+ Jorge Arredondo Dorantes IT Blog + How to Master Networking CCIE CCNP CCNA Juniper junOS

ccie sdn dmvpn ipsec vpn L2 L3 vpls mpls bgp ospf expert engineer ccie ccnp ccna routing switching certifications security voice data center service provider design enterprise best ways to tshoot networking less and efective time juniper huawei check point avaya blue coat call manager ips ids ip ios xr

Jorge Arredondo Dorantes CCIE

Jorge Arredondo Dorantes CCIE

Automate Cisco environments with Red Hat Ansible Automation

Red Hat® Ansible® Automation integrates with Cisco infrastructure to scale and speed automation, helping businesses deliver greater efficiency, create value faster, and solve IT and business workflow challenges across the entire IT organization. Ansible Automation provides automation support for a wide range of Cisco products and platforms. Learn how businesses are using network automation to keep up with the demands of digital transformation.



RED HAT ANSIBLE AUTOMATION FOR CISCO INFRASTRUCTURE AGENTLESS, HUMAN-READABLE, PLATFORM-AGNOSTIC CONNECTIVITY There is no shortage of automation options for today’s Cisco users, but many of the solutions are either purpose-built for a specific product or require extensive knowledge of complex programming languages. Red Hat Ansible Automation minimizes the need for understanding platform-specific constructs, as well as vendor-specific command lines and implementations. It instead focuses on abstracting complexity away from the end-user via human-readable Ansible Playbooks via Ansible modules. The result is less time needed to learn multiple platforms or discrete automation tools to get heterogeneous systems up and running quickly and efficiently. In addition, many of these discrete tools may still require significant manual intervention, for example, via an interactive graphical user interface (GUI) to automate. Red Hat offers a new approach to automating Cisco-based network and infrastructure management, using a long-standing relationship with the hardware pioneer to support a range of popular Cisco solutions, accessible to everyone on your team with little additional training. Ansible Automation is flexible enough to automate Cisco devices directly or interface with existing tools, automating the automators at the top level. Ansible helps network operators and system administrators: • Limit productivity-killing repetitive, manual tasks. • Focus efforts that help deliver more value to the business. • Speed up application delivery. • Build on a DevOps culture of success, breaking down logical and physical divisions. Unlike other common automation platforms, Ansible Automation unburdens IT teams from manually configuring and managing an array of infrastructure platforms and globally distributed network devices all from within in an intuitive, agentless environment. With Ansible Automation’s humanreadable automation capabilities, users can simply describe how they want the infrastructure to look or behave instead of needing specialized coding skills, like Python. This ability can reduce configuration and update timelines from several weeks or months to a matter of hours.

What is 9.9.9.9? The "new" Quad9 DNS you will feel in love.

Quad9 ( 9.9.9.9 ) is a public DNS resolver service run by the Packet Clearing House and IBM. As it core, its main differentiator from other DNS resolvers is that it automatically blocks domains known to be associated with malicious activity. In addition to standard DNS service, it also offers an experimental DNS over TLS service over port 853.

NEW public 1.1.1.1 is a DNS resolver that makes DNS queries faster and more secure.

This public DNS service and servers are maintained and owned by Cloudflare in partnership with APNIC

1.1.1.1 is a fast and private way to browse the Internet. It is a public DNS resolver, but unlike most DNS resolvers, 1.1.1.1 is not selling user data to advertisers. The implementation of 1.1.1.1 makes it the fastest resolver out there.

For testing ping 1.1.1.1 is great though. ENJOY!

cisco umbrela DNS

Primary 208.67.222.222
Secondary 208.67.220.220

Block facebook network segments - web content filtering at OSI layer 3

Hello networkers. 
Are you guys interested to filter the whole facebook segment? 
Do you want to re-route or block facebook traffic at L3 level? 
In case you have plenty of free time and willing to make a little bit of research you will find out that Facebook inc. is currently using 3 public AS world wide only:
AS 32934
AS 54115
AS 63293
(I used this url to validate public AS list: http://bgp.potaroo.net/cidr/autnums.html )

Anyways, within this ranges they have bunch of public network segments obviously. I worked one by one to bring you here the supernets matching ALL Facebook inc. segments. 
Here we go: 

31.13.64.0/18
31.13.24.0/21
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
129.134.0.0/16
157.240.0.0/16 
173.252.64.0/18 
179.60.192.0/22 
185.60.216.0/22 
204.15.20.0/22 
199.201.64.0/22 

Table updated friday May 26th, 2017. 
In case you find another supernet or segment I skipped please add it in the comments below. Also if you have other public AS list more reliable please share. Thank you

Palo Alto Networks on premise VPN Microsoft Azure issue solved

Hello networkers, If you are trying to set up an On Premise VPN using Palo Alto Networks with PAN-OS version prior to 7.1.4 you will be experiencing connectivity issues to Azure route-based VPN gateways. 



After I was working with Azure Support, I got this working configuration. This will be your workaround in case you have older version from 7.1.4


Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)

Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 28800 seconds

Gateway:
Passive Mode: Enabled
NAT Traversal: Disabled


If have a newer version from 7.1.4 use:

Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)

Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 3600 seconds

Gateway:
Passive Mode: Disabled
NAT Traversal: Disabled

If you are still experiencing connectivity issues, open a support request from the Azure portal and they will help you.
 

Cisco Systems