Why etherchannel may not improve performance for a given operation

Etherchannel is a standard that helps distribute different traffic flows into different links. However, sometimes people wonder why the performance for a particularly large traffic flow many not necessarily be sped up this way. The issue here is that etherchannel doesn’t split up the packets for a single flow of traffic; it simply helps distribute…

Details

Key commands for troubleshooting an IPsec VPN tunnel

If an IPsec VPN tunnel doesn’t work, a common cause is typos in the configuration. These could include errors in typing the shared secret, policy, IP address, or subnet. Hence, removing the tunnel from both ends and reconfiguring it often solves the problem. In some cases, however, you may need to do further troubleshooting, especially…

Details

Coming full circle with private clouds

One of the latest trends in IT management is “private clouds.” At first, the term may seem like an oxymoron, since the using “cloud” typically means using a remote public service to provide certain IT needs. However, many of the technologies that have been developed to power cloud computing can be used internally. These include…

Details

Make IOS your brain exercise

To maintain brain health, people spend lots of money on brain exercises, such as at www.lumosity.com and www.positscience.com. While potentially useful, many of these exercises involve memorizing what might be called disposable facts, such as the position of various playing cards on a screen. If you want to exercise your memory skills, how much better…

Details

When anti-virus isn’t enough

While anti-virus software remains an important component of an overall defense strategy, the whole concept behind it is potentially problematic because any set of anti-virus definitions is always one step behind the latest threats. Various companies have explored ways to improve on the anti-virus concept to provide more real-time protection. One such company that’s highly…

Details

Thwart sneaky denial-of-service attacks with SYN cookies

Hackers have various ways of bringing down your servers with TCP requests. The most plain, vanilla denial-of-service (DoS) attack, known as a HTTP DoS, simply floods your server with multiple requests until it’s no longer able to handle legitimate traffic. However, hackers can use a sneakier denial-of-service method, known as SYN DoS. In this case,…

Details

One reason to disable an unused DNS server

Often, router configuration files may contain legacy lines or settings originally copied and pasted from somewhere else. Even if everything seems to be working fine, unnecessary lines could cause hidden problems. One problem that’s easy to overlook is ports that are kept open for no reason. While these may have no immediate symptoms, they could…

Details

Beneath the mystery of unused routes marked with “r>”

In BGP routing, some routes aren’t used in the routing table, but they’re still shown when you execute the “show ip bgp” command. These routes are marked with “r>”; this allows you to know that although they’re valid routes, they’re not used. That can give you a better understanding of what’s happening than if these…

Details

The quickest way to save a configuration in IOS

The basic way to save a configuration in IOS is to type “copy running-config startup-config”; this can be abbreviated to “copy run start”. However, you can use a much shorter abbreviation: Simply type “wr”, which stands for “write” as in the “write memory” command. Keep in mind, however, that, even though “wr” works, it’s still…

Details

Uses for Flex Connect mode in wireless APs

One option in Cisco wireless access points is “Flex Connect” mode, which can be thought of as a hybrid between an autonomous AP architecture and one that’s centrally managed. While this mode allows the AP to be managed by the wireless LAN controller (WLC), the AP can still work even if it loses connect to…

Details

Understanding the difference between the control and data planes

You may frequently hear the terms “control plane,” “data plane,” and “forwarding plane” in reference to router architecture. These terms are fundamental in networking, but they can be confusing, as the second two are generally used interchangeably, and the distinction between control and data planes can have some gray areas. Basically, the control plane is…

Details