Please, allow us to introduce MrLooquer -> https://www.mrlooquer.com   MrLooquer combines open source intelligence techniques with heuristic and data mining to perform one of the first attempts to create a real map about IPv6 deployment and its relationship with current networks and protocols.   MrLooquer is born as an open initiative with Creative Commons license …

Continue reading IPv6 Intelligence – MrLooquer

Using “bgp attribute-download” to get source AS numberĀ  into netflow, and use that for traffic analysis.   http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/routing/command/reference/b_routing_cr42asr9k/b_routing_cr42asr9k_chapter_01.html#wp2672189923 According to cisco this command “bgp attribute-download” is only available for IPv4 unicast address family.

Continue reading BGP attribute-download and VPNv4

Interface vlan777 ipv6 enable     Otherwise, the config looks spot on   Our config looks like:   interface Vlan110 standby version 2 standby 110 ipv6 FE80::1 standby 110 timers 1 3 standby 110 priority 110 standby 110 preempt delay minimum 180 standby 110 authentication xxxx ipv6 address dead:beef:1::FFFE/64 ipv6 enable ipv6 nd other-config-flag ipv6 …

Continue reading IPv6 HSRP Config

Ended up with the following for DSL customers using DS-Lite:   block size 512 max blocks per user 16 block timeout 120 address-sharing-ratio 8:1   avg usage is 34 ports per block and 1,3 blocks per address, but the top 1% are at least x10.   Some years ago we had started with more relaxed …

Continue reading NAT DS-Lite

vrf export route-policy doesn’t seem to directly deny prefixes from advertisement… but according to this one site you can indirectly deny prefixes… it seems that vrf export route-policy is mainly used to more granularly assign rt’s and add rt’s to rt’s (additive). http://www.akbintel.com/mediawiki/index.php/VRF/Config#export_map http://nagendrakumar-nagendra.blogspot.com/2011/09/mpls-vpn-vrf-export-map.html Thought it was pretty clever to not put a route-target export …

Continue reading IOS XR vrf export route-policy

For some reason especially on3.7 code we have also seen thisĀ message on ports which are left no shut, and they have an SFP in it. That’s because they introduced DOM support for some transceivers: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/ol-37xe-4500x.html#pgfId-2796909

Continue reading TX low alarm warning

http://www.cisco.com/c/en/us/products/collateral/security/pix-500-series-security-appliances/pix_eos.html   As of July 28, 2008, Cisco PIX Security Appliance platforms/bundles are no longer being sold. Customers can still purchase accessories and licenses until January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013.

Continue reading CVE-2016-1287 and old pix units

Based on understanding, the CPU on 1001-X is more powerful and can handle more concurrent session establishments. It also has 2 10G interfaces which can come in handy. However, the queue-count is considerably lower in the 1001s which makes QoS difficult, depending on your policies. I would recommend a 1002-X if you are looking at …

Continue reading ASR1001 vs 1001-X PPP