This document provides an overview of MPLS L2VPN (VLL) technology:
- MPLS L2VPN uses MPLS to provide VPN services and establish Layer 2 connections between customer sites, seen as a single Layer 2 switched network.
- It has two modes: VPLS for point-to-multipoint and VLL for point-to-point networking. This document focuses on VLL.
- The MPLS L2VPN model consists of customer edge (CE) devices managed by customers and provider edge (PE) and provider (P) devices managed by the service provider.
This document discusses overlay networking using VXLAN. It provides definitions of key concepts like logical overlay networks, physical underlay networks, and tunnel end points (VTEPs). It describes how VXLAN works by encapsulating Ethernet frames with IP/UDP and a VXLAN header that includes a VNI to identify different virtual networks. It covers VXLAN terminology, frame formats, control plane options, and how broadcast, unknown, and multicast traffic is forwarded between VTEPs using either IP multicast or head-end replication.
EVPN is an Ethernet VPN technology that extends layer 2 networks over a layer 3 underlay. It uses BGP as the control plane to distribute MAC addresses and Ethernet segment information between provider edge (PE) devices. EVPN supports various data plane encapsulations like MPLS, VXLAN, and NVGRE. It provides an integrated solution for layer 2 and layer 3 VPNs that addresses scaling challenges in traditional VPLS deployments.
This document provides a CCNA command cheat sheet covering Cisco IOS commands for the CCNA exam. It includes sections summarizing commands for Cisco device configuration, interface configuration, routing protocols, privilege mode commands, and more. The cheat sheet covers both ICND exam parts 1 and 2 and is intended to help review the majority of commands found on the CCNA exam.
This document provides an overview and student guide for the "Implementing Cisco MPLS (MPLS) Version 2.2" course. It introduces basic MPLS concepts including the MPLS architecture, labels, label stacks, and applications such as MPLS VPNs and traffic engineering. It also covers frame-mode MPLS implementation on Cisco IOS platforms, including configuration, monitoring, and troubleshooting tasks. Finally, it discusses MPLS VPN technology in depth, including the MPLS VPN architecture, routing model, and packet forwarding mechanisms.
Introduction to nexux from zero to HeroDhruv Sharma
The document provides information about Cisco Nexus switches, including the Nexus 7000 and 7700 series switches. It describes the key components of Nexus switches like chassis, I/O modules, supervisor engines, and fabric modules. It also compares different Nexus 7000 and 7700 chassis models in terms of specifications like slots, bandwidth, switching capacity, and port density. Additionally, it discusses some differences between Nexus switches and Cisco Catalyst switches, such as licensing requirements, user accounts, NX-OS image structure, and use of port profiles instead of macros. Finally, it provides an overview of features supported on Nexus switches like virtual device contexts (VDCs).
This document provides an overview of MPLS L2VPN (VLL) technology:
- MPLS L2VPN uses MPLS to provide VPN services and establish Layer 2 connections between customer sites, seen as a single Layer 2 switched network.
- It has two modes: VPLS for point-to-multipoint and VLL for point-to-point networking. This document focuses on VLL.
- The MPLS L2VPN model consists of customer edge (CE) devices managed by customers and provider edge (PE) and provider (P) devices managed by the service provider.
This document discusses overlay networking using VXLAN. It provides definitions of key concepts like logical overlay networks, physical underlay networks, and tunnel end points (VTEPs). It describes how VXLAN works by encapsulating Ethernet frames with IP/UDP and a VXLAN header that includes a VNI to identify different virtual networks. It covers VXLAN terminology, frame formats, control plane options, and how broadcast, unknown, and multicast traffic is forwarded between VTEPs using either IP multicast or head-end replication.
EVPN is an Ethernet VPN technology that extends layer 2 networks over a layer 3 underlay. It uses BGP as the control plane to distribute MAC addresses and Ethernet segment information between provider edge (PE) devices. EVPN supports various data plane encapsulations like MPLS, VXLAN, and NVGRE. It provides an integrated solution for layer 2 and layer 3 VPNs that addresses scaling challenges in traditional VPLS deployments.
This document provides a CCNA command cheat sheet covering Cisco IOS commands for the CCNA exam. It includes sections summarizing commands for Cisco device configuration, interface configuration, routing protocols, privilege mode commands, and more. The cheat sheet covers both ICND exam parts 1 and 2 and is intended to help review the majority of commands found on the CCNA exam.
This document provides an overview and student guide for the "Implementing Cisco MPLS (MPLS) Version 2.2" course. It introduces basic MPLS concepts including the MPLS architecture, labels, label stacks, and applications such as MPLS VPNs and traffic engineering. It also covers frame-mode MPLS implementation on Cisco IOS platforms, including configuration, monitoring, and troubleshooting tasks. Finally, it discusses MPLS VPN technology in depth, including the MPLS VPN architecture, routing model, and packet forwarding mechanisms.
Introduction to nexux from zero to HeroDhruv Sharma
The document provides information about Cisco Nexus switches, including the Nexus 7000 and 7700 series switches. It describes the key components of Nexus switches like chassis, I/O modules, supervisor engines, and fabric modules. It also compares different Nexus 7000 and 7700 chassis models in terms of specifications like slots, bandwidth, switching capacity, and port density. Additionally, it discusses some differences between Nexus switches and Cisco Catalyst switches, such as licensing requirements, user accounts, NX-OS image structure, and use of port profiles instead of macros. Finally, it provides an overview of features supported on Nexus switches like virtual device contexts (VDCs).
List of usernames and passwords for Huawei routersHuanetwork
This document provides instructions for finding usernames and passwords for Huawei routers by looking up the router model number in a list. It describes a three step process: 1) Find the router model number, 2) Look up the username, 3) Look up the password. It also explains how to log into a Huawei router once the username and password are obtained. Contact information is provided for a company that distributes Huawei networking products.
VXLAN is a protocol that allows large numbers of virtual LANs to be overlaid on a physical network by encapsulating Ethernet frames within UDP packets and transporting them over an IP network. It addresses the scalability limitations of VLANs in large multi-tenant cloud environments by using a 24-bit segment ID rather than a 12-bit VLAN ID. The document provides an overview of VXLAN, why it is used, key concepts like VTEPs and VNIs, and demonstrations of VXLAN configuration on Cisco and Arista switches.
VXLAN allows overlaying of layer 2 networks over a layer 3 underlay network using IP routing. It creates virtual networks by encapsulating layer 2 frames in UDP packets which are transported via the layer 3 network. This provides up to 16 million virtual networks compared to 4000 with VLAN. VXLAN is used for virtual machine migration across data centers, disaster recovery, and network virtualization in the cloud. It works by having VXLAN tunnel end points encapsulate and de-encapsulate frames between virtual networks identified by VXLAN network identifiers.
Mobile Transport Evolution with Unified MPLSCisco Canada
Mobile Service Providers are seeing unprecedented challenges in relation to their Transport architectures with the 3GPP evolution towards IP based Node Bs, LTE (Long Term Evolution) and LTE-Advanced. This presentation will initially discuss the network migration trends and factors that are changing how mobile networks are evolving. A description is provided on Unified MPLS and the current issues that need to be fixed and how this architecture addresses this. A more detailed analysis will then examine the options available for transporting GSM/2G, UMTS/3G traffic and IP/Ethernet Node B deployments and some of factors that need consideration like scalability, resiliency and security. Finally, there is a detailed description of the LTE/LTE - A evolution and the feature requirements made on the transport network. There will be detailed analysis of different LTE models and also some technical enhancements and proposals considered for the implementation of LTE in a Unified MPLS environment.
This document discusses the GPON (Gigabit-capable Passive Optical Network) technology for fiber access networks. Some key points:
- GPON supports high-bandwidth, long-reach (up to 20km), and triple-play services, making it widely adopted by carriers.
- It uses a point-to-multipoint architecture with a single optical fiber shared between an OLT and multiple ONUs using passive splitters.
- Wavelength division multiplexing is used with downstream at 1490nm and upstream at 1310nm. Time division multiple access manages upstream bandwidth sharing between ONUs.
- Typical deployments include fiber to the home (FTTH),
In this day and age, it's probably a good idea to get your WLAN ready for voice and video. And it's also a good idea to classify and prioritize web applications based on policies you set. Protecting your mobile devices and network infrastructure against outside or inside attacks needs to be part of the plan, too. Join to us to learn more about these and other functions of Aruba's policy enforcement firewall integrated to its access points, switches, and controllers.
VRF-Lite allows a single physical router to virtualize multiple routers by creating independent virtual routing tables (VRFs). Each VRF logically isolates the routing tables and network traffic of customers or applications. The physical router uses VLAN trunking to keep traffic from different VRFs separate when sending data to other devices. Configuring VRF-Lite involves defining VRFs, assigning interfaces to VRFs, and configuring routing protocols for each VRF.
The document provides information about an upcoming training course on deploying MPLS L3 VPNs. It includes details about the trainers, Nurul Islam Roman and Jessica Wei, their backgrounds and areas of expertise. It also outlines the course agenda which will cover topics such as MPLS VPN models, terminology, operation, configuration examples and service deployment scenarios.
Palo Alto Networks y la tecnología de Next Generation FirewallMundo Contact
Palo Alto Networks is a network security company founded in 2005 that provides next-generation firewalls and cloud-based malware analysis. It has over 1,000 employees globally and 11,000 enterprise customers. Palo Alto Networks firewalls can identify applications, users, and threats within network traffic through its single-pass parallel processing architecture. This allows fine-grained security policies to be applied based on applications rather than just ports. The company also operates a cloud-based malware analysis service called WildFire that automatically analyzes suspicious files and shares threat intelligence with customer firewalls.
The document provides an overview of Aruba's networking portfolio including their Aruba CX switching portfolio, wireless access points, and network analytics engine. It summarizes the key features of Aruba's switching portfolio including their CX access and aggregation switches ranging from the CX 6100 to CX 8400. It also summarizes Aruba's wireless access point portfolio including their indoor, outdoor, and hospitality APs ranging from entry-level to high-performance 11ac and 11ax models. Finally, it briefly discusses Aruba's network analytics engine and cloud-native architecture.
The document provides instructions and examples for configuring various routing protocols like RIP, IGRP, EIGRP, OSPF on Cisco routers and switches. It also includes commands for configuring basic device settings like IP addresses, passwords, VLANs, trunk ports and CDP. Examples are given for initial configurations of Cisco 1900 and 2950 switches.
This document outlines 107 labs for networking fundamentals, including configuration, verification, and troubleshooting of topics like IP addressing, routing protocols, switching, VLANs, ACLs, NAT, DHCP, SNMP, device security, wireless access points, and more. Each lab has a section for configuration and verification. The document provides a table of contents to help navigate the various sections and labs.
This document provides an overview of wireless network design challenges for retail stores, warehouses, manufacturing facilities, and outdoor areas. It discusses key considerations for planning a wireless deployment such as inventorying devices, quantifying coverage needs, modeling access point placement, and performing site surveys. The document also covers RF fundamentals including characterizing materials' absorption properties, managing access point interference, and the difference between coverage and reliable coverage. Troubleshooting techniques and a question and answer section are also included on the agenda.
The document provides information on converting configurations from Cisco and Juniper devices to Cumulus Linux. It covers topics such as interface configuration, VLANs, trunks, access ports, EtherChannels/bonds, spanning tree, and access lists. Configuration examples are provided side-by-side for Cumulus Linux and Cisco/Juniper/Arista/Nexus syntax to highlight the differences.
This slide contains basic concept about MPLS and LDP protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
i will prepare MPLS_VPN and MPLS_QoS and MPLS_TE later.
This document provides an overview of Metro Ethernet network solutions from Juniper Networks. It discusses key Metro Ethernet concepts like UNI, E-NNI, and EVCs. The document also reviews Metro Ethernet Forum specifications that define metro Ethernet services, architectures, service attributes, class of service, and OAM. These standards help service providers build compliant networks and control service endpoint attributes. The solutions presented leverage Juniper hardware and software to enable metro Ethernet services over Ethernet, MPLS, MPLS-TP and SONET/SDH technologies.
This document provides an overview of Deep Packet Inspection (DPI) technology and Sandvine's DPI solution. It describes key components of Sandvine's solution including the Policy Traffic Switch (PTS) for real-time traffic policy enforcement, the Policy Broker (SPB) for subscriber and policy configuration, and the Service Delivery Engine (SDE) for control plane policy enforcement. It also provides examples of configuration for the PTS and SPB. Finally, it introduces Sand Script, the language used for policy rule configuration in Sandvine's solution.
This document discusses using BGP Flowspec for DDoS mitigation. It provides an overview of legacy DDoS mitigation methods, describes how BGP Flowspec works by distributing flow specifications using BGP, and gives examples of how it can be used for inter-domain and intra-domain DDoS mitigation as well as with a scrubbing center. It also discusses vendor support, advantages over previous methods, potential issues, real world deployments, and the current state and future of BGP Flowspec.
Este documento describe los diferentes métodos para configurar interfaces en equipos Huawei, incluyendo: (1) puerto de consola, (2) Telnet, (3) SSH y (4) Web-based Network Management. También explica la administración de usuarios a través de la configuración de autenticación, niveles de prioridad y servicios.
Mastering your home network - Do It Yourselfjulien pauli
The document provides instructions for mastering a home network by replacing the ISP-provided router with professional networking hardware. It recommends throwing away the ISP "box" and using a modem and separate router instead. The router should be a professional SOHO brand like Mikrotik, Ubiquiti or Turris Omnia for features like VLANs, QoS, routing, VPN, and advanced protocols. Basic firewall rules are outlined to secure the WAN connection by accepting ICMP, dropping invalid packets, and accepting established connections.
List of usernames and passwords for Huawei routersHuanetwork
This document provides instructions for finding usernames and passwords for Huawei routers by looking up the router model number in a list. It describes a three step process: 1) Find the router model number, 2) Look up the username, 3) Look up the password. It also explains how to log into a Huawei router once the username and password are obtained. Contact information is provided for a company that distributes Huawei networking products.
VXLAN is a protocol that allows large numbers of virtual LANs to be overlaid on a physical network by encapsulating Ethernet frames within UDP packets and transporting them over an IP network. It addresses the scalability limitations of VLANs in large multi-tenant cloud environments by using a 24-bit segment ID rather than a 12-bit VLAN ID. The document provides an overview of VXLAN, why it is used, key concepts like VTEPs and VNIs, and demonstrations of VXLAN configuration on Cisco and Arista switches.
VXLAN allows overlaying of layer 2 networks over a layer 3 underlay network using IP routing. It creates virtual networks by encapsulating layer 2 frames in UDP packets which are transported via the layer 3 network. This provides up to 16 million virtual networks compared to 4000 with VLAN. VXLAN is used for virtual machine migration across data centers, disaster recovery, and network virtualization in the cloud. It works by having VXLAN tunnel end points encapsulate and de-encapsulate frames between virtual networks identified by VXLAN network identifiers.
Mobile Transport Evolution with Unified MPLSCisco Canada
Mobile Service Providers are seeing unprecedented challenges in relation to their Transport architectures with the 3GPP evolution towards IP based Node Bs, LTE (Long Term Evolution) and LTE-Advanced. This presentation will initially discuss the network migration trends and factors that are changing how mobile networks are evolving. A description is provided on Unified MPLS and the current issues that need to be fixed and how this architecture addresses this. A more detailed analysis will then examine the options available for transporting GSM/2G, UMTS/3G traffic and IP/Ethernet Node B deployments and some of factors that need consideration like scalability, resiliency and security. Finally, there is a detailed description of the LTE/LTE - A evolution and the feature requirements made on the transport network. There will be detailed analysis of different LTE models and also some technical enhancements and proposals considered for the implementation of LTE in a Unified MPLS environment.
This document discusses the GPON (Gigabit-capable Passive Optical Network) technology for fiber access networks. Some key points:
- GPON supports high-bandwidth, long-reach (up to 20km), and triple-play services, making it widely adopted by carriers.
- It uses a point-to-multipoint architecture with a single optical fiber shared between an OLT and multiple ONUs using passive splitters.
- Wavelength division multiplexing is used with downstream at 1490nm and upstream at 1310nm. Time division multiple access manages upstream bandwidth sharing between ONUs.
- Typical deployments include fiber to the home (FTTH),
In this day and age, it's probably a good idea to get your WLAN ready for voice and video. And it's also a good idea to classify and prioritize web applications based on policies you set. Protecting your mobile devices and network infrastructure against outside or inside attacks needs to be part of the plan, too. Join to us to learn more about these and other functions of Aruba's policy enforcement firewall integrated to its access points, switches, and controllers.
VRF-Lite allows a single physical router to virtualize multiple routers by creating independent virtual routing tables (VRFs). Each VRF logically isolates the routing tables and network traffic of customers or applications. The physical router uses VLAN trunking to keep traffic from different VRFs separate when sending data to other devices. Configuring VRF-Lite involves defining VRFs, assigning interfaces to VRFs, and configuring routing protocols for each VRF.
The document provides information about an upcoming training course on deploying MPLS L3 VPNs. It includes details about the trainers, Nurul Islam Roman and Jessica Wei, their backgrounds and areas of expertise. It also outlines the course agenda which will cover topics such as MPLS VPN models, terminology, operation, configuration examples and service deployment scenarios.
Palo Alto Networks y la tecnología de Next Generation FirewallMundo Contact
Palo Alto Networks is a network security company founded in 2005 that provides next-generation firewalls and cloud-based malware analysis. It has over 1,000 employees globally and 11,000 enterprise customers. Palo Alto Networks firewalls can identify applications, users, and threats within network traffic through its single-pass parallel processing architecture. This allows fine-grained security policies to be applied based on applications rather than just ports. The company also operates a cloud-based malware analysis service called WildFire that automatically analyzes suspicious files and shares threat intelligence with customer firewalls.
The document provides an overview of Aruba's networking portfolio including their Aruba CX switching portfolio, wireless access points, and network analytics engine. It summarizes the key features of Aruba's switching portfolio including their CX access and aggregation switches ranging from the CX 6100 to CX 8400. It also summarizes Aruba's wireless access point portfolio including their indoor, outdoor, and hospitality APs ranging from entry-level to high-performance 11ac and 11ax models. Finally, it briefly discusses Aruba's network analytics engine and cloud-native architecture.
The document provides instructions and examples for configuring various routing protocols like RIP, IGRP, EIGRP, OSPF on Cisco routers and switches. It also includes commands for configuring basic device settings like IP addresses, passwords, VLANs, trunk ports and CDP. Examples are given for initial configurations of Cisco 1900 and 2950 switches.
This document outlines 107 labs for networking fundamentals, including configuration, verification, and troubleshooting of topics like IP addressing, routing protocols, switching, VLANs, ACLs, NAT, DHCP, SNMP, device security, wireless access points, and more. Each lab has a section for configuration and verification. The document provides a table of contents to help navigate the various sections and labs.
This document provides an overview of wireless network design challenges for retail stores, warehouses, manufacturing facilities, and outdoor areas. It discusses key considerations for planning a wireless deployment such as inventorying devices, quantifying coverage needs, modeling access point placement, and performing site surveys. The document also covers RF fundamentals including characterizing materials' absorption properties, managing access point interference, and the difference between coverage and reliable coverage. Troubleshooting techniques and a question and answer section are also included on the agenda.
The document provides information on converting configurations from Cisco and Juniper devices to Cumulus Linux. It covers topics such as interface configuration, VLANs, trunks, access ports, EtherChannels/bonds, spanning tree, and access lists. Configuration examples are provided side-by-side for Cumulus Linux and Cisco/Juniper/Arista/Nexus syntax to highlight the differences.
This slide contains basic concept about MPLS and LDP protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
i will prepare MPLS_VPN and MPLS_QoS and MPLS_TE later.
This document provides an overview of Metro Ethernet network solutions from Juniper Networks. It discusses key Metro Ethernet concepts like UNI, E-NNI, and EVCs. The document also reviews Metro Ethernet Forum specifications that define metro Ethernet services, architectures, service attributes, class of service, and OAM. These standards help service providers build compliant networks and control service endpoint attributes. The solutions presented leverage Juniper hardware and software to enable metro Ethernet services over Ethernet, MPLS, MPLS-TP and SONET/SDH technologies.
This document provides an overview of Deep Packet Inspection (DPI) technology and Sandvine's DPI solution. It describes key components of Sandvine's solution including the Policy Traffic Switch (PTS) for real-time traffic policy enforcement, the Policy Broker (SPB) for subscriber and policy configuration, and the Service Delivery Engine (SDE) for control plane policy enforcement. It also provides examples of configuration for the PTS and SPB. Finally, it introduces Sand Script, the language used for policy rule configuration in Sandvine's solution.
This document discusses using BGP Flowspec for DDoS mitigation. It provides an overview of legacy DDoS mitigation methods, describes how BGP Flowspec works by distributing flow specifications using BGP, and gives examples of how it can be used for inter-domain and intra-domain DDoS mitigation as well as with a scrubbing center. It also discusses vendor support, advantages over previous methods, potential issues, real world deployments, and the current state and future of BGP Flowspec.
Este documento describe los diferentes métodos para configurar interfaces en equipos Huawei, incluyendo: (1) puerto de consola, (2) Telnet, (3) SSH y (4) Web-based Network Management. También explica la administración de usuarios a través de la configuración de autenticación, niveles de prioridad y servicios.
Mastering your home network - Do It Yourselfjulien pauli
The document provides instructions for mastering a home network by replacing the ISP-provided router with professional networking hardware. It recommends throwing away the ISP "box" and using a modem and separate router instead. The router should be a professional SOHO brand like Mikrotik, Ubiquiti or Turris Omnia for features like VLANs, QoS, routing, VPN, and advanced protocols. Basic firewall rules are outlined to secure the WAN connection by accepting ICMP, dropping invalid packets, and accepting established connections.
This document outlines an agenda for an Ethernet webinar that will cover several topics:
1. It introduces five Ethernet webinar courses that will be covered, including Ethernet introductions, Carrier Ethernet introductions, and introductions to new Gigabit Ethernet testers.
2. The agenda then lists specific topics that will be discussed in the webinar, including introductions to IEEE 802.3, the ISO/OSI reference model, the physical layer, ports, Power over Ethernet, duplexing, autonegotiation, Ethernet frames, and more.
3. It provides a brief history of data networks and Ethernet standards developed by IEEE and others.
This document discusses quality of service (QoS) requirements for voice over IP (VoIP) and how QoS can be implemented in packet switched networks to address issues like jitter, latency, bandwidth congestion, and packet loss that can negatively impact call quality. It explains that QoS aims to guarantee a certain level of performance for applications like VoIP through techniques like traffic classification, marking, and queuing. The document also provides recommendations for applying QoS on the network edge, core, and internet exchange points to help improve end-to-end call quality.
1. The document discusses various computer network types including personal area networks (PAN), local area networks (LAN), metropolitan area networks (MAN), wide area networks (WAN) and internetworks.
2. It also covers network topologies such as bus, star, ring, mesh, tree and hybrid topologies.
3. Additionally, it describes different number systems used in computers like the binary, octal and hexadecimal numbering systems.
1. The document discusses various computer network types including personal area networks (PAN), local area networks (LAN), metropolitan area networks (MAN), wide area networks (WAN) and internetworks.
2. It also covers common LAN technologies like Ethernet, Fast Ethernet, Gigabit Ethernet and virtual LANs. Different network topologies such as star, bus, ring and mesh are described.
3. The number systems used in computers like binary, octal and hexadecimal are explained along with examples of how to convert between number systems.
This document provides an overview of Virtual Private LAN Service (VPLS) and the emergence of Metro Ethernet services. It discusses how Metro Ethernet has evolved from legacy networks utilizing technologies like SONET/SDH and ATM to new optical Ethernet and MPLS-based services. VPLS allows enterprises to connect multiple LAN sites over a shared infrastructure using Ethernet interfaces while maintaining privacy and security. The document also examines trends in residential broadband access and IP/broadcast convergence using Metro Ethernet.
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
A protocol is a set of rules that governs communications between computers on a network. The document discusses several common network protocols including Ethernet, Token Ring, FDDI, ATM, LocalTalk, Fast Ethernet, and Gigabit Ethernet. It provides details on the topologies, transmission speeds, and cable types supported by each protocol.
A local area network (LAN) uses wired connections to connect devices within a limited geographic area like a building or campus. Ethernet became the dominant wired LAN technology using carrier sense multiple access with collision detection (CSMA/CD) to regulate shared access to the transmission medium. Ethernet has evolved from 10 Mbps to 100 Mbps to 1 Gbps standards to meet increasing bandwidth demands. Key components of wired LANs include network adapters, cabling, connectors, switches/hubs, and software protocols. Other historical wired LAN technologies like Token Ring and Token Bus used token passing for medium access but have been largely replaced by Ethernet.
This document provides information on various networking tools and concepts in Linux. It discusses network basics like hosts, servers, clients and protocols. It then summarizes tools for remote access (Telnet), file transfer (FTP), downloading files (Wget, Curl), secure connections (SSH), network configuration (ifconfig, route), viewing connections (netstat), and network tracing (tcpdump).
This document provides information about the XENPAK-10GB-LR+ 10 Gigabit Ethernet module, including its main features which are that it supports 10GBASE Ethernet, is hot-swappable, and provides flexibility of interface choice. It has an operating wavelength of 1310nm, cable type of SMF, and maximum cable distance of 10km. The document also provides specifications for transmit and receive optical power and wavelength range.
Data centre networking at London School of Economics and Political Science - ...Jisc
Juniper MX routers and SRX firewalls were selected to build an Ethernet VPN (EVPN) network to connect data centers at LSE and in Slough over the Janet network. EVPN uses BGP for MAC address learning and MPLS with RSVP for fast convergence to provide a layer 2 extension across sites. Testing showed throughput of 3Gbps and latency of 3.3ms for small packets over the encrypted VPN tunnel between sites. While the solution works, some bugs were found in Junos and dependencies on Janet routing protocols. Supporting layer 3 and additional firewall performance improvements could enhance the network. EVPN/VXLAN on other platforms may be alternatives for the future.
The document discusses network technologies and concepts. It covers topics like network layers, IP addressing, routing, and protocols. It provides an overview of common network standards and technologies used in both home and enterprise networks, such as Ethernet, switches, WiFi, and IP routing.
This document provides an overview of key concepts in computer networking and the structure of the Internet. It begins with definitions of the Internet as a globally connected network of hosts, end systems, and routers. Data transmission occurs through various access networks to residential, institutional, or mobile end systems and then through the network core. In the core, routers forward packets via packet switching, where data is broken into packets that are transmitted over shared network links. The Internet structure is described as a hierarchical "network of networks" with different tiers of Internet service providers. The document outlines various networking technologies and concepts to be covered in more depth later.
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
This document discusses Virtual Private LAN Service (VPLS) and provides an overview of VPLS technical concepts. VPLS defines an architecture that delivers Ethernet multipoint services over an MPLS network by emulating an Ethernet bridge. Key components of VPLS include provider edge devices, pseudowires to connect customer sites, and virtual switch instances to segment customer traffic. VPLS supports both direct attachment and hierarchical architectures. Loop prevention is achieved through a full mesh of pseudowires between provider edges and split horizon forwarding in the MPLS core.
This document provides an overview of networking fundamentals and concepts. It outlines topics like basic communication concepts involving data, voice and video transfer. It describes networking hardware components like hubs, switches, routers and wireless access points. It also explains networking protocols like Ethernet, VLANs, OSI model layers and network topologies including LAN, WAN and wireless networks. The learning objectives are to understand building blocks of networks, data transmission, network devices and protocols.
Similar to L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES (20)
Our presentation to UKNOF in September 2020
In two very long nights of maintenance we acheived:
- Full table BGP on VyOS converge time in seconds
- Routing on MikroTiks converges near-instantly
- BCP38 (customers cannot spoof source address)
- IRR filtering* (only accept where route/route6 object)
- RPKI (will not accept invalid routes from P/T)
- Templated configuration (repeatable, automated) Single source of truth (the docs become the config)
Things I wish I had known about IPv6 before I startedFaelix Ltd
The document discusses things the author wishes they had known about IPv6 before starting to implement it for their small provider network. It covers IPv6 justification in terms of IPv4 address scarcity and rising costs, advice on IPv6 addressing plans and transition technologies, and gotchas like IPv6 neighbor discovery exhaustion issues. The author advocates for embracing IPv6 to avoid expensive IPv4 solutions and make the most of the large IPv6 allocations provided.
Full table BGP on VyOS converge time in seconds
Routing on MikroTiks converges near-instantly
BCP38 (customers cannot spoof source address)
IRR filtering (only accept where route/route6 object)
RPKI (will not accept invalid routes from P/T)
Templated configuration (repeatable, automated)
Single source of truth (the docs become the config)
VyOS SaltStack YAML Netbox BGP OSPF FRR RPKI IRR XDP
bgpq3 UTRS RTBH NetFlow
RIPE NCC Update 2019-10-02
How we found a firewall vendor bug using Teleport as a bastion jump hostFaelix Ltd
Teleport is an SSH system which we’ve fallen in love with. There are some great security features, of course:
- two factor authentication right out of the box
- acts as ssh certificate authority issuing short-lived credentials
- commercial options for role-based access control
But the features which we find most compelling are the ones you can’t get as easily with the likes of OpenSSH:
- session recording which can be used for audit or to refer back to from troubleshooting tickets
- session sharing so that our customers or junior staff can learn-by-doing, just like having dual controls on a car
- NAT-piercing to help manage devices within customer networks that do not have direct Internet connectivity
We have been using Teleport on a number of projects and with several customers:
- a remote probe deployment to debug a strange, intermittent connectivity problem (given as a talk at UKNOF 40 in conjunction with David Farrar of Exa Networks)
- training sessions with customers’ technical staff to show them a slightly unusual systems administration request — and the resulting session recording is an excellent reference for next time their staff encounter a similar request for changes
- paralleling pair programming we have been able to “observe” or “navigate” while junior staff “drive” the console to perform systems or network adminstration for the first time
I’ve evangelised Teleport because I feel its use fits with our philosophy of openness. Teleport could complement the knowledge sharing that goes on within network operations teams, and help senior staff work out the playbooks and improve operational procedures for their junior staff. At least one service provider was inspired by my longer Teleport presentation at NetMcr and set their junior staff the background task of moving all out-of-band access to their POP infrastructure to Teleport. I hope that their use of this tool empowers their junior engineers to take on more work, while satisfying any regulatory or audit requirements that security staff worry about.
The Story of CVE-2018-19299 - finding and reporting bugs in Mikrotik RouterOS v6Faelix Ltd
During some research which found CVE-2018-19298 (MikroTik IPv6 Neighbor Discovery Protocol exhaustion), I uncovered a larger problem with MikroTik RouterOS’s handling of IPv6 packets. This led to CVE-2018-19299 vulnerability in RouterOS which allowed for remote, unauthenticated denial of service.
Keeping your rack cool with one "/IP route rule"Faelix Ltd
This document discusses how Faelix, an ISP, uses MikroTik hardware and RouterOS at their provider edge to route over 600k IPv4 routes and 30k IPv6 routes. They initially migrated from Quagga and BIRD on Linux servers to MikroTik due to its energy efficiency and affordable hardware. While there were some bugs experienced, MikroTik has proven reliable overall. The document then explains how Faelix is able to firewall traffic with zero filter rules using a single "/ip route rule" to mark and route traffic to a separate routing table based on address lists from fail2ban and AMQP. This allows blocking of attacking traffic at the provider edge across multiple data centers in a
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
1. L2TP 101
ON-RAMP TO CONSUMING
WHOLESALE BROADBAND SERVICES
https://faelix.link/netmcr57
2. About Marek
Stuff I do:
CTO @FAELIX – https://faelix.net/
PC @uknof – https://uknof.uk/
Crew @net_mcr – https://www.netmcr.uk/
Trail of SSIDs in my wake: "AS41495 Faelix Limited"
Me — @maznu – @NetworkMoose
3. This Talk
Aimed at anyone starting their journey with
providing ADSL/FTTC/SoGEA/GFast/FTTP via
wholesale L2TP.
Will touch on ISO/OSI layers 1-7 + 8 + 9.
11. FTTP: The ONT
Copper demarcation is “BT Master Socket”
Fibre demarcation is “The ONT”
PON fibre in, ethernet out (and maybe FXS for VoIP)
Some ONTs have multiple ethernet ports
Separate customer services, multiple providers
Total bandwidth still limited by the PON
18. L2TP (v2)
L2TP = Layer-2 Tunnelling Protocol
Typically IPv4 UDP port 1701
20 (IP) + 8 (UDP) + 12 (L2TP) bytes of headers
Multiple sessions within one tunnel
Tunnels can be authenticated with secret
PPP sessions can be authenticated
Can add/drop L2TP sessions in and out of tunnels
19. Terminology
LNS = L2TP Network Server
LAC = L2TP Access Concentrator
LTS = L2TP Tunnel Switch (Cisco “L2TP Multihop”)
RADIUS = Remote Authentication Dial-In User
Service
22. LAC and LNS
LAC “concentrates” (aggregates) customers
Based on the authenticating user’s realm it will try
to create an L2TP tunnel and session to your LNS
Might use RADIUS steering to determine LNS’ IPs
and L2TP secrets
Or might have a static per-realm configuration
And now you’re running PPP end-to-end!
39. FreeRADIUS: Steering
update {
reply:Tunnel-Server-Endpoint:0 = “192.0.2.1”
reply:Tunnel-Password:0 = "hunter2"
reply:Tunnel-Type:0 = L2TP
reply:Tunnel-Medium-Type:0 = IP
control:Auth-Type = "Accept"
}
Full write-up at faelix.net/news (includes ExaBGP
and service tests for HA)
40. FreeRADIUS: AAA
Actually nothing clever required!
We added a feature to our setup:
user+steer@realm
treated as user@steer.realm for session steering
but treated as user@realm for auth
41. user+steer@realm
Steer sessions from user-side to specific LNSs
One tunnel to London, another to Manchester
BGP route servers to receive nearby IX CDN prefixes
Anycast DNS helps CDNs to serve traffic locally
Will be giving a talk about this at LINX on 31st March
43. Experience: Enta
Available in: MA1, THN, THW, THE, LD8…
Seemed easy to onboard with
Were still Mbit/sec charges on some packages
Else strong expectation to achieve MoQ
BTW and Enta LLU
NB: we didn’t finish onboarding with Enta, but might
complete this in future if demand/requirement
44. Experience: ICUK
Available in: THN, THW, LD8
Pretty easy to on-board with: sent an email
Apply for your OFCOM RID before starting
Deposit required, plus some setup charges
One realm per customer, statically steered
One 1G NNI (unless you reach volume targets based
on lines, or pay monthly for extra NNI)
BTW and TTB
45. Experience: Zen
Available in: MA1, THN, THE… LON1/2/3?
Took ages to get them to talk to us
Dedicated onboarding, weekly progress meetings
Unlimited realms, supports RADIUS steering
Expectation of multiple 10G NNIs
“Want to see a sales path to hundreds of tails in Y1”
BTW and Zen LLU (and TTB, but not on wholesale)
46. Experience: APIs
ICUK’s API is easy for availability searches and
ordering (albeit slightly unusual authentication)
Zen’s API doesn’t like User-Agent: /.*python.*/
ICUK’s API for everything: WLR and broadband
Zen’s API only for broadband, can’t choose network
WLR is third-party, doesn’t seem to be API?
48. Wholesale Line Rental
The “copper pair” required for ADSL, FTTC, GFast
Approximately £9-11/month (plus calls)
“Naked” FTTC = SoGEA (no telephone line)
SoGFast exists (but not always productised)
Services are slightly cheaper overall
FTTP has no copper pair, all fibre, VoIP telephony