CCIE Journey - 11/3/14 - Study Plan v5

I am back on the CCIE v5 studies again. I have been studying on and off for a few years now, but now I am motivated more than ever. After reviewing blogs/discussion boards on how people who are also on the same grueling but equally rewarding journey studied for their CCIE exam, I put together a study schedule that I believe fits my busy schedule. The most challenging aspect of studying for one of the toughest exam is finding "uninterrupted" time slots where you can actually study. People always ask me “when do you find the time to study with family, kids, work and life?” My response to them is always the same "you don’t find time. You and I both have the same amount of time in day. What matters is how you utilize it". If you need more time to do what you want – then be awake for most of the day and get up early!!

CCIE has been sort of like a light switch in my brain that I have been turning on and off and this time I am rewiring this light directly into the main grid and it's staying on ... constant. Here is the study schedule for now till I get closer to my full 8hr labs. 

PHP - Connecting to PSQL from PHP

Quick post on how to connect to PSQL from PHP, run queries, and retrieve results. You can use the same syntax for inserts, updates and other statements.

linux-test# vim test.php

PHP - Reading a file into an array

Quick post on how to read a file into an array. As always there are more than one way to do this.

First create a test.txt file with some lines in it.

linux-test# echo 1st line >> test.txt
linux-test# echo 2nd line >> test.txt
linux-test# echo 3rd line >> test.txt
linux-test# echo 4th line >> test.txt

BGP - Troubleshooting Lab 3

Objective: 

• Establish iBGP between R1 and R2. 

Restrictions: 

• Cannot change AS numbers on any of the routers.
• No other static routes can be added 
• No interface changes
• No tunnels

Topology below:

I came across this issue the other day and it took me a few minutes to figure it out. So let's see how y'all do. 

Post your comments below on how you would solve this issue. 

Linux RP_Filter RPF_Check

"Network Engineer T-Shirt ... Fixing your network one misconfigured server at a time" -- I saw that shirt today online and I should have purchased it :). I came across an issue today where multicast was being received on the Server on eth1 (confirmed by tcpdump) but it was not showing up in the application. After checking out PIM/IGMP/Mroutes/Routers/Switches I started checking out the Server because the network looked like it was configured correctly.

Convergence between SVI vs Routed Interface - Cisco 3548 NXOS

Convergence of SVI vs. Routed link on a Cisco 3548 Nexus running A1.1c

Link failures were simulated by “shut” on the remote interface.

SVI – L2 VLAN

 switch#  
 2014 Aug 28 10:04:06.348524 switch %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/9 is down (Link failure)  
 2014 Aug 28 10:04:06.478105 urib: "direct": 1.1.1.0/24 no more next hops  
 2014 Aug 28 10:04:06.478419 urib: 1.1.1.0/24 Deleting & Freeing  
 2014 Aug 28 10:04:06.479344 urib: "local": 1.1.1.1/32 no more next hops  
 2014 Aug 28 10:04:06.479618 urib: 1.1.1.1/32 Deleting & Freeing  
 2014 Aug 28 10:04:06.479954 urib: "broadcast": 1.1.1.255/32 no more next hops  
 2014 Aug 28 10:04:06.480215 urib: 1.1.1.255/32 Deleting & Freeing  
 2014 Aug 28 10:04:06.480542 urib: "broadcast": 1.1.1.0/32 no more next hops  
 2014 Aug 28 10:04:06.480951 urib: 1.1.1.0/32 Deleting & Freeing  
 2014 Aug 28 10:04:06.696703 urib: "am": 1.1.1.2/32 no more next hops  
 2014 Aug 28 10:04:06.697117 urib: 1.1.1.2/32 Deleting & Freeing  

Route deletion = 478419 – 348524 =  129895us

Configuring Arista - VARP aka Virtual ARP

Traditional FHRP (First Hop Redundancy Protocol) such as VRRP or HSRP allows only one gateway to forward at any given point in time. There is an 'Active' forwarder while the other forwarder stays in standby mode monitoring and only to become 'Active' when there is a failure on the 'Active' node. VARP or Virtual ARP (Arista's proprietary) solves this issue elegantly by allowing all configured nodes to be forwarding traffic rather the one of the node sitting idle. In this blogtorial we will configure and verify VARP and since there is not really much to the configuration, this 'how-to' should be a quick one. If you need a primer on FHRP such HSRP/VRRP/GLBP/IRDP please see my other blogtorials here.

Consider this topology with a traditional FHRP deployed such as VRRP.

Configuring Arista MLAG - Basic setup

Layer 2 All links forwarding none blocking ... Take that Spanning Tree!! (-- no offense Radia Perlman :) --) This is what you get with Arista's proprietary MLAG -- short for Multi-Chassis Link Aggregation. Although Spanning-Tree is extremely efficient at preventing loops and keeping your network healthy, it does come with a hefty price tag -- essentially blocking half of your uplinks. In this blogtorial, we will go through brief overview of spanning-tree and then deep dive into MLAG concepts, caveats, and configurations. As of this writing, MLAG is currently supported on Arista's 75xx, 7500E, 7048, 7150, 7050, 7050X, 7250X, and 7300X. If you are familiar with Cisco's proprietary vPC (Virtual Port-Channel) then most of this should be fairly straight forward.

Consider this traditional Layer 2 design where half of your links are blocked to prevent loops in the network.

PHP - Connecting to MYSQL and running queries

TIDBIT blogtorial - Short and informational.

MYSQL connection and handling queries

 // Create connection  
 $con=mysqli_connect("localhost","username","password","dba");  
 // Check connection  
 if (mysqli_connect_errno()) {  
      echo "Failed to connect to MySQL: " . mysqli_connect_error();  
 }  

 //Query String  
 $current_query = "select test from testtable";  
 //Get the results  
  $current_query_result = mysqli_query($con,$current_query);  
 //Loop through the results  
    while ($row = mysqli_fetch_array($current_query_result, MYSQL_NUM)) {  
     echo "Row value is $row[0]\n";  
    }

Many more articles to come so ....

Please subscribe/comment/+1 if you like my posts as it keeps me motivated to write more and spread the knowledge.

Checkpoint Firewall FTP issues - 'quote password' or Account command ('ACCT')

I usually post stuff about Cisco, but recently I got exposure to Checkpoint so I am adding Checkpoint to my library. I am currently working on a 3 part series on "how-to" install virtual Checkpoint Firewalls on a Linux KVM hypervisor. A quick search on Google reveals 0 posts related to this, so mine might be the first "how-to" on this topic. Stay tuned for more Checkpoint related posts in the near future.

Here is my first post on Checkpoint regarding the FTP issue "Wrong username or password". I will try to keep it short!!  

Trying to FTP from command prompt on a windows machine.

 Command line ftp:  
 ftp ###.###.###.###  
 Connected to ###.###.###.### (###.###.###.###).  
 220 Check Point FireWall-1 Secure FTP server running on XXXXXX  
 Name (###.###.###.###:XXXXX): usernamejoe  
 331 password: you can use password@password  
 Password:  
 200 password: you can use 'quote password' or Account command ('ACCT')  
 ftp> pass  
 Passive mode off.  
 ftp> ls  
 421-Access denied - wrong user name or password   
 421 aborted  

Cisco Nexus ERROR MSG - SFP Validation Failed

I came across the other day when I was bringing up a new connection on a Cisco 3548 Nexus.

"SFP validation failed"

This happens when the speed is set on an interface and the SFP does not support it. To fix it get into interface config mode and type.

 switchport host
 shut
 no speed
 no duplex
 no shut

Many more articles to come so ....

Please subscribe/comment/+1 if you like my posts as it keeps me motivated to write more and spread the knowledge.

Cannot SSH into ASA - ssh_exchange_identification: Connection closed by remote host

I usually write quiet a bit but I figured I would keep track of these small error messages also. So here it goes .. last week I ran across an issue on one of the ASAs. Here is the error message.

"ssh_exchange_identification: Connection closed by remote host"

How to fix it?

Telnet or console into the ASA and type this in the global config mode.

ASA(config)#crypto key generate rsa modules 1024

Save the config (wr).

That should resolve your issue.

Many more articles to come so ....

Please subscribe/comment/+1 if you like my posts as it keeps me motivated to write more and spread the knowledge.

100K+ page views :)

Started this blog a few years back ... never thought I would have this many hits .. Thanks

100K+!!!

Cisco Nexus 3548 - Configuring Active Latency Monitoring Hidden Cisco commands

In my previous blogtorial 'Cisco Nexus 3548 - Configuring Active Buffer Monitoring' I demonstrated how we can monitor buffer spaces, however what if I wanted to know the latency profile of the entire switch or per port. Enter the world of Cisco hidden commands and that's where you will find 'Active Latency Monitoring' quietly lurking around. These set of commands will enable switch latency profile measurements and give you the per port latency statistics such as total frame count within a time period, the min/max/avg latency for those frames.

For some reason, Cisco decided to keep it hidden although it may be added to the next release. As of now use this command with caution, since it is hidden it is not supported in the configuration (yet). 

Here is how you configure 'Active Latency Monitoring' on a Cisco Nexus 3548.