Jumbo Frames

Many networks use 1500-byte MTU size, but the MTU size can be reduced by encapsulation, tunneling or other overlay network protocols. These situations reduce the end-to-end effective MTU size which reduces throughput and network efficiency and sometimes causes application problems. Many network devices now support larger sizes of Ethernet frames and use of Jumbo Frames is becoming more common. This article covers how to determine if your network is capable of using Jumbo Frames and if you should enable this feature.

Read more

MTU Size Issues

The Maximum Transmission Unit (MTU) is the largest number of bytes an individual datagram can have on a particular data communications link. When encapsulation, encryption or overlay network protocols are used the end-to-end effective MTU size is reduced. Some applications may not work well with the reduced MTU size and fail to perform Path MTU Discovery. In response, it would be nice to be able to increase the MTU size of the network links.

MTU Size

Read more

Life in a Dual Stack World

Last week was the 2013 North American IPv6 Summit conference. This was the 6th year of the IPv6 conference held in Denver, CO. One of the items that all attendees received at the registration booth was an IPv6 Buddy keypad. This got people thinking about what other changes we might expect to experience as we move into a dual-protocol Internet world.

Picture of my new little IPv6 Buddy.

Read more

Kali Linux: The Next BackTrack

Security professionals have been relying on the BackTrack security distribution for many years to help them perform their assessments. The industry has been waiting for the next major release of BackTrack. However, the creators of BackTrack have gone in a new direction and created Kali Linux.

RELATED: A visual history of Linux

Read more

Using Dual Protocol for SIEMs Evasion

It is just a fact of life that attackers and defenders are now operating in a dual-protocol world. With the addition of IPv6, attackers are learning new tricks and defenders will need to anticipate and protect against those new attacks. Attackers will try to use IPv4 and IPv6, each alone or in combination, for their exploits. We can predict that attacks will use a combination of IPv4 and IPv6 in a way that could allow an attacker to avoid detection by today's protection mechanisms.

Read more

Core Networking and Security 100th Blog Post

This is my 100th blog post for the Network World Cisco Subnet community. As I reflect on the last four years of writing this blog, I think about the fun I've had sharing ideas with you and hearing your feedback. In this blog I list the most popular articles and review how IPv6 adoption has changed over the years. I share with you my writing process and ask for your input on future blogs.

Most Popular Blog Topics

Read more

IPv6 Certifications

Many networking, systems and security engineers have been studying IPv6-related topics for many years. You may be wondering if you can get a certification to show for all the time and effort you have spent learning IPv6. IPv6 has been incorporated into vendor certifications and other non-vendor IPv6-specific certifications. You can work toward attaining these certifications to show your current or future employer that you possess IPv6 knowledge and skills.

Vendor-Specific IPv6 Certifications:

Read more

9 Common Spanning Tree Mistakes

Ethernet devices running the Spanning Tree Protocol (STP) have been implemented in networks since the early 1990s. Many organizations take STP for granted and do not configure it per industry best practices. STP errors are very common and during the past 15 years we have witnessed the same errors being made over-and-over again. For such a well established protocol, it is surprising that we have not progressed beyond these types of STP configuration mistakes. This article covers the most frequent STP errors and how to correct them.

Read more

Time to Upgrade Cisco Catalyst 6500 Non-E-Series Chassis

The Cisco 6500 Ethernet switches were introduced in 1999 and have been deployed by more than 45,000 organizations. Cisco has continued to come out with additional supervisor modules and interface modules and larger power supplies to keep the switches current. However, now the original chassis are outdated and not supported by Cisco anymore. Cisco wants their customers to upgrade their 6500 chassis or consider upgrading to Nexus switches.

Read more

U.S. Government Progress on IPv6 Deployment

The United States government has been striving to deploy IPv6 for many years. October 1st was the date that the government wanted to have functional IPv6-enabled Internet applications. Some agencies were able to configure some of their systems to use IPv6, but many systems did not achieve the goal. We should check how many of these systems are using IPv6 and what the government will do in the coming years as they move to deploy IPv6 inside their IT environments.

IPv6 Mandates:

Read more

IPv6 Is Not an All-or-Nothing Proposition

I have recently met many people who are under the impression that an organization must transition directly from IPv4 to IPv6. Thankfully, this is not the case. You can run IPv4 and IPv6 side-by-side during the interim stage of migration. Only after a long period of running both will you eventually be able to start to disable IPv4. A decade or more from now, IPv6 may be the only network-layer protocol used.

Read more

Achieving PCI Compliance When Using IPv6

The PCI DSS was written with IPv4 in mind and it requires that NAT be used to protect servers containing cardholder information. IPv6 networks do not need NAT and, in fact, use of NAT is less than ideal. The PCI DSS does not address the use of IPv6, and some organizations have concerns that their PCI auditor will require them to perform NAT when they start using IPv6.

Read more

Web Application Firewalls and IPv6

Many organizations may be using a Web Application Firewall (WAF) to help them achieve security compliance and secure their web applications. Many organizations are also actively deploying IPv6 to their web systems. The intersection of these two groups will experience security vulnerabilities as they IPv6-enable their web applications yet their WAF is not actively inspecting the IPv6 web connections.

Read more

Dual-Stack Will Increase Operating Expenses

As we start to plan for IPv6 and start to deploy it on our networks we should try to anticipate the operational costs related to running both IPv6 and IPv4. IPv6 provides more addresses and some minor opportunities for cost savings. IPv4 addresses are becoming scarce and IPv4 networks are becoming increasingly costly to maintain. The combination of these operating costs and the long-tail of IPv4 will burden most organizations.

Read more

Life After World IPv6 Launch

It has been several weeks since World IPv6 Launch took place on June 6th. However, it will remain the single biggest event in the development of IPv6 for many years. World IPv6 Launch was heavily promoted, but in the end, no one really noticed, which I suppose is a good thing. Network engineers, like airline pilots, never want to be mentioned on the front page of news papers. So what is the next milestone on the horizon for IPv6?

What is World IPv6 Launch?

Read more

Preparing Your Enterprise for World IPv6 Launch

Last year on June 8, 2011 we all experienced World IPv6 Day. This was a 24-hour test for web sites to use both an IPv4 and IPv6 addresses simultaneously for the same URL. One June 6, 2012 there will be World IPv6 Launch in which many organizations will enable IPv6 forever. Enterprises will need to prepare for World IPv6 Launch whether or not they are actively participating and enabling IPv6.

World IPv6 Day

Read more

What About Stream Control Transmission Protocol (SCTP)?

Many in the networking industry may not be aware that SCTP exists and the benefits that it provides end-to-end Internet communications. We use TCP over IP for most unicast communications and the Internet is delivered over HTTP these days. SCTP is like TCP, but different. It is important to be aware of SCTP, how it can be used and also understand why SCTP has not gained broader acceptance and integration into more systems.

Read more

IPv6 Summit Recap

This week the 2012 North American IPv6 Summit conference took place in Denver, Colorado. This was likely the largest IPv6 conference in North America this year. This event is coordinated by the regional IPv6 task forces and is made possible by the efforts of many volunteers. The IPv6 Summit is a great way to learn about IPv6 and get information from leading IPv6 experts on the latest developments. This year's IPv6 Summit was bigger in every way than previous year's events.

Read more

Ramp Up On IPv6 at a 2012 IPv6 Event Near You

Read more

Should You Allow Inbound E-mail Over IPv6?

Federal organizations are aiming for September 2012 mandate to IPv6-enable their Internet perimeter applications. This not only includes IPv6-enabling web servers, but also IPv6-enabling e-mail servers. Therefore e-mail servers would be allowing inbound SMTP (TCP port 25) connections over IPv4 and IPv6. However, most e-mail content filtering companies only have defensive capabilities for IPv4. Do organizations really want to allow IPv6 e-mail if it is less secure than IPv4?

How Block Lists Work

Read more