QinQ Overview

QinQ can be used to “tunnel” a particular VLAN of a “customer” network through a “service” network. This is a very important concept in GENI to allow multiple “customer” VLANS to be interconnected through the VLANS of regional service providers.

Continue reading


Troubleshooting High CPU on 6500 by using Netdr capture and other tools.

When we have issues likes high CPU, we do not have much time to go through all the documents and need only few command to find out the issue and fix it.

Continue reading

Troubleshooting with a NETDR capture on a sup720/6500

A netdr capture is preformed on the MSFC CPU controller.  This is the closest location you can capture a packet on the MSFC in order to determine why traffic is being punted to the SP OR RP CPU on the MSFC.  With a Sup720 or Sup32 it allows one to capture packets on the RP or SP inband. The netdr command can be used to capture both Tx and Rx packets in the software-switching path. Continue reading

Linux TCP Tuning

The aim of this post is to point out potential kernel tunables that might improve network performance in certain scenarios. As with any other post on the subject, make sure you test before and after you make an adjustment to have a measurable, quantitative result. For the most part, the kernel is smart enough to detect and adjust certain TCP options after boot, or even dynamically, e.g the Sliding Window size etc.

Continue reading

How to Secure Cisco Routers and Switches

Routers and switches make up the bulk of network infrastructure and are vulnerable to attack. We hear about mass Denial of Service (DOS) attacks or Distributed Denial of Service (DDOS), but the network itself is as big a risk because if it is taken out, there is no path for the data to flow. Although network infrastructure is vital, we also need to protect the networking devices themselves from attack; this protection is known as hardening. Firewalls will help along with Intrusion Prevention Systems (IPS), but there are additional steps we can take to harden the routers and switches within our network.

Continue reading

BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD

BPDU Guard: Prevents accidental connection of switching devices to PortFast-enabled ports. Connecting switches to PortFast-enabled ports can cause Layer 2 loops or topology changes.

BPDU filtering: Restricts the switch from sending unnecessary BPDUs out access ports.

Root Guard: Prevents switches connected on ports configured as access ports from becoming
the root switch.

Loop Guard: The Loop Guard STP feature improves the stability of Layer 2 networks by preventing bridging loops.

UDLD: UDLD detects and disables unidirectional links.

Continue reading