Author Archives: Michael McNamara

About Michael McNamara

I'm a network architect, security professional, programmer and loving husband and father.

Episode 14 – Building Interim Temporary Networks

Podcast: Play in new window | Download (Duration: 37:46 — 17.3MB)

Subscribe: Apple Podcasts | RSS

We returned to record our fourteenth episode on Sunday October 30, 2016.

 Interesting News and Events

Roundtable Discussion – Building Interim Networks Small & Large

The use cases include conventions, events , temporary sites, construction, and disaster recovery.

Dom’s biggest temporary event – G8 Summit Germany Heiligendamm 2007
The Scout Router

  • The first device that is onsite for remote management
  • Connect all new devices and ISP Connections
  • Build up the rest of the network
  • Reverse with decommissioning the temp site you also can use a “scout router”

The preconfigured temp rack includes a half sized rack in a flight case on wheels.

All needed components for an instant network:

  • Switches, Routers
  • Firewall / Proxy Servers
  • Voice Call server / Voice Mail
  • Wireless Controller / Access Points
  • UPS / Power

Challenges

  • ISP connection
  • WLAN >> empty space vs. crowded space
  • Power
  • Passive Infrastructure

What tools are you using?

I’ve been working a lot recently with Aruba Instant APs, troubleshooting issues and tuning the configuration of over 600+ virtual controllers. I recently stumbled over AirRecorder from Aruba Networks as a very handy troubleshooting tool and flight recorded to capture data for later analysis.

What tools are you using?

Cheers!

Episode 13 – Campus Network Design

Podcast: Play in new window | Download (Duration: 1:03:13 — 28.9MB)

Subscribe: Apple Podcasts | RSS

We returned to record our thirteenth episode on Sunday October 2, 2016.

 Interesting News and Events

Roundtable Discussion – Campus Network Design

How to build a Campus Network

How many devices will be on the network ?

What kind of Devices do you need ?

  • Switches , Core (maybe distribution) Access
  • L3 Routing , classic Routers, L3 Switches, Firewalls
  • WLAN Access Points, Controller
  • Wan Optimizer
  • Infrastructure for VoIP
  • What tools are you using?

How to build a redundant campus network:

Layer 2

  • Spanning tree, Multi Chassis Link Aggregation , LAG/LACP
  • Stacking, like Cisco Cat 3k line, VSS technology  or Avaya Switches, Juniper virtual Chassis , HP IRF
  • virtual Switch Clustering , Cisco vPC, Avaya SMLT, Cisco VSS

Layer 3

First Hop redundancy Problem:

  • VRRP
  • HSRP
  • RSMLT

Choose the right technology for your needs / usecase.

Protect your Network:

  • Loop prevention   STP, BPDU Guard
  • DHCP Snooping
  • Rate Limiting
  • Access control

Use a seperate management network for your network devices.

Use encryption for management such as SSH, SNMPv3 and HTTPS

Preconfig / Templates / Provisioning:

  • Switches
  • Ports
  • VLANs

Out of Band Management

  • Opengear
  • Cradlepoint

What tools are you using?

I recently needed a small compact remote jumpbox that i could use to help isolate a problem I was experiencing in a physically remote network. I employed a Raspberry Pi 2 Model B with Anker USB 3.0 to RJ45 Gigabit Ethernet Adapter which allowed me to use the small computer as both a jumpbox and a remote packet capture solution. I was able to manage the computer remotely over the built-in Ethernet adapter and then used the Anker (it’s actually a Realtek chipset) Ethernet adapter to capture the problem frames coming from a SPAN port using tcpdump with some capture filters. You’ll need to be careful of how much traffic you throw at the little computer but I was really impressed with how well the solution worked.

What tools are you using?

References:

Episode 12 – Fiber and Twisted Pair Cabling Plants

Podcast: Play in new window | Download (Duration: 52:40 — 24.1MB)

Subscribe: Apple Podcasts | RSS

We returned to record our twelfth episode on Sunday September 18, 2016.

Interesting News and Events

hackingbible1998-crop

Roundtable Discussion – Fiber and Twisted Pair Cabling Plant

Cable plant considerations when upgrading network.

Fiber

If you are considering upgrading your network make sure you check the specs on your fiber plant. If you are already running 1Gbps you might not be able to run 10Gbps. There’s a big difference between a grey, orange (OM1 62.5um MM), aqua/blue (OM3 50um MM) , pink (OM4 MM) and yellow (Single Mode) fiber patch cables.

Examples;

  • Client was trying to replace ATM OC-3 links with 1Gbps links over 62.5um OM1 multi-mode
  • Client was trying to run 10GEBase-LR over 62.5um multi-mode which was over 1100ft in distance.

There are ‘newer’ workarounds available including mode conditioning patch cables and LRM transceivers that allow long haul optics to function over legacy OM1 fiber plants.

Connectors: ST, SC , LC, MTRJ, E2000, MPO

Copper

The same caveat applies to legacy UTP (unshielded twisted pair) wiring.
You only need 4 wires to run 100Mbps.
You need all 8 wires to run 1Gbps.

Example;

  • Client complained that desktops were only running at 100Mbps and not 1Gbps, eventually found that cable plant only had been wired for 4-wire and not 8-wire.

LED cables

What tools are you using?

Differentiating Application Performance vs Network Performance Issues

iPerf / iPerf3 – measure bandwidth and throughput across your network infrastructure. Great tool for gathering baseline observations and then validating real-world performance.

Cheers!

References:

Episode 11 – Infrastructure Lifecycle

Podcast: Play in new window | Download (Duration: 43:53 — 20.1MB)

Subscribe: Apple Podcasts | RSS

We returned to record our eleventh episode on Sunday August 28, 2016.

Interesting News and Events

Roundtable Discussion – Infrastructure Lifecycle

 

Reasons for a refresh?

  • End of Life (EoL)
  • End of Support (EoS)
  • Performance
  • Expansion
  • Budgeting (new equipment might be less costly than maintaining older equipment under maintenance contracts)
  • New features requirement (PoE+ vs PoE / 10Gbps vs 1Gbps / 1Gbps vs 100Mbps)
  • Manageability

Strategic Lifecycle Planning – often companies plan and budget to replace their infrastructure every 5 – 7 years.

What kind of refresh ?

  • The easy one; 1:1 like e.g. one core switch for a newer cores witch
  • Technology change; like e.g. from classic STP to multi chassis link aggregation
  • Fabrics
  • Software Defined Networking

You can really stretch the budget by looking at second hand equipment, especially for non-critical sections of the infrastructure. Avoid grey market equipment and only work with a reputable vendor.

 

Reach out for the Vendors:

  • Educate yourself before the vendors show up
  • Compare different vendors and technologies with each other
  • Document the features that you are looking for in the solution
  • Proof of Concept – prove out the possible solution
  • Rollout Planning
  • Maintenance window – new product gets implemented to the production environment
  • Finger crossed (look for bugs)

What tools are you using?

Synergy – Synergy combines your desktop devices together into one cohesive experience. It’s software for sharing your mouse and keyboard between multiple computers on your desk. It works on Windows, Mac OS X and Linux. It’s only $10 for the basic version and well worth the money in Dominik’s opinion.

Michael’s technical challenge?

T460-heroThese past two weeks I’ve been working to figure out why the Lenovo ThinkPad T460 w/Intel AC 8260 wireless adapter wasn’t playing well with a Cisco 5508 Wireless LAN Controller and Cisco 1262N and 3702E Access Points. The device itself is pretty nice… very thin, not very heavy, great keyboard and doubles as a tablet. I’ll be sad to give it up when I figure out what’s broken. Watch my blog for a follow-up and possible conclusion.

Update: August 30, 2016 – workaround is to enable A-MPDU for 802.11n – Lenovo ThinkPad T460 Yoga with Intel AC 8260 Wireless Issues

Cheers!

Episode 10 – IPv6 Internet Addressing

Podcast: Play in new window | Download (Duration: 1:06:19 — 30.4MB)

Subscribe: Apple Podcasts | RSS

We returned to record our tenth episode on Sunday August 21, 2016.

Interesting News and Events

Roundtable Discussion – IPv6

IPv4
IPv4 provides an addressing capability of 232 or approximately 4.3 billion addresses
RFC 791 September 1981

Issues with IPv4 addressing:

  • not enough available address space
  • all blocks are already provisioned
  • conflicting IPv4 addressing between networks requires NAT

20061108

Grey/Black market for IPv4 Address space;

Microsoft pays Nortel $7.5 million for IPv4 addresses – Bankrupt Nortel finds a buyer for 666K of its legacy IPv4 addresses, raising questions if the IPv4 black/grey market has arrived.

Cellular Mobile 3G/4G Networks – Carrier NAT

Local Internet Registry

IP NG  – early working-group proposals
The Internet Engineering Task Force adopted the IPng model on 25 July 1994, with the formation of several IPng working groups.[4] By 1996, a series of RFCs was released defining Internet Protocol version 6 (IPv6), starting with RFC 1883. (Version 5 was used by the experimental Internet Stream Protocol.)
IPv6 Addresses -128Bit 3.4×10^38 addresses

Just how many IPv6 addresses are there? Really?

Subnet Cheat Cheat

Usage Statistics of IPv6

Address Types

  • Unicast
  • Multicast
  • Anycast

Dual-Stack IPv6 Use cases:

  • Management networks
  • home net / Mobile Laptop connectivity via IPv6 Tunnel
  • mergers , change the subnet / prefix on the fly

IPv6: Privacy Extensions

  • Stateless address autoconfiguration (SLAAC)

Neighbor Discovery

What is no longer available?

  • NAT
  • packet fragmentation by routers >> MTU path discovery has to be working for IPv6
  • Broadcast

IPv6 Issues and Problems (IPv6 Multicast Listener Flooding) 

http://packetpushers.net/good-nics-bad-things-blast-ipv6-multicast-listener-discovery-queries/
https://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/ (Garrett Wollman)

How to check IPv6 connectivity
The Turtle is dancing – http://www.kame.net/

Who is already available in IPv6? More than you think, Google, Facebook and many other large web centric companies.

Tunnel Mechnaism:
Free 4to6 Tunnel broker:
https://tunnelbroker.net/ >> Hurricane Electric
IPv6 traffic is encapsulated into IPv4 using IPv6-in-IP, UDP (Teredo), or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

IPv6 Cheat sheat – http://packetlife.net/media/library/8/IPv6.pdf

Naming IPv6 address parts – Proposed IETF RFC and a VOTE – chazwazza

Cheers!