What is a BGP Confederation?

Confederations By its true definition, a confederation is an organization which consists of a number of parties or groups united in an alliance or league. But what is a BGP confederation? BGP Confederation A BGP confederation is an alternative method to route reflectors, used to reduce the number of BGP peerings within a single AS. … Read more

Cisco – What is BGP ORF (Outbound Route Filtering)?

BGP ORF

What is ORF? Outbound Route Filtering (ORF) is a Cisco proprietary feature that prevents the unnecessary exchanging of routes that are subject to inbound filtering. This, in turn, minimizes bandwidth across the links and reduces CPU cycles upon the router during the processing of the neighbor UPDATE. ORF works by the router transmitting its inbound filters … Read more

What is the BGP Path Selection Process?

BGP Path Selection

BGP Path Selection Process BGP exchanges routes (prefixes) between BGP peers. Each of these announcements from a peer for a prefix is called a path. [1] The routes within these UPDATE messages are stored within the BGP Table and kept separate from the Routing Information Base (RIB). The BGP process then selects the “best” path from … Read more

Cisco IOS – BGP Soft Reconfiguration

Introduction When the BGP routing policy is amended the BGP neighbor session must be reset in order for the changes to take effect. Of course in a production environment performing a hard reset i.e clear ip bgp … ,  isn’t something that is recommended. Within this article, we will look at the various options available … Read more

What is Multicast Reverse Path Forwarding (RPF)?

Introduction Reverse path forwarding (RPF) is a technique used in modern routers for the purposes of ensuring loop-free forwarding of multicast packets in multicast routing and to help prevent IP address spoofing in unicast routing. [1] Within this article, we will look at multicast RPF, and look into why it is needed along with how it … Read more

BGP – Messages and Adjacency States

bgp-states-neighbor-adjacency 1

BGP Messages Within BGP (as per RFC 1771) there are four BGP message types. They are, OPEN – Used to open a BGP communication session between peers. This is the first message sent by each side once the 3WHS is complete, and can be thought of as a HELLO. Only once each side has confirmed … Read more

Cisco IOS – How to Configure OSPF

Introduction With this article, we will look at the basic commands used within Cisco IOS to configure OSPF. Basic Configuration To initially configure OSPF, at a minimum, you must configure three things – process ID, router ID, and the network. Process ID – Defines the OSPF process ID that OSPF will run under. This is … Read more

OSPF – The Neighbor Relationship

Introduction In order for OSPF-enabled routers to exchange information, they must form an adjacency (relationship) with their neighbor. Within this article, we will look at the process and various steps involved (Figure 1). Requirements Before the OSPF router even starts to try and form an adjacency, OSPF must know/determine the following: Router ID – The … Read more

What is IGMP?

Introduction IGMP (Internet Group Management Protocol) is a Layer 3 protocol (IP protocol number 2) and is a key component (Figure 1) to IP multicast. The role of IGMP is to notify a local multicast router when a host wants to receive multicast traffic for a specific group. Figure 1 – Summary of Multicast Components. There are 3 versions … Read more

Python: Obtain Network Device Configuration using NETCONF

Introduction Within this article we will look at how to interact with a networking device (Cisco CSR) using the NETCONF protocol. To do so, we will use the Python module – ncclient. What is NETCONF First of all, What is NETCONF? NETCONF (NETwork CONFiguration) is a protocol defined by the IETF to “install, manipulate, and … Read more

What is RESTCONF?

Introduction Following on from our previous article around NETCONF and YANG, we will look at the RESTCONF protocol. As per RFC 8040 (RESTCONF Protocol), the IETF describes RESTCONF as, “an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF).” Protocol … Read more

An Introduction to NETCONF/YANG

TL;DR NETCONF/YANG provides a standardized way to programmatically update and modify the configuration of a network device. To break this down further. YANG is the modelling language that describes the configuration changes. Whereas  NETCONF is the protocol that applies the changes to the relevant datastore (i.e running, saved etc) upon the device. Introduction Let us start … Read more

How to Configure a Cisco CSR using NETCONF/YANG

Introduction Within this tutorial we will use NETCONF and YANG to configure an interface upon a Cisco CSR router using a combination of Python and the BASH CLI. Furthermore we will use 2 main tools – Pyang and Pyangbind. Before we start lets have a quick overview on what these tools do, Pyang is a YANG … Read more

A Guide to Network Function Virtualization (NFV)

Introduction NFV is a term that has been around for a few years now. As vendors and the open source communities look to drive the adoption of NFV, a wave of new acronyms and buzzwords are spreading through the industry. Within this article we will look into the various NFV components (such as standards, platforms, … Read more

Interface to Network Security Functions (I2NSF)

Interface to Network Security Functions (I2NSF) is a working group within the IETF formed to define a set of interfaces and data models for monitoring and managing network security functions hosted across multiple sites. I2NSF states, Network security functions (NSFs) are provided and consumed in increasingly diverse environments. Users of NSFs could consume network security … Read more

How to Install OpenDaylight

OpenDaylight is an SDN controller provided by the Linux Foundation. In this article we will show you the steps required to perform a simple installation upon Ubuntu. Install Binaries box@odl:~$ sudo apt-get update box@odl:~$ sudo apt-get install software-properties-common box@odl:~$ sudo apt-get install maven git unzip Install Java 1.8 {loadposition content_lock} box@odl:~$ sudo add-apt-repository ppa:webupd8team/java box@odl:~$ … Read more

What is OpenFlow?

What is OpenFlow? OpenFlow is a protocol, released by the ONF that allows the remote modification of a network switch’s forwarding table. In other words, the control plane is decoupled from the forwarding plane, enabling network controllers to define the flow of traffic between switches far greater than standard routing or forwarding protocols. Figure 1. … Read more

Route Leaking within an MPLS Network

Introduction First of all, what is a route leak? A route leak is the propagation of routing announcement(s) beyond their intended scope – RFC7908 Within this article we will look at 2 methods of route leaking within an MPLS environment – static routes and route maps. To demonstrate both methods we will look at 2 … Read more

How to Configure an L3 MPLS VPN on Cisco IOS

Introduction Within this article we will walk through the various steps required in configuring MPLS. NOTE This article does not look to explain the various terms and concepts of MPLS, for details around these please see Getting to Know MPLS. Overview Within our example we will have 2 customers COSTA and STARBUCKS. Each customer consisting … Read more

What is CEF (Cisco Express Forwarding)?

cisco_cef

Introduction Cisco Express Forwarding (CEF) is a packet-switching technique used within Cisco routers. The main purpose of CEF is to optimize the forwarding of packets and increase the packet switching speed. History Prior to CEF there were 2 methods for packet-switching – Process- Switching and Fast-Switching. Process-Switching The first method, process-switching is the oldest and … Read more

How To Adjust the MSS on a Vyatta vRouter

In order to adjust the MSS of your traffic on a vRouter, also known as MSS clamping, a policy route is defined. Once the policy route is created it is then assigned to the outside interface. MSS Clamping is typically used for IPSEC based traffic to ensure that traffic does not exceed the MTU of … Read more

Create Site to Site VPN Between AWS & Vyatta vRouter

Within this article we will show you how to create an IPSEC site to site VPN from a Vyatta vRouter into the AWS cloud. Due to the nature of AWS VPNs, explained further on a tunnel based VPN will be created. The main difference with a route based VPN is that a tunnel interface (VTI) … Read more

Stretched L2 Domains + VMotion

Issues with Layer2 across DCs Ideally, data centers do not share fate. But extending L2 creates a common broadcast domain in 2 data center. Now, we are sharing fate Traffic patterns become sub-optimal Where does the default-gateway live? In the local DC? Or remote? Traffic to load balancer to pool member, but pool member lives … Read more

What is an EtherChannel ?

EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers[1]. All member ports within the bundle must have the same physical settings … Read more

Port Aggregation Protocol (PAgP)

Port Aggregation Protocol (PAgP) is a Cisco priority standard that allows multiple physical interfaces to be aggregated into one logical link. Each logical link can contain up-to 8 physical members. All member ports within the bundle must have the same physical settings such as port type, speed and duplex. Modes Within PAgP there are 2 modes … Read more

Link Aggregation Control Protcol (LACP)

LACP (Link Aggregation Control Protocol) is an open standards protocol (IEEE802.3ad) that allows multiple physical interfaces to be aggregated into one logical link. Each logical link can contain up-to 8 physical members. All member ports within the bundle must have the same physical settings such as port type, speed and duplex. Modes Within LACP there … Read more

What is the Cisco VLAN Database ?

The VLAN database is used to store vlan data, such as the VLAN ID, name and MTU. The default location of the VLAN database is in the local vlan.dat file, this is stored in non-volatile memory. Modify VLANDB Location In order to change the location of where the VLAN information is stored the following command … Read more

UDLD (Uni-Directional Link Detection)

Uni-Directional Link Detection detects links where either the transmit or receive path has failed. Used to monitor fibre-optic or twisted pair cabling for unidirectional links. UDLD used periodic hello packets and uses the concept of echos to ensure neighbors are receiving UDLD the UDLD hellos. Supports 2 modes of operations, Normal – Port is placed … Read more

LLDP (Link Layer Discovery Protocol)

Unlike CDP, LLDP is a, non Cisco propriety, discovery protocol. LLDP is disabled by default. Global R1(config)# lldp run Timer/Holdtime lldp timer 5 lldp holdtime 15 Show R1(config)# do show lldp neigh  

F5 – Unable to Create Local Account with Remote Auth

Issue When remote authentication is configured it is not possible (out of the box) to configure local user accounts. Other then the default admin and root accounts provided. This is also stated within the TMOS Management Guide for BIG-IP Systems, which says: “Excluding the admin account, the entire set of standard user accounts that you … Read more

Brocade ADX – Multiple Health-checks on a Per Domain Basis

Now lets consider the following scenario. The client has multiple domains. Traffic is going to all domains on HTTP. However, these domains are under a single virtual server and each domain requires a separate health-check. In order to achieve this configuration port-aliasing is used. What is port-aliasing, you may ask ? Within the ADX various … Read more

F5 Interacting with iControl’s get_instance method via BigSuds

In order to interact with the F5 via Python the best option available is bigsuds. This is a Python module that allows you to interact with the F5 API iControl via a set of Python classes. Typically you will normally find all the methods you need to interact with your F5 without issues. However, there … Read more

Brocade ADX – Cookie Persistance based on URI

Introduction Within this article we will show you the steps needed to configure cookie persistence (insert) based on URI. i.e cookie persistence is only performed for a single URI. Cookie Insert When cookie insert persistence is configured the loadbalancer selects a server to the send the traffic to. The server id of the server is … Read more

How to Build Packet Analysis Reports via the CommandLine

If you want to perform any form of packet analysis/reporting there is, really, only one program to use. Yep you guessed it, Wireshark. However as Wireshark is a GUI based program, it raised the question, How do you build a packet analysis report via the commandline ? Within this article we will show you 2 … Read more

F5 VLAN Failsafe with Standby-Standby Route Domains

Problem You may observe both devices, within an F5 HA pair, going into a standby-standby when, VLAN Failsafe is enabled on a segment Route Domains are configured There is no server present on the given segment The F5 version is lower then 11.2.0 Reason The reason for this is based around bug id 388270 and also … Read more

Active/Standby Network Devices connected via vPC

fw-vpc

Within this article we will  look at a simple network design and the various caveats and considerations involved. Initial Design The initial design (shown below) is simple – a pair of network devices (in this instance Cisco ASAs) connected to a pair of Nexus 3k’s switches. Each firewall is connected to both switches via the … Read more

BIGIP F5: SSL Profile Changing Parent Removes Certificate, Key & Chain

Issue When updating the parent profile on a client SSL profile the cert-key-chain settings are inherited from the new parent profile. Even though the cert-key-chain is explicitly configured within the child profile. Consider the following, You have a client SSL profile ‘CLIENTSSL’ with the cert, key and chain configured along with a parent profile set … Read more

BIGIP – AAM (Application Acceleration Manager)

What is AAM ? BIGIPs AAM (Application Acceleration Manager) is a set of modules used to optimize web traffic. The modules include : Web Optimization WAN Optimization Profiles – this includes profiles used to deploy various optimization techniques such as SPDY, HTTP compression, OneConnect etc. Bandwidth Controller Rate Shaping Core vs Full AAM comes in … Read more

HTTP Pipelining vs Domain Sharding

The other day I was reading about the benefits and new features within HTTP 2.0. One of the key features to HTTP2.0 is the ability to interleave (i.e multiplex) multiple requests and responses across a single TCP connection. Resulting in Domain Sharding being considered counterproductive. However, based on how Domain Sharding and HTTP Pipelining can … Read more

OVS (Open vSwitch) Commands

ovs-vsctl – utility to manage configuration state in ovsdb-server             bridge management             port management             controller management             failure mode management ovs-appctl – send commands to ovs-vswitchd ovs-dpctl – Tool to manage datapaths in the kernel directly.             Direct management only reallu required when there is no ovs-vswitchd             Mostly useful for inspecting kernel … Read more

BIGIP – Advanced Firewall Manager (AFM)

What is AFM ? Introduced within 11.3, AFM (Advanced Firewall Manager) is a licensed module for the BIGIP appliance that provides stateful firewalling along with reporting and DoS protection. Within this article we will look at AFMs key components and also how it processes traffic. Contexts A context defines the scope of a firewall rule. … Read more

How to Graph TCP Delta Times in Wireshark

Wireshark provides the ability to calculate the amount of time between packets. This data can then be used within the IO graphing tool of Wireshark to create a visual representation which can be used when troubleshooting networking issues. Within this article we will show you how to create the TCP delta column, the TCP preferences … Read more

HTTP Caching – HTTP 1.0 vs HTTP 1.1

Introduction Caching is one of the key optimisation methods in HTTP. It can reduce both network overhead and page load times, resulting in an improved experience for the client.  Within this article we will look the various headers and options available in both HTTP 1.0 and HTTP 1.1. HTTP 1.0 The caching mechanism within HTTP … Read more

BIGIP F5 – How to check the Serial Cable via TMSH/Bigpipe

Within this article we will show you the commands to show the status of the serial cable i.e whether it is connected without the need to physically check the device. Commands The follow commands shows the status that the failover daemon detects on the serial cable from its failover peer. Version Command 10.x b failover … Read more

GTM – Healthcheck Monitor Connections not being Established

Issue You may observe GTM Monitors failing with a message of ‘state: timeout’ within the logs messages. On further investigation you find that though the GTM is trying to build the connection (i.e sending the SYN), there is no response (SYN-ACK) from the destination. Resulting in the probe attempt failing. Reason The reason for this … Read more

Mitigating Poodle on the Brocade ADX

In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s, which disables SSLv3 completely. All code versions prior to this do not have any method or option to disable the SSLv3 protocol. HealthChecks On the ADX there are 2 … Read more

F5 BIG-IP – Upgrading v10 to v11

Within this article we will provide you with the steps to upgrade an F5 LTM v10 box to v11. New Device Upgrade Below are the steps if you are going to be upgrading your v10 configuration onto a new device. These steps presume that you already have v11 running on your new device. Verify your … Read more

Brocade ADX – What are the healthcheck timeout thresholds ?

What are the Timeout threasholds for Healthchecks on a Brocade ADX ? Check  Timeout Details  L3 (ICMP) 2 sec interval / 4 retries None L4 5 sec interval / 3 retries L4 periodric healtchecks are not enabled by default. L7 5 sec interval / 3 retries None      

The iRule Cookbook

This cookbook is a collection of iRule tips, hints and solutions that I have discovered and found whilst writing and designing iRules across the years. Contents How do I split a URL and assign them to separate variables ? How do I perform DNS Lookups ? What is the easiest way to Rewrite the uri … Read more

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial