+ Jorge Arredondo Dorantes IT Blog + How to Master Networking CCIE Devnet Programmabilty Automation

ccie devnet sdn Python, REST APIs, JSON, XML, Linux Skills, Ansible, puppet, chef, github, docker, NETCONF/YANG, NFVs Enterprise Load Sharing L2 (VLAN) design, vxlan, geneve, NVGRE, vPCs, multichassis etherchannel pagp lacp, VSS, L2 WAN PPP chap over ethernet OSPF MP-BGP EVPN MPLS VRF VPN Tunneling DMVPN, Advanced Routing Policies, Advanced IGP & BGP High Availability Cisco sales knowledge, backplane, Distributed / Centralized Control Plane, Data Plane Traffic Enginnering

Jorge Arredondo Dorantes

Jorge Arredondo Dorantes

Block facebook network segments - web content filtering at OSI layer 3

Hello networkers. 
Are you guys interested to filter the whole facebook segment at your company or at home?
 
Do you want to re-route or block facebook traffic at L3 level? 
In case you have plenty of free time and willing to make a little bit of research you will find out that Facebook inc. is currently using 3 public AS world wide only:
 
AS 32934
AS 54115
AS 63293
 
(I used this url to validate public AS list: http://bgp.potaroo.net/cidr/autnums.html )

Anyways, within this ranges they have bunch of public network segments obviously. I worked one by one to bring you here the supernets matching ALL Facebook inc. segments. 
Here we go: 

31.13.64.0/18
31.13.24.0/21
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
102.132.112.0/24
103.4.96.0/22
129.134.0.0/16
157.240.0.0/16 
163.114.128.0/20
173.252.64.0/18 
179.60.192.0/22 
185.60.216.0/22 
199.201.64.0/22
204.15.20.0/22 
199.201.64.0/22 

   
Table updated Friday November 13th, 2020. 
 
In case you find another supernet or segment I skipped please add it in the comments below. Also if you have other public AS list more reliable please share. Thank you

What is 9.9.9.9? The "new" Quad9 DNS you will feel in love.

Quad9 ( 9.9.9.9 ) is a public DNS resolver service run by the Packet Clearing House and IBM. As it core, its main differentiator from other DNS resolvers is that it automatically blocks domains known to be associated with malicious activity. In addition to standard DNS service, it also offers an experimental DNS over TLS service over port 853.

NEW public 1.1.1.1 is a DNS resolver that makes DNS queries faster and more secure.

This public DNS service and servers are maintained and owned by Cloudflare in partnership with APNIC

1.1.1.1 is a fast and private way to browse the Internet. It is a public DNS resolver, but unlike most DNS resolvers, 1.1.1.1 is not selling user data to advertisers. The implementation of 1.1.1.1 makes it the fastest resolver out there.

For testing ping 1.1.1.1 is great though. ENJOY!

cisco umbrela DNS

Primary 208.67.222.222
Secondary 208.67.220.220

Palo Alto Networks on premise VPN Microsoft Azure issue solved

Hello networkers, If you are trying to set up an On Premise VPN using Palo Alto Networks with PAN-OS version prior to 7.1.4 you will be experiencing connectivity issues to Azure route-based VPN gateways. 



After I was working with Azure Support, I got this working configuration. This will be your workaround in case you have older version from 7.1.4


Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)

Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 28800 seconds

Gateway:
Passive Mode: Enabled
NAT Traversal: Disabled


If have a newer version from 7.1.4 use:

Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)

Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 3600 seconds

Gateway:
Passive Mode: Disabled
NAT Traversal: Disabled

If you are still experiencing connectivity issues, open a support request from the Azure portal and they will help you.
 

Flushing your DNS Cache on any Operative System (any OS)

Hello networkers, You can use the following specific instructions for clearing the DNS cache on computers and servers with any OS: 

Windows OS (from Windows 8 and earlier)
  1. Click the Start Menu
  2. Go to All Programs
  3. Choose Accessories and right-click Command Prompt
  4. Choose Run as Administrator
ipconfig /flushdns

MAC OS X 10.4 tiger

  1. Click the Terminal icon in the dock or in Finder under Application/Utilities/Terminal

dscacheutil -flushcache

MAC OS X 10.7 and 10.8

  1. Click the Terminal icon in the dock or in Finder under Application/Utilities/Terminal

sudo killall -HUP mDNSResponder


Linux (all other distributions)

  1. Open a terminal window (gnome-terminal, konsole, xterm, etc)
sudo /etc/init.d/nscd restart
or
sudo /etc/init.d/nscd restart
 

Execute:
lookupd -flushcache

MAC OS X 10.5 and 10.6
 

Execute:
dscacheutil -flushcache;sudo killall -HUP mDNSResponder

Execute:
sudo service network-manager restart

Cisco Systems