Big Gaming Protocol The big bad Border Gateway Protocol (BGP) is, unlike the OSPF, EIGRP and ISIS, an eBGP designed to connect together large scale networks. Because BGP is built for scale, it is tuned to be a bit more stable than the IGPs. For example it does not allow for dynamic neighbor discovery, but rather each neighbor must be explicitly specified. The BGP hold timers are also a lot more generous than the IGP timers, with the default being 3 minutes.
Building an IaC BIND9 DNS deployment on kubernetes For some time now I have been displeased with my DNS server setup. Previously I have had a single Pi-hole instance running on a Raspberry Pi at one of my sites. This means that private DNS resolution, for the entire network, was dependent on a single site and a single compute node. This Single Point of Failure (SPoF) is not something i was to happy with, and I did not want to point all my client networks to a singular Raspberry Pi.
OSPF version 3 To support IPv6 routing, OSPF version 3 (OSPFv3) was created. It has support for both IPv4 and IPv6, but is not backwards compatible with the version 2 standard. In fact, the protocol is designed to be independent on the address family type. The communication between routers is based entirely on IPv6 though, using link-local addresses. There is also support for multiple instances within a network, which allows you to configure which routers are able to form adjacencies.
Path selection for good old OSPF Path selection is based on the Shortest Path Tree (SPT) found using Dijkstra’s Shortest Path First (SPF) algorithm. Generally OSPF prefers intra-area routes, inter-area routes and external routes, ordered from most to least preferred. If two paths exists for a given route, within the same area, then the one with the lost total metric is injected into the RIB. If two routes have equal total metrics, then both are generally injected into the RIB.
Open Shortest Path First (OSPF) πΊοΈ Areas are a way to divide an OSPF domain into smaller, logical chunks, which allows for less resources to be used by the OSPF process. Each interface on an OSPF router can only be member of a single area, however, an OSPF router can have interfaces in multiple areas, thus becoming an Area Border Router (ABR). A unique LSDB will be created for each area that a router is a member of.
The basics of routing When traffic needs to traverse different networks it must be routed. This is usually done in a router (hence the name). In order for a router to send a packet correctly, it must know which interface to route the packet out of, and in the case of non point-to-point links it also needs to know which L2 device to send the frame to. In order to do this the router will keep a table of all the currently active routes which will then be used to program the ASICs with.
I recently migrated my site to Azure Static Web App (SWA) using their free tier and Hugo to generate the static webpage from my markdown blog notes. This has really cleaned up the infrastructure, operations and security of the blog.gurfin.se-site.
This new setup allows me to to DDoS protection, security header injection, SSL-encryption, WAF, Continuous Integration, Continuous Deployment, version control, CDN caching and proxying. And all the blog posts are written in Markdown in Obsidian or Vim:
Spanning tree is a system developed to prevent loops in layer two networks. Unlike on L3, frames do not have a TTL that decrements with each hop. To further complicate loop prevention on L2, the usage of broadcast frames is used very frequently. Although this is beneficial for the simplicity of the hosts on the L2 network, this does cause some added complication in loop prevention.
Why? π€·π»ββοΈ As the need for redundancy in networking grew, the desire to run multiple links between switches needed to be addressed.
Is this the tech bro equivalent of dying your hair a different color? /s
I have wanted to move away from the WordPress based solution that I used for blog.gurfin.se for some time now. Given that WordPress is prone to… inviting, uninvited, guests… I wanted to move to something that was more secure and lighter weight.
I recently ran into this issue at work where we wanted connect a Cisco Catalyst Center (CatC) to a Cisco Identity Service Engine (ISE) server. There is a ISE integration, but for this use case we only want to connect the CatC to ISE using TACACS.
Begin by logging into the maglev console of the CatC. When you are logged in there you can enter the following command to allow login via external IDP and local admin users:
