I’ve recently been working with a client on magically spinning up entire environments in AWS. This means I’ve learned a fair bit about AWS on the way! Without going into too much detail (as it’s the clients work), we have been bootstrapping Palo Alto firewalls. This allows you to be able to stand up a
My client recently did a fairly big change to the edge network in their data centre, including a migration to 4-byte AS numbers. This wasn’t without it’s challenges. So here is a (long) post about the challenges we faced, and some explanations of some of the more advanced features of BGP such as local-as no-prepend
I recently bought a 4 bay synology NAS (DS416 Play). The main issue I had was off-site backups. It’s ok having 4 disks for resilience, but if my house burns down or gets burgled, I still lose everything. So I started to think up ways of doing an offsite backup, without having to remember to
A few days ago I stumbled upon the python interpreter on the Nexus platform. It got me to tinkering. In the past, I have had a requirement to grab a list of all of the interfaces on a box, the IP’s, and the masks. The interfaces and IP’s can easily be obtained from a show
A number of times in the last few weeks I have been asked by a number of people: What is ARP? There is the simple answer – which is simply a definition: Address Resolution Protocol (ARP) is a mechanism to resolve IP addresses into MAC addresses. However…that doesn’t really explain a lot. It probably doesn’t
While troubleshooting a totally unrelated issue, one of my colleagues noticed that they were seeing packets in a tcpdump that were neither destined for nor sourced from the server. This is odd, when plugged into a switch, so we started digging. Server 1, was sending a stream of packets to Server 2 – in a
It’s been a mad couple of weeks with Nexus 7000’s. My client hit a software bug on their Nexus 7k, which turned out to be a most impressive bug. It basically causes the flash drives to be erroneously marked as faulty, which then causes them to be remounted in read only. The first symptom was
Recently we had a Cisco Web Security Appliance (WSA) Proxy fail. When I say fail, I mean a single stick of RAM failed after a reboot. Cisco said RAM isn’t replaceable so we had to RMA the whole box (odd for a device that is basically a rebadged server…maybe I have a money saving idea
While going over some OSPF stuff today, I found a statement saying that OSPF network types have to match for routers for form a neighbour relationship. Because I’m a nerd, I questioned this. My reason? I don’t remember OSPF network type being a field in the hello packet header. And if it’s not in the
I encountered an issue recently while trying to allow access to a new subnet over an existing VPN. The far end device was a Cisco router, and had an access list matching an entire class A subnet which was applied to the crypto map. The traffic destined for the new subnet was arriving at our