Author Archives: Michael McNamara

About Michael McNamara

I'm a network architect, security professional, programmer and loving husband and father.

Episode 10 – IPv6 Internet Addressing

We returned to record our tenth episode on Sunday August 21, 2016.

Interesting News and Events

Roundtable Discussion – IPv6

IPv4
IPv4 provides an addressing capability of 232 or approximately 4.3 billion addresses
RFC 791 September 1981

Issues with IPv4 addressing:

  • not enough available address space
  • all blocks are already provisioned
  • conflicting IPv4 addressing between networks requires NAT

20061108

Grey/Black market for IPv4 Address space;

Microsoft pays Nortel $7.5 million for IPv4 addresses – Bankrupt Nortel finds a buyer for 666K of its legacy IPv4 addresses, raising questions if the IPv4 black/grey market has arrived.

Cellular Mobile 3G/4G Networks – Carrier NAT

Local Internet Registry

IP NG  – early working-group proposals
The Internet Engineering Task Force adopted the IPng model on 25 July 1994, with the formation of several IPng working groups.[4] By 1996, a series of RFCs was released defining Internet Protocol version 6 (IPv6), starting with RFC 1883. (Version 5 was used by the experimental Internet Stream Protocol.)
IPv6 Addresses -128Bit 3.4×10^38 addresses

Just how many IPv6 addresses are there? Really?

Subnet Cheat Cheat

Usage Statistics of IPv6

Address Types

  • Unicast
  • Multicast
  • Anycast

Dual-Stack IPv6 Use cases:

  • Management networks
  • home net / Mobile Laptop connectivity via IPv6 Tunnel
  • mergers , change the subnet / prefix on the fly

IPv6: Privacy Extensions

  • Stateless address autoconfiguration (SLAAC)

Neighbor Discovery

What is no longer available?

  • NAT
  • packet fragmentation by routers >> MTU path discovery has to be working for IPv6
  • Broadcast

IPv6 Issues and Problems (IPv6 Multicast Listener Flooding) 

http://packetpushers.net/good-nics-bad-things-blast-ipv6-multicast-listener-discovery-queries/
https://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/ (Garrett Wollman)

How to check IPv6 connectivity
The Turtle is dancing – http://www.kame.net/

Who is already available in IPv6? More than you think, Google, Facebook and many other large web centric companies.

Tunnel Mechnaism:
Free 4to6 Tunnel broker:
https://tunnelbroker.net/ >> Hurricane Electric
IPv6 traffic is encapsulated into IPv4 using IPv6-in-IP, UDP (Teredo), or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

IPv6 Cheat sheat – http://packetlife.net/media/library/8/IPv6.pdf

Naming IPv6 address parts – Proposed IETF RFC and a VOTE – chazwazza

Cheers!

Episode 9 – Testlab Environments

We returned to record our ninth episode on Sunday July 24, 2016.

Interesting News and Events

Cisco Live US LasVegas

The CCIE Routing And Switching Written Exam Needs To Be Fixed by Tom Hollingsworth
Fixing The CCIE Written – A Follow Up by Tom Hollingsworth

Roundtable Discussion – Testlab

Why should we test something before we deploy it in the live production environment?

The difference between what is in the datasheet and the real world deployment.

Feature Testing / Configuration Testing

  • Is it working in general?
  • Comparison between different features / functions that provide the same service e.g.
  • Routing protocols OSPF, ISIS, BGP, EIGRP
  • Is it working with the new software
  • Is it stable
  • Failover tests /convergence times
  • Interoperability Tests
  • different features
  • vendors
  • device types like e.g. Firewall, Router, Server

Virtual Solutions

  • GNS3
  • Cisco VIRL
  • Juniper vSRX
  • A10 vThunder
  • Citrix vNetscaler
  • Cumulus VX

Performance Testing

  • Never trust the datasheets
  • Packet genrators:
    • iPerf / jperf
    • Spierent
    • IXIA Chariot

Monitor your testlab

  • Perfsonar
  • Check_MK
  • Netflow / Flow exporter

What tools are you using?

Jason Edelmann Networktocode On Demand Network Labs

Cisco Nexus, Cisco IOS, Cisco IOS-XR, Arista, OpenDaylight, Citrix VPX, Cumulus, Juniper vMX, Juniper vSRX

PacketLife.Net Community Lab by Jeremy Stretch. Jeremy closed the lab a few years back but it was a great resource for those that didn’t have access to the gear to test their metal and skills.

If you have any questions, thoughts, or feedback please leave a comment below.

Cheers!

Episode 8 – Network Troubleshooting

We returned to record our eighth episode on Sunday July 3, 2016. Happy 4th of July America!

Interesting News and Events

Copa America – Chile defeats Argentina in penalty shots (I honestly felt bad for Lionel Messi)

Roundtable Discussion – Network Troubleshooting

  1. Understanding the problem.
    1. Is the problem impacting all users/systems or just a small subset?
    2. What this ever worked? Whatever is broken has worked in the past?
    3. Any scheduled changes that might be somehow involved in the problem?
  2. Identifying the individual components involved.
    1. Is the problem impacting all devices, mobiles, laptops, desktops?
    2. Is the problem impacting only specific applications or systems?
    3. What network components are involved? Firewall, load balancer, switch, router?
  3. Capturing/replicating the problem
    1. Is this problem easily replicated by yourself or someone else?
  4. Work the problem to resolution
    1. Be careful not to make the problem worse by jumping to conclusions.
  5. Document the fix and learn
    1. You’ve solved your first problem, make sure you document it in case you ever run into the same problem again, this way you’ll know what to-do and how to quickly fix it.
    2. If the problem is repeating and systemic then work to determine how to resolve the issue permanently. You may need to involve the hardware manufacturers to validate if you have a software bug.

Stelios Antoniou from PluralSight wrote an article back in 2009 titled, Cisco Network Troubleshooting for Beginners. It’s still a great resource for those trying to understand how to use the different tools available while troubleshooting.

What tools are you using?

I wrote about Ditto back in 2014 in an article titled, Windows Clipboard Manager – Ditto. I’m still a big fan of Ditto and I’m still using it today on all my Windows 10 systems. This clipboard manager saves me a lot of time as I cut and paste between applications. It’s also allowed me to go back and verify that what I actually cut-n-pasted was correct since it has a lengthy buffer and saves that buffer between reboots. You can even search the clipboard history. I’ve setup a few custom shortcuts that allows me to cut and paste multiple items at the same time.

Thanks to Damian from @PacketBrigade for giving us some feedback the last episode’s audio. While networking, firewalls and load balancers are second hand to Dominik and myself we’re both learning how to podcast and produce good content.

If you have any questions, thoughts, or feedback please leave a comment below.

Cheers!

Episode 7 – NextGen Network Firewalls

We returned to record our seventh episode on Sunday June 19, 2016. Happy Father’s Day!

Interesting News and Events

We got so caught up in the network firewalls discussion we didn’t even cover any of the news stories.NGN

Roundtable Discussion – Network Firewalls

Is the Firewall only a defective router?

What do we want to achieve with a firewall:

  1. Visibility
  2. Security Zones / segmentation
  3. Policy enforcement

Running ACLs on switches vs a real firewall appliance
Statefull inspection Firewalls
VPN functions
SSL Intercept

NextGen Firewall

  1. Deep packet inspection , protocol and content aware
  2. IDS/IPS
  3. Sandboxing (Palo Alto: WildFire)
  4. automated updates >> cloud integration
  5. behavior based protection

Vendors: Palo Alto, Checkpoint, Cisco Firepower, Fortinet, Juniper SRX,
Dell SonicWall, Barracuda, Watchguard, Intel/McAffee Forcepoint,

Management: Palo Alto Panorama , Cisco Threat Defense, Checkpoint Multi-Domain Security Management, Fortinet FortiAnalyzer
Vendor Independent: AlgoSec, Tuffin

Virtualization: VMware NSX, Cisco ACI, Skyport Systems

What tools are you using?

WANem WAN emulation tool – available in appliance (ISO file) form from Tata Consultancy Services. Leverage variables such as delay, jitter, packet loss, duplication, packet reordering, corruption and bandwidth limitations.

Has your email address or username shown up in a user dump from a recent hack?
‘;–have i been pwned?

Cheers!

Episode 6 – Discussion with Avaya’s Roger Lapuh

We returned to record our sixth episode on Sunday May 22, 2016.

Discussion

This week we had the opportunity to speak with Roger Lapuh, Product Line Manager and Architect for Avaya.

Past

The history of Avaya Networking, Wellfleet and SynOptics merged to form Bay Networks back in 1994. Northern Telecom acquired Bay Networks in 1998 and renamed itself Nortel. In 2009 Avaya acquired Nortel’s Enterprise Voice and Data business units through a bankruptcy auction.

In 1997 Bay Networks acquired Rapid City which spawned the first layer 3 switch in the Accelar product line. The product line was renamed to Passport and would eventually be renamed to the Ethernet Routing Switch.

SMLT Story and development
Layer 3 extensions RSMLT //  VRRP BackUp Master

Present

The first ideas to Shortest Path Bridging (SPB), the  development of SPB and the challenges presented in its design. The standards process in IEEE 802.1aq, the first implementation in the Ethernet Routing Switch 8600.

Packet Pushers Show 44 – The Case For Shortest Path Bridgingwith Paul Unbehagen and Peter Ashwood-Smith (Huawei).

Future

Distributed Virtual Routing (DVR) resolves the network tromboning between the Layer 2 fabric and Layer 3 gateways.

Port Mirroring over an SPB fabric creating a virtual tap network.

We have a large vibrant community using Avaya equipment over on the Network Infrastructure Forums, I would strongly urge you to stop by and see what’s going on.

Thanks again to Roger Lapuh for joining us!

Cheers!