Technology

One of my friends told me about a feature called SPD and whether i knew about it. I didnt so i decided to read a bit more about it.

SPD stands for Selective Packet Discard. As the name implies it has something to do with discarding packets. Something that is never good.

Lately theres been some fuzz in the corners about the need for NAT in the new world order of IPv6.

I think its a poor design choice and ill give my reason below.

One of the reasons why people seem to feel like they need NAT, is accessibility to IPv4 only content. While i agree this is certainly a concern, it is being rendered less and less important each day as more content providers run dual-stack (or some other form of proxying). Either way, you as a user can get directly to more and more IPv6 content by the day.

It seems like every day, there are some vulnerability or crack announced on the geek news-outlets.

For some reason, the recent publication of an exploit of a flaw in the SSL/TLS implementation in some versions, made me extra curious and it made me think a little harder about this whole security business.

Flex Links, otherwise known as the devil for your L2 network.

In all fairness, lets actually figure out what this feature

is used for.

The most important thing you need to know is the fact that

Flex links disable your spanning-tree process.

I just watched this great lecture from INE on multicast. Well worth sharing:

Using L2 tunnel protocol version 3, you can accomplish what so many scientists are working on. A Wormhole!

Granted, this wormhole is just through your L3 network, so it might not raise as many eyebrows, but its still a nifty tool in your toolbox.

In this small post i want to clarify the use of the “ip verify” command.

There has been some confusion on the usage of this command, especially in conjunction with the access-list parameter. I would like to clarify this here.

Being a network consultant means getting access to lots of customers using a range of different equipment.

One thing thats common for almost all of them, is the fact that the time is not in sync throughout their devices. As you may know, this is a real issue when you are trying to sort out a problem.

In this article i will try and setup a very simple example using Cisco IOS IPS (Intrusion Prevention System).

As before, a simple topology consisting of 3 routers will suffice.

They are configured as follows:

R1 will act as our source host. From this machine i will simulate an attacker trying to gain access to R3 through R2. This means R2 will be the device where we will be configuring the IPS functionality.

My take on the Microsoft purchase of Skype.

Only last week i attended a mandatory briefing of Lync, Microsofts all-in-all wonder for communicating.

Basically its a PBX, IM-server, Video-conferencing, Outlook-Integrator kind of a product.

Basically they have taken alot of code from alot of different half-done products and thrown them into one big pile and put alot of marketing money behind it.

Warning: The following is primarily a rant! You might not find it applicable in your situation, or you might simply not care. You have been warned 🙂

Having been a consultant for a while now, i am constantly amazed at how solutions are made up and what is sold simply because it has a buzz-word in its title or description.

I am going through the detailed blueprint, one item at a time and verifying that there are no surprises. Especially IP services and security is something i havent paid enough attention to in the past.

Anyways, there are lots of items on that darn list and going through them all takes alot of time.

Link optimization on frame-relay.

Using frame-relay, bandwidth is especially a concern.

It is possible to optimize this bandwidth in several ways.

I will concentrate this post about compression and fragmentation.

First off, with compression on frame-relay there several methods of accomplishing this.

As promised, here is a couple of photos of the final layout.

<p class="wp-caption-text">
  Total Layout
</p>

<p class="wp-caption-text">
  More detailed view
</p>

So I modified the previous layout a bit.

The concern i voiced about the 3640 was enough to make me figure out a way to have that one as the bottom piece of equipment.

This is what i ended up with:

I need to start cabling all of this gear into place. I have made a layout which i think i will try out.

The only thing that concerns me is the weight of the 3640 router. Its a heavy baby.

I have received the rest of my routers (1841s), I have also received the memory and flash upgrades for them all (256meg memory and 64mb flash). The guy who sold them to me was very helpful and it turned out he had the cables that i needed as well (some Smart-serial to Smart-serial, as well as some DB60 ones).

So i have decided to extend my rack functionality.

I have the nessecary switching capacity, but what i need are the “correct” routers.

Because of that, i have so far purchased 4x 1841 + a 2811. I still need 3 more before its in order. On top of that i need more memory and flash for them all.

NTP is one of those things that really keeps messing with my head.

To break it down, what does it do for us?

Simple. It provides the correct time of the day.

How does it accomplish this? Now this is where it gets interesting.

I want to point everyones attention at this blog post made by Marko over at IPX. Its a good read and i think you will all enjoy it!

http://blog.ipexpert.com/2011/01/19/old-ccie-myths-vlan-1/

Welcome to 2011.

I hope that you have had time to enjoy the holidays and all the festivities that come with it.

Personally i have been doing alot of work stuff. Moving data centers is no small task when the customers want constant uptime. Of course for some customers this couldnt be done as they dont have fully redundant systems to switch over to. However a large part could be done very fast, but they all needed to be done at night and preferably during the weekends.

The month of December has been crazy for me.

A ton of work related stuff has been going on. Our HQ move has taken its toll on everybody. Ive been working through every weekend, putting in some 20 odd hours on some days.

My understanding of IRB:

I did another Volume 1 lab yesterday. Again i hit my head against the infamous IRB feature.

IRB stands for Integrated Routing and Bridging. Below is my understanding of the technology. I could be very wrong about this, so please correct me if i state something completely incorrect.

Its been just over two weeks since my lab attempt.

I have basically done no studying at all during that time.

Time has come to get back in the game. I do have alot of work to do in the near future, but i will still try and do all the studying i can squeeze in.

I had a bit of spare time yesterday, and i stumbled across a great video walkthrough of the Cisco documenation by Internetwork Expert (INE), and i thought i would share it with you in case you hadnt already discovered it:

First shot = Failure.

So i had my first lab attempt on tuesday the 2nd of November.

Boy was it hard 🙂

Unfortunally i didnt pass this time around.

I did very well in the troubleshooting part, but the configuration part, got the best of me.

At the bootcamp last week, i was almost out of reach from my lab.

Even though i just got the remote power controller, the network at both the conference place as well as the hotel (especially the hotel!) was pretty bad.

This was all written yesterday 🙂

Airport fun!

So right now (im sitting in London Stansted Airport after having attended the last of Narbiks bootcamp. Its going to be good to get home to the girlfriend and my puppy.

He had a guest with him this time around. Rolf Schärer. The guy is a tripple CCIE (R&S, SP and Storage). Very knowledgeable and nice guy. If you have business in and around the Swiss nation, he is a safe bet when it comes to Cisco technologies.

I wanted to point your attention to gns3vault.com. Alot of students use GNS3 (front end for dynamips) to do alot of their lab work.

Rene Molenaar created this site, which is basically a site with free labs that you can download and practice on. A great idea!

Im back from vacation. I can now with convinction state that hotels in Spain are not up to par with other places. I have been to Spain twice now, and they NEVER have an internet connection in the rooms. You had Wifi in the lobby, 2€ for an hour, and it barely worked.

Awesome. Got alot of EEM ground covered today.

Seems like a very powerful scripting engine that stands out, by having the ability to be triggered under certain

circumstances.

Lets check out an example using the topology below:

As you can see, we have our interfaces defined, they are in an up state, we have EIGRP working, we have an access-list applied,

I have started doing IPexpert Vol 1. technology labs. They are pretty challeging. They make you think out of the box. Almost none of it is vanilla configuration.

I dont know how closely these labs reflect the real one. Ofcourse these are Vol. 1 labs, but what i mean by it, is especially the wording. Maybe its just me.

Woke up early this morning to get a head-start on the Video-on-Demand courses. I do it by looking at the PDF’s thats covered on each configuration section, and try and replicate the topology as well as solving all the tasks.

Update 11-08-2010: I can now create RMON alarms and events. It seems the command set for RMON is pretty limited. Not much around the net as to how deep to go into this. Hope its enough.

I just looked over the detailed blueprint which is authored by cisco. It had checkmarks, which i used to mark down things i knew i could configure, as well as things i really need more training in. These are the topics i have either forgotten about or just havent paid attention to. Anyways, these are the things i will need to study more in the comming month:

Okay these are some really cool maps if you are into networking (and i know you are):

http://www.cablemap.info/

http://www.telegeography.com/product-info/map_cable/index.php

They show submarine communications cables. What a job to lay down those suckers.

I followed the PPC-1 installation a while back. Its the new submarine cable going into Australia. It had its own blog, with info and pictures. Very interesting.

I wanted to take the opportunity to pitch in on the discussion thats presented in this article by Ivan Pepelnjak:

http://blog.ioshints.info/2010/07/p2p-traffic-is-bad-for-network.html with the headline of “P2P traffic is bad for the network”.

I agree with the headline… Somewhat… P2P is bad for the network, in the sense that it causes congestion and because of that, it makes using the net a bad experience for everyone else.

I have vented about this topic before and will do so once again. I am doing this because i believe its very important.

Students who are studying for Cisco exams or engineers who are trying to lab up a technology before deploying it, have found Dynamips and used Cisco hardware very useful in the past. However, with the new exam requirements and the new licensing methods for IOS, these tools will not be available to you in the future.

Troubleshooting. An artform in itself.

I have been doing trouble-shooting labs for the last week and its not going the way i want it to.

In all fairness, its very good practice! having all the components in one lab, with all sorts of technologies interconnected really makes life interesting.

Im trying out a new design layout. Its not quite finished yet, need some tweaks here and there, but im hoping it will be a bit easier to read my posts in the future.

Let me know if you have any suggestions!

Anyone who has been following Cisco products recently (last year or so), must have noticed Cisco’s new products.

This includes the Flip video recorder as well as the new tablet that has just been announced.

On top of that, adding the Linksys brand to their portfolio a couple of years ago, proves they are going in a completely different direction than previously.