Tuesday, October 8, 2013

BGP Conditionally Injected Loops

While writing up the previous post on BGP Conditional Route Injection I got an idea while I was verifying the information in the post. I thought I saw a way for a loop to form in that the injected route would be learned by a router making it send traffic in the wrong direction.

It turns out I was right.

BGP Conditional Route Injection

This is one of those “complicated” configs. There’s a bunch of typing involved, and the syntax need to be just so.  I labbed this up tonight and it didn’t work. I proceeded to stare at my config for the next 30 minutes before I saw my error. This, my friend, is how you fail the TS section. So in the hopes that I don’t pull the same stunt with this feature come Lab day you folks are now treated to another blog post!

Sunday, September 22, 2013

RIP Distribute-lists and the Extended ACL

Here’s a neat trick that’s an easy one to screw up or forget the syntax on.  In RIP (and EIGRP as well I believe) you can use an extended access-list to filter out specific routes advertised by specific neighbours.  This is done using the source and destination fields of the extended ACL to specify source of the routing update, and the route(s) you want to filter respectively.

Example after the jump.

Thursday, September 19, 2013

Meraki MR12 Initial Setup and First Thoughts

I managed to get myself a Meraki MR12 access point after attending one of their webinars simply because I am an IT professional.  For free.  Pretty good deal eh?


Since I have a blog I thought I'd post up some thoughts on the MR12, and Meraki in general.  In the interests of full disclosure I do work for a Meraki partner, though to date I'm not aware of any deals we've completed.  And of course, they gave me this AP for attending their webinar. 

Thursday, September 5, 2013

Help Please: PPP Multilink

I'm going to try something a little different for this post.  Usually I take something that I've been labbing that I find interesting, or challenging, and document it for memory retention and your reading enjoyment.  This time I've got a config-let for PPP Multilink that I found quite by accident that I don't know is "right" or not.  It works, so that would mean it's right enough, but I'm hoping that someone out there can point me at some supporting documentation that can clarify what the difference is between this method and what I'll call the more traditional method, and why you would use one over the other.

Monday, September 2, 2013

VTP Transparent Mode Relay Caveat

As I get my fingers back in shape for the Lab I figured a little VTP practice tonight was in order.  VTP is fairly straightforward, so I wasn't expecting anything unusual when I started in on a little bit of config with a transparent VTP switch...

I've previously run under the assumption that a VTP transparent switch will relay VTP frames as long as it is in the same domain as the VTP frame it receives.  If there's a mismatch then the frame is discarded.  Well, this is still true, but there's a third scenario that I hadn't ever really considered before: the domain is set to NULL.

Thursday, August 29, 2013

MPLS and the Next Hop

This week I discovered that in all my labbing it would seem that I have never tried to run L3VPN MPLS over a Frame Relay hub and spoke configuration using OSPF and the provider IGP with a broadcast network type.  The reason that I know I’ve never done this before is because it just doesn’t work.  This seems like a sneaky little scenario for a TS task so here’s what things look like should you ever encounter it.

Sunday, February 24, 2013

I hate LAX.

I hate LAX.

If ever there was an airport that sits on the edge of a land the $Diety forgot, this is that airport.  I'd call it Hell, but it's more of a special type of Purgatory where people go to be forgotten, wandering between terminals having to go out of and into security between flights, where you sit in armpit terminals waiting for your aircraft for hours while watching the delayed time increment by 15 minute intervals every 15 minutes.  Best of all, even once your plane finally gets to the gate you're informed over the amazingly unintelligible PA system that there are mechanical issues and they're getting a mechanic to come out and look at the problem.

And that about sums up my afternoon sitting in the American Eagle terminal.

When Dreams Die (Or at least get put on hold)

On February 21st, 2013 I failed the CCIE R&S lab for the 5th time.

I've been working towards the CCIE for about 2.5 years now.  I passed the written in Jan 2011, and I've been working on the lab ever since.  I've put nearly my entire life, both personal and professional, on hold while I've chased this dream.  That's been a luxury that has caught up with me finally and now my attention must be focused in other areas.  I am no longer able to spend weekday evenings, and the majority of my weekends in my den, with my rack, furiously typing away on the CLI.

I'm hoping I can still get a hour or two here and there to at least keep things fresh in my mind.  Maybe come late fall or winter I will be better prepared to ramp up again for another attempt.  But in the meantime I need to look at buying a house, move to a new city, focus on work and some partner related certifications that my employer would like me to get, and deal with a couple neglected customers.

I still plan to post up here as much as I can.  I had always intended to keep this going post CCIE.  I even have a few ideas about some things I'd like to do in making this more of a full site beyond simple blog posts.  Maybe this hiatus will allow me to do some of that.

Thanks to everyone who stops by here and reads what I put out.  And thanks to everyone who's helped me along the way so far.  With a little luck I can be back on the trail sooner rather than later.

Saturday, February 9, 2013


Thanks to everyone who has ever been here, and those of you that keep coming back.  Somehow this blog has managed to rack up 50,000 page views in the time it's been online. Sure, it's a small number compared to an actually big Internet site, but to think that my blog has been looked at 50,000 times is pretty amazing to me and I certainly don't take it for granted.

So here's to all of you! You people kick ass!


Tuesday, February 5, 2013

Mind Your IPv6 PIM Designated Routers

IPv6. Multicasting.

Anyone still here to read this?  There is?  I didn’t scare all of you off?


While labbing last night I managed to configure myself a perfectly non-working IPv6 multicast configuration that appeared to have nothing wrong.  In fact, under certain circumstances it did work, but the one specific test I wanted to do to prove reachability just simply wasn’t working.  I eventually managed to sort it out, though it took a bit of brute forcing PIM parameters to get it to work, and to then sort out why it worked.

Thursday, January 24, 2013

Broken Network's Quick and Dirty Guide to Traffic Shaping

This is a very brief look at Generic Traffic Shaping (GTS), Frame Relay Traffic Shaping (FRTS) and Class Based Traffic Shaping. Nothing more, nothing less. You won’t learn the finer points of traffic shaping from this post, but you will see configuration examples of all three so that you’ll know the difference between them when you see them in a config, or if you’re asked to configure a specific type.

Monday, January 14, 2013

Assigning Addresses over PPP using DHCP

This topic is something that seems to kick my ass every time I need to configure it.  For some reason I can easily remember how to set up PPPoE, and I can remember how to dynamically assign addresses to the clients using IPCP without issue.  But for some reason I have a real mental block when it comes to using DHCP instead.  To that end, it’s time to blog it!

Friday, January 4, 2013

Spoofing Source IP's with a Fortigate

Something new for the blog: A Fortinet post! 

I work for a Fortinet partner, and in the last few months I've been doing more and more work with their Fortigate line.  Tonight I just discovered a really handy "feature" that has allowed me to test a change that $Provider made to their routing that I wasn't able to test directly.  Details after the jump.