Messages

[Linux iptables part II: IPv6 and NAT]

Linux iptables part II: IPv6 and NAT

After the basics in part I, on to IPv6 and NAT. The title is misleading here: iptables exists for IPv6 and iptables can do NAT, but iptables cannot do NAT for IPv6 connections. As for IPv6, this part is very simple: just add a ‘6’ between ‘ip’ and ‘tables’… … and it will work for […]
Source: Linux iptables part II: IPv6 and NAT

From https://reggle.wordpress.com/

[Linux iptables part I: basic rules]

Linux iptables part I: basic rules

Most modern Linux distributions come with a firewall package already active. Since it’s often set in an ‘allow-all’ mode, people are often unaware of it. Meet iptables, a basic yet powerful stateful firewall. You can see a default ‘allow-all’ policy above. Note that there are three different chains: INPUT, FORWARD and OUTPUT. Traffic can only match […]
Source: Linux iptables part I: basic rules

From https://reggle.wordpress.com/

[Route leaking between VRFs using BGP.]

Route leaking between VRFs using BGP.

This article further continues on earlier experiments. While using internal tunnels gave a logically ‘simple’ point-to-point network seen from a layer 3 point of view, it came with the drawback of complex header calculations, resulting in CPU hogging on devices capable of hardware switching. Using some route-maps to choose VRFs for flows proved interesting, but […]
Source: Route leaking between VRFs using BGP.

From https://reggle.wordpress.com/

[Home lab: My GRE tunnel endeavors.]

Home lab: My GRE tunnel endeavors.

This article is not really written with knowledge usable for a production network in mind. It’s more of an “I have not failed. I’ve just found 10,000 ways that won’t work.” kind of article. I’m currently in a mailing group with fellow network engineers who are setting up GRE tunnels to each others home networks […]
Source: Home lab: My GRE tunnel endeavors.

From https://reggle.wordpress.com/

[Efficient connection logging on a switch.]

Efficient connection logging on a switch.

I know, it’s been quiet on this blog for the past months. But here we are again, starting off with a simple post. Maybe not much real world practical use, but fun to know. Dealing with ACLs requires more protocol knowledge compared to dealing with a stateful firewall. A stateful firewall takes care of return […]
Source: Efficient connection logging on a switch.

From https://reggle.wordpress.com/

[I passed the ARCH exam!]

I passed the ARCH exam!

It’s been a while since I’ve posted something here. Multiple reasons of course, but lately I just had to focus on learning so much I didn’t take the time for it anymore. Why? Well since I got my CCNP almost three years ago, it had to be recertified. Together with my CCDA that presented the […]
Source: I passed the ARCH exam!

From https://reggle.wordpress.com/

[Tracing unexpected BPDU packets in a LAN.]

Tracing unexpected BPDU packets in a LAN.

Disclaimer: the logs are taken from a production network but the values (VLAN ID, names) are randomized. Recently, I encountered an issue on a Campus LAN while performing routine checks: spanning tree seemed to undergo regular changes. The LAN in question uses five VLANs and RPVST+, a Cisco-only LAN. At first sight there was no […]
Source: Tracing unexpected BPDU packets in a LAN.

From https://reggle.wordpress.com/

[VLANs, 3560 and a simple home router.]

VLANs, 3560 and a simple home router.

Just a simple article about something I recently did in my home network. I wanted to prepare the network for a Squid proxy, and design it in such a way that the client devices did not require proxy settings. Having trouble placing it inline, I decided I could use WCCP. However, that requires separate VLANs. […]
Source: VLANs, 3560 and a simple home router.

From https://reggle.wordpress.com/

[Redundant switch design without spanning tree.]

Redundant switch design without spanning tree.

And no FabricPath either. This one works without any active protocol involved, and no blocked links. Too good to be true? Of course! Take the above example design: three switches connected by port channels. Let’s assume users connect to these switches with desktops. Using a normal design, spanning tree would be configured (MST, RPVST+, you pick) […]
Source: Redundant switch design without spanning tree.

From https://reggle.wordpress.com/

[DoS attack types.]

DoS attack types.

Everyone has heard of a DoS attack: a Denial of Service attack that consumes a server’s resources, taking it (temporarily) offline. However, more that one type of DoS attack exists. I’m going to discuss a few here to clarify the complexity in defending against them. The SYN attack One of the most simple and well-known […]
Source: DoS attack types.

From https://reggle.wordpress.com/

[Linux iptables part II: IPv6 and NAT]

Linux iptables part II: IPv6 and NAT

After the basics in part I, on to IPv6 and NAT. The title is misleading here: iptables exists for IPv6 and iptables can do NAT, but iptables cannot do NAT for IPv6 connections. As for IPv6, this part is very simple: just add a ‘6’ between ‘ip’ and ‘tables’… … and it will work for […]
Source: Linux iptables part II: IPv6 and NAT

From https://reggle.wordpress.com/

[Linux iptables part I: basic rules]

Linux iptables part I: basic rules

Most modern Linux distributions come with a firewall package already active. Since it’s often set in an ‘allow-all’ mode, people are often unaware of it. Meet iptables, a basic yet powerful stateful firewall. You can see a default ‘allow-all’ policy above. Note that there are three different chains: INPUT, FORWARD and OUTPUT. Traffic can only match […]
Source: Linux iptables part I: basic rules

From https://reggle.wordpress.com/

[Route leaking between VRFs using BGP.]

Route leaking between VRFs using BGP.

This article further continues on earlier experiments. While using internal tunnels gave a logically ‘simple’ point-to-point network seen from a layer 3 point of view, it came with the drawback of complex header calculations, resulting in CPU hogging on devices capable of hardware switching. Using some route-maps to choose VRFs for flows proved interesting, but […]
Source: Route leaking between VRFs using BGP.

From https://reggle.wordpress.com/

[Home lab: My GRE tunnel endeavors.]

Home lab: My GRE tunnel endeavors.

This article is not really written with knowledge usable for a production network in mind. It’s more of an “I have not failed. I’ve just found 10,000 ways that won’t work.” kind of article. I’m currently in a mailing group with fellow network engineers who are setting up GRE tunnels to each others home networks […]
Source: Home lab: My GRE tunnel endeavors.

From https://reggle.wordpress.com/

[Efficient connection logging on a switch.]

Efficient connection logging on a switch.

I know, it’s been quiet on this blog for the past months. But here we are again, starting off with a simple post. Maybe not much real world practical use, but fun to know. Dealing with ACLs requires more protocol knowledge compared to dealing with a stateful firewall. A stateful firewall takes care of return […]
Source: Efficient connection logging on a switch.

From https://reggle.wordpress.com/