DDoS Protection with NetFlow

DDoS Protection: The Problem with NetFlow

“Netflow collection.” This is what I kept hearing from DDoS providers when I asked how they monitored networks.  But there are a couple problems with utilizing NetFlow. Problem 1: Sampling Rates… I’ve very rarely seen a sampling rate of 1 on routers.  Cisco’s CRS shelves and ASR9ks as well as Juniper’s TX Matrix Plus and MX960s are certainly capable … Continue Reading

How to Add a Route in Mac OS X Mavericks

Ever have need to access a network that your default gateway (router) doesn’t know about?  Just add the route via the CLI/Terminal on a Mac OS X running Mavericks! The command is sudo route -n add (network) (gateway)

What is a Network? #NYTechDay

I spent a few hours at a trade/tech show yesterday in NYC.  My company sponsored a portion of the show and wanted to show off their shiny new network architect in their booth, so I sat down and prepared myself for the deluge of questions. I’m not sure what I was expecting.  Maybe a little … Continue Reading

SSH to a New Cisco IOS-XR Device

If you have a Cisco device you’re wanting to get SSH access to, you can’t just SSH into the box right from the get go. There are a couple things to do first:  Add an IP Address to an Interface (from config mode)

Enable SSH (from config mode)

Create a DSA key (from … Continue Reading

Configure Fabric Extender to Nexus 5k via Port-Channel

First, let’s just enjoy this moment.. This is my first Cisco-centered blog…. EVER! Ok, now that we’re done with that collective “WHAT?!!”, let’s get to business! Cisco has a pretty neat technology called Fabric Extenders. If you follow my blog, then you’re probably a Juniper gear-head, so think of it as EX virtual-chassis’ using the … Continue Reading

Gracefully Upgrading JUNOS Devices with Dual RE’s

One of the coolest things about the routing plane with Juniper routers is the fact that you can have dual/redundant independent routing-engines. Routers are constantly making decisions, running algorithms, and updating the database for the correct way for traffic to get to every destination possible.  They do this to always have the quickest/most efficient route … Continue Reading

Juniper Route Selection Process (BGP)

I’ve had to look this up more than a few times, so I figured I’d throw it here for anyone else looking. Yes, I know it’s all over the Internet, but one more place doesn’t hurt does it? And remember, the LOCAL PREFERENCE value is the only value where HIGHER is better. Route Preference (BEFORE BGP Path … Continue Reading

Route Distinguishers (auto vs. manual)

Automatic Route-Distinguishers vs. Manual Route-Distinguishers Every MPLS VRF needs a unique route distinguisher.  This is needed for BGP to tell the difference between two of the same prefixes on two different VPNs.  You wouldn’t want the route-selection process to perform a route-selection between the two because they’re in separate routing domains. Both JUNOS and IOS-XR … Continue Reading

JUNOS BGP Damping Policies

Attached is a good starting point for damping policies.  You could create different damping policies per BGP group/neighbor, but a standard set allows an enforced “network-wide” BGP damping policy. Download BGP_Damping_config_template_stanza.txt To apply the policy, you just add the damping knob and add the policy to the import policy list before any ACCEPT actions are done. I … Continue Reading