretty serious leap forward with NX-OS, lets hope this continues in the future. For more information please see the NX-OS 5.2(1) release notes located at http://www.cisco.com/en/US/customer/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html
by Tony Mattke on August 1, 2011
This morning several CCIE candidates received an email stating that on August 1, 2011, Cisco will be raising the cost for the CCIE lab from $1,400 to $1,500. This is an interesting twist in events as the Internet trolls have been circulating rumors that the lab would soon be lowered to $1,000. Why has Cisco made this almost insignificant change? I assume this may have to do with the struggling economy and fewer attempts being made. Seeing as Cisco just implemented a layoff of 6,500 employees, you’d think they would be refocusing attention on their core fundamentals. Will raising the price of the lab affect the number of attempts? Probably not, but its not a risk I would be taking right now. Cisco should currently be embracing their learning candidates, not asking them for more money.
I’m really interested in what everyone thinks about this change. If you have something to say, feel free to follow up with me in the comments section. Thanks!
by Tony Mattke on July 22, 2011
It’s been a tough week since I left Las Vegas. I must say that my Cisco Live withdrawal has been pretty bad, and with the week we’ve been having here in Indiana, I’m certainly missing the low humidity. (Yesterday’s heat index topped 121F) As for the conference, I wanted to give a quick rundown of my experience as this was my very first Cisco Live, but first, I wanted to take a second to say that of all the conferences I’ve been to Cisco LIve 2011 was an absolute home run… 15,000 engineers, top notch session, a great event staff, and some wonderful planning from Leslie and the rest of the Cisco Live team!
Friday
I left Chicago in the morning, arriving in Vegas a bit early… unfortunately too early to check in. (I booked my flight before seeing a schedule for CL, only the dates July 9-14) After leaving my bags with the bell hop, I went in search of some food. This is where I made my first mistake. When in Vegas, avoid the convenient shops and cafe’s run by the hotel. I ended up paying $25 for a nasty sandwich, a croissant, and a Gateraide. Later in the week I discovered the House of Blues which is open for all 3 meals, and is much cheaper, and so much better than the buffet, or any other place around. ProTip: Do some research on food locations before leaving! Friday night I also met my first twerp Teren Bryson, and his wife for a drink at a bar. Little did I know at the time we’d be hanging out a lot this week!
[ read more... ]
Recent Comments