tag:blogger.com,1999:blog-15417769318718729562024-03-18T23:28:15.295-05:00IT BlogtorialsWhere blogs and tutorials intersect >>>Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.comBlogger147125tag:blogger.com,1999:blog-1541776931871872956.post-22226922583724714112018-05-22T00:53:00.001-05:002018-05-22T01:00:07.044-05:00Configuring OTV - Site Redundancy - Multiple AEDs In this blogtorial we are going to expand on my previous blogtorial "Configuring OTV - OTV Configuration and Verification" and configure an extra AED on the West Site to achieve site redundancy.
Here is the topology.
Since the underlay network configurations are the same, please see my previous blogtorial for that part of the configuration.
The relevant configuration for this blogtorialArwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-59936275465490711622018-05-21T16:27:00.001-05:002018-05-21T16:37:16.899-05:00Configuring OTV - Unicast Transport Mode - OTV Adjacency ServerIn this blogtorial, we will be configuring OTV using unicast-only transport mode as opposed to using multicast to discover neighbors etc. In order to use unicast-only transport, we have to enable and configure OTV Adjacency Server feature. Please see previous blogtorial (Configuring OTV - OTV Configuration and Verification) if you want more information on configuring OTV using multicast.
This Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-36952835463536799422018-05-16T18:42:00.000-05:002018-05-22T00:56:07.287-05:00Configuring OTV - OTV Configuration and Verification In this blogtorial, I will go through OTV configuration on virtualized routers on Eve-NG and go through a few verification commands. I will also touch on key OTV terminologies and design considerations.
If you need any assistance on how to get Eve-NG up and running on google compute, please see my previous blogtorial - Configuring Eve-NG on Google Compute Engine
Here is the topology. Our Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-33984327402420798352018-04-30T21:14:00.002-05:002018-05-21T08:20:29.018-05:00Configuring Eve-NG on Google Compute Engine
In this blogtorial I will walk-through on how to deploy Eve-NG on the cloud and more specifically on Google Compute Engine. I've tried Eve-NG on AWS and Azure but neither of them actually worked since nested virtualization isn't supported or is a very convoluted process (i.e Ravello). Google Compute Engine was also the cheapest option at the time of this writing.
Why deploy Eve-NGArwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-65674138769036853062017-09-10T21:28:00.001-05:002017-09-10T21:34:04.959-05:00High CPU on Nexus 3K - Solved In this blogtorial, I will demonstrate how I used 'ethanalyzer' on a Cisco Nexus 3K to solve an intermittent issue -- random adjacency drops of various routing protocols. Before we get into the details. let me first share with you on how I got involved in this troubleshooting to begin with. My good friend and colleague "BGP" bill aka self proclaimed "Multicast Guru" 😊 turns around says "Hey Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-5994221921504136602017-01-10T19:45:00.001-06:002017-01-10T19:46:48.049-06:00ITHITMAN GIT Repo - https://github.com/ithitman/Well it is official. I've signed up for a git hub account. I can now start publishing some open source tools on my free time to help my fellow engineers and tech enthusiasts.
Here is the link to my git repo that you can clone for yourself and contribute or use it.
https://github.com/ithitman/ Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-66167215826934992592017-01-01T22:05:00.001-06:002017-01-03T07:02:23.386-06:00Interaction between TLP (Tail Loss Probe) and SolarFlare EF_DYNAMIC_ACK_THRESHIn this blogtorial I will briefly discuss a performance issue that had me stumped for a bit. But after some googling around I stumbled up on the answer. I then started to take apart the RFC to gain a better understanding at the mischievous protocols at play. Oil powers the world and water sustains life, however they do not mix well together and the same concept applies here. Tail loss probe on Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-20862585579997165842016-12-04T18:45:00.003-06:002016-12-19T16:01:06.163-06:00CCIE #52966 R&S - First Attemp PassHello fellow future CCIE's and blog readers ... I've done it and I can't express my excitement in words. I know I have not posted in a while due to personal issues right after achieving my CCIE, however I am starting the blog engine again. In this blog I am going to document some important information regarding my preparation, stuff I did before/during/after the lab exam, and hopefully give some Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-28267210305114370822016-04-13T06:36:00.001-05:002016-04-13T06:36:22.190-05:00Date Set - 5/27/16 - CCIE R&S v5 1st Try Booked my CCIE R&S v5 lab on 5/27/16 in San Jose, CA. Check back here for more updates on my experience ...
Let's do this ...Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-65677426349416880622015-12-23T14:37:00.000-06:002015-12-24T11:59:43.082-06:00This is why I post ...I normally post "How-to articles..." however, I figured this time I'd share a thought that came into my head yesterday as I was watching "Grey's Anatomy". Now I am not particularly a big fan of that show but my wife had a surgery recently and while she was on bed rest, I started to watch the show with her. In one of the episodes, it was revealed that Meredith's mother wrote down all of her Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-77813508065909197622015-12-13T14:47:00.000-06:002015-12-14T12:49:16.772-06:00Configuring LDP - Label Distribution Protocol
In this blogtorial we will go over the basics of LDP, discuss how LDP adjacencies are formed, and also take a look at LDP packets on the wire to gain better understanding of the inner workings of LDP.
LDP stands for Label Distribution Protocol and it is used by routers to share label information about prefixes. For more information regarding LDP check out RFC 5036. At a high glance, LDP Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-89281006812401373512015-12-07T22:14:00.000-06:002015-12-07T22:19:12.768-06:00Configuring DMVPN Phase 3 w/ EIGRPIn this blogtorial we will configure DMVPN Phase 3 and run EIGRP over the tunnel. After reading this blogtorial, I hope that you will have a clear understanding of DMVPN Phase 3 and how it interacts with EIGRP. If you need a primer on DMVPN Phase 1 and Phase 2, please see my DMVPN blogtorials.
Here is the topology.
As always we will start with basic interface configurations. Note that most Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-68892132040103461552015-12-07T13:15:00.000-06:002015-12-07T19:24:58.660-06:00Configuring DMVPN Phase 2 w/ EIGRPIn this blogtorial we will configure DMVPN Phase 2 and configure EIGRP over the DMVPN tunnel. Over the past few blogtorials we've been concentrating on how to configure DMVPN Phase 1 and routing protocols over DMVPN Phase 1. One of the key disadvantage of Phase 1 is that all spoke to spoke traffic must pass through the HUB which is a bit inefficient. DMVPN Phase 2 improves on DMVPN Phase 1 by Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-61952868395194708472015-12-05T23:32:00.001-06:002015-12-07T12:18:03.090-06:00Configuring DMVPN Phase 1 w/ OSPF In this blogtorial, we will configure DMVPN Phase 1 with OSPF and walk through some gotchas and some pitfalls to be on the look out for.
Due to the hierarchical nature of OSPF and other adjacency intricacies, OSPF is generally discouraged in a DMVPN design.
We are using the same topology as my previous blogtorial "Configuring DMVPN w/ IPSEC and EIGRP", however I'll post the base configsArwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-71814379387442574062015-12-05T19:31:00.001-06:002015-12-05T22:45:46.955-06:00Configuring DMVPN Phase 1 w/ IPSEC and EIGRP In this blogtorial we will take a look at how to configure DMVPN, EIGRP over DMVPN and get the traffic going over the DMVPN encrypted using IPSEC. We will break the blogtorial in 3 parts. First we will configure the DMVPN / tunnel and verify end-to-end IP connectivity, then we will move on to configuring routing over the tunnel and finally get IPSEC configured to encrypt everything going over theArwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-77082235487716018522015-12-04T09:40:00.000-06:002015-12-05T19:31:55.681-06:00Configuring IPSEC VTI (Virtual Tunnel Interfaces)In this blogtorial, we will briefly explore how to configure IPSEC Virtual Tunnel Interfaces. One of the main advantages of Virtual Tunnel Interfaces is that you do not have to configure an ACL to match all "interesting traffic", thereby minimizing the number of IPSEC security associations (SAs) that must be created.
We'll use the same simple topology from my previous blogtorial "Configuring GREArwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-26659294442637924282015-11-28T01:03:00.000-06:002015-12-04T09:40:35.558-06:00Configuring GRE over IPSEC w/ Routing (EIGRP)In this blogtorial, we will briefly explore how to configure GRE tunnels over IPSEC with routing (EIGRP). In addition, we will take a closer look down at the packet level on how GRE interacts with IPSEC. Take a look at the simple topology below and let's get started.
As always let's start by configuring the interfaces on the routers so we have L3 reachability between the routers.
R1#show Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-84156118720125496212015-10-25T21:09:00.000-05:002015-10-25T21:11:47.421-05:00Configuring IPSEC VPN w/ Crypto MapsIn this blogtorial, we will set up a simple preshared key IPSEC VPN tunnel between two routers. We will also use the same topology for my next blogtorial 'Troubleshooting IPSEC VPN'. Lot's of debug and output posted with comments, see below. "Complexity is the enemy of security" therefore we will keep this a simple topology and get started.
On R1 let's get the loopback and the interfaces Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-78963569673501076512015-10-18T06:59:00.000-05:002018-04-04T14:58:22.600-05:00Decoding TimeStamping on Arista 7150If you need a primer on 'How to configure PTP' on Arista click here. If you understand Arista's implementation of PTP then wait no further and read the rest of the blogtorial on how to decode them from a RAW packet capture.
Key frames DATA is 46bytes and is broken down as follows. What is in bold is important for calculating UTC time of a given packet.
8Bytes - ASIC Ticks
8Bytes - UTC in ns
Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-38114782564736294872015-05-19T17:29:00.000-05:002015-05-19T17:46:27.359-05:00Configuring BGP - Advertising default route to neighbors - default originateThis post is dedicated to my good friend / colleague Mr. Rage :)
In this blogtorial we will explore one of the methods by which we can advertise a default route to BGP neighbors. One of my colleagues last week asked "would we loose the BGP default route advertisement if the advertising neighbor lost the default route in its own RIB" and honestly I wasn't sure. And I hate being unsure of "Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-68155698493804074892015-05-18T13:23:00.001-05:002015-05-18T17:10:38.724-05:00TCP SACK DemystifiedIn this blogtorial, we will briefly explore TCP SACK (Selective Acknowledgement) option and the benefits of using TCP Selective Acknowledgement. TCP SACK is negotiated in the initial 3-way TCP handshake and both parties must agree to use this option or TCP SACK will not be permitted.
Let's walk through an example and observe what happens when SACK is not enabled.
Notice that although the Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-90437020034070999922015-05-01T07:23:00.000-05:002015-05-18T13:24:19.716-05:00BGP Wedgies - Demystified Usually when we configure BGP we expect the network to converge correctly after all the peerings come up, however under rare circumstances this is not the case. In this blogtorial, we will explore one such corner case scenario in which depending on the order of operation, the BGP topology can end up in a unpredictable topology or a BGP Wedgie.
Here is the topology.
As usual let's go Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-63079349313195201602015-04-16T04:29:00.001-05:002015-04-16T08:24:09.417-05:00Configuring Cisco - BGP Best ExternalIn this blogtorial, we will briefly explore "BGP Best External" feature and walk through a scenario on how we can achieve sub-millisecond convergence with BGP. This feature is usually used in MPLS environment, although you can pretty much use it anywhere if the design allows it. Here is a simple topology so follow me.
In this topology we have 2 CE routers eBGP peered with 2 PE routers (R2 andArwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-16042691468309416332015-04-10T06:03:00.003-05:002015-04-10T16:46:03.841-05:00What are TCP Spurious Retransmissions?First time I saw on "TCP Spurious Retransmissions" on Wireshark, I had to look up the definition of Spurious on Google as I've never heard that word before :). It reads "not being what it purports to be; false or fake". Fake retransmissions? hmmm ... interesting ... started to wonder what this really means. After some investigation, I found out what these mysterious Spurious retransmissions Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0tag:blogger.com,1999:blog-1541776931871872956.post-89506117918273516142015-04-09T15:01:00.002-05:002015-04-10T14:42:48.552-05:00Troubleshooting eBGP peering
Simple .... BGP topology ... can you get eBGP up and running between R1 and R2?
Objective:
Establish successful and stable eBGP relationship between R1 and R2. With the current start-up config, BGP is IDLE.
Topology diagram and startup config are posted below.
Now obviously the Objective is fairly simple, so let's make it interesting with these restrictions.
Restrictions:
Arwin Reprakashhttp://www.blogger.com/profile/15896441121883046207noreply@blogger.com0