Networking

Screen Scraping

I have learned a new term

Screen scraping – analyzing CLI outputs and responses via script connected to the CLI

CCNP R&S

It’s been a really long journey, but finally i have become CCNP R&S

ccnp_routingswitching_large

Do not chain L3 devices

Never ever chain-connect L3 devices. In situation when you need to add additional device to a segment which exists between two routers only you will have to redo wiring and reconnect everything to switch fabric.

 

no

 

 

All L3 interfaces of all segments should be connected to a switch fabric directly. The only valid reason to connect L3 interfaces back-to-back directly is keeping segments isolated. However, the isolation can be achieved with SVI absence in segment in question.

yes

 

Enabling LifeSize Icon 600 to work with LifeSize cloud

1. There are 7 apparently secret IP addresses for gateways. They are not shared publicly and are provided by your vendor. Outbound connections must be allowed.

2. Only outbound flows to the Internet have to be remitted. Inbound are not necessary, despite listed in the official documentation

3. Apart of 7 gateway hosts, additional outbound connections should be opened to the following hosts

software.lifesize.com
204.77.217.32

manage.lifesizecloud.com
54.186.9.130

diagnostics.lifesize.com
54.254.97.191
54.225.105.190

vc.lifesize.com
207.114.244.80

www.lifesize.com
209.163.159.5
209.163.159.6
207.210.232.235

lifesizecloud.com
119.81.134.226

cdn.lifesizecloud.com
54.230.159.136
54.192.156.13
54.192.157.143
54.230.158.182
54.192.157.217
54.240.168.205
54.230.159.152
54.192.156.109

GNS3 on Fedora 17

You need to download GNS3 and Dynamips. For GNS3 you would need to install PyQt4 and telnet which are not present in the standard F17 installation. After it’s installed, GNS3 itself ca be unpacked.

yum -y install PyQt4 telnet
tar -xjf GNS3-0.8.3.1-src.tar.bz2 
cd GNS3-0.8.3.1-src/
python2.7 setup.py build
sudo python2.7 setup.py setup

For linking GNS3 and dynamips you have to have the latter installed. Not an easy task on F17. You can’t just yum install dynamips, because it requires a legacy library libpcap.so.0.9 which couldn’t be found by myself.

[root@hp opt]# yum install dynamips-0.2.8RC2-1.i386.rpm 
Loaded plugins: langpacks, presto, refresh-packagekit
Examining dynamips-0.2.8RC2-1.i386.rpm: dynamips-0.2.8RC2-1.i386
Marking dynamips-0.2.8RC2-1.i386.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package dynamips.i386 0:0.2.8RC2-1 will be installed
--> Processing Dependency: libpcap.so.0.9 for package: dynamips-0.2.8RC2-1.i386
--> Finished Dependency Resolution
Error: Package: dynamips-0.2.8RC2-1.i386 (/dynamips-0.2.8RC2-1.i386)
           Requires: libpcap.so.0.9
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

But you could do the installation manually, and add symlink to the legacy lib just to be on a safe side

rpm -i --nodeps dynamips-0.2.8RC2-1.i386.rpm 
ln -s /usr/lib/libpcap.so.1.2.1 /usr/lib/libpcap.so.0.9

How check what have caused failover on PIX or ASA

The failover is determined by execution of the following command

pix# show failover state

State Last Failure Reason Date/Time
This host - Primary
Active Ifc Failure 13:23:27 MET Aug 17 2012
Other host - Secondary
Standby Ready Ifc Failure 08:23:57 MET Aug 14 2012

====Configuration State===
Sync Done
Sync Done - STANDBY
====Communication State===
Mac set

You should observe FW log to check the reason of failover. Failover can be casued by User changes, software bugs and so on.

egrep '(\(Primary\)|User|Traceback)' pix.log

Otherwise, you can inverts search by excluding other info

egrep -v '(Built|Teardown|Deny|UDP|No tr|URL|No rou|TCP|ICMP|icmp|FTP|ARP)' pix.log

ICMP permitting ACL

object-group icmp-type functional_ICMP
icmp-object unreachable
icmp-object time-exceeded
icmp-object echo-reply
icmp-object source-quench
icmp-object parameter-problem
  • Unreachable, time-exceeded – routing problem,
  • echo-reply – all OK
  • parameter-problem, source-quench – MTU Path discovery features

The correct way to save configuration in HiPath 4000

exec-updat:bp,all;
exec-updat:a1,all;

Where:

BP  = active base processor (A or B) of SWU
A1 = administration and data server (ADS)

A bunch of networking jokes

A friend of mine shared a butch of networking jokes. I am going to copy them all here, for historical purposes. Make sure to visit the site for a full version

A pair of jumper cables walks into a bar. Bartender says: “I’ll serve you, but don’t start anything.” – Matthew Norwood

A dhcp packet walks into a bar and asks for a beer. Bartender says , “here, but I’ll need that back in an hour!” @brandoncarroll:

An LSA Type 6 packet walks into a bar and asks the bartender for a drink. The bartender ignores him. – @someclown

An LSA Type 2 packet walks into a bar and asks for a beer. Bartender say’s “here, but don’t leave the area with it.” @someclown

ICMP packet walks into a bar from warehouse and announces – “no more beer” – @fsmontenegro

Sometimes I feel like a multicast packet. Ask 10 differenet people how to get somewhere and get 10 different answers. @jodylemoine

An RTP packet walks into a bar through the wrong entrance. The barman says “You’re not getting any special treatment” – @xchewtoyx

A multicast packet walks into a bar and leaves by four different exits at the same time – @xchewtoyx

“Knock Knock” “who’s there?” “Denial of Service Attack” “Den…?” “Sn(kRzIhAw]BoKaoOv0liZPhl~FaLoaSa*AgSeaLp|ExleT…” – @MattGordonSmith

A BGP Update walks into a CRS-1. He walks back out with a corrupt optional transitive attribute. – @xchewtoyx

A DNS packet walks into a liquor store – where do I find beer “ABC”?. Clerk: aisle 4, top row on the right. @fsmontenegro

An IPv6 packet walks into a bar. Nobody talks to him. @fsmontenegro

A tcp packet walks in to a bar and says “I want a beer”, barman says “you want a beer?” and tcp packet says “yes, a beer” @stevie_chambers

Dhcp pkt stands on a dark street and shouts “does anyone have a beer!?” A bartender of a nearby bar says “sure come on in, lets see the menu. You can have this beer. Patron says “can I have this beer?” Bartender “Aye. But I will need the glass back..er unless you still want it! – anonymous

A Network Engineers tell a joke in a full bar. One man laughs. They start talking about NX-OS and have a blast. @icemarkom

Q. How do you catch an Ether Bunny.
A. With an Ethernet!!
@etherealmind

Q. What did the OSPF router say to the other OSPF router ?
A. Hello. Hello. Hello. Hello. Hello. Hello. Hello. Hello.

Five routers walk into a bar. Who gets the car keys? The Designated Router. @scottrobohn

DNS is the root of all problems – @jimbofx

IP packet with TTL=1 arrives at bar. Bartender: “Sorry, can’t let you leave…and you don’t get any beer either…” @fsmontenegro

And some more unpublished jokes from comments

I’d tell you a UDP joke, but you might not get it.

An IPv4 address space walks into a bar and says to bartender: “One strong CIDR please I’m exhausted!”

A class default packet walks into a bar. Barman knocks him down and serves next customer.

An NTP packet calls ahead to make sure the bar’s open. By the time he gets there, it’s closed.

An ICMP Redirect walks into a bar. Everybody moves next door.

A bunch of TCP packets go into a bar, until it’s overcrowded. The next day, half as many go in.

A packet walks into an 802.3x bar. The bartender says, “Be with you in a second.”

An ARP request goes to McDonald’s and asks for a Big Mac.

Part 2. Visit their site, it’s great.  I promise

@mfratto A runt packet walks into a bar, the bartender says “You could use a byte.” –

@samj: OH: “A UDP packet walks into a bar. The bartender doesn’t acknowledge him.”

@etherealmind TCP packet tries to get past the firewall on the way to the bar. Firewall says “hey, you’re out of order”.

@pello FTP-data packet tries to get past the checkpoint firewall when someone changed the bar policy. “Hey, first packet is not SYN”

_johnmcmanus_ a broadcast walk into the bar, everyone stops what they are doing to look

RT @BartSwinnen An IPv4 address space walks into a bar: “A strong CIDR please. I’m exhausted.” #ipv6

@networkingnerd
An IPv6 NS packet walks into a bar and yells, “Is anyone in here named John Smith?”. When no one answers, he sits down and orders a beer.

@xme an IPv4 packet walks on a bar and orders a CIDR and says “I’m exhausted” ^_^

Brandon Carroll @brandoncarroll talking about the Last of the Bogons.

A Bogon walks into a bar. The Bartender says… Youíre not supposed to be here! :)

A Bogon walks into a bar. The Bartender says….. I thought you were extinct !

A Bogon walks into a bar and says to the Bartender… Take me to your leader!

And some from me.

MTU oversized train enters a tunnel, but gets annihilated

 

You might be an Network Guy If

Preparing to CCNP SWITCH by the official certification guide involves lots of side research. Previous time, filling my gaps in STP, I found spanning tree poem. Today I was researching about STP again and found an interesting text, which is a joke about telecom guys. By far I know telecom-involved people as the ones who have no any kind of subculture whatsoever. Programmers and Administrators have their jokes, legends, stories, even official days. Telecom guys do not seem to. Or it might be my impression only. Nevertheless, I’m going to collect stuff here which might belong to a “nonexistent” telecom subculture.

You might be an Network Guy If

You know more ip addresses than phone numbers
You regularly mock TV shows for using technology that isn’t part of the feature set available on the devices they have
You correct people who mix up Megabytes and Megabits
You waited eagerly for wireless N to be approved officially.
You can explain everything in your life using 7 layers
You tell people not to use TKIP because of it’s security flaw
You think people should be able to do without DNS for a day, just use IP addresses…
You follow your wife around shopping retail stores and spend your time skimming the ceilings for their APs and mapping out a heat map of the store in your head
You know what TCP/IP stands for, not to mention DNS, HTTP, SNMP, BGP, OSPF, WPA, and DHCP – Sometimes you wonder if you know more acronyms than words
You’ve known what IPv6 was for years
Cmd, telnet, and ssh are useful everyday tools, not just black boxes
Linus Torvalds comes up in everyday conversation
You know jokes about DHCP and LSAs
You cringe when you have to use a Gui to configure a switch or router
Your Amazon wish list consists of routers and ASA firewalls
Dealing with Tier 1 tech support makes you pull your hair out.
You have read the NSA’s security best practices
The routing protocol in your house changes daily depending on what you have been reading
You know what a nibble is
You know what 1000 Terabytes is called
You can intelligently discuss how Egypt shut off their Internet to the country

Source