Always Networks Blog

Replacing a failed Cisco Ironport Web Security Appliance Proxy

Recently we had a Cisco Web Security Appliance (WSA) Proxy fail. When I say fail, I mean a single stick of RAM failed after a reboot. Cisco said RAM isn't replaceable so we had to RMA the whole box (odd for a device that is basically a rebadged server...maybe I have a money saving idea for you Cisco!)

There were a few steps to …

Read whole post...

Checkpoint GAiA BGP Network Origination

Fri 30 January 2015

I was recently involved in a project upgrading the core firewall pair from Checkpoint R71.40 SPLAT to R77.20 GAiA. While very different, a lot of the configuration is pretty straight forward, and well documented in various articles on the Checkpoint website.

This setup runs BGP on the firewalls, to learn routes from our internal VRF's and also the WAN VRF where our MPLS …

Read whole post...

Upgrading Checkpoint Management Server from R71.40 to R77.20

Sun 11 January 2015

We have just undertaken a project to upgrade the Checkpoint Management server from R71.40 to R77.20. It went very smoothly, and was probably a lot easier than I first expected.

The first thing to note is that this upgrade cannot be done direct. In accordance with the upgrade path, you must first upgrade to R75.40.

Luckily for us, we had shiny new …

Read whole post...

Cisco Nexus 1000v Module in "Other" state

What you don't need while you are checking your morning emails and drinking your first cup of coffee of the day is to receive an email saying that the VSM for the Nexus 1k has rebooted.

By the time we logged on to the Nexus 1000v, it was back up. "show system redundancy status" showed both VSM's (supervisors) as being up and HA. The "show …

Read whole post...

CCIE Written Blueprint: 1.3.c Interpret packet capture

Thu 09 October 2014

This is a very short section! I didn't see the point in harping on about wireshark, I use it most days at work. And the IOS embedded packet capture was discussed in length further up the blueprint (i.e. in a previous blog post).

1.3.c Interpret packet capture

1.3.c (i) Using Wireshark trace analyzer

Packet capture can be obtained using a …

Read whole post...

CCIE Written Blueprint: 1.3.b Apply troubleshooting methodologies

Sat 04 October 2014

This is another difficult section in the blueprint to write about. I find troubleshooting techniques and methodologies to be quite personal; no two people's brains work the same way. I guess this is based on how I do things and some tips I've received from a few people over the years.

1.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify …

Read whole post...

CCIE Written Blueprint: 1.3.a Use IOS troubleshooting tools

1.3.a Use IOS troubleshooting tools

1.3.a (i) debug, conditional debug

Debugs can be used on a wide range of functions (debug ?). Some debugs can be very noisy. Debug conditions can be set to filter out some of the noise – for example debug condition interface fa0/0 will limit the debug information to things using that interface. Undebug all does not remove …

Read whole post...

CCIE Written Blueprint: 1.2.a Evaluate proposed changes to a network

Tue 09 September 2014

As the blueprint goes, this is, in my opinion, the most vague topic to write about. It is dependent on the understanding of the topics, and how the changes will impact the existing network. I have skimmed through this really, with the intention of covering the topics in their actual topic sections. I am pretty used to evaluating impact - I seem to spend my entire …

Read whole post...

CCIE Written Blueprint: 1.1.f Explain UDP operations

Wed 20 August 2014

This topic made me think about the starvation stuff. I suppose it is pretty obvious that UDP wouldn't back off if WRED was employed, but it's something I never really thought about.

I found a few good videos on YouTube which gave some good RTP/RTCP overviews.

1.1.f (i) Starvation

TCP Starvation / UDP Dominance is experienced in times of congestion where UDP and …

Read whole post...

CCIE Written Blueprint: 1.1.e Explain TCP operations

TCP - I thought I'd glance over this section. Turns out there was some stuff I'd never heard of, such as the bandwidth delay product.

1.1.e (i) IPv4 and IPv6 PMTU

Path MTU Discovery is the process of sending increasingly larger packets with the DF bit set, until finally a ICMP Destination Unreachable (Packet too large, DF bit set) message is received. The size …

Read whole post...