Tuesday, September 30, 2008

Bgp Protocol Design


Click Here To Read Rest Of The Post...

Load Balancing with BGP


Click Here To Read Rest Of The Post...

Junos Per Packet Load Balancing


Click Here To Read Rest Of The Post...

Cisco MPLS


Click Here To Read Rest Of The Post...

BGP Next Hop Self

Some times we may find problems during the advertisements of the clients routes in BGP by adding network in the vrf (case of MPLS) & with the help of network command (In case of IP VPN). When the routes advertisements are forwarded they always carry the next hop ip address as the interface ip. A problem which persists in this scenario is that the interface ip address is not in the IGP table as consequence of packet drops. To overcome this problem we need to use the {next-hop-self} during the IBGP peering with the RR or with PE.

Click Here to Read More About the Simualtion of BGP Next Hop Self

regards
shivlu
Click Here To Read Rest Of The Post...

Case Study MVPN - Part 1

I have written a document on MVPN which will actually clear the use of RP in service provider domain and RP for VPN. Actually we require a RP per VPN basics. The use of RP is only for the control of unncessary flooding of multicast streams. I am not using the data mdt in the document that i will explain in the coming documents.

regards
shivlu




Click Here To Read Rest Of The Post...

Saturday, September 27, 2008

CEF Basics

When the packet is being received by the router what it does. Actually it looks for the destination network in the routing table and corresponding to that which next hop is used and which interface is used for outgoing. It means if the next hop is reachable then it will look for the arp entry for the directly connected router and header rewrite process will occur & packet will be forwarded towards the destination. All the packets are fast switched, I will let you know how to check the fast and cef switched packets later on my discussion. So it means on every packet the same process has to be initiated & uses most of the CPU processes and all. To overcome this problem cisco introduces a new switching mechanism that is CEF (Cisco Express Forwarding). CEF maintains two tables

a)      FIB (Forwarding Information Base)

FIB is forwarding information base which is as such the copy of the routing table. Whatever route comes in the routing table a same copy is created in the CEF table and that is known as FIB. So we can say FIB is nothing but a copy of the routing table. With the help of show ip cef you can check the cef table

 

b)      Adjacency Table (Which is used to store arp information)

This is the table which actually stores your outgoing interface with the arp of that interface.

You can check with the help of given command

Show adjacency internal

 

Structure Of CEF

FIB

Adjacency Table

 

                                                                                        

 

So we can say FIB & Adjacency tables are the data structures which are using for handing the information.

 

FIB

 

Adjacency Table

10.10.10.0

                   Pointer  à

Next Hop 1.1.1.1,Arp & Outgoing Interface  

 

 

Next Hop 2.2.2.2 & Arp & Outgoing Interface

 

Routing table is having entry of 10.10.10.0 with next hop 20.20.20.20 and which is reachable by 1.1.1.1 if this interface is down then the pointer will move towards the 2.2.2.2 so there is no change in the routing table no change in the FIB table only change occurs at the pointer end which actually saves lots of processes and of course calculations. 


regards

shivlu


Click Here To Read Rest Of The Post...

Cisco and VMware Accelerate Innovation in Data Center Virtualization

Companies Deliver Joint Solutions to Incorporate Cisco Virtual Networking Capabilities into VMware Infrastructure and Improve Performance of Virtual Desktops Across Wide-Area Networks

LAS VEGAS– VMworld – Sept. 16, 2008 – Industry leaders in virtualization Cisco and VMware® today announced that they are collaborating to deliver joint data center solutions designed to improve the scalability and operational control of virtual environments. The Cisco Nexus® 1000V distributed virtual software switch is expected to be an integrated option in VMware Infrastructure. Cisco and VMware will also combine their expertise in networking and virtualization to introduce a new set of multidisciplinary professional services and reseller certification training in support of customers’ data center virtualization strategies. In parallel, Cisco and VMware are collaborating on integrating VMware Virtual Desktop Infrastructure (VDI) solutions with Cisco® Application Delivery Networking solutions to improve the performance of virtual desktops delivered across wide-area networks (WANs). 

The Cisco Nexus 1000V distributed virtual software switch will simplify the operations of both physical and virtual networking infrastructures to help server, virtualization and networking administration managers accelerate data center virtualization. The Nexus 1000V will extend Cisco’s security, policy enforcement, automated provisioning and diagnostics features into dynamic VMware environments that will be able to scale to thousands of live virtual machines. In this highly agile environment, the new Cisco Virtual Network Link (VN-Link) technology on the Nexus 1000V will integrate with VMware’s vNetwork Distributed Switch framework to create a logical network infrastructure that will provide full visibility, control and consistency of the network. The solution will help network, virtualization and server teams to gain efficiency in virtual environments and obtain accurate, real-time data for stronger collaboration in troubleshooting.

“We are embracing server virtualization to help us save energy for cooling and to increase the efficiency of our data center space and resources. MIT has a variety of computing needs that require a consistent IT management model throughout our data center,” said Theresa Regan, director of operations and infrastructure services for the Massachusetts Institute of Technology. “What is cool about Cisco working together with VMware is that the service, security and operational ease of management policies in Cisco networking will be assignable across each virtual machine in VMware Infrastructure. This kind of innovation will help drive more use of virtualization in our campus.” 

“With today’s announcement, VMware and Cisco have taken a significant step forward in enabling our customers to take advantage of an end-to-end virtual data center architecture to simplify how they deliver IT services to their clients,” said Brian Byun, vice president of global partners and solutions for VMware. “We’re excited to announce the Cisco Nexus 1000V and VMware Infrastructure integration, as this is a key building block in our strategy to partner with industry leaders to deliver to customers the deep federated management of physical and virtual server, network and storage infrastructure required in a fully virtualized data center.”

The Cisco Nexus 1000V distributed virtual switch, with Cisco’s VN-Link virtual-machine-aware network and storage services, will complement VMware Infrastructure, which is in use by more than 120,000 customers. Through this integrated virtual solution, information technology (IT) managers will be able to set and enforce connection policies for each virtual machine across a data center. Now the same policy-based configuration and operation of network services traditionally available in Cisco physical hardware switches will be easily applied to each virtual machine. These virtual capabilities will enable IT managers to more easily manage virtual machines as they migrate them across physical servers during routine hardware maintenance or to balance server workloads for optimized application performance and availability.

“Integrating the Cisco end-to-end data center networking capabilities into the VMware platform is a way for our customers to enjoy the Cisco networking, security, and storage services they have benefited from in our networking hardware,” said Soni Jiandani, vice president of the Marketing, Server Access and Virtualization business unit for Cisco. “Also, with our expertise in assessment, planning and network design, we will be able to help our customers set up the right policies to gain the benefits of networking virtualization across their business.”

Cisco and VMware also jointly offer virtualization consulting services to help customers create and deploy server, network and storage virtualization solutions across their data center that reduce costs by provisioning new applications quickly and more safely, while maintaining high levels of application performance. The Cisco and VMware Virtualization Assessment Service and Cisco and VMware Planning and Design Service identify and close gaps in customers’ server, storage and network infrastructures to provide virtualized consolidated end-to-end architecture.

Cisco and VMware intend to work with alliance partners and customers to provide leadership in the use of virtualization technology for business advantage, and to scale this knowledge through industry-leading education and certification programs.

“Network virtualization is a key component of next-generation data centers. With a focus on virtualization of services and assets across the network, Cisco will evolve its education and certification programs for the data center,” said Jeanne Beliveau-Dunn, general manager of Learning@Cisco. “Cisco is working with VMware to develop training, education and career certifications for customers and resellers that align with architecture changes and new roles such as data center architect, data center builder, and data center technical operations professional.” 

In addition both Cisco and VMware will be proposing to the IEEE standards body a new protocol called Network Interface Virtualization, which will enable VN-Link technology to be delivered in high-performance hardware based solutions.

High-Performance Delivery of Virtual Desktops
Cisco and VMware are collaborating to accelerate the use of desktop virtualization by improving the performance of end users’ virtual desktops across the WAN, enabling centralized and distributed printing for remote users, and enhancing backup and recovery automation. Cisco’s Application Delivery Networking portfolio optimizes application availability, performance and security over the WAN. When it is combined with VMware VDI, customers are able to deploy a solution that provides an optimized remote desktop experience. Cisco and VMware collaborated on testing certain use cases to improve the experience of remote end users accessing virtual desktops. As published in the jointly developed whitepaper, the VDI architecture tested by Cisco and VMware illustrates up to a 65 percent improvement over native multi-user remote desktop protocol (RDP) in file and application access when using Cisco Wide Area Application Services (WAAS) and Cisco Application Control Engine (ACE) to optimize WAN protocols, with VMware VDI and Virtual Desktop Manager and backend infrastructure. Cisco and VMware are continuing to expand this architecture to optimize the remote-user experience and increase the adoption of virtual desktops.

Availability
The Cisco Nexus 1000V distributed virtual software switch with VN-Link capabilities supported in a VMware Infrastructure environment is expected to be generally available to customers in the first half of 2009. Cisco Wide Area Application Services and Application Control Engine for VDI are available now.

About Cisco 
Cisco, (NASDAQ: CSCO), is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found athttp://www.cisco.com. For ongoing news, please go tohttp://newsroom.cisco.com.

About VMware 
VMware (NYSE: VMW) is the global leader in virtualization solutions from the desktop to the data center. Customers of all sizes rely on VMware to reduce capital and operating expenses, ensure business continuity, strengthen security and go green. With 2007 revenues of $1.3 billion, more than 120,000 customers and nearly 18,000 partners, VMware is one of the fastest growing public software companies. Headquartered in Palo Alto, California, VMware is majority-owned by EMC Corporation (NYSE: EMC) and on the web at www.VMware.com.

Technorati Tags: Cisco, VMware, Virtualization, Data Center, Data Center Switches, Virtual Switches, Application Delivery Networks, Cisco WAAS, Cisco Nexus 1000, VDI, Site Recovery Manager

  1. # #

Cisco, the Cisco logo, and Cisco Systems, are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. VMware is a registered trademark of VMware, Inc. in the United States and/or other jurisdictions. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.

The information on this press release is intended to outline our general product direction and should not be relied on in making a purchasing decision. The information on this press release is not a commitment, promise or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion.


Source:-http://vmware.com/company/news/releases/cisco_vmworld08.html

regards
shivlu


Click Here To Read Rest Of The Post...

Friday, September 26, 2008

IP Plotter

One of my friend Prashant has developed a good tool whcih actually plots the ip address to find the lacation.

Good tool



regards
shivlu

Click Here To Read Rest Of The Post...

Cisco Vulnerablity

Hi All

We were facing a problem on 18th September and one of my friend Sanjay checked with the help of sanity and found the results given

Buffer information for Small buffer at 0xD809340

  data_area 0x789AD184, refcount 0, next 0xD13D8B8, flags 0x0

  linktype 0 (None), enctype 0 (None), encsize 14, rxtype 1

  if_input 0x0 (None), if_output 0x0 (None)

  inputtime 1d09h (elapsed 00:00:00.320)

  outputtime 1d09h (elapsed 00:00:18.580), oqnumber 65535

  datagramstart 0x789AD1CA, datagramsize 62, maximum size 260

  mac_start 0x789AD1CA, addr_start 0x789AD1CA, info_start 0x0

  network_start 0x789AD1D8, transport_start 0x789AD1EC, caller_pc 0x29596C


Code that exploits a recently revealed flaw in Cisco's router operation system is publicly available, so now it's up to network administrators to patch their systems or face attack.

There have been isolated reports over the weekend of attackers trying to exploit the vulnerability, which is in Cisco's network operating system, IOS, when processing IP version 4 (IPv4) packets. More than 100 of Cisco's products are susceptible including routers and switches.

ISPs are taking the flaw seriously and are patching their systems. "We have not seen the huge blackouts that would have occurred if they hadn't started to address the issue," said Dave Cole, director of products at Foundstone Inc., Mission Viejo, Calif. "The urgency to patch systems has certainly increased because the exploit is now available."

The Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh has issued an advisory because the exploit code was posted to some Internet mailing lists. Symantec and Internet Security Systems have both raised their threat levels for the vulnerability because of the code's release.

In general, the release of exploit code increases the danger of vulnerabilities as it allows people with limited technical savvy to take advantage of the flaws. Instead of having to write the precise packets needed to attack the flaw, a would-be attacker would only have to cut and paste the information from the Internet. In the case of the Cisco vulnerability, exploiting it would trigger a denial-of-service attack that could shut down Web sites and network access points.

Exploiting the vulnerability requires sending some specially crafted IPv4 packets to affected systems. The packets would trick the systems into thinking they are full. The routers and switches would then stop processing traffic, which would render Web servers and other network-dependent systems inaccessible.

The release of the exploit code wasn't surprising given the fact that advisories give would-be attackers the information they need to create the code, Cole said. "The real question is whether people would have enough time to perform upgrades to their systems."


After that he informed to the cert and on 24th september we found the same bug on cisco which is affecting the given IOS.

The vulnerability affects Cisco IOS-based routers and switches running 11.x thru 12.2.x. IOS version 12.3 and a number of 12.1 and 12.2 rebuilds are not affected


regards

shivlu


Click Here To Read Rest Of The Post...

Monday, September 22, 2008

MVPN Problem

During the analaysis of one of our client network running MPLS in the core and having lot of customers which are on MVPN. Core is using sparse-dense mode but with no RP and customers are using static RP mapping. The main disadvantages of using this type of topology is that if the core wonot be able to find the RP then it will fall back to the dense mode. So in the scenarios where no RP is defined will alwasy fall back to the dense mode which means unnecessary flooding of stream to each and every vrf which is the part of that VPN. By using this the main problem is that data mdt can never converge in the VPN, it it means if you are using data mdt then there is no use of that becasue your tree is *,G and data mdt is for S,G; It means never S,G entry will come and data mdt will never converge. To overcome the problem need to define the RP address in the core & RP should be specifically for the data MDT groups. RP can be defined by using AUTO-RP or BSR.



Click Here To Read Rest Of The Post...