How Does Internet Work

I was planning for some time now to make a list of books I read recently, here’s the list

It should be something like a book reading suggestion list in order to maybe help you pick the right materials in your networking technology learning journey.

On the top are the books I used most while studying for my certs but also some of them are the books that I usually carry with me on my Kindle or PDF wherever I go. It is always a good idea to have those books on you so you can have a look at some details when you need them.

I already wrote about Control Plane Protection in one of my previous posts focused on Cisco device configuration. Here we will make the same thing on Juniper device, I was using Juniper SRX300 and Juniper SRX1500 devices in my lab.

CoPP ??

Control Plane Protection (CoPP) is a method of protecting processor unit, running services on your network device, against excessive flooding. Excessive flooding of traffic aimed towards your router/firewall processor, being that valid or malicious, is always undesirable and can also be dangerous.

A network device, which starts the receive more control traffic that his processor can process, will eventually experience control traffic packet drops and it will lead to some of the router functions to become unstable. Some of the most common control traffic generating services on a router are routing protocols with different update packets, Spanning Tree with BPDU packets, HSRP, CDP, ARP, and different management traffic services like SSH, SNMP, RADIUS etc.

Some of those control plane traffic types are more important than others but they all have in common the fact that they don’t normally use much bandwidth to function. Having that in mind, it is easy to conclude that the situation above with router processor at 100% because of control plane traffic is most surely caused by a DDoS attack towards your device.

More unusual is the situation when a neighboring device is experiencing some kind of malfunction which makes him send large amounts of control plane traffic out of his interfaces towards your device.

CoPP is the best way to avoid this kind of attacks or malfunctions to get in the way of your network device stability. CoPP is basically configuration of QoS inbound to your device control plane (CPU).

CoPP Best Practices

The way to configure CoPP in the most stable and effective way is to use guaranteed minimal available bandwidth for each control plane traffic type.

If you have a Juniper device that needs to be sent to RMA or you are just putting it to some other use on your network, you will probably want to completely clear the configuration on it.

There are different ways to do it for different purpose.

If you want to securely wipe all data from this device and make it completely like when you received it from the store then next command is the right one to use:

I know, this is not about networking but I received few great feedbacks to my posts about the matter so I decided to share with you the materials I used to write it. It’s not about networking, but it is about everything.

QUANTA?!

I was writing about quantum cryptography and quantum key distribution process few months ago (which are network related). When I started to write those articles I was not aware that it will take me more that two months to write something close to understandable about quantum world. As it came out, like many times before, I was in unknown unknowns with that part of physics. I needed to start from scratch and learn some basics about quantum physics so I could understand and finally write about the application of quantum theory to computer network encryption process.

I went through few very interesting and not to extensive books and articles which helped me to get the basic info about quantum physics. Quantum physics basically describes how everything in the universe works starting from small to huge things and stuff that can not be described as things like different energy states etc. Things work differently if you zoom inside atoms and the way stuff is working down there will blow your mind.

Computer networks are probably the best example of graphs these days. I started therefore to consider graph database as an excellent tool for storing experimental results of my networking complexity analysis method. It’s a project that I’m doing (starting to do) in which I will try to create a better method of computer network complexity audit by combining few of already existing methods and by additionally enhancing some of their algorithms to get more precise results out of the whole thing.

The idea is that most of network complexity measurement mechanism rely strongly on graph theory in which most metrics for measuring network/graph complexity is related to connectivity, node distance, and similar graph characteristics but with no particular way of measuring implementation complexity nor operation complexity of resulting network. Furthermore, existing methods do not contain a way to evaluate network system from economic perspective in any way, which would greatly increase the use cases for this new method, specifically in planing and designing phases.

In case you wondered how to redistribute static routes into dynamic routing protocol you are at the right place. This is normally a basic thing to do, but I will let you know how to do it in different ways on different vendor devices so it might be interesting.

We will go through few examples of normal static to OSPF redistribution and then see how it can be partially done with only part of static routes using route filters. I’ll do it on Cisco and Juniper devices so we can see what’s the difference.

Cisco

In Cisco CLI, redistribute static is fairly simple thing to do:

Router(config)#router ospf 1
Router(config-router)#redistribute static subnets

But you need to know that this simple command will take all static router available on that router and push them to OSPF and redistribute them to all other routers participating in that OSPF process.

If you want to redistribute just some of the static routes, or in our next example only static route towards the network 10.10.10.0/24 you need route map filtering in redistribution command to reference only that one network:

I was preparing lab environment to test configuration of Source-Specific Multicast on Juniper SRX Equipment and needed a tool to generate and measure Source-Specific Multicast streams.

I was aware that Iperf is a good enough tool to generate and measure multicast and unicast traffic but support for SSM was missing from current version. Fortunately there are always some developers which are interested in networking so one of them developed a special Iperf version 2.0.5 with SSM support.

The idea here is to show how to make this version of Iperf work on your Cent OS or similar Linux machine.

Here are few steps that should work from your Cent OS 6.8 Linux Server and hopefully from other similar distributions to: