In the past few weeks several organizations have asked me about these "funny" packets they see leaving their networks destined for the Internet. These packets turned out to be IPv6 packets encapsulated within an IPv4 header (IP protocol 41). IPv6 packets that are encapsulated in IPv4 packets may be created unintentionally or they may be malicious activity that is trying to avoid detection. To understand this potential security issue you need tools to help you inspect this type of traffic. Read more
You may have heard that Cisco has released IOS version 15.0. This new IOS version has many new advancements. However, it only has a few new IPv6 features for multicast and OSPFv3. Based on the IPv6 features that have come out in IOS 12.4T we should expect many new IPv6 features in IOS 15.0M and IOS 15.0T in the coming years. Read more
Recently I upgraded to a new laptop running Windows 7 Enterprise and it came with IE8. The Ie8 browser was so incredibly slow it was unusable. However, I found a way to correct the problem. If you are having similar performance issues with IE8 you may find this information helpful for speeding up this bloated browser. Disabling Add-ons and installing the Google Chrome Frame plug-in may help you speed up IE8 to the level of "acceptable". Read more
Recently I have noticed some concrete evidence that the IPv6 Internet is growing. Reports that document IPv6 Internet traffic volumes show that the amount of IPv6 traffic is increasing. The IPv6 default-free zone BGP routing table has doubled in size in a year. The number of organizations being allocated IPv6 address blocks is increasing. Even though IPv6 Internet traffic volumes are still very small compared to IPv4; all these facts point to an upward trend in IPv6 usage. Read more
I encountered a funny situation this past week while deploying IPv6 on a tunnel interface. I realized that when you use 10 for the most significant digits in an IPv6 address it does not mean that is the tenth address in that network. We are trained to think in terms of decimals from the very beginning of our education as children. Breaking out of that mindset and thinking in hexadecimal is an essential skill for operating a network in an IPv6 world. When starting to deploy IPv6 it is important to start to learn to think in Hexadecimal. Read more
I don't know about you, but it has been a long time since my laptop was assigned a public IPv4 address. Most of the time my laptop has a private RFC1918 IPv4 address. Rarely does my computer have a public IPv4 address for the purposes of creating IPv6 6to4 tunnels. Therefore, I must use IPv6 transition techniques that encapsulate my IPv6 packets in other forms so I can reach the IPv6 Internet. When was the last time that your individual laptop or desktop computer was assigned a public IPv4 address? Read more
The past few weeks I have been out of my home country (USA) and working on an international project. I find these more interesting than typical projects in the US because they represent an opportunity to explore new places and learn about new cultures. I arrived in this country at night and went directly to the hotel. In the morning when I opened up my web browser I was greeted with a clear indication that I was not in my home country. Read more
If you haven't already, now is the time to start to determine your strategy for IPv6 Internet connectivity. You should understand what IPv6 capabilities your existing ISP has and know what to look for when selecting a new IPv6-capable ISP. The sooner you have this information the sooner you will be able to craft your strategy. There are several places where you can find information about how ISPs are deploying IPv6 connectivity. Read more
This week I passed a CCIE written/recertification exam for the 8th time in my life. In September I will achieve 10 years of maintaining my CCIE certification. However, this isn't the last time I will have to recertify. Cisco's policies state that a CCIE must continue to take a recertification exam every 2 years forever, and ever, and ever. Read more
Although I wasn't able to attend in person the North American Network Operators' Group (NANOG46) meeting in Philadelphia, Pennsylvania on June 14 to June 17, 2009, I did review the presentations from the conference. I was astounded by the number of IPv6-related presentations at this NANOG meeting and the IPv6 presentations at Cisco Live. There were some exciting announcements made at these meetings regarding IPv6 deployments that I wanted to call your attention to. Read more
Some recent Network World articles have been written about the fact that organizations have IPv6 traffic on them even though they have not explicitly enabled IPv6 on their hosts or network devices. I don't want you to overreact to this news or to unnecessarily spread fear-uncertainty-and-doubt about IPv6. As far as the protocol goes, it is not drastically different than IPv4. There are steps you can take to protect your organization while preparing for your migration to IPv6. Read more
It is obvious that being a good IT professional takes some brainpower. With optimal brain function you will be able to remember all sorts of technical details, troubleshoot problems faster, come up with creative approaches to tough technical challenges, and help you manage the stressful life as an IT professional. You need to remember to take care of your brain to optimize your performance. Read more
This past week I was fortunate enough to attend Cisco Live 2009 in San Francisco California. I wanted to share with you my experiences this week in case you weren't able to be there. If you have never been to a Cisco Live event I highly recommend that you make your plans to attend the 2010 event in Las Vegas. Read more
If you are considering a network design that has a ring topology and you desire to use Ethernet then you should first be aware of the issues of using Ethernet with a ring architecture. Ethernet is traditionally thought of a as a bus or star topology. With the pervasiveness of Ethernet technology you may find yourself contemplating using Ethernet with a ring architecture. These new extensions to spanning tree allow for fast convergence of Ethernet ring topologies. Read more
VLAN Membership Policy Server (VMPS) was a technology that, at a point in time, provided a way for organizations to control access to their networks. A few organizations embraced it and after a few years they found it to be an albatross around their neck. However, getting away from VMPS was not so easy and the longer they delay, the harder the breakup becomes. Read more
The criticality of networks is constantly increasing as the applications that utilize the infrastructure grow in importance. Instead of striving for five-9s of reliability (99.999%) why not just aim for 100% availability because that is what the requirements dictate. That begs the question, how would you design a data network if the goal was to achieve 100% availability? Read more
Recently, Cisco released their latest version of Adaptive Security Appliance (ASA) 5500 software release 8.2. This new version has some new features that I wanted to share with you so that you will know what to expect when you upgrade your ASA firewall. These features include IPv6 support for ASDM and transparent firewall, Botnet Traffic Filter, SNMPv3, IPv6 IPS 6.2 support, among others. Read more
This week I attended the 2009 Future-Net-Expo conference in Boston. This event is a service-provider-focused event that has historically focused on MPLS, Metro Ethernet, and next-generation network technologies. I wanted to share with you what I experienced at the event and some of the great information presented. Read more
The Internet security threat landscape continues to evolve and we must keep up on the current trends. There are places to look for authoritative guidance on the rapidly-changing security technology evolution. One thing we can look at is the numerous annual security reports that organizations publish. In this blog entry I share with you some of the key industry analysis on security trends to help you stay ahead of the wave. Read more
This week the 2nd annual 2009 Rocky Mountain IPv6 Summit was held in Denver Colorado. This event is put on by the Rocky Mountain IPv6 Task Force and the University of Denver. The IPv6 Summit is a 2-day IPv6 educational event that is FREE to attend. While well over 400 people registered for the event, the event attracted 300 people over the two days. Read more
The Leader in Network Knowledge
