http://www.shortestpathfirst.net Network Architecture and Design, and Information Security Best Practices Wed, 21 Sep 2011 20:45:13 +0000 http://backend.userland.com/rss092 en Any of you who have worked with VPLS or NG-MVPNs are likely already familiar with using Point-to-Multipoint (P2MP) LSPs to get traffic from a single ingress PE to multiple egress PEs.  The reason that P2MP LSPs are desired in these cases is that it can reduce unnecessary replication by doing ... http://www.shortestpathfirst.net/2011/09/21/whats-a-steiner-tree/ Not a day that goes by since having passed the JNCIE-SEC exam that I don't receive an inquiry in one form or another regarding how I prepared for the exam.  It seems that there is an incredible amount of interest in this exam, especially from all those die-hard ScreenOS folks ... http://www.shortestpathfirst.net/2011/09/12/preparation-tips-for-the-jncie-sec-exam/ Imagine a group of researchers planning to speak at a conference regarding a previously undiscovered vulnerability present in most homes that would allow a thief to rob your home of its valuables with complete ease.  You would probably ... http://www.shortestpathfirst.net/2011/08/11/black-hat-ospf-vulnerabilities-much-ado-about-nothing/ In our previous article, we looked at using apply-groups to alter all the security policies uniformly on an SRX device such that they would all have an implicit logging statement. And while this is fine for all existing policies, it doesn't log traffic which doesn't match any explicitly defined security ... http://www.shortestpathfirst.net/2011/07/07/juniper-srx-tips-altering-default-deny-behavior/ Often there are instances where we want to affect all security policies configured on an SRX device.  For example, let's say that we have thousands of policies configured on our firewall, and we want to enable logging for every single policy.  Obviously this would take some time if we were ... http://www.shortestpathfirst.net/2011/06/29/juniper-srx-tips-uniform-security-policy-modification/ Today we'll start with a series of articles covering tips and techniques that might be utilized by JNCIE candidates, whether pursuing the JNCIE-SP, JNCIE-ENT, or even the JNCIE-SEC.  The tips and techniques I will be covering might prove to be useful during a lab attempt but could also be used in ... http://www.shortestpathfirst.net/2011/06/21/jncie-tips-from-the-field-summarization-made-easy/ I am happy to announce that Juniper has just released a new Day One Guide entitled "Junos Tips, Techniques, and Templates 2011". For this particular Day One Guide, Juniper Networks Books and J-Net joined forces and requested the best and brightest Junos tips and techniques from the Junos user community.  In ... http://www.shortestpathfirst.net/2011/06/20/day-one-guide-junos-tips-techniques-and-templates-2011/ I've always been at odds with the recommendation in RFC 3177 towards allocating /48 IPv6 prefixes to end-sites.  To me this seemed rather short-sighted, akin to saying that 640K of memory should be enough for anybody.  It's essentially equivalent to giving out /12s in the IPv4 world which in this ... http://www.shortestpathfirst.net/2011/04/11/ietf-provides-new-guidance-on-ipv6-end-site-addressing/ Today, I received a very disturbing email on NANOG which was forwarded from a recipient on the Global Environment Watch (GEW) mailing list.  If this is true, we all need to take steps to make an orderly and smooth transition to IPv6 as quickly as possible, lest we suffer from ... http://www.shortestpathfirst.net/2011/04/01/ipv4-address-exhaustion-causing-harmful-effects-on-the-earth/ As many of you know, Juniper is currently undergoing a massive effort to update their certification program.  The previous track in 'Enterprise Routing' is now changing to 'Enterprise Routing and Switching' incorporating elements from the previous certification track in addition to some new elements essential to Enterprise switching such as ... http://www.shortestpathfirst.net/2011/03/16/preparation-tips-for-the-jncie-er-exam/