Open Shortest Path First (OSPF) 🗺️ Areas are a way to divide an OSPF domain into smaller, logical chunks, which allows for less resources to be used by the OSPF process. Each interface on an OSPF router can only be member of a single area, however, an OSPF router can have interfaces in multiple areas, thus becoming an Area Border Router (ABR). A unique LSDB will be created for each area that a router is a member of.
The basics of routing When traffic needs to traverse different networks it must be routed. This is usually done in a router (hence the name). In order for a router to send a packet correctly, it must know which interface to route the packet out of, and in the case of non point-to-point links it also needs to know which L2 device to send the frame to. In order to do this the router will keep a table of all the currently active routes which will then be used to program the ASICs with.
I recently migrated my site to Azure Static Web App (SWA) using their free tier and Hugo to generate the static webpage from my markdown blog notes. This has really cleaned up the infrastructure, operations and security of the blog.gurfin.se-site.
This new setup allows me to to DDoS protection, security header injection, SSL-encryption, WAF, Continuous Integration, Continuous Deployment, version control, CDN caching and proxying. And all the blog posts are written in Markdown in Obsidian or Vim:
Spanning tree is a system developed to prevent loops in layer two networks. Unlike on L3, frames do not have a TTL that decrements with each hop. To further complicate loop prevention on L2, the usage of broadcast frames is used very frequently. Although this is beneficial for the simplicity of the hosts on the L2 network, this does cause some added complication in loop prevention.
Why? 🤷🏻♂️ As the need for redundancy in networking grew, the desire to run multiple links between switches needed to be addressed.
Is this the tech bro equivalent of dying your hair a different color? /s
I have wanted to move away from the WordPress based solution that I used for blog.gurfin.se for some time now. Given that WordPress is prone to… inviting, uninvited, guests… I wanted to move to something that was more secure and lighter weight.
I recently ran into this issue at work where we wanted connect a Cisco Catalyst Center (CatC) to a Cisco Identity Service Engine (ISE) server. There is a ISE integration, but for this use case we only want to connect the CatC to ISE using TACACS.
Begin by logging into the maglev console of the CatC. When you are logged in there you can enter the following command to allow login via external IDP and local admin users:
In the beginning of LANs the Layer 1 media was shared between all devices in said LAN. They all received and transmitted on the same wires, at the same time. This is whats known as half-duplex (only send or received, not both). In this configuration devices would sometimes send traffic at the same time, which causes interference on Layer 1. The resulting interference can be enough to disrupt the communications. The shared “area” in which devices are connected to is known as a “collision domain”.
So I have been working quite a bit on the MPLS WAN setup the past few weeks. Currently I have two sites running the new MPLS nodes as their gateway and one more currently staged which will be installed in the coming weeks.
I still have some work to do for the sites which use multiple wan connections, but the primary WAN works great! I have also setup network monitoring using LibreNMS which allows me to do ICMP and SNMP monitoring, while also letting me build custom triggers for alerts.
I ran into an interesting issue at work today. One of our customers were having issues with a site in Gothenburg. They were using L2VPNs as circuits between their central site and the remote sites. Across this L2VPN they are running MPLS MP-eBGP peering using inter AS option 2b to allow multiplexing of different routing-instances on the WAN. We were observing BGP flapping between the secondary ASBR router on site and their central ASBR router.
This will be a living document, for troubleshooting and tracing MPLS traffic. The idea is for me and others to be able to reference this post for basic MPLS troubleshooting.
MPLS purpose and MPLS packet headers The original purpose of MPLS was to allow for faster packet routing through a provider network. This is because the actual forwarding operation on the routers is more efficient when using the labels for forwarding decisions, compared to looking up IP-addresses.
