Configuring an Inter-AS Option B VPN between a Cisco and Juniper
Posted by jrowley in Cisco, Inter-AS VPNs, Juniper on March 9, 2010
One of the things I needed to put together recently is an Inter-AS VPN between a Cisco and Juniper. There isn’t much in the way of documentation on interoperability. Everything I’ve found is Cisco to Cisco or Juniper to Juniper. Hopefully this will help someone.
loading...
loading...
Parsing IP Access Lists with Cisco::Reconfig without the dreaded died at /cisco/reconfig.pm line 212 message
Since making a few posts about using Cisco::Reconfig, two of the top search results that brings people here is “died at cisco/reconfig.pm line 212″ or “died at cisco/reconfig.pm line 103″. I’ll show you what causes these as I demonstrate how to compare standard and extended ip access-lists with Cisco::Reconfig.
loading...
loading...
Update: Mystery 12.2(33)SRC3 Logger process memory leak
Just an update on the previous post on our mystery logger process memory issue.
One of the other guys in our group took this on. We were preparing to schedule reloads of the 5 or so routers holding the largest amount of memory, but turns out this is unnecessary.
loading...
loading...
rtrcommander: Using scripts to push out configurations or retrieve output
rtrcommander is a script I wrote to push out configurations to multiple routers, as well as to retrieve output from the cli. It’s a part of Mr Audit (the release of Mr Audit is delayed while I prepare for the CCIE lab).
rtrcommander can be downloaded here: http://www.synacknetworks.com/scripts/rtrcommander.txt
loading...
loading...
Mystery 12.2(33)SRC3 Logger process memory leak
Something to watch out for.
The other day, we had a 7206 pop up on our memory warning report (less than 20% free memory). On investigating, we found the Logger process using a few hundred MB of memory, along with *MallocLite* . Today, after running a script to audit process memory, we found dozens of routers with the same symptom.
loading...
loading...
Using NfSen and NfDump to identify DoS/DDoS attacks
If you work for any sort of provider (hosting, isp, etc), chances are that you’ve experienced a DoS/DDoS against a customer or internal system. If so, you know how frustrating it can be to track down the source of the attack unless you have an expensive platform such as from Arbor Networks.
loading...
loading...
Server now IPv6 enabled
As of now, the server this blog resides on is IPv6 enabled. My colo provider doesn’t yet offer native IPv6, so I have configured a tunnel to Hurricane Electric. AAAA records were also added to some of my domains.
loading...
loading...
Visio tips and tricks for documenting networks
Posted by jrowley in Network documentation, diagrams on December 24, 2009
Visio is one of my favorite documentation tools. This post will show how to use some of the tricks I’ve learned over the years to create a good looking network diagram.
You’ll notice that I don’t use vendor specific router shapes. They are fine for sales or marketing diagrams. For functional network diagrams, they are pretty useless. I’d rather have a colored box with the hostname and loopback IP inside than have that text outside and cluttering up the diagram. It’s a personal preference, use whatever you want.
loading...
loading...
Parsing cisco router configurations with Cisco::Reconfig
Cisco::Reconfig is probably my favorite Perl module, with Quantum::Superpositions being not very far behind. In this post, I’ll show you how using both of these can allow you to compare ACLs with very few lines of perl.
loading...
loading...
Backing up Cisco routers with perl
Here is a useful perl script to backup your routers. Configurations are gzipped and stored in per-hostname directories with a datestamp on each filename. This is meant to be run from cron daily. Change the database user info and the tacacs/radius user info to whatever you use internally.
loading...
loading...