I got a call from our Systems and Security guys today to talk about a Wireshark capture they had done from a user VLAN.  They had noticed two frames that were destined for some seemingly random host in the same network as they were in, but the source and destination IP addresses reported by Wireshark made no sense.  The frames were from a web server to an IP address on our wireless network.  The web server is on the other side of the firewall, and the wireless network is on the other side of the controller; there was no reason at all that a packet with that source and destination would show up here.

Yes, it is inevitable that I cover these.  I’m sure network types will be next.  Per my usual request, please correct my stupidity.

Type 1 - Router : This LSA type lists all the routers by RID as well as the networks to which that router connects.

Type 2 - Network : These LSAs represent broadcast network where more than one OSPF router may live.  Think Ethernet or multipoint segment.  These LSAs are flooded by the DR for that segment.

My prediction about covering network types was wrong.  I’m going to puke out some information about neighbor states for now.  As is always the case, corrections are welcome.

Down : No hellos have been received from this router.

Attempt : This state only applies to manually-configured neighbors on an NBMA network.  In this state, a router has sent unicast hellos to the neighbor but has not received any back from it.

I have had my nose deep in several books in preparation for my CCIE R&S written exam, so I haven’t been blogging much at all.  Now that I’ve made it to the more familiar topics, I’m hoping to get some notes posted.  I’ll start with OSPF message types.

As always, please feel free to correct me here.  I’m learning just like the rest of us.

Hello : These messages are used to establish neighbors and serve as keepalives among other things.

I’m sure you’ve all heard of Cisco IOU by now, and I’m finally catching up with the other bloggers of the world by mentioning it.  It’s an executable version of an IOS image that runs on a Unix (or Unix-like) platform and it’s the backend behind Cisco’s Learning Labs.  Instead of running an emulator and loading up various images, you just run the executable and you’re on the console of a Cisco router.  It has layer 2 support, so you can fire up switches as well.  Being a binary makes it way more efficient than GNS3 will ever be, and the layer 2 support is a wonderful, wonderful feature to have.

For the first time ever, I’m headed to Cisco Live - the big Cisco users conference in Las Vegas! I usually don’t go to these things since I wind up just hanging out by myself, but I’m meeting all sorts of people there - from bloggers to Tweeps to personal friends. It should be a huge blast, and I can’t wait to get there.

For those interested, here’s my schedule.

If you’ve worked in any particular area for some significant amount of time, you have probably noticed that how much you think you know about a subject has changed over time.  This is nothing earth-shattering, and we’ve all had this realization over the course of our lives; it’s come up a lot lately in the course of my career, so I thought I’d share.

When you learn a new topic, your actual knowledge levels starts at a low point and gradually works its way up until you’re an expert (if you’ve lasted that long).  You start with nothing and learn more and more until you get bored and stop.  If you evaluate how much you know at intervals during the process, you’ll see that your self-assessment is more of wave than the straight(er) line of actual knowledge.

ACLs in IPv6 aren’t that different from what you’re used to dealing with in the IPv4 world.  You create a list of denies and permits for use with some other structure like filtering, PBR, and all sorts of other stuff.  Let’s take a look at building an ACL and filtering traffic with it.

For those playing at home, here’s the setup I used to generate the configs and get the output.  Execute some click action for the whole thing.

This is a surprise, but Cisco has announced the end of life of the 6500 switches that we all know and love.  Usually Cisco gives a platform a few more years after they decide to retire it, but the schedule only gives the 6500s one more year of service.  I’m sure this goes back the success and recent expansion of the Nexus line of switches.

Here’s the lowdown from Cisco.

My ISP at home is great.  I have infinite bandwidth because they have no idea how to do any rate limiting.  Heck, they’re not even skilled enough to know that I have several public IP addresses from their DHCP server.  That means, though, that they’re not ready for IPv6.  They’ve ignored my emails and support tickets asking about their deployment strategy, so I gave up and looked at turning up a tunnel with a broker.  I chose Hurricane Electric for no particular reason; they were just the first ones I found.  The setup was super-easy and works flawlessly.