Avatar
🥸

Organizations

  • I recently migrated my site to Azure Static Web App (SWA) using their free tier and Hugo to generate the static webpage from my markdown blog notes. This has really cleaned up the infrastructure, operations and security of the blog.gurfin.se-site. This new setup allows me to to DDoS protection, security header injection, SSL-encryption, WAF, Continuous Integration, Continuous Deployment, version control, CDN caching and proxying. And all the blog posts are written in Markdown in Obsidian or Vim:
    Cloud Created Mon, 13 Jan 2025 08:00:00 +0100
  • Spanning tree is a system developed to prevent loops in layer two networks. Unlike on L3, frames do not have a TTL that decrements with each hop. To further complicate loop prevention on L2, the usage of broadcast frames is used very frequently. Although this is beneficial for the simplicity of the hosts on the L2 network, this does cause some added complication in loop prevention. Why? 🤷🏻‍♂️ As the need for redundancy in networking grew, the desire to run multiple links between switches needed to be addressed.
    ENCORE Created Mon, 06 Jan 2025 00:00:00 +0000
  • Is this the tech bro equivalent of dying your hair a different color? /s

    I have wanted to move away from the WordPress based solution that I used for blog.gurfin.se for some time now. Given that WordPress is prone to… inviting, uninvited, guests… I wanted to move to something that was more secure and lighter weight.

    Cloud Created Fri, 03 Jan 2025 21:26:00 +0100
  • I recently ran into this issue at work where we wanted connect a Cisco Catalyst Center (CatC) to a Cisco Identity Service Engine (ISE) server. There is a ISE integration, but for this use case we only want to connect the CatC to ISE using TACACS. Begin by logging into the maglev console of the CatC. When you are logged in there you can enter the following command to allow login via external IDP and local admin users:
    Created Mon, 11 Nov 2024 12:31:15 +0100
  • In the beginning of LANs the Layer 1 media was shared between all devices in said LAN. They all received and transmitted on the same wires, at the same time. This is whats known as half-duplex (only send or received, not both). In this configuration devices would sometimes send traffic at the same time, which causes interference on Layer 1. The resulting interference can be enough to disrupt the communications. The shared “area” in which devices are connected to is known as a “collision domain”.
    ENCORE Created Mon, 04 Nov 2024 12:28:35 +0100
  • So I have been working quite a bit on the MPLS WAN setup the past few weeks. Currently I have two sites running the new MPLS nodes as their gateway and one more currently staged which will be installed in the coming weeks. I still have some work to do for the sites which use multiple wan connections, but the primary WAN works great! I have also setup network monitoring using LibreNMS which allows me to do ICMP and SNMP monitoring, while also letting me build custom triggers for alerts.
    Created Sun, 19 May 2024 12:25:13 +0100
  • I ran into an interesting issue at work today. One of our customers were having issues with a site in Gothenburg. They were using L2VPNs as circuits between their central site and the remote sites. Across this L2VPN they are running MPLS MP-eBGP peering using inter AS option 2b to allow multiplexing of different routing-instances on the WAN. We were observing BGP flapping between the secondary ASBR router on site and their central ASBR router.
    Created Fri, 26 Apr 2024 12:22:55 +0100
  • This will be a living document, for troubleshooting and tracing MPLS traffic. The idea is for me and others to be able to reference this post for basic MPLS troubleshooting. MPLS purpose and MPLS packet headers The original purpose of MPLS was to allow for faster packet routing through a provider network. This is because the actual forwarding operation on the routers is more efficient when using the labels for forwarding decisions, compared to looking up IP-addresses.
    Created Mon, 22 Apr 2024 12:18:51 +0100
  • The past two weeks I have been working hard at getting the new MPLS WAN up and running. The idea is to build a scaleable solution, even though my MPLS cloud never will grow large enough to require the scalability. The plan is also to allow my colleagues to join the MPLS WAN, which means I need to think about locking down the WAN to keep them out of restricted parts of my provider core.
    Created Fri, 15 Mar 2024 12:02:40 +0100
  • In my series DC@Home I recently ran into the issue of how to filter which VRF:s should be allowed to propagate from the provider core, out to the customer sites. It turns our it is quite simple and can be done in a manner similar to prefix-lists for regular BGP peering. For VPNv4 multiplexing the MP-BGP session uses extended community tags to separate the traffic. We can use a route-map combined with a extcommunity-list to filter which route-targets are allowed to traverse the peering.
    Created Thu, 07 Mar 2024 11:55:01 +0100
Next