Jibba Jabba or the Nines Nines Nines

You’ve probably heard “nines” thrown around when talking high availability, so let’s review them to make everyone talk the same talk or IT Jibba-Jabba.

[Read more…]

Controller, Cloud Managed and Standalone WiFi Deployments, Oh My!

Hello all, the speaking.

 

In the WiFi world, there are three major types of wireless deployments. These are, as the title says, Controller Based, Cloud Managed, and Standalone; They are all different, and each one has its correct application, benefits, and vices. It has come to my attention that the differences among these groups aren’t understood well. Usually people are more interested in the brand name rather than the group it falls in. And that’s okay, I am here to help you choose the correct WLAN solution for your needs. Just to clarify, I will NOT be going into a discussion of which manufacturer falls into which category, or which one is better. That type of battle is best left alone for another day.

[Read more…]

Laying the keel, a Layered Approach

Saar here, resident engineer at Myriad Supply. Today I’ll be discussing the OSI Model and the 7 layers.

1) Firewalls:
a. Basic
b. Next Generation
c. Application Layer firewalls- Palo Alto/ Juniper
d. Web application Firewalls- Mykonos now rebranded to webapp secure firewall

Let’s review some basics about the OSI model and the 7 layers:

[Read more…]

BPG Routing

Hello,

Saar here, resident engineer at Myriad Supply. Today I’ll be talking about BGP Routing.

BGP…you probably hear that word being thrown around. What is it and how can it help you? First, take a look at this cheat-sheet. The second item will give you a brief explanation on BGP and its uses.

Cheat Sheet

The first item is the port speed from 10/100/1000 to 100Gbps. The second one is how many FULL tables we recommend.

For the 1 GigE you have the best horse is the older 7200

For the 1 GigE you can also invest in the 6500/7600 with XL

For the 10 GigE you have 2 out of 3 horses with hefty discounts on Brocade and Juniper.

For the 10 GigE you can also get the older 6500 with XL and 6704/6708 line cards.

 

For the 40 GigE. You can use the 6500 with SUP-2T or look at our Juniper/ Brocade Chassis offerings. Again 3 out of the 4 horses are available to you.

 

Allow me to explain:

 

Let’s say you’re sitting in the office and you want to email Mr. Borat Sagdiyev. There are many ways of reaching Borat, as many ways as there are countries and ISPs in the world. The reason for that is that NOBODY owns the internet. It’s basically made up of thousands of internet providers who will link to each other (which is why they say the internet should be capable of surviving a nuclear attack). For example, from NY, you can send data across the country through the Pacific pipeline to Japan and reach Borat. In summary, the internet is a large collection of ISPs working together sharing links so they can route your traffic to Borat.

In order to work together, the ISPs need a protocol that will allow them to update all the addresses of the world and any changes. This protocol is Border Gateway Protocol, BGP.

The idea is simple- Each enterprise company or ISP can apply for something called an AS number.

http://thyme.apnic.net/rviews/data-AS20net-RIPE

  ASN   No of nets  /20 equiv  Description

25534      156          1       Intelsoft Kazakstan AS

 

As you can see, the ISP in Kazakstan where Borat lives applied for ASN 25534. So basically, each ISP or Enterprise company canapply for an ASN. As you also know, in order to talk to other devices in the world, your PC needs to have a real PUBLIC IP address (you can see yours by going to http://www.ipchicken.com/).

[Read more…]

Configuration sample BGP + HSRP design

Configuration sample BGP + HSRP design.

Creating BGP inbound redundancy + HSRP outbound redundancy.

Here’s a configuration sample using two routers, Primary R1 terminating a DS3 and BackupR2 terminating a 20MB circuit.

The diagram is shown below as well as the running configurations snipplets from both routers.

A local preference of 150 is used on the primary R1 to force outbound traffic via HSRP out the primary.

ASN pre-pending is used on backup R2 to dissuade inbound traffic from coming in via the lesser bandwidth ISP.

X = Used in place of real IP’s.

[scribd id=68245360 key=key-1oiz1hb5jztsr3keaw7w mode=list]

 

Primary R1:

PrimaryR1#sh run
Building configuration…

Current configuration : 2913 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PrimaryR1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
interface Loopback100
no ip address
!
interface GigabitEthernet0/1
description LAN port
ip address 64.X.X.1 255.255.255.224
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no negotiation auto
standby 1 ip 64.X.X.5
standby 1 priority 105
standby 1 preempt delay minimum 60
standby 1 track Serial3/0
!
interface GigabitEthernet0/2
description conn to Backup Lightpath
ip address 65.X.X.66 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex full
speed 100
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3
description LAN handoff from P2P to Denver
ip address 10.30.0.1 255.254.0.0
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface Serial1/0
description p-2-p to Denver DC
ip address 10.10.10.1 255.255.255.252
dsu bandwidth 44210
framing c-bit
cablelength 10
clock source internal
serial restart-delay 0
!
interface Serial3/0
description DS3 XO WAN interface
ip address 65.X.X.254 255.255.255.252
ip access-group 150 in
encapsulation ppp
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
router bgp 16XX
no synchronization
bgp log-neighbor-changes
network 64.X.X.0 mask 255.255.255.224
network 64.X.X.2
aggregate-address 64.X.X.0 255.255.255.0 summary-only
neighbor 64.X.X.2 remote-as 16XX
neighbor 64.X.X.2 next-hop-self
neighbor 65.X.1X.253 remote-as 2828
neighbor 65.X.X.253 route-map setLocalpref in
neighbor 65.X.X.253 route-map localonly out
no auto-summary
!
no ip http server
!
ip as-path access-list 10 permit ^$
ip nat inside source list 101 interface GigabitEthernet0/2 overload
!
access-list 101 permit ip any any
access-list 150 permit ip any any
!
route-map setLocalpref permit 10
set local-preference 200
!
route-map localonly permit 10
match as-path 10
!
control-plane
!
gatekeeper
shutdown
!

!
end

————————————————————————-

BackupR2:

BackupR2#sh run
Building configuration…

Current configuration : 2172 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BackupR2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
description conn to L3 switch on ARIN block
ip address 64.X.X.2 255.255.255.224
duplex auto
speed auto
standby 1 ip 64.X.X.5
standby 1 preempt delay minimum 60
standby 1 track FastEthernet0/1
!
interface FastEthernet0/1
description conn to LP ISP
ip address 65.X.X.134 255.255.255.252
ip access-group 101 in
duplex full
speed 100
!
interface Serial1/0
description DS3 XO WAN interface
ip address 65.X.X.254 255.255.255.252
ip access-group 150 in
encapsulation ppp
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
router bgp 16XX
no synchronization
bgp log-neighbor-changes
network 64.X.X.0
network 64.X.X.0 mask 255.255.255.0
redistribute static
neighbor 64.X.X.1 remote-as 16XX
neighbor 64.X.X.1 next-hop-self
neighbor 65.X.X.133 remote-as 6128
neighbor 65.X.X133 route-map foo out
no auto-summary
!
ip classless
ip route 64.X.X.0 255.255.255.0 Null0
no ip http server
!
ip as-path access-list 10 permit ^$
!
!
ip prefix-list localonly seq 5 permit 64.X.X.0/24
access-list 1 permit 64.X.X.0
access-list 10 permit 64.X.X.0
access-list 101 permit ip any any
access-list 150 permit ip any any
!
route-map foo permit 10
match ip address prefix-list localonly
set as-path prepend 16XX 16XX 16XX 16XX 16XX 16XX 16XX 16XX
!
route-map localonly permit 10
match as-path 10
set as-path prepend 16XX 16XX 16XX 16XX 16XX
!
!
!
!
!
!
!
gatekeeper
shutdown

!
end