Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Best Current Operational Practices
FrOScon 13 Network Track
Falk Stern, Maximilian Wilhelm
1 / 16
Agenda
1. Who are we?
2. Do
3. Don't
2 / 16
Who's who Falk Stern
Full Stack Infrastructure Engineer
IPv6 fanboy
Runs his own Kubernetes cluster in his basement
Consul...
Who's who Maximilian Wilhelm
Networker
OpenSource Hacker
Fanboy of
(Debian) Linux
ifupdown2
Occupation:
By day: Senior Inf...
Document your stu
5 / 16
Document your stu
Netbox
Racktables
i-doit
Visio / Excel
6 / 16
Have Infrastructure
Logserver
Graylog
NTP service
Logging is useless if every device has a different time
Monitor
Icinga 2...
Ansible
Salt
Chef
Puppet
Automate, automate, automate
8 / 16
Use managed switches
They are worth the extra cost
Enable Spanning Tree
Known to save asses more than once
Use redundant p...
Layer 2 pitfalls
Enable VTP transparent mode
Disable Dynamic Trunking Protocol
Always use LACP active mode
Always use LACP...
Segment your network
Build small Layer 3 islands
Route where you can, switch where you must
Routers gonna route, only Jeff...
Get to know Linux
flexible, versatile OS for everything
Use it for infrastructure tasks
12 / 16
Don't rely on vendor features
13 / 16
Security
Disable proxy arp
Hosts should have only a single upstream interface
Review your firewall rules regularly
Have so...
Security - Live at Network Track ¯(ツ)/¯
Sehr geehrte Damen und Herren,
Cisco Smart Install (SMI) ist eine Funktion zur aut...
Being part of the DFZ
Use BCP38 (Ingress filtering)
Use filters on your BGP sessions
Maximum Prefixes
IRR filters
RSPL fil...
Upcoming SlideShare
Loading in …5
×

of

Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 1 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 2 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 3 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 4 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 5 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 6 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 7 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 8 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 9 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 10 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 11 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 12 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 13 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 14 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 15 Best Current Operational Practices - Dos, Don’ts and lessons learned Slide 16
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

1 Like

Share

Download to read offline

Best Current Operational Practices - Dos, Don’ts and lessons learned

Download to read offline


Max und Falk versammeln knapp 42 Jahre Erfahrung in der Netzwerk- und Open-Source Praxis. In diesem Vortrag stellen sie schmerzhafte Erfahrungen vor und leiten daraus Best Practices für den Netzwerkbetrieb ab. Zusätzlich werden Best Community Practices vorgestellt und der ein oder andere Schwank aus den Anfangszeiten des Internet in Deutschland erzählt.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Best Current Operational Practices - Dos, Don’ts and lessons learned

  1. 1. Best Current Operational Practices FrOScon 13 Network Track Falk Stern, Maximilian Wilhelm 1 / 16
  2. 2. Agenda 1. Who are we? 2. Do 3. Don't 2 / 16
  3. 3. Who's who Falk Stern Full Stack Infrastructure Engineer IPv6 fanboy Runs his own Kubernetes cluster in his basement Consultant @ Profi Engineering Systems AG Contact @wrf42 falk@fourecks.de 3 / 16
  4. 4. Who's who Maximilian Wilhelm Networker OpenSource Hacker Fanboy of (Debian) Linux ifupdown2 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Contact @BarbarossaTM max@sdn.clinic 4 / 16
  5. 5. Document your stu 5 / 16
  6. 6. Document your stu Netbox Racktables i-doit Visio / Excel 6 / 16
  7. 7. Have Infrastructure Logserver Graylog NTP service Logging is useless if every device has a different time Monitor Icinga 2 LibreNMS (editor's choice!) Configuration Management oxidized rancid Have DNS (forward and reverse) Maintain it!!1elf! 7 / 16
  8. 8. Ansible Salt Chef Puppet Automate, automate, automate 8 / 16
  9. 9. Use managed switches They are worth the extra cost Enable Spanning Tree Known to save asses more than once Use redundant paths Always keep a spare device handy Layer 2 pitfalls 9 / 16
  10. 10. Layer 2 pitfalls Enable VTP transparent mode Disable Dynamic Trunking Protocol Always use LACP active mode Always use LACP, not PagP or static Etherchannels 10 / 16
  11. 11. Segment your network Build small Layer 3 islands Route where you can, switch where you must Routers gonna route, only Jeff bridges familiarize with dynamic routing protocols 11 / 16
  12. 12. Get to know Linux flexible, versatile OS for everything Use it for infrastructure tasks 12 / 16
  13. 13. Don't rely on vendor features 13 / 16
  14. 14. Security Disable proxy arp Hosts should have only a single upstream interface Review your firewall rules regularly Have some Use source code management for configurations 14 / 16
  15. 15. Security - Live at Network Track ¯(ツ)/¯ Sehr geehrte Damen und Herren, Cisco Smart Install (SMI) ist eine Funktion zur automatischen Konfiguration von Netzwerk-Switches. Diese wurde zur Verwendung in lokalen Netzwerken entwickelt und sollte nicht aus unsicheren Netzen wie dem Internet zugreifbar sein. [...] CERT-Bund hat von einer externen Quelle Informationen zu IP-Adressen in Deutschland erhalten, auf denen ein Cisco-Gerät mit aktiver Smart-Install-Funktion offen aus dem Internet erreichbar ist. Cisco empfiehlt, die Smart-Install-Funktion zu deaktivieren. [...] Betroffene Systeme in Ihrem Netzbereich: "asn","ip","timestamp" "39225","194.107.207.35","2018-08-24 12:08:43" "39225","194.107.207.37","2018-08-24 12:19:03" Mit freundlichen Grüßen das Team CERT-Bund Bundesamt für Sicherheit in der Informationstechnik (BSI) Referat CK22 - CERT-Bund Godesberger Allee 185-189, 53175 Bonn, Germany 15 / 16
  16. 16. Being part of the DFZ Use BCP38 (Ingress filtering) Use filters on your BGP sessions Maximum Prefixes IRR filters RSPL filters Filter Bogon Prefixes Use communities Customer / Peering / Transit / IXP ... 16 / 16
  • JunshanHe

    Jan. 4, 2020

Max und Falk versammeln knapp 42 Jahre Erfahrung in der Netzwerk- und Open-Source Praxis. In diesem Vortrag stellen sie schmerzhafte Erfahrungen vor und leiten daraus Best Practices für den Netzwerkbetrieb ab. Zusätzlich werden Best Community Practices vorgestellt und der ein oder andere Schwank aus den Anfangszeiten des Internet in Deutschland erzählt.

Views

Total views

559

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

9

Shares

0

Comments

0

Likes

1

×