Skip to main content

Posts

Showing posts from February, 2020

How Virtual Port Channel Avoid Duplicate Frames

By
How Virtual Port Channel Avoid Duplicate Frames There is one critical rule with vPC.  If a member port receives a frame, it is forwarded across the peer-link. When the peer switch receives it, it will not forward the frame out a vPC member port . Why does this happen? Have a look at the diagram below. Frames received on a member port, then forwarded across the peer-link, will not be forwarded out another member port There are two servers connected by vPC member ports. Server-1 sends a frame to Server-2. The traffic flows like this: 1.        The frame travels up the link from Server-1 to Peer-1 2.        Peer-1 forwards the frame down the link to Server-2 3.        Peer-1 also forwards the frame across the peer-link to Peer-2 4.        Peer-2 sees that the frame came from a vPC member port, and refuses to forward it to Server-2 So, why does Peer-2 drop the frame? Peer-1 has already delivered it. If Peer-2 also tried to deliver the frame, server-2 would receive a
Read more

PACKET FLOW IN THE FIREWALL

By
PACKET FLOW IN THE FIREWALL: There are some common patterns that the Firewall vendors follow and this whitepaper helps to understand how the packet flow in the firewall. The Firewall Maintains the two paths, one is SLOW Path and the Other is Fast Path. Once the Firewall unit external interface receives a packet it first checks is the packet relate to the existing session, if the packet belongs to the existing session then it enters into the fast path or else it first sends the packet to the slow path to identify some parameters and to allocate the new session from the free pool. Below are the Steps the Firewall will follow to allocate the new session in the SLOW Path and to Enter into the Fast Path: Once the Firewall unit external interface receives a packet, the packet proceeds through a number of steps on its way to the internal interface, traversing each of the inspection types, depending on the security policy and security profile configuration. The diagram below i
Read more

IPV6 Configuration on Cisco Router:

By
IPV6 Configuration on Cisco Router:             By default Cisco Router was enabled with only IPv4 traffic we have to give the command "ipv6 unicast-routing" on the cisco router to enable IPv6 traffic in the Cisco router. R1(config)#ipv6 unicast-routing Next configure the IPv6 address on the Interface as shown in below. R1(config)#int Gi0/0 R1(config-if)#ipv6 address 2001:0BB9:AABB:1234::1024/64 Configure the IPv6  global unicast address on an interface using the ipv6 address address/prefix-length [eui-64] command. If you omit omit the eui-64 parameter, you will need to configure the entire address manually. After you enter this command, the link local address will be automatically derived.  or R1(config-if)#ipv6 address 2001:0BB9:AABB:1234::/64 eui-64 To verify with the show command : show ipv6 int gi0/0 R1#show ipv6 interface Gi0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::201:42FF:FE65:3E01 No Virtu
Read more

UPGRADING EOS in the ARISTA Switches

By
UPGRADING EOS in the ARISTA Switches: EOS is the Firmware for Arista Switches whereas IOS for Cisco. This blog post shows the detailed procedures to follow and to upgrade the EOS in the Arista Switches. This Post was supports for any platform or the Version you are going to upgrade in the Arista Switches. This Post was divided into three parts : Pre-Upgrade Process Upgrade Process Post-Upgrade Process PRE-UPGRADING-PROCESS: 1       1)        Check the Upgrade Path tool by clicking the below link. https://www.arista.com/en/support/mlag-portal/mlaglist and confirm it is in mlag issu compatible 2)       Check if the  STP agent is restartable by giving the command switch-1# show spanning-tree bridge detail | grep agent Stp agent restartable                      :            True NOTE :    A switch can continue supporting MLAG when its peer is offline if the STP agent is restartable. When one peer is offline, data traffic flows from the devices through the
Read more

FORTIGATE ACTIVE PASSIVE UPGRADE

By
FORTIGATE ACTIVE PASSIVE UPGRADE : This blog post shows the detailed procedures to follow and to upgrade the firmware in the Fortigate Firewall. This Post was supports for any platform or the Version you are going to upgrade in the Fortigate Firewall This Post was divided into three parts : Pre-Upgrade Process Upgrade Process Post-Upgrade Process PRE UPGRADE STEPS: 1   1)     Go to the below website and check the Upgrade Path https://docs.fortinet.com/upgrade-tool 2)        Next Login to the Fortigate Console and check the HA Status ( it is to be In sync and higher Priority enabled for the required primary device) 3)        Login to the Console and give the command Config global – get sys ha status Also check session pickup is in enable to avoid session interruptions in failover. 4)        Download all the Firmware’s and the md5 files in the list and check with the software MD5sum.exe to avoid the download errors. NOTE : Must and should configuration backup have t
Read more