Speaking with quite a few network engineers in the last few months, I was shocked by the lack of real understanding of the Domain Naming System (DNS). It shocked me because it is the singular application functionality that is entirely network-based. Meaning that DNS is the foundation of the Internet, and from their perspective, should […]
DNS: Back to Basics for Network Engineers Read More »
Bottom line up front: Cisco has a broken implementation of OSPFv3 authentication. This story begins like many do with network engineers trying to do their best in implementing IPv6 after a thorough and exhaustive engineering exercise. Cisco’s Aggregation Services Router (ASR) routing platform running IOS-XE, starting with version 3.1.0 until the most recent 3.09.02 S,
Authentication for OSPFv3 Address Family support in IOS-XE? Think again Read More »
A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space. Enjoy! Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips – especially
The Urgency Behind IPv6 Read More »
Picking up where we left off last, I was showing you the awesome usefulness, security and affordability of Yubikey (Yubico’s 2-Factor authentication token) and using it for 2-factor authentication on network devices. Well, I’d like to go another step forward: 2-Factor authentication for Windows computers to a Windows Active Directory environment. If your enterprise deployment
Yubikey and Windows Domain 2-Factor Authentication Read More »
In the DoD there is a strong requirement for 2-factor authentication in the network. For systems and workstations they use a successful implementation with Public Key Infrastructure (PKI) and a DoD common access card (CAC) which has a client certificate. The user has a PIN; therefore, 2-factor. Nothing like this exists for network devices (routers,
Secure and Affordable 2-factor authentication: Yubikey Read More »
FIPS 140-1 and FIPS 140-2 had quite a bit of longevity. However, FIPS 140-3 is almost here. Based on previous NIST standards development processes, the 140-3 standard will most likely have a publication date of a year from now. So sometime in February/March 2014, FIPS 140-3 will be the dominate federal crypto module certification. Not
FIPS 140-3 is Coming: Time to Plan Read More »
A colleague brought up a very important issue in regards to vPC survivability. There are Nexus vPC Peer-Link interface options. Take a look at the below diagrams. As you can see, we have a big problem here with survivability that can often be overlooked: if the one single vPC layer-3 peer-link interface goes down for
Nexus vPC Peer-Link Interface Options Read More »
***Update 7 January 2013: The APLITS website is now back up and serving the DoD APL community***
DoD APL Website Down Read More »
I have recently started working in a datacenter configuring quite a few Nexus 7000 series switches to act mainly as datacenter access switches – mainly making use of the popular features of Virtual Device Contexts (VDCs) and Virtual Port-Channels (vPCs). Well, IPv6 is a key part of the network environment. So for the last week,
Nexus 7000 IPv6 Configuration Pitfalls Read More »
Well, today is the day, or the last day I should say. At midnight tonight, the US Government will have shut the books on yet another Fiscal Year. Although, it’s not finances that has the technology industry glued to government tech news; it’s IPv6 adoption. By the end of FY 2012, the entire US Government
2012 US Government IPv6 Mandate: The Day of Reckoning Read More »