Author: Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

New Cisco certifications announced

Source: https://cisco.hosted.jivesoftware.com/docs/DOC-5365

As this are quite new to me, I do not have too much to comment on the subject. Cisco Certifies Architect seems to be the new “hit” from Cisco regarding the knowledge and experience that a candidate has to achieve before applying, but also in regarding the amount of money that this will cost. Since I only heard rumors I will not write here the price, but is sure that is not accessible to any individual.

Some excerpt from the source already mentioned above you can find below.

Cisco Certified Architect

Built in response to the growing customer and market demand to recognize comprehensive competence in network infrastructure design, Cisco introduces the Cisco Certified Architect Certification. This prestigious credential recognizes a new standard of excellence for network designers who can architect and support the increasingly complex networks within global organizations and effectively translate business strategy into (r)evolutionary technology systems.

Cisco Certified Architect is the pinnacle for individuals wishing to establish formal validation of both design and IT skills in Cisco technologies and infrastructure. There is, as yet, no formal training program for the Cisco Certified Architect certification. Candidates appear before an in-person Cisco-appointed board of experts to present and defend their proposed network solution.

CCNP Wireless

The CCNP Wireless certification was developed to support the growing need for trained professionals who can effectively design, implement, secure, and operate wireless networks and mobility infrastructures. This certification recognizes the critical importance of preparing professionals to support and manage Cisco wireless LANs and networks. It reinforces the ability to assess and translate network business requirements into technical specifications that can then be installed and maintained successfully. Achieving CCNP Wireless demonstrates significant knowledge in designing, deploying and maintaining end-to-end Cisco Wireless LAN solutions.

Prerequisites:  Must hold a valid CCNA and CCNA Wireless certification in order to achieve a CCNP Wireless certification.

Availability: Courses and exams for the new CCNP Wireless certification will be made available on July 24, 2009

Cisco Data Center Unified Computing Specialist Certifications

Two (2) new certifications–The Cisco Data Center Unified Computing Support Specialist and the Cisco Data Center Unified Computing Design Specialist–validate the data center computing professional’s knowledge, expertise, and ability to run mission-critical computer operations.

General Prerequisites: If you already have a background in Cisco data center design and implementation, you may select a Fast-Start option for each of these specialist certifications. Fast-Start offers a “Qualifier” exam, that, when passed, fulfills the prerequisite knowledge requirements. If you don’t have prior background, you must first complete all of the Data Center Specialist Certifications for Architects and Engineers

Availability: Courses and exams for both new Cisco Data Center Unified Computing Specialist certifications will be made available at the end of 2009.

Useful documentation sheets at packetlife.net

Packetlife.net offers some “cheat sheets” with useful information. This are like very small handbooks with the most useful informations about BGP, EIGRP, IPsec, Multicast, IS-IS, OSPF, Spanning-Three, TCPdump and more. I found this very useful during my preparations for Cisco exams and not only, so I want to share them here. Of course any copyrights goes to the owner of packetlife.net. And if you are worry about the “cheat” word, look what the owner of packetlife.net is saying:

Are these for cheating?

No. The term “cheat sheet” is a slang term for a small collection of notes or a quick reference guide (my apologies if this isn’t a familiar term in your locale). I don’t condone cheating of any sort, and you’re only doing yourself a disservice if you decide to take that path.”

You can check this materials at: http://packetlife.net/cheatsheets/

Cisco: How to use CEF for load-balancing

According to Cisco’s website, Cisco Express Forwarding (CEF) is advanced, Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions.

The term Load balancing describes a functionality in a router that distributes packets across multiple links based on layer 3 routing information.

Now, putting this two terms together we obtain Load balancing with CEF. Cisco IOS software basically supports two modes of load balancing: On per-destination or per-packet basis.
In per-destination mode all packets for a given destination are forwarded along the same path. Usage of only one path will lead to a unequal usage of the lines, as the packets to the same destination will use only one line, leaving the other unused. This can be a problem in a small environment where let’s say that a location is having 2 x E1 connection. In per-destination mode, all the packets to one destination will use one E1 connection, and the other line will remain unused. In addition to this, if this one destination is a server on which most on the site’s users will connect to, the per-destination mode will lead to an exhaust of the bandwidth available on one E1 line leaving the other one empty. On the other hand, on more developed location, where there are more destination available, the per-destination method will not have too much impact about the usage of the lines, as in this case the traffic will be split for the multiple destinations over multiple paths.

The per-packet mode guarantees equal load across all links because the forwarding process determines the outgoing interface for each packet by looking up the route table and picking the least used interface. If you read until now, than most probably you will say that this method is the best and then why the per-destination mode is the default one. Some issues with the per-packet mode would be that this method will almost always result in out-of-order packets, as advised by Ivan Pepelnjak, on his blog. What I can tell you is that this out-of-order packets has not a big impact on low-speed environment where TCP stack can deal with this problem. On the other hand on high-speed environment where video or voice traffic is expected, you can have big problems and it’s better to avoid the usage of per-packet load-balancing. Also, Cisco is advising that this ensures equal utilization of the links, but is a processor intensive task and impacts the overall forwarding performance. How much will impact on the CPU / resources usage? I cannot tell exactly because this depend on the task and traffic that the device has to handle.

OK, so if this per-packet mode is not so great, than why we should use it? The answer is that in some particular topologies or environments you cannot use other method of load-balancing and you are in desperate need of such mechanism. Below you will see an example of what kind of topology can force us to use per-packet load-balancing.

Before you configure load-balancing, you have to be sure that IP CEF is enabled on your router. In case that it is disabled, please enable it:

configure terminal
ip cef

If you want to fine tune the IP CEF load-balancing algorithm you can do this with the command:

configure terminal
ip cef load-balancing algorithm “name parameter”

where for “name” you have 3 choices:
original – Sets the load sharing algorithm to the original based on a source and destination hash.
tunnel – Sets the load sharing algorithm for use in tunnel environments or in environments where there are only a few IP source and destination address pairs.
universal – Sets the load sharing algorithm to the universal algorithm that uses a source and destination, and ID hash.
Skipping the tunnel option which you should use only if you are sure that you need it, the other choices would be universal and original. Original algorithm use IP addresses to generate the 4-bit hash. On the other hand universal algorithm add a router specific information to the hash leading to a more complex development of the hash value. Since universal option is the default one, exception the case where you know what you are doing, you should not change this value.

To enable IP CEF load-balancing on per-destination base, you don’t have to modify anything, as it’s enabled by default. For per-packet mode, you have to use the following commands:

configure terminal
interface FastEthernet x/y
ip load-balancing per-packet

ip-cef-load-balancingOne scenario where I had to use per-packet load-balancing is the one below.
Let’s assume that we have client (c-ubuntu-1, 10.10.20.100) which is sending traffic to one server (s-ubuntu-1,10.10.10.100). The routing protocol is already configured in such way that CE1 and CE2 routers are announcing, through OSPF, 2 default routes (equal cost) to SC device. The rest of the routing part is assure by BGP towards PE routers and another IGP protocols, but this has no importance for the topic discussed here.

SC1#sh ip route | i 110/1
O*E2 0.0.0.0/0 [110/1] via 172.29.190.237, 02:35:46, Vlan23
[110/1] via 172.29.190.229, 02:35:46, Vlan13

On the SC devices I used L3 interface vlan 23 to connect to CE2 and vlan 13 to connect to CE1. With the CEF enabled and per-destination load-balancing mechanism, only one  path (either vlan 23 or vlan 13) was used, leading to only one WAN serial connections to be used. Since this was client to server traffic, and quite a lot, from time to time one WAN connection was exhausted while the other one  remains unused. You can see this, in the excerpt below:

SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100    -> 10.10.10.100   : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100    -> 10.10.10.100   : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100    -> 10.10.10.100   : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100    -> 10.10.10.100   : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100    -> 10.10.10.100   : Vlan23 (next hop 172.29.190.237)

After I enabled the per-packet load-balancing, the situation has changed since both lines to CE routers where used, leading to a equal utilization of the WAN lines:

SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan13 (next hop 172.29.190.229)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan13 (next hop 172.29.190.229)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan13 (next hop 172.29.190.229)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan23 (next hop 172.29.190.237)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan13 (next hop 172.29.190.229)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan13 (next hop 172.29.190.229)
SC#sh ip cef exact-route 10.10.20.100 10.10.10.100
10.10.20.100 -> 10.10.10.100 : Vlan23 (next hop 172.29.190.237)

I had to choose this method to force the equal usage of the WAN links and I rely on TCP stack to solve the out-of-order packets as there is not so high traffic over this interfaces.

Wireshark 1.2.0 is now available

wireshark-logoWireshark 1.2.0 has been released and it’s available for download. This is suppose to be a major release according to the developer’s website, as the previous version is 1.0.8. Some new features, from the official Wireshark website, regarding the new version you can find below:

New and Updated Features

The following features are new (or have been significantly updated) since version 1.0:

  • Wireshark has a spiffy new start page.
  • Display filters now autocomplete.
  • A 64-bit Windows (x64) installer is now provided.
  • Support for the c-ares resolver library has been added. It has many advantages over ADNS.
  • Many new protocol dissectors and capture file formats have been added (see below for a complete list).
  • Macintosh OS X support has been improved.
  • GeoIP database lookups.
  • OpenStreetMap + GeoIP integration.
  • Improved Postscript® print output.
  • The preference handling code is now much smarter about changes.
  • Support for Pcap-ng, the next-generation capture file format.
  • Support for process information correlation via IPFIX.
  • Column widths are now saved.
  • The last used configuration profile is now saved.
  • Protocol preferences are changeable from the packet details context menu.
  • Support for IP packet comparison.
  • Capinfos now shows the average packet rate.
  • GTK1 is no longer supported. (Yes, this is a feature.)
  • Official Windows packages are now built using Microsoft Visual C++ 2008 SP1.

New Protocol Support

Anything in Anything Protocol, ATM PW, N-to-one Cell Mode, B.A.T.M.A.N. Layer 3 Protocol, BACnet MS/TP, BSS LCS Assistance Protocol, Canon BJNP, CESoPSN basic NxDS0 mode (no RTP support), Charging ASE, Cimetrics MS/TP, DECT Protocol, Digital Private Signalling System No 1 Link Layer, DOCSIS Mac Domain Description, DOCSIS Registration Request Multipart, DOCSIS Registration Response Multipart, DOCSIS Synchronisation Message, E100 Encapsulation, EHS, Enhanced Variable Rate Codec, Ethernet Global Data, Ethernet PW, Exchange 2003 Directory Request For Response, Far End Failure Detection, FCoE Initialization Protocol, GOOSE, GPEF, GPRS Tunneling Protocol V2, GSM A-I/F COMMON, GSM A-I/F GPRS Mobility and Session Management, GSM SACCH, GSM Um Interface, HDLC PW, FR port mode (no CW), HDLC-like framing for PPP, IEC 60870-5-104,Apci, IEC 60870-5-104,Asdu, IEEE 802.15.4 Low-Rate Wireless PAN non-ASK PHY, IEEE C37.118 Synchrophasor Protocol, Intelligent Platform Management Interface (Session Wrapper), Inter-Integrated Circuit, Internal TDM, IPSICTL, ISMACryp Protocol, iWARP Direct Data Placement and Remote Direct Memory Access Protocol, iWARP Marker Protocol data unit Aligned framing, Kontiki Delivery Protocol, LANforge Traffic Generator, Layer 1 Event Messages, Lb-I/F BSSMAP LE, LeCroy VICP, Link Access Procedure, Channel Dm (LAPDm), Local Download Sharing Service, LTE Radio Resource Control (RRC) protocol, MAC-LTE, Memcache Protocol, Mesh Header, MP4V-ES, Nasdaq TotalView-ITCH, Nasdaq-SoupTCP version 2.0, NAT Port Mapping Protocol, Netdump Protocol, Non-Access-Stratum (NAS)PDU, PacketLogger, Paltalk Messenger Protocol, PDCP-LTE, PW Associated Channel Header, PW Ethernet Control Word, PW Frame Relay DLCI Control Word, PW MPLS Control Word (generic/preferred), Real-Time Publish-Subscribe Wire Protocol 2.x, Remote Packet Capture, RLC-LTE, SAToP (no RTP support), SERCOS III V1.1, SIMULCRYPT Protocol, Subnetwork Dependent Convergence Protocol XID, Teamspeak2 Protocol, TTEthernet, TTEthernet Protocol Control Frame, Turbocell Aggregate Data, Turbocell Header, TURN Channel, Unreliable Multicast Inter-ORB Protocol, VCDU, Wave Short Message Protocol(IEEE P1609.3), Wireless Access Station Session Protocol, Wireshark Expert Info, World of Warcraft, Xpress Transport Protocol, ZigBee Application Framework, ZigBee Application Support Layer, ZigBee Device Profile, ZigBee Encapsulation Protocol, ZigBee Network Layer, Zipped Inter-ORB Protocol, ZRTP

New Capture File Support

Apple Bluetooth PacketLogger, Daintree’s Sensor Network Analyzer, dct3trace, Pcap-NG, TNEF (yes, those silly winmail.dat attachments)

You can download the last version from the official Wireshark download page