3.7 Some BGP Flash Cards Added

January 20, 2018 at 1:00 pm
You need to login to view this content. Please . Not a Member? Join Us

Using Tools Like Wireshark to Reinforce Your Studies

January 20, 2018 at 6:00 am

Wireshark

This video reminds students to use tools like Wireshark during their studies to reinforce the topics they are learning!

.25 Using the Cisco Docs for Study and in the Lab Exam!

January 19, 2018 at 7:59 pm
You need to login to view this content. Please . Not a Member? Join Us

AWS Solutions Architect – CORS

January 19, 2018 at 6:10 am

CORS

A topic that could come up in your Solutions Architect exams that is easy to overlook is CORS. This stands for Cross-Origin Resource Sharing. It is a way that you can have your client web applications that exist in one domain (for example, website.s3-website-us-east-1.amazonaws.com) to access resources in a different domain (website.s3.amazonaws.com). This feature ties directly to Amazon S3 (Simple Storage Service).

As you might guess, you can enable CORS support using the Management Console, the CLI, or your SDKs.

What would be some sample use cases?

  • You have JavaScript calls on web pages from an S3 bucket that need to access an API endpoint with a different domain name
  • You are hosting a Web site in your S3 bucket that includes web fonts; CORS is required by client browsers in this case

To configure your bucket to allow cross-origin requests you create a CORS configuration that is an XML document. The XML document contains rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) will support for each origin, and other operation-specific information

You can add up to 100 rules to the configuration.

An Example of a Security Exploit Due to the Native VLAN

January 18, 2018 at 8:24 pm

Native VLAN

In many of our Cisco courses, we learn that networking best practices often point to the non-use of the Native VLAN. But why is this?

It turns out there are security vulnerabilities that could result from having a VLAN not tagged across your trunk links. For example, there is the VLAN hopping attack.

Here is how this attack could work:

Step 1: A bad person at a customer site wants to send frames into a VLAN that they are not part of.

Step 2: This person double tags the frame (Q-in-Q) with the outer frame matching the native VLAN in use at the provider edge switch.

Step 3: The provider edge switch strips off the outer tag (because it matches the native VLAN), and send this frame across the trunk.

Step 4: The next switch in the path examines the frame and reads the inner VLAN tag and forwards the frame accordingly.

Notice this attack is unidirectional. The attacker can send traffic into the VLAN, but traffic will not return. Even still, this is obviously not something we want taking place.

What are possible solutions?

  • Use ISL trunks in the cloud – this becomes less and less possible as ISL trunks fade away.
  • Use a Native VLAN that is outside of the range permitted for the customer.
  • Tag the native VLAN in the cloud.

 

3.7.a BGP Message Types

January 18, 2018 at 7:23 pm
You need to login to view this content. Please . Not a Member? Join Us

.25 Setting and Sticking to a CCIE Study Schedule

January 17, 2018 at 8:32 pm
You need to login to view this content. Please . Not a Member? Join Us

400-101 CCIE R&S Written – Free Resources – Network Implementation

January 17, 2018 at 8:30 pm

CCIE

Time for another section of our blueprint! This one is boring 😉 Just kidding of course!

1.2 Network implementation and operation

1.2.a Evaluate proposed changes to a network
1.2.a [i] Changes to routing protocol parameters
1.2.a [ii] Migrate parts of a network to IPv6
1.2.a [iii] Routing protocol migration
1.2.a [iv] Adding multicast support
1.2.a [v] Migrate spanning tree protocol
1.2.a [vi] Evaluate impact of new traffic on existing QoS design

Performance Management Best Practices

Enterprise WAN IPv6 Migration Guide

Service Level Management Best Practice

Bandwidth Estimation Configuration Guide

Recommended Books:

IPv6 Address Planning

IPv6 for Enterprise Networks

IPv6: Theory, Protocol, and Practice

Routing TCP/IP Vol II – Multicast Chapters