-
IPsec & path MTU discovery: feature or vulnerability?
IPsec is a well-established technology for building VPN tunnels between sites. Path MTU discovery (PMTUD) is a feature that provides visibility into intermediate MTU along the path. Is it possible to use the two features simultaneously? Sure. Should the two features be used simultaneously? That’s the case I would like to cover in this article.… Continue reading →
7 minutes -
OSPF NSSA: yet another way to shoot yourself in the foot
There are 1001 ways to shoot yourself in a leg; one of the most gracious approaches in the networking would be OSPF NSSA. If Pepelnjak has not yet convinced you not to complicate the-already-complex OSPF, please, proceed to yet another OSPF rabbit hole.… Continue reading →
4 minutes -
MPLS: a bit of this, a bit of that
Do you feel confident about your knowledge of MPLS? It might happen that there are still a few peculiar things about this topic, especially when combined with OSPF. If you love raw pointers in C++ and/or broadcasting with Numpy feels very natural, go straight ahead – geek stuff inside!… Continue reading →
8 minutes -
Loose uRPF – why?
Although the two modes of unicast Reverse Path Forwarding (uRPF) are common knowledge, there is rarely a written reasoning why the two modes exist in the first place. In this article I’ll try to connect the dots between loose uRPF and its primary use case.… Continue reading →
7 minutes -
Zone-based firewall & traceroute
This lab points out one of important aspects of Cisco IOS traceroute utility in conjunction with ZBF.… Continue reading →
2 minutes -
EIGRP named mode: migration pitfall
Migrate to EIGRP named mode with a single command – what could be easier? Watch out – there is a fair chance to create a blackhole if coupled with lousy traffic engineering.… Continue reading →
7 minutes -
Cisco ACI Preferred group, a pinch of inter-VRF leaking and L3Out
If an EPG is a provider for inter-VRF contract, then it cannot communicate within Preferred Group. However, shouldn’t the interaction between EPGs be governed by an explicit contract in the first place? Let’s test such a setup and see ourselves.… Continue reading →
13 minutes -
ACI VRF leaking
I have never met anyone who would claim that ACI is easy if marketing is put aside. ACLs or prefix-lists are covered in CCNA track; ACI contracts, however, have a dedicated white paper. One of the biggest mysteries for me was the process to implement inter-VRF contracts. Don’t get me wrong – it’s defined concisely, however, I always had difficulty understanding why those steps are required. Today I’d like to share a few observations on the topic.… Continue reading →
7 minutes -
Bell’s inequality
I am fascinated by the way Chris Bernhardt uncovers quantum computing in his book. Explanation for Bell’s inequality is one of the gems in my humble opinion – just try to find a source that speaks human and not formulas. In this article I’d like to retell it so if you’re already skimming through the book – don’t bother reading further.… Continue reading →
6 minutes -
EIGRP SIA – why?
EIGRP stuck-in-active – why bare holddown timer is not enough? Digging back into IOS 12.0 (archaeology, baby!).… Continue reading →
6 minutes -
Quantum teleportation: does it mean faster-than-light communication?
Given a pair of entangled qubits, one might think at the first glance that it’s possible to transfer information at an instant – faster than light. Unfortunately, you’ll still need a classic channel to sync the results.… Continue reading →
1 minute -
BB84
Are you familiar with the BB84 quantum algorithm to distribute keys? … Continue reading →
3 minutes -
OSPFv2: extra routing loops
Why RFC 2328 appeared the first place? Especially since it’s completely incompatible with pre-existing RFC 1583? Simple – previous version was vulnerable to routing loops.… Continue reading →
8 minutes -
How to update CIMC on old Cisco UCS
A few years back Flash Player support was removed from major web browsers. Although there were numerous reasons to do that, some people got stuck with unmanageable UCS console. The obvious way out – upgrade CIMC, but then engineers hit the chicken-egg problem since UCS is unmanageable. The workaround is relatively simple but somewhat tricky to come by.… Continue reading →
1 minute -
OSPFv2: there and back again
Can a link-state protocol be fooled into a loop? Yes, as soon as it’s converted to distance-vector IGP. That’s exactly the reason for RFC2328 to replace RFC1583. If you ever wondered why those incompatible changes were introduced in the first place, you came to the right place.… Continue reading →
8 minutes -
IP MTU: how to stop living and start learning headers
Good old IPv4… It is as ubiquitous in networking world as the air is on the Earth. Although folks around the world use it on a daily basis, IPv4 still has a few surprises up its sleeve. … Continue reading →
3 minutes -
BGP best path selection in L3VPN: hidden pitfall
If you have ever configured MPLS L3VPN, it should raise no doubt that BGP is the tool the whole setup revolves around. As a protocol with a strong sense of dignity (after all, Internet is built with it), it has a fairly long list of decision-making points called best path selection algorithm. Despite the horrifying length of the list, most of the items are mere tie-breakers rather than knobs used for traffic engineering. Sometimes, however, the most ubiquitous attributes are not the right ones for the job.… Continue reading →
8 minutes -
OSPF way: from LSA to graph
LSA roles are well described in various articles and notes: router LSA for nodes, network LSA for broadcast segment, summary LSA for inter-area information transfer… However, I find it relatively difficult to assemble all these pieces into a holistic puzzle called graph. I admit that RFC must hold the ultimate truth and thus the extensive description of the process, but this knowledge has evaded me for quite some time. This is the reason for this article: I’d like to share my understanding of LSA roles and how to build the graph out of LSDB.… Continue reading →
19 minutesTags: area, as-external lsa, asbr-summary lsa, cisco, lsa, lsa1, lsa2, lsa3, lsa5, multiarea, network lsa, ospf, prefix suppression, router lsa, summary lsa -
OSPF tricks: filtering LSA5
Ever needed to filter LSA5 selectively? Tired of removing external prefixes from OSPF domain on ASBR only? You’ve come to the right page! Today I would like to describe an approach that allows filtering LSA5 on ABRs as well. … Continue reading →
5 minutes -
MPLS L3VPN over DMVPN revisited
One of the previous articles discussed a way to implement L3VPN over DMVPN that would allow direct spoke-to-spoke communication without traversing hub. One of the tricks of that setup is internal BGP labeled unicast (iBGP LU) for label distribution. At first, I thought external BGP (eBGP) modification would be just copy-paste with a few well-known adjustments; however, lab proved me wrong.… Continue reading →
13 minutes -
Cisco ACI external L2 connectivity using EPGs and L2Out
Today I would like to share my experience with configuring external L2 connectivity in Cisco ACI. As the reader probably knows, there are 2 approaches so far: either consider external L2 segment as an EPG itself or configure an External Bridged Network object (aka L2Out).… Continue reading →
6 minutes -
Defaults, lurking in the dark
Today we’ll discuss one of a few defaults applicable for Cisco IOS platforms. The idea is twofold: to show somewhat unexpected behavior at initial glance and to try troubleshooting it.… Continue reading →
6 minutes -
BGP Synchronization with OSPF
BGP synchronization, once being one of many “gotchas” for CCIE candidates, is now in “just for fun” section of networking knowledge; that’s exactly where we are headed today.… Continue reading →
4 minutes -
BGP redistribute-internal: one more recipe to create a loop
The iBGP routes is not redistributed into IGP until the bgp redistribute-internal command is configured under the router bgp command. But precautions must be taken in order to avoid loops within the Autonomous System when iBGP routes are redistributed into IGP… Continue reading →
2 minutes -
MPLS L3VPN over DMVPN
In this article we’ve discussed MPLS L3VPN over DMVPN (2547oDMVPN) leveraging iBGP LU to distribute MPLS labels for the underlay.… Continue reading →
14 minutes -
EIGRP Feasible Distance definition explained
EIGRP FD is often defined not precisely enough so it’s good to spread the correct definition.… Continue reading →
5 minutes -
OSPF: loop generation guide
Quick overview of permanent loops in OSPF topologies… Continue reading →
6 minutes -
Spoke to spoke multicast in DMVPN
Gotchas of implementing spoke-to-spoke multicast in DMVPN… Continue reading →
7 minutes