How Does Internet Work

In SSM, Source-Specific Multicast, things are done differently from standard multicast forwarding. SSM is specifying a group of hosts that are receiving same multicast stream using group IP address and additionally using stream unicast source IP.

In this article it is shown how to configure Source Specific Multicast on Cisco and Juniper equipment.

In standard multicast, forwarding is done using group IP address which is an IP from multicast dedicated range 224.0.0.0/4 (224.0.0.0 – 239.255.255.255) or FF00::/8 in IPv6. Each multicast group IP address is a single address which specifies all hosts receiving a specific stream, streamed towards that group IP address from multicast source. In standard multicast everybody can start to stream with some IP multicast group IP, becoming in that way, the multicast source.

QKD – Quantum key distribution is the magic part of quantum cryptography. Every other part of this new cryptography mechanism remains the same as in standard cryptography techniques currently used.

By using quantum particles which behave under rules of quantum mechanics, keys can be generated and distributed to receiver side in completely safe way. Quantum mechanics principle, which describes the base rule protecting the exchange of keys, is Heisenberg’s Uncertainty Principle.

Heisenberg’s Uncertainty Principle states that it is impossible to measure both speed and current position of quantum particles at the same time. It furthermore states that the state of observed particle will change if and when measured. This fairly negative axiom which says that measurement couldn’t be done without perturbing the system is used in positive way by quantum key distribution.

I stepped on this issue few weeks ago. I was implementing a new ASA Firewall solution, first time for me with software newer than version 8.4.2

It seems that all those stories about changes in the NAT logic after that version were true. This is what I found out about ASA packet processing.

Configuration was really straightforward and everything worked fine except one thing. When connected remotely using Cisco AnyConnect I was able to access all devices inside the network (inside ASA firewall), but not the ASA itself. I wasn’t able to connect with SSH nor with ASDM.

Quantum cryptography is a new technique of securing computer network communication channel. Existing standard crypto systems are using advanced algorithms to create key pairs which are extremely hard to inverse engineer. Quantum cryptography avoids any mathematical algorithm and uses principles of quantum physics.

Quantum crypto implements a new technique of generating and exchanging crypto keys which makes it impossible for third party entities to get those keys by snooping or to create man in the middle by snooping and sending copies of original key. Keys generated in this way will automatically destroy themselves if read by third-party interferer.

When generated between two sides, using quantum key distribution, secret keys will be used with standard and well known symmetric encryption. The key generation process is the only part which uses quantum principles to work, from there, using this “hyper-secure key” already existing symmetric encryption will be used to encrypt and decrypt data, which will be sent over standard, currently available, optic data networks.

If you want to send or store data and be sure it is safe from being intercepted, you will use Cryptography. Cryptography uses chipper as mathematical virtual lock to make data scrambled so that is not understandable if intercepted by unauthorized third parties.

There are different cryptography techniques, some of them are: encryption, hashing, and steganography.

Cryptography can be differentiated by usage of different key types:

• Symmetric Key Encryption
• Asymmetric Key Encryption

Symmetric Key Encryption is sometimes known as Secret Key Cryptography. Main characteristic of this type of cryptography is the same key usage in encryption and decryption of transferred data. Every change in the secret key will make data decryption impossible.

Asymmetric Key Encryption is known as Public Key Cryptography technique. Main characteristic of this type of cryptography is usage of two sets of keys which are generated for the process. One key is public and other is private. Public key encrypts the data. We can only decrypt that data using appropriate private key. The best part of asymmetric cryptography is that is giving us a technique to share encrypted data and enable the receiver to decrypt that data without sending the decryption key across unsecured network.

I’m sorry to put here something that is not really technical but for a blog with the name “howdoesinternetwork.com” it would be strange not to follow the story about the future of DNS governance given the fact that DNS is a crucial part of internet functionality.

You probably know how the internet works given the fact that you are visiting a blog like this. Regardless of that, it will not hurt to explain in few words the importance of DNS (Domain Name System) for a normal internet operation.

Let’s surf to se how this works

If you want to open this webpage or send an email to someone, you must enter a destination to your computer so it could know where to sent your stuff. As you are most surely a human, being, you would like to use a name like google.com for opening a webpage or an e-mail address in order to send a message to your colleagues (rather than some strange numbers separated by dots or colons). Almost all humans are like that and they want to use names and addresses. Computers, on the other hand, know to reach each other only by IP addresses.

You can see that we needed someone to take the role of the “address book” as soon as we got the internet.

For a shorter update procedure guide check abbreviated article: Short list of upgrade steps without extensive explanations “Cisco Catalyst 6880-X VSS ISSU Upgrade Steps“

Intro

Cisco spoiled us over the years with great and detailed documentation on each technology and hardware component they support. Still, I managed to find a part where documentation is not detailed enough to give you definite number of steps to get things done.

While preparing for software upgrade of Cisco Catalyst 6880-X VSS cluster I stumbled on one of the first examples of outdated and vague procedure for upgrade of Cisco device. Here is my successful ISSU (In-Service Software Upgrade) procedure which I done few days ago. I hope it will help you avoid sweating and hoping that you typed the right thing on a VSS cluster that should not go down at any point 🙂

I included an Acronym Guide at the bottom of the post to guide you trough VSS, ISSU, Cluster, and other mentioned abbreviation which are not described in details here

In my case the environment was Catalyst 6880-X and four 6800ia Fabric Extenders FEX. The same procedure is valid for more on for no FEX extenders.

Cisco Catalyst 6880-X VSS

Get the info on which IOS version is supported to be upgraded with ISSU

Not all IOS images can be upgraded to new IOS versions using In Service procedure to avoid network traffic downtime. In order to get things working, you need to get into Cisco docs and find ISSU supported upgrade matrix document.