To share what I've learned !

Search on gigablast provide a unique facility to search based on IP/IP Range. eg: ip:69.63.181 (http://gigablast.com/search?k4a=576656&s=10&q=ip:69.63.181) List all the websites hosted on the facebook ip range. quite interesting to know. :)

Introduction: This we can use to advertise the prefixes automatically when one peer goes down rather manually advertise the prefixes. Design Notes: In this example I’m trying to advertise 10.0.0.0/16 through AS 65001 but if the peer (203.143.0.5) goes down automatically advertise the 10.0.0.0/16 through AS 65002(203.143.0.1). To make the configuration works we need to match against a prefix that advertise from that(203.143.0.5) peer. But to make sure that learned through that peer we can use AS-Path match or community based match. Here in this example I’m matching against 172.16.0.0/24 advertise through 65001 and match against the as path ^ 65001. Configuration Notes: This is the only configuration different from normal one: neighbor 203.143.0.1 advertise-map otherblock non-exist-map[exist-map] inblock Better notes on this: Normal Status: R2#show ip bgp neighbors 203.143.0.1 | inc Cond Condition-map inblock, Advertise-map otherblock, status: Withdraw R0#show ip route Gateway of last

Open Source Network Administration gives some introduction to this network tool called neo. Latest version can be found ktools.org (http://www.ktools.org/dist/neo/neo-1.3.1.tar.gz) There is one catch while you compile & install in Ubuntu since the object_statstransfer.c , object_sleeper.c uses CLK_TCK i think CLK_TCK obsolete we have to use CLOCKS_PER_SEC instead. But i just defined as followed in the both files. /* Define my constant */ #define CLK_TCK 100 Installation process : 1 ) gunzip -c neo-1.3.1.tar.gz | tar xvf - 2 ) cd neo-1.3.1 3 ) ./configure 4 ) Do the relevant changes as explained earlier in the both source files. 5 ) make 6 ) make install neo has its own command line. But basic things you need to get ip to port map two command arpfind , locate . Before doing that you can define the switches & the core router in one file. (router needed to find the ip to arp resolution) example /var/neo/switches 192.168.1.10 192.168.1.11 if you want to find the relevant ip to arp

I was encountered to search mysql table with ip address based on subnetmask information. This was part of the netflow tools for our internal use. I exported the flow data from flow-export to mysql database. I created the database "ip address" as Text.The built-in mysql function makes life easy to search the table. According to Mysql ref: if an ip is 209.207.224.40 The generated number is always in network byte order. For the example just shown, the number is calculated as 209×(256^3) + 207×(256^2) + 224×256 + 40. To search subnet we need add relevant no # host data to the search. for example to search 216.239.60.0/23 i need to convert the network detail to number - 3639557120 since /23 i need to add 512 to the network figure so 3639557632 Then if i could write the query .. like this works fine.. mysql> select dstaddr ,dpkts,srcaddr,srcport,dstport from Raw1253672304 where INET_ATON(dstaddr) > 3639557120 and INET_ATON(dstaddr) <> May be there can

This article related to iptable recent module. which can be used to defend against the DDOS attack. This setup tested in bridged mode. Recent working with DDOS mitigation for one of the customer had give some interesting capabilities "recent module" of iptables. One of the website came under attack with extensive sync and "GET" request from distributed zombies. we could identify around 4000 - 5000 unique hosts. to define the attack pattern we have captured some traffic it had only sync and GET request nothing else to define the pattern. therefore I've conceptualized if the one host create more than 20 session during 100 seconds drop the packet. iptables -I FORWARD -p tcp --dport 80 -i bridge0 -m state --state NEW -m recent --set iptables -I FORWARD -p tcp --dport 80 -i bridge0 -m state --state NEW -m recent --update --seconds 100 --hitcount 20 -j DROP Initially i applied these rules but no traffic reduction. When i checked the source code static unsigned

Here i've shared the GNS3 files for CCNP BSCI lab. LINK: http://ifile.it/vz0h8gx

Have to face some situation, something physically goes wrong or somebody else screw up your network. This kind of scenario your knowledge will give you confidence but knowledge sometime unable to provide the answer. Something I've learned from the faults and mistakes. 1) Don't panic. When you feel the pressure you are unable to concentrate. 2) Use the tools you have in your hand. ( Trace route, looking glasses, ping , etc...) 3) Isolate the problem. In this step people try to correlate with existing experience !! sometime the prediction is correct some time utterly wrong. 4) Try to contact the right person, provide the correct detail. Persuade the people to work for you is really hard thing. sometime they also bound to some contract that makes that you can get help from them. have some good relationship. Thank them when the problem is resolved. Until they understand they won't put their heart ! 5) Hope for the best ! :)

This particular setup to provide guaranteed bandwidth for Mail traffic. I archived through Queue tree because we can archive most complicated queuing structure through queue tree and pcq. This is a simple setup: 1) Need to mark the relevant connection andpackets. This can be a ip firewall address list / src address or port number this is depend on your requirements. 2) Define parent queue and child queues. 1)Mark the connection for mail traffic: chain=prerouting a ction=mark-connection new-connection-mark= mail passthrough=yes src-address=10.10.10.3 chain=prerouting action=mark-packet new-packet-mark= mail-packet passthrough= no connection-mark= mail chain=prerouting action=mark-packet new-packet-mark=others passthrough=yes packet-mark= ! mail (please note the ! sign) 2) create relevant queues and apply it. 3 name="Parent" parent=ether3 packet-mark="" limit-at=0 queue=default priority=8 max-limit=1024000 burst-limit=0 burst-threshold=0 burst-time=0s 4 na

Recently i tested on assigning different bandwidth requirement for number of users. Example setup is showed in the following diagram. 512kbps is divided between users and one user can use whole bandwidth when others are not using.I've done some testing on this and i archived the requirement through hierarchical queuing strategy . 1) I setup the natting / and other basic setup- ip route 0.0.0.0 0.0.0.0 10.0.0.2 ip nat inside source list 2 interface FastEthernet0/0 overload access-list 2 permit 192.168.2.0 0.0.0.255 ip nat outside ip nat inside 2) Define the class-maps. 2.1 - Access-list for match the ips. access-list 101 permit ip host 192.168.2.1 any access-list 101 permit ip any host 192.168.2.1 access-list 102 permit ip host 192.168.2.2 any access-list 102 permit ip any host 192.168.2.2 access-list 103 permit ip host 192.168.2.3 any access-list 103 permit ip any host 192.168.2.3 2.2 - match ACL. class-map match-all shape256_pir256_HostA match access-group 101 class-map match-all