Eric Stewart: Running Off At The Mouth

It’s been my experience that “ip access-group <acl> in” is rarely used. Most of the time, people look at the “out” form of the command. In this post, I will explain how to view the different directionality of the “in” vs “out” and then review the issues that you can encounter with respect to DHCP and HSRP when it comes to ending an “in” ACL with a “deny all” at the end.

Related to my previous post about “The Network As A System”, during my time on call, I got another request that stated: “I need a port opened between 10.0.0.24 and 10.0.0.56. I know they’re on the same subnet, but I’m getting timeouts when trying to connect between them.”

The thing is, they weren’t on the same subnet.

We have an on call rotation at $JOB where, for a week, a given engineer is responsible for responding to after hours phone calls as well as tickets and ACL requests. During a recent turn of mine with the football, I got an ACL request that didn’t make sense, and after working it through with the DB Admin that made the request, I figured I’d write this. It’s sad that it’s probably mostly networking people that read the blog, because they already understand everything this will explain. It’s the DBAs, Developers, and other IT support personnel that could benefit from what I go over here.

$JOB’s Cacti multi-server infrastructure has been running fine on Cacti 0.8.8b and UnifiedTrees 0.8. However, Cacti 0.8.8f is out and the trees are done quite differently. It’s time to update $JOB’s Cacti infrastructure and to make UnifiedTrees compatible, it had to undergo some major changes.

$JOB is getting into some new and interesting stuff; stuff that, if you’re not an Internet Service Provider, could be a bit of a black box to you; you might be used to your ISP saying “Here’s a cable, your equipment is on the other end”. Here’s what we’ve been working on and what I’ve been able to make of it so far.

In which I regale you with a tale involving the salacious behavior of the Catalyst 6500 when compared to the more chaste Nexus 7K line.

We ran into a “time” situation at work, and I learned quite a bit about how NTPD works, and what exactly all the information in ntpq means. This has to do with the “Leap Second” that was instituted on June 30, 2015.

Attempting (in my scatterbrained manner) to cover all the bases of an interesting issue I encountered recently and failed to fix without assistance. It illustrates why I’m not a CCIE yet, and why, no matter what you see, you shouldn’t assume anything when working through odd issues.

A revisit to an earlier post and why what I outlined there was a bad idea. Using Bank Chaining, while allowing you to use more banks for ACLs, has its penalties …

Two things covered in this post: what I learned about how “auto-summary” on RIPv2 works, and also some particulars about RIPv2 (and possibly other routing protocols) and how it advertises routes to neighbors.