Network Managment

Route Summarization for the ERS8600

8 months ago
by Paul A. Leroux in , ,

As networks grow in size the routing tables on each router grows as well. As a result the overhead to process the routes can grow exponentially and take resources away from other functions the router can be performing. As well, large routing tables can be difficult to read quickly, efficiently and troubleshoot. You can make your life extremely easy if you engineer your IP addressing using an harmonious numbering system and avoid using a discontinuous network address scheme. If you adhere to these methods and use CIDR addresses you can also take advantage of Route Summarization (aka Route Aggregation)

An example of a route summariztion would be: If you have an ASBR that manages five 24bit networks.

172.16.0.1/24
172.16.1.1/24
172.16.2.1/24
172.16.3.1/24
172.16.4.1/24

In a neighbouring router’s table, these networks will be listed as attached networks with a next hop and value. And each route will be advertised to the LSDB. We can reduce the amount of advertisements by summerizing these 5 networks on the ASBR as one large Network so the neighbouring router will only receive one advertisement. This is accomplished by using a CIDR mask length that will encompass the entire range of the 5 example networks.

The five networks listed above consist of the range 172.16.0.1 – 172.16.4.255. This can be summarized as 172.16.0.0/21 or 172.16.0.0/255.255.248.0

To accomplish this you will need to understand CIDR, VLSM, IP, and binary Math.  The best site I have found that explains the math behind the calculations is.  http://subnettingmadeeasy.blogspot.com/2007/11/router-summarization.html note: the author of this article makes some great observations on how summarizing your routes can cause issues. He also describes some great work arounds.

or if you are like me. You can use an online calculator. The best one I have found is http://buchananweb.co.uk/security51.aspx

An ERS8600 CLI example of the route summary described above would look like this.

ip ospf admin-state enable
ip ospf router-id 172.16.0.0
ip ospf enable
ip ospf area 0.0.0.1 create
ip ospf area 0.0.0.1 range 172.16.0.0/255.255.248.0 create advertise-mode summarize lsa-type summary-link advertise-metric 10

Telnet ACL Based On Network Source

9 months ago
by Paul A. Leroux in , , ,

This is something quick and easy if you wish to limit Telnet access based on network source.

The Setup:
On one Avaya ERS8600 I have the management interface configured for a 192.168.1.0/24 network.
I have the native Vlan1 configured as a mock user network with the address 10.10.10.0/24.
The goal is to only grant Telnet access to users that are from the 192.168.1.0 network.

The Configuration:
You will be configuring two policies and then enabling access policies globally. Policy #2 will be the “allow” policy specifying the telnet service and the allowed network. Policy #3 will be the “deny” equivalent for the user network. Note that you can not delete the native policy #1.

sys access-policy enable true
sys access-policy policy 1 service http disable
sys access-policy policy 1 service ssh disable
sys access-policy policy 1 service telnet disable
sys access-policy policy 2 create
sys access-policy policy 2 accesslevel rwa
sys access-policy policy 2 access-strict true
sys access-policy policy 2 name "allow telnet"
sys access-policy policy 2 username ""
sys access-policy policy 2 network 192.168.1.0/24
sys access-policy policy 2 service snmpv3 enable
sys access-policy policy 2 service telnet enable
sys access-policy policy 3 create
sys access-policy policy 3 accesslevel rwa
sys access-policy policy 3 access-strict true
sys access-policy policy 3 mode deny
sys access-policy policy 3 name "telnet  deny"
sys access-policy policy 3 precedence 11
sys access-policy policy 3 username ""
sys access-policy policy 3 network 10.10.10.0/24
sys access-policy policy 3 service telnet enable

Outcome:
Any attempt to login with telnet from the user network 10.10.10.0 is instantly dropped by the 8600 an the event is recorded into the log.

Data Storage and Backup: Can you afford it? A better question, can you afford not to?

10 months ago
by Paul A. Leroux in

Everyone that has ever worked with a computer has experienced (or will eventually experience) an “Oh Sh!t” moment.  The technical term for an “Oh Sh!t” moment is a partial or complete loss of all your personal data.  Possible scenarios of this could stem from either the accidental deletion of data, virus or hacker attacker,  theft of a computer system or a hard drive failure.  The sinking feeling of turning on a computer or laptop, only to get greeted with the “can not find hard drive” message is a feeling I have felt once before. And when it happens to you the first thoughts through your head will be “How much time, effort and money will it take to get my data back?”.  Or if it’s even possible at all?

If you want to put a value on your data, consider the following and do your own math at home.

Music: Between my girlfriend and I we have over 100GB of iTunes music at an estimated value of $500-$1000. If you steal your music just think of the time it would take to find and download it all over again. If you are with a carrier that now has download caps this stolen music might cost you after all if you have to get it again.

Pictures and Videos: Think of all your vacations, family holidays, special events and the pictures from these events.  The cost to replace these moments in time would be in upwards to several thousands ($5,000+) to priceless and impossible. A perfect example: In 2004 I went to London England and during that trip I took about 500 pictures.  If you consider airfare, accommodations, and expensiveness, that trip cost me over $2000.  I can go to London again, but I could never reproduce the images of Arsenal FC playing at Highbury Stadium.

Work related documents and financials: This is the big category because when you lose this data it can hit you where it hurts the most. Think of all the time and effort it would take to reproduce all the documents and records for your personal affairs or business. As well as the impact to the operation of your daily business. If you are an entrepreneur the cost to you and your company could be bankruptcy.

 

Conclusion:

If I look at the dollar value of my data, the value of my iTunes library alone warrants me to look at some kind of data backup or NAS solution. And if you were doing your own math at home I am sure you are now thinking the same. So protect your data! The cost to buy or engineer a backup solution will be much less than the value of your data. Here are some data backup options and solutions.

1.  2TB Sata hard drive and a USB to IDE/SATA adapter ($100 + $30).

2. A COTS NAS solution like D-LInk, Buffalo, or Drobo. ($200-$2000)

3. Online solution like Google Docs  ($256 for 1TB) or a Subscription based service like http://www.carbonite.com

4. A D.I.Y NAS product like FreeNAS (software is $0.00 + cost of an old server or PC)

5. Apple users can experiment with Time Machine.

 

Footnote: I recently built a NAS server using FreeNAS v8RC5. I will blog about my setup in the near future.

 

Total Network Managment: Some things to consider

1 year ago
by Paul A. Leroux in

When a network engineer is asked about network management one often thinks about CiscoWorks, HPopenview, SolarWinds etc. If only it was that simple. “Total” Network management reaches well beyond the configuring and monitoring of your switches and routers. Here are some things to consider when you are asked to think about network management.

Cable Management:
FYI, Poor cable management is my biggest pet peeve.
Orphan cables: Have you ever seen a cable hanging out of a rack with no home and not sure what port it is plugged into on the other end? Well get ride of it. Next time around someone will see it hanging there and plug it into something it shouldn’t.
Label your cables: I would never expect all cables to be labeled. But all key links such as inter-router, inter-switch, firewalls and circuit links should be labeled.
Cable Lengths: When ordering your cables always error on the side of too long. But too much excess cable rolled up in your racks is unsightly and takes up space in your cable managers.
Tie downs: When asked what kind of tie downs I prefer my personal preference is Velcro strips. Zipties work great as well. But zipties are not reusable and when you need to get inside a bundle of cables you always need to have scissors or side cutters handy. Sharp objects around delicate fiber optics is not a good idea.
Cable Managers: If you have racks that come with horizontal and vertical cable managers, D-Rings and Chimneys just take the extra 90 seconds and pull your cables through them.

Tidiness and Cleanliness:
Much like the points made above, a clean and neat environment is an environment that is easy to work in and troubleshoot if necessary.
Keep the production areas clean: Very straight forward.
Surplus gear: If its not in use simply dismount it from the rack and store it, sell it, donate it, or trash it.
Wire-closets are not storage areas: I can respect that office real-estate space is premium. People will look for anywhere to store their office supplies and old files. But when you can, limit who and what has access to the areas you manage. High traffic areas can tend to be high damage and theft areas.

Living Documents and Diagrams:
Documentation can be a taxing demand, but they are necessary.
Diagrams: Network diagrams are mandatory for any network design because there are some things that one can not express in words. Network diagrams should be simple and expressed in a way so it can be easily read by others.

If a network design is too complex to express in Visio or if your diagram is a bloody mess you probably need to re-visit your design.

Most importantly, Network diagrams should be a living document. Networks are never static therefore once a change is made in the physical network environment the change should be reflected in the diagram as well. There is nothing worse than dusting off a diagram to research a problem just to find that the document has not been edited in 3 years.
Change Logs: For all core devices in your network you might want to consider creating a change log with an excel spread sheet. Whenever you make a change, add, delete to a switch configuration or a topology change, simply make a note in the change log. When researching network problems a change log is a valuable tool when you want to find out “who, when, where, and what” made the network changes. More importantly, a change log just might prove your innocence if something terrible happens. It has for me.

Crash carts
Prepare for the worse, hope for the best and always keep an emergency kit handy. When the network has failed every minute wasted trying to track down your equipment can cost your organizations thousands, perhaps millions $/per minute. Your crash cart should consist of….

- Laptop(s) with a power supply and working battery
- an extension cord
- Every type of console cable you require.
- Assortment of cables that are for emergency only. Fiber, copper, x-over, in varying lengths and corrector types that you require.
- Backups of config files and image files. This can be on a USB key or a system you have direct access to. *remember, the network might be down.
- Assortment of gbics.
- Philips screw driver.
- Side cutters. * see above if you use zipties.
- Up-to-Date diagrams * see above, Living documents.
- Phone number list. Co-workers, help desks, 1-800 numbers etc etc. Because everyone at one time or another needs to call for help. And if the network or email is down you will need to have those numbers in hand.

Lastly; know where your spare switches, routers and modules are and make sure you have boxes or containers to transport them. And make sure your stand-by devices are running the production image versions.

Addition reading:

Excellent list of rules for document writing

http://etherealmind.com/rules-design-documentation-etherealmind/

images of cable management No No’s

http://www.vibrant.com/cable-messes.php

If there are any points you would like to add please leave a comment.

Go to Top