by Tony Mattke on October 13, 2011
As I feel this may be a regular section of the blog due to my lack of availability. Please suggest a better name for this “series”. I would certainly appreciate it, as would my readers who have heard enough of my bad humor…
SSL as we know it has been compromised!
The other Tony, as in Tony Bourke has brought to my attention the recently BEAST exploit that compromises TLS1.0 aka, SSL as you know it. This has been fixed in TLS 1.1 and 1.2, but as it seems, there is very little support out there for anything but TLS 1.0 thanks to the OpenSSL project.
TLS 1.2 and NLB
This is a follow up in a way to the article above, Tony talks about solving the TLS issue using NLBs.
IT Panic Mode
Tom bring up some very good points discussing how engineers deal with stress during outages. And he throws out a great Ghostbusters quote!
Nexus BFD
Interesting article discussing some oddities in the way the Nexus handles BFD processing.
The Reason Enterprises aren’t deploying IPv6
Ethan brings up some great points here discussing why Enterprise enviorments haven’t deployed IPv6, or in many cases, haven’t even considered it.
IPexpert IOU Topology
@jdsilva has built a great IOU Netmap for use with IPexpert’s CCIE R&S labs.
The Last Cable Tool…
Tom has found an interesting tool put out by Gerber. I’d like to see one of these in the store so I could get a feel for it before throwing down some hardcore cash…
MPLS is not Tunneling!
Yet another great post by Ivan, discussing the differences between MPLS virtual circuits and a true tunnel.
Is RIM using Cisco Nexus?
This weeks RIM failure was apparently caused by a core switch failure within their infrastructure. They stated that, “Although the system is designed to failover to a back-up switch, the failover did not function as previously tested.” — This makes me wonder if they’ve experienced some of the same fail over issues as we have with the Nexus line. As these have been fixed in later revisions of code, I would certainly hope this wasn’t the case.
by Tony Mattke on August 1, 2011
Rather quietly, at least I never heard anything, on July 29th, Cisco released NX-OS Version 5.2(1) for the Nexus 7000 platform. (and the world rejoiced) This long awaited revision brings many new features to the 7k, one of those being MPLS support. (I’ll break the bad news to you now, it requires an additional license, so does FCoE. There is also a new SAN Enterprise License) But I digress, as I am upgrading my new (yet to be put into production redundant pair of 7010s) core to 5.2(1), I wanted to go down the list of new features that I find interesting…
- LISP — This is a hot topic right now, the session at Cisco Live ’11 was jammed packet with engineers chomping at the bit. Unforunately there are caveots here as well.. LISP functionality requires the use of the N7K-M132XP-12 or the N7K-M132XP-12L. LISP also requires the Transport Services Package license (N7K-TRS1K9).
- MPLS — In addition to basic MPLS support including LDP, Cisco is also offering IPv4/6 L3 VPNs, MPLS-TE, MPLS QoS, OAM, Multicast VPNs, and VRF route leaking.
- FCoE — Cisco requires the use of the N7K-F132XP-15 here. I’m not a storage guy, so I wont pretend to understand the details, but they’re also supporting storage VDC, and shared interfaces
- New OTV Features! — New features here include support for adjacency servers (allowing you to deploy without multicast enabled networks), IPv6 Clients (neighbor discovery via IPv6), Site Hardening (prevents accidental misconfigurations)
Looks like I’ve got less than 2 minutes left, time to wrap up!!
n7000-s1-dk9.5.2.1.bin 92% 142MB 124.5KB/s 01:41 ETA
Cisco has made a pretty serious leap forward with NX-OS, lets hope this continues in the future. For more information please see the NX-OS 5.2(1) release notes located at http://www.cisco.com/en/US/customer/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html
by Tony Mattke on October 14, 2010
Previous thoughts on load balancing BGP were that it is not a load balancing protocol and in order to achieve any sort of balanced traffic you would have to perform some sort of route balancing. These days with BGP finding its way into our core IGP ( think MPLS VRF WAN ) a number of options for load balancing BGP have shown up.
Multipath BGP
While IGPs tend to manage most load balancing scenarios automagicly, BGPs mechanisms are configured manually. To allow multipath eBGP you configure the maximum number of paths to install using the maximum-paths route configuration command. However, multipath route installation does have to meet a few criteria including matching attributes. These attributes include weight, local preference, AS path, origin code, MED, and IGP metric. The next hop address for each path must also be different in order for that path to be considered.
Although the BGP path selection algorithm only considers the AS path length when comparing paths, the actual values (ASNs) of the path attribute have to match for the two routes to be installed
These stipulations are fine when sharing a load across multiple routes to a single ISP. But what if we had two different ISPs? Our attributes may match in every instance, except for the AS numbers in each path. Fortunately, there is an undocumented Cisco command that allows us to consider those routes, despite the differences in the AS numbers inside the path. Introducing bgp bestpath as-path multipath-relax
[ read more... ]
by Tony Mattke on November 19, 2009
A while back I asked everyone to vote on what topic they wanted to see next, and by no surprise almost every voted for MPLS VRFs. When I started working on this, I decided to take a new approach to these posts, in my previous posts about JunOS Olives I provided ample screen shots and a video demonstrating fully functioning multicast. Today I am going to supply you with a Dynamips configuration file that you can run and follow along as we work within the topology. Here is a link to the file which includes 7 routers and a Frame Relay Switch (for simplicity I connected them all via Frame Relay). Basic MPLS is running over IS-IS on routers 3,4, and 5. All of the interfaces have been configured according to the following diagram. You will need a copy of IOS c3640-jk9o3s-mz.123-14.T7.bin or something for the 3640 that runs MPLS and VRF, check the Cisco Feature Navigator. You will also need to know a little something about Dynamips / Dynagen.
[ read more... ]
Recent Comments