Enterprise Networking

IPsec & path MTU discovery: feature or vulnerability?

IPsec is a well-established technology for building VPN tunnels between sites. Path MTU discovery (PMTUD) is a feature that provides visibility into intermediate MTU along the path. Is it possible to use the two features simultaneously? Sure. Should the two features be used simultaneously? That’s the case I would like to cover in this article.

by Iaroslav Bondarenko 14/12/2023

OSPF NSSA: yet another way to shoot yourself in the foot

There are 1001 ways to shoot yourself in a leg; one of the most gracious approaches in the networking would be OSPF NSSA. If Pepelnjak has not yet convinced you not to complicate the-already-complex OSPF, please, proceed to yet another OSPF rabbit hole.

by Iaroslav Bondarenko 28/11/2023

MPLS: a bit of this, a bit of that

Do you feel confident about your knowledge of MPLS? It might happen that there are still a few peculiar things about this topic, especially when combined with OSPF. If you love raw pointers in C++ and/or broadcasting with Numpy feels very natural, go straight ahead – geek stuff inside!

by Iaroslav Bondarenko 14/11/202313/11/2023

Loose uRPF – why?

Although the two modes of unicast Reverse Path Forwarding (uRPF) are common knowledge, there is rarely a written reasoning why the two modes exist in the first place. In this article I’ll try to connect the dots between loose uRPF and its primary use case.

by Iaroslav Bondarenko 02/10/202304/10/2023

EIGRP named mode: migration pitfall

Migrate to EIGRP named mode with a single command – what could be easier? Watch out – there is a fair chance to create a blackhole if coupled with lousy traffic engineering.

by Iaroslav Bondarenko 25/04/202304/10/2023

EIGRP SIA – why?

EIGRP stuck-in-active – why bare holddown timer is not enough? Digging back into IOS 12.0 (archaeology, baby!).

by Iaroslav Bondarenko 24/01/202304/10/2023

OSPFv2: extra routing loops

Why RFC 2328 appeared the first place? Especially since it’s completely incompatible with pre-existing RFC 1583? Simple – previous version was vulnerable to routing loops.

by Iaroslav Bondarenko 23/12/202204/10/2023

OSPFv2: there and back again

Can a link-state protocol be fooled into a loop? Yes, as soon as it’s converted to distance-vector IGP. That’s exactly the reason for RFC2328 to replace RFC1583. If you ever wondered why those incompatible changes were introduced in the first place, you came to the right place.

by Iaroslav Bondarenko 21/11/202204/10/2023

Load more posts

Loading…

Something went wrong. Please refresh the page and/or try again.