Linux TCP Tuning

The aim of this post is to point out potential kernel tunables that might improve network performance in certain scenarios. As with any other post on the subject, make sure you test before and after you make an adjustment to have a measurable, quantitative result. For the most part, the kernel is smart enough to detect and adjust certain TCP options after boot, or even dynamically, e.g the Sliding Window size etc.

Continue reading

Advertisements

How to Secure Cisco Routers and Switches

Routers and switches make up the bulk of network infrastructure and are vulnerable to attack. We hear about mass Denial of Service (DOS) attacks or Distributed Denial of Service (DDOS), but the network itself is as big a risk because if it is taken out, there is no path for the data to flow. Although network infrastructure is vital, we also need to protect the networking devices themselves from attack; this protection is known as hardening. Firewalls will help along with Intrusion Prevention Systems (IPS), but there are additional steps we can take to harden the routers and switches within our network.

Continue reading

BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD

BPDU Guard: Prevents accidental connection of switching devices to PortFast-enabled ports. Connecting switches to PortFast-enabled ports can cause Layer 2 loops or topology changes.

BPDU filtering: Restricts the switch from sending unnecessary BPDUs out access ports.

Root Guard: Prevents switches connected on ports configured as access ports from becoming
the root switch.

Loop Guard: The Loop Guard STP feature improves the stability of Layer 2 networks by preventing bridging loops.

UDLD: UDLD detects and disables unidirectional links.

Continue reading

Nexus 5596 boot variable on next reload

As i know, you don’t need do perform another install all because the upgrade seems to worked correctly (infact current running images are kickstart image file is: bootflash:///n5000-uk9-kickstart.7.0.6.N1.1.bin and system image file is: bootflash:///n5000-uk9.7.0.6.N1.1.bin .

Continue reading

port-channel load-balance ethernet

port-channel load-balance ethernet

To configure the load-balancing method among the interfaces in the channel-group bundle, use the port-channel load-balance ethernet command. To return the system priority to the default value, use the no form of this command.

port-channel load-balance ethernet method [ hash-polynomial ]

no port-channel load-balance ethernet [ method ]

Continue reading

show port-channel load-balance

show port-channel load-balance

To display information about EtherChannel load balancing, use the show port-channel load-balance command.

show port-channel load-balance [ forwarding-path interface port-channel number { . | vlan vlan_ID } [ dst-ip ipv4-addr ] [ dst-ipv6 ipv6-addr ] [ dst-mac dst-mac-addr ] [ l4-dst-port dst-port ] [ l4-src-port src-port ] [ src-ip ipv4-addr ] [ src-ipv6 ipv6-addr ] [ src-mac src-mac-addr ]]

Continue reading