Currently browsing author

nyquist

IPSec VPN 101

1. IPSec IPSec is a framework of open standars that offers security services to IP communication. When using IPSec you get the following benefits: Data confidentiality – packets are encrypted before being sent Data integrity – the receiver can verify if a packet was altered between the sender and itself …

Linux Terminal Colors

1. Enabling colored output 1.1 ls –color In Linux, you use the ls command to display the contents of a folder. ls can be used with the –color=WHEN attribute to display the contents colored according to the LS_COLOR environment variable: You usually configure an alias to force ls to use …

Linux File System Hierarchy

Linux File System Hierarchy is a reference that describes how the Linux Files System Hierarchy should look like. Currently, the FHS in use is at version 2.3 and was released in 2004. You can check it at http://www.pathname.com/fhs/. Most Linux distros have a policy of respecting FHS, so most users …

PfR 101 – Perfromance Routing

1. PfR Technology PfR stands for Performance Routing, but the feature was first called OER (Optimized Edge Routing). This is why most commands still start with the oer keyword. The idea behind PfR is to have a controlling entity (Master Controller) that takes over routing decisions for one or more …

NSF – Non Stop Forwarding

1. What is NSF NSF is a feature that allows routers to keep on forwarding traffic (non stop forwarding) even in the event of a restart. This is done by separating the control and the data plane, having one process involved in building the routing table and another process in …

BFD – Bidirectional Forwarding Detection

1. What is BFD? BFD stands for Bidirectional Forwarding Detection and it’s a protocol that is used for rapid detection of link failures when the line-protocol is still “up”. BFD is enabled on interface and creates a BFD session with the neighboring router (BFD Peer). Routing protocols such as EIGRP, …

Routing Order of Operations

The original information was taken from Cisco article on NAT Order of Operations. However, this order helps understand other features, like WCCP. 1. Routing Order of Operations If IPSec then check input access list decryption – for CET (Cisco Encryption Technology) or IPSec check input access list check URPF (Unicast …

MTU 101

MTU stands for Maximum Transmission Unit. This is the amount of data that can be transmitted by one protocol. MTU is used at every layer of the OSI stack, but it’s value is closely related to the layer/protocol. 1. On a router 1.1 Layer 2 – mtu On a router, …

Per VC Frame Relay QoS

QoS parameters can be set on Frame Relay interfaces or subinterfaces using MQC commands. The disadvantage is that the policy applies to all the traffic of the interface, and not per virtual circuit (DLCI). For this purpose, the concept of Frame Relay map-classes was developed. A map-class contains configuration information …

LFI for MultiLink PPP

1.LFI for MultiLink PPP on Serial Interfaces PPP Multilink LFI (Link Fragmentation and Interleaving) allows a router to send big frames fragmented so that smaller, delay sensitive packets can be send between these fragments of larger frames. If LFI is not enabled, a packet would have to wait for the …