Subnet Toolsand other network tips

Logical look at masks

LogicGatesWorking

Having done an introduction to wildcard masks and the cool things you can do with them I thought it might be worth writing about the logic behind both subnet masks and wildcard masks. Masks use two of the most basic logical functions that computers can perform, a logical AND and a logical OR. Logical AND […]

Read more

Getting Wild[card masks]

binary

If you ask most people what a wildcard mask is they’ll probably say it’s an inverse subnet mask. That is a massive under-representation of the power of a wildcard mask and does not do fair justice to the range of useful tricks you can do with a wildcard mask. We’ll start with why people think […]

Read more

Stats on concurrent SSL VPN sessions.

CISCO-ASA-5520-Firewall

In the past I always used ‘sh cry is sa’ to give me a view of the number of concurrent VPN sessions on an ASA. I am involved in an Anyconnect SSL VPN roll out and today I was asked to pull off stats on how many users are connected to each solution. The following […]

Read more

Tags: , ,

OSPF Area types

topology

In this example I was playing around with OSPF areas. In the middle we have a backbone area with a standard area and three types of stub areas. R1 R2 R3 R4 R5 R6 R7 R8 R9 R10 In R1 we have all the routes we are expecting to see advertised from around the network. R1#sh ip route Codes: C – connected, S – […]

Read more

Bulk MAC address lookup

I had a list of MAC addresses and was trying to identify them by finding out as much as I could about them. This was so I could document what devices I had found on which switchports in a datacenter. After looking them up in a router ARP table and doing a reverse DNS lookup […]

Read more

Tunnel traffic in a vrf

topology

If you wish to tunnel traffic you will often want to ensure there is some segregation between the traffic you are trying to tunnel and the network you are tunnelling over. Examples are tunnelling confidential HR or Finance information over a LAN or tunnelling trusted LAN data over the Internet. Another reason may be tunnelling […]

Read more

Looking glass

This is the list I use of looking glass servers with web interfaces. It makes internet routing diagnostics a lot easier. http://www.bgp4.as/looking-glasses There are also a couple of looking glass routers you can telnet in to such as this Global Crossing (Level 3) one. telnet route-server.gblx.net

Read more

Tags: , ,

AS Path Prepend in a multipath network

topology

In this scenario we have a dual connected site and are using BGP multipath to load balance the traffic over the two connections. This is very dangerous to do when beancounters are around because they often want you to use both connections to 100% (or at least over 50%) so you end up without the […]

Read more

Tags: , ,