bgpaytributessmall-Each protocol has to calculate somehow the metric  in order to choose the best route. So we have the cost in OSPF, K-values in EIGRP, BGP doesn’t differ from them and also calculate the best route, but the metric of BGP is much more complicated.

The difference between phase 2 and 3 regarding DMVPN is slight at a first glance. In this article we will find out how to properly configure Phase 3, especially we focus on  NHRP protocol and its role. At the end we will establish full reachability between 2 spokes with utilization of EIGRP.

Sham Link feature is necessary if we want to deploy backdoor link between 2 OSPFs domains belong to the same area but split by MPLS. The issue that we will come across is a result that backdoor link will have priority over the MPLS.

We may come across on interesting issue if we get the same prefix from external BGP AS and directly via OSPF process. It may happen if we want to have another link to the destination but not neccesarily via another eBGP link. The problem that we will definetely come across on is just  another variation of suboptimal routing. 

MPLS works based on underlying IGP protocol. It may be OSPF or IS-IS, but whatever we choose, we are still dependant to IGP path calculation. Of course we may manipulate the cost of path and this way provide traffic enginering, but MPLS has its own mechanism.

Simple Modular Policy Framework and application inspection enable us for example inspection of FTP connection. When we use passive mode we need beside opened  port 21 as a control channel also any random port as a data channel. Thanks to MPF and  traffic inspection ASA knows what is the number of this random port and entire connection is enable. Great!

Cisco recently has made a small step to improve ASA  and has implemented logical tunnels, what means we got route based VPN! Really? Did we?  Not so fast. Yes, we got route based VPN but still we have to add  routes manually.

hsrp111 smallFirst Hop Redundancy Protocols have been invented for one main reason, providing redundancy for a getaway, but by the occassion they provide load balancing as well. There are 3 FHRP: HSRP, VRRP and GLBP, 2 of them belong to Cisco, VRRP is an opened standard.

Generic Route Encapsulation enables us bulding point to point tunnels. There are 2 kinds of tunnels GRE over IPSEC and IPSEC over GRE. They both work in tunnel mode by default but as we see in a while, work in completely different way.

linux-lvm-pv-vl-lvLogical volume manager is a storage virtualization that allows us easily manage the disk space. Without any problems we can expand, shrink, add disks to the virtual Volume and for the sake of redundancy apply RAID if required.

The one of the biggest issue that we may encounter on during redistribution is routing loop. If suboptimal routing causes latencies and network inefficiency , routing loops causes the loops until TTL value gets decrease to 0, what influence not only on network efficiency but also causes that some part of the network will be inaccessible at all.

 

The ‘BGP community’ is an additional information (attribute) adding to prefixes, that is being advertised to the BGP neighbors. Based on this information a BGP neighbor can make a decision what else to do with received prefix. For example we may mainpulate attributes, filter routes, etc.

selinux-penguin-new_medium

Linux provides 3 levels regarding filesystem security: standard permissions, ACL and SELinux. SELinux handles not only with files permissions but with applications, resources and network ports as well. SELinux may put a ban on an application access to the spicified system files or may not allowed a user changing file permission. What is, how work and how to troubleshoot SELinux, let’s get to know!

Firewalld alike iptables relies on Netfilter service that is responsible for packets filtering.The difference is that iptables works based on “chain of filter” rules, alike ACLs on the router, firewalld based on “zones” similar to ASA. The idea that stands behind the firewalld is that interfaces and networks are grouped into zones. Each zone has different level of trust.

vrfDiagramIf you use VRFs, sometimes you may want to use something what is being called “route leaking”. Route leaking consists in importing and exporting prefixes between VRFs or between VRF and global routing table. In this article I’ll show you how to implement route leaking in 5 different ways.

Menu