Author: nick

shape
shape
shape
shape
shape
shape
shape
shape
Standard

Automated Deployments of Palo Alto Firewalls in AWS

I’ve recently been working with a client on magically spinning up entire environments in AWS. This means I’ve learned a fair bit about AWS on the way! Without going into too much detail (as it’s the clients work), we have been bootstrapping Palo Alto firewalls. This allows you to be able to stand up a

Standard

eBGP – ECMP in depth!

My client recently did a fairly big change to the edge network in their data centre, including a migration to 4-byte AS numbers. This wasn’t without it’s challenges. So here is a (long) post about the challenges we faced, and some explanations of some of the more advanced features of BGP such as local-as no-prepend

Standard

Off-site backups for Synology NAS – using two raspberry pi’s, behind dynamic NAT IP’s

I recently bought a 4 bay synology NAS (DS416 Play). The main issue I had was off-site backups. It’s ok having 4 disks for resilience, but if my house burns down or gets burgled, I still lose everything. So I started to think up ways of doing an offsite backup, without having to remember to

Standard

Python Scripting on a Cisco Nexus 7k

A few days ago I stumbled upon the python interpreter on the Nexus platform. It got me to tinkering. In the past, I have had a requirement to grab a list of all of the interfaces on a box, the IP’s, and the masks. The interfaces and IP’s can easily be obtained from a show

Standard

What is ARP?

A number of times in the last few weeks I have been asked by a number of people: What is ARP? There is the simple answer – which is simply a definition: Address Resolution Protocol (ARP) is a mechanism to resolve IP addresses into MAC addresses. However…that doesn’t really explain a lot. It probably doesn’t

Standard

Why am I seeing packets on my server that aren’t for this server?

While troubleshooting a totally unrelated issue, one of my colleagues noticed that they were seeing packets in a tcpdump that were neither destined for nor sourced from the server. This is odd, when plugged into a switch, so we started digging. Server 1, was sending a stream of packets to Server 2 – in a

Standard

Nexus 7000 Software Bug – Flash RAID Errors – 7k Reboot and Failover

It’s been a mad couple of weeks with Nexus 7000’s. My client hit a software bug on their Nexus 7k, which turned out to be a most impressive bug. It basically causes the flash drives to be erroneously marked as faulty, which then causes them to be remounted in read only. The first symptom was

Standard

Replacing a failed Cisco Ironport Web Security Appliance Proxy

Recently we had a Cisco Web Security Appliance (WSA) Proxy fail. When I say fail, I mean a single stick of RAM failed after a reboot. Cisco said RAM isn’t replaceable so we had to RMA the whole box (odd for a device that is basically a rebadged server…maybe I have a money saving idea

Standard

OSPF Network Types – A Neighbour Killer?

While going over some OSPF stuff today, I found a statement saying that OSPF network types have to match for routers for form a neighbour relationship. Because I’m a nerd, I questioned this. My reason? I don’t remember OSPF network type being a field in the hello packet header. And if it’s not in the

Standard

Checkpoint VPN Error: According to the policy the packet should not have been decrypted

I encountered an issue recently while trying to allow access to a new subnet over an existing VPN. The far end device was a Cisco router, and had an access list matching an entire class A subnet which was applied to the crypto map. The traffic destined for the new subnet was arriving at our