Currently browsing author

nyquist

PKI 102 – Digital Certificates

1. Digital Certificates One of the most important things when it comes to crytpography is authentication which is the process of verifying that an entity really is who it claims to be. In modern cryptography this is usually done through a digital certificate. A digital certificate binds an entity’s identity …

SSH Client 101

1. On the client host 1.1 Connect to a (remote) host To connect to a SSH server use

If no identity file is specified, the client will try to look for one in

. That is for RSA keys. For other key types there are corresponding default locations:

. …

PKI 101 – Key pairs

Public Key Infrastructure, aka PKI, is a set of roles, procedures and policies used to manage digital certificates and public key encryption. The end goal is to provide a secure method of exchaning information between parties. 1. Public Key Cryptography 1.1 Symmetric Encryption With symmetric encryption, the same key is …

NetFlow 102 – FNF – Flexible NetFlow

Netflow configuration is different by platform and IOS version. Initially, Cisco IOS supported what is now known as “Traditional/Original Netflow(TNF)”, but newer versions of the IOS support “Flexible Netflow (FNF). Support for Traditional Netflow configuration is being dropped from neweer IOS versions, so if available, use Flexible Netflow configuration on …

ITIL Service Strategy

1. Principles Goal: Superior performance versus competing alternatives The 4 Ps of Strategy: Perspective: descibes vision and direction, business mission, philosophy Position: distinctivness of provider in the same market space Plan: means of transforming from ‘as is’ to ‘to be’ Pattern: describes a series of consitent deccisions and actions over …

ITIL Definitions

Outcome: The result of carrying out an activity, following a process or delivering an IT service. Service: A means of delivering value to a customer by facilitating outcomes customers want to achieve without ownership of specific costs and risks. IT Service: A service provided by an IT Service Provider. An …

DMVPN

1. DMVPN DMVPN – Dynamic Multipoint VPN is a technology that uses IPSec, mGRE and NHRP to provide a dynamic VPN infrastructure. DMVPN evolved in several phases as follows: DMVPN phase 1: Hub and Spoke – spokes only communicate via Hub DMVPN phase 2: Hub and spoke with spoke to …

How CEF works

1. Process Switching 1.1 How it works Network interface detects a new packet on the wire. The interface will receive the packet and will place it in the I/O memory. It will then send a “receive interrupt” to the processor to indicate that a new packet needs to be switched. …

MPLS L3 VPN

This article assumes the “provider” network already has an IGP in place and that the LDP is configured to advertise label bindings between LSRs. Check MPLS 101 on how to do that. 1. Verify LDP is working within provider network One common mistake when configuring L3 MPLS VPN appears when …

IS-IS Mechanics – CLNP

1. ISO OSI Terminology ISO OSI term TCP/IP Equivalent End System Host Intermediate System Router Circuit Interface Area Area Domain Autonomous System IS-IS = Intermediate System to Intermediate System CLNP = Connection-Less Network Protocol = Layer 3 network protocol that is used to communicate between ESes. CLNP offers a CLNS …