NetworkGalaxy - by Prashant Sahu

 Today we will be configuring network devices from Ansible using ios_config module. Ansible playbook to create loopback interfaces and add description ---   - name: Define Parameters   hosts: XE   gather_facts: no   connection: network_cli   tasks:     - name: Create loopback interfaces       ios_config:         lines:           - description loopback interface by prashant         parents: "{{ item }}"       with_items:           - interface loopback 25           - interface loopback 30           - interface loopback 35

This ansible-playbook can be used to backup running configuration from Cisco IOS devices. You can refer to my earlier post Getting Started with your first ansible-playbook for Network Automation  to know about the parameters used in this playbook. Inventory file # Inventory file for Ansible [XE] ios-xe-mgmt.cisco.com:8181 ios-xe-mgmt-latest.cisco.com:8181 [XR] sbx-iosxr-mgmt.cisco.com:8181 [all:vars] ansible_network_os=ios Playbook --- - name: Define Parameters   hosts: XE   gather_facts: no   connection: network_cli   tasks:    - name: backup the config      ios_config:       backup: yes      register: backup_config    - name: Store the config to directory      copy:       src: "{{ backup_config.backup_path }}"       dest: "/tmp/backups/{{ inventory_hostname }}" Running the playbook [prashant@Prashant-VM01 ~]$ ansible-playbook play03.yml -i /home/prasha...

MAC Flooding and Spoofing Attacks MAC Flooding:  In a typical MAC flooding attack, a switch is fed many Ethernet frames, each containing different source MAC addresses, by the attacker. The intention is to consume the limited memory set aside in the switch to store the MAC address table. Once the mac address table is full with the spurious mac addresses, the switch will start to broadcast the frames including for the genuine MAC address if it has no entry for the destination MAC address in it's Mac address table. After launching a successful MAC flooding attack, a malicious user could then use a packet analyzer to capture sensitive data being transmitted between other computers. 

Installing Ansible and related components Updating Yum # sudo yum -y update Install python3-pip # sudo yum install python3-pip Install/upgrade ansible to latest version # sudo pip3 install ansible Install/upgrade ansible to latest version # sudo pip3 install paramiko Verify the status/version of tools installed pip3 --version python3 --version ansible --version Install and c heck version of ansible installed [developer@devbox Network_Support]$ansible --version ansible 2.7.8   config file = /home/developer/Network_Support/ansible.cfg   configured module search path = ['/home/developer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']   ansible python module location = /usr/local/lib/python3.6/site-packages/ansible   executable location = /usr/local/bin/ansible   python version = 3.6.5 (default, Jul 19 2018, 10:49:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] Create inventory file [developer@devbox Network_Support]$vi inventory # Inventory file for An...

Whenever there is redundancy in the network, there are chances of formation of loops. When loops are at layer 3, TTL value in the packet header saves the packet from looping endlessly. Similarly, to avoid loops at layer 2, Spanning Tree Protocol (STP) comes into play. STP exchanges BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge interfaces. This algorithm guarantees that there is only one active path between two network devices. A layer 2 network with redundancy without STP can cause following issues: Broadcast Storm Unstable mac-address table in a switch Duplicate frames arriving at host STP Operation

The very basic thing that an organization expects while designing its network is maximum uptime, and this maximum uptime can only be achieved when there is redundancy in the network. So in this article, we'll design a network for a company hosted in a datacenter with redundant devices and links. NOTE: The configuration of devices in this article does not include configuration for securing the control-plane of core or aggregation routers.

A stackable switch is a network switch that is fully functional operating standalone but which can also be set up to operate together with one or more other network switches, with this group of switches showing the characteristics of a single switch but having the port capacity of the sum of the combined switches. Following are some of the benefits of stacked switches. 1. Simplified Network Management Multiple physical switches in a stack appear as a single logical switch. This eases management overhead because there are fewer devices in the network to manage. A single IP address is used to manage the logical switch. All manageable entities (for example, Ethernet interfaces and VLANs) on all physical switches can be configured and managed from the logical switch. The logical switch will appear as a single entity in the network. In a Layer 2 network, the logical switch will appear as a single spanning-tree entity.

When used with MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network. One service provider network can support several different IP VPNs. Each of these appears to its users as a private network, separate from all other networks. Within a VPN, each site can send IP packets to any other site in the same VPN. Each VPN is associated with one or more VPN routing and forwarding instances (VRFs). A VRF consists of an IP routing table, a derived Cisco express forwarding (CEF) table, and a set of interfaces that use this forwarding table.

In this article, we will study how forwarding decisions are made in a MPLS Network. You can check out the configuration of the network at Creating Layer 3 MPLS VPN . Network Topology: Download the gns3 topology here: Traffic Flow Decisions in MPLS Network

You can configure a route-based VPN that acts as a backup facility to another VPN. It is used only while your main VPN is out of service. This is desirable when the redundant VPN uses a more expensive facility. You can configure a backup IPsec interface only in the CLI. The backup feature works only on interfaces with static addresses that have dead peer detection enabled. The monitor option creates a backup VPN for the specified phase 1 configuration. Redundant tunnels do not support Tunnel Mode or Manual Keys. You must use Interface Mode.