by Tony Mattke on October 13, 2011
As I feel this may be a regular section of the blog due to my lack of availability. Please suggest a better name for this “series”. I would certainly appreciate it, as would my readers who have heard enough of my bad humor…
SSL as we know it has been compromised!
The other Tony, as in Tony Bourke has brought to my attention the recently BEAST exploit that compromises TLS1.0 aka, SSL as you know it. This has been fixed in TLS 1.1 and 1.2, but as it seems, there is very little support out there for anything but TLS 1.0 thanks to the OpenSSL project.
TLS 1.2 and NLB
This is a follow up in a way to the article above, Tony talks about solving the TLS issue using NLBs.
IT Panic Mode
Tom bring up some very good points discussing how engineers deal with stress during outages. And he throws out a great Ghostbusters quote!
Nexus BFD
Interesting article discussing some oddities in the way the Nexus handles BFD processing.
The Reason Enterprises aren’t deploying IPv6
Ethan brings up some great points here discussing why Enterprise enviorments haven’t deployed IPv6, or in many cases, haven’t even considered it.
IPexpert IOU Topology
@jdsilva has built a great IOU Netmap for use with IPexpert’s CCIE R&S labs.
The Last Cable Tool…
Tom has found an interesting tool put out by Gerber. I’d like to see one of these in the store so I could get a feel for it before throwing down some hardcore cash…
MPLS is not Tunneling!
Yet another great post by Ivan, discussing the differences between MPLS virtual circuits and a true tunnel.
Is RIM using Cisco Nexus?
This weeks RIM failure was apparently caused by a core switch failure within their infrastructure. They stated that, “Although the system is designed to failover to a back-up switch, the failover did not function as previously tested.” — This makes me wonder if they’ve experienced some of the same fail over issues as we have with the Nexus line. As these have been fixed in later revisions of code, I would certainly hope this wasn’t the case.
by Tony Mattke on February 21, 2011
Striving to reach that last 9? Looking for a way to increase your uptime while still being able to do maintenance on your network? Wish you could shutdown your OSPF neighbors like your BGP peers? Ok, enough sales talk. Achieving HA uptimes when you need to do maintenance is far from simple, even if you tweak your hello timers, or use some fast detection protocol like BFD it still takes time for your protocols to converge. A much better solution would be gracefully notifying a router’s neighbors of a dramatic cost increase on all of it’s interfaces which would force an SPF calculation while the router is still online forwarding packets.
Welcome RFC 3137 — OSPF Stub Router Advertisement is a feature implemented in Cisco IOS release 12.2(4)T and 12.3. To force our router into stub status we can use the max-metric router-lsa router configuration command which changes the OSPF metric for all non-stub interfaces on the router to 65535.
The new metric in the LSA does not cause the path to be ignored, it just increases the cost. The other routers in the network will select any alternate paths (if available).
[ read more... ]
by Tony Mattke on May 24, 2010
Bidirectional Forwarding Detection (BFD) is a UDP-based protocol that provides fast (very fast!) routing protocol independent detection of layer-3 next hop failures. BFD can be used to replace the routing protocol timers with a fast and reliable failure detection mechanism. BFD also provides low-overhead detection of faults even on interfaces that don’t support failure detection of any kind, such as Ethernet, virtual circuits, tunnels and MPLS Label Switched Paths.
Introduction to BFD
The inner workings of the BFD protocol resemble the hello mechanisms used in most of today’s routing protocols, with a few exceptions. BFD packets can be processed on interface modules, whereas routing protocol hello packets are always processed by the control plane. BFD tests bidirectional communication. The hello protocol that EIGRP uses has been known to have issues with detecting unidirectional connections. Finally, BFD packets are typically smaller than keepalive packets from routing protocols. (24bytes + headers)
[ read more... ]
Recent Comments