I was reading about flowspec the other day. It has been around for a while now however it was on the news just recently due to the Internet outage caused by L3.
Apparently, a rule send by a flowspec controller was misconfigured and took down several BGP peers which in return took other BGP peers to L3 and you already know what happened.
Thus I decided to show a lab that implements flow spec for both IPV4 and IPV6.
Here we go.
Continue reading “BGP Flowspec Using ExaBGP”
This is a follow up to my previous post about NAT64.
I decided to do a few minor improvements to the lab, nothing out of the extraordinary.
Continue reading “NAT64 Follow UP.”
The other day I came across a configuration by Cisco in regard to NAT64.
As you are aware, NAT64 permits IPv6 only networks to access IPv4 networks and vice versa.
Of course, they are not entirely IPv6 only networks since they probably have an IPv4 gateway somewhere allowing them to access IPv4 networks on the Internet.
I decided to do the lab and test it using EVE-NG. Continue reading “NAT64 Lab Using Cisco’s ASR and DNS64 (Maybe).”
In a previous post, I have shown a configuration using Hostapd, Ubuntu and a Belkin USB dongle allowing me to have Wi-Fi access.
This work reasonably well but the speed of the dongle was 54 Mbps only. So I decided to buy a Panda PAU06 Wireless N USB adapter.
The reason was that Panda claimed it was Linux compatible and it will operate at 150 Mbps. I know 150 Mbps is so slow nowadays, but I do not need that much speed on the WLAN, all my devices are wired with Gigabit speed.
I do not have several people competing for bandwidth also.
If I need to stream something I use, the media center connected to a big-screen TV.
This setup actually worked fairly well, using Fedora 29 on VMWARE Workstation.
The setup used routing and that created some issues with the “/64” prefixes I am given by my provider that you can read in that post.
Well, I accidentally deleted the VM guest the other day, yes I had no backup but I am always careful, this time it bit me in the behind.
Thus this time I decided to re-do the setup but instead use bridging to connect the LAN and WLAN interfaces. This is working rather well, so read on. Continue reading “Hostapd Revisited. Using Bridging for IPv4 and IPv6.”
This is a follow-up to my previous post.
On that post I did show how to set up DNSMASQ so it can be used as a DHCPV6 alternative so IPv6 smart clients receive IPv6 addresses and be able to do DDNS and thus be able to have human readable names under IPv6.
I also pointed out that you could use DNSMASQ as a forwarder.
Continue reading “Dynamic DNS, Android Phones, IPv6 and DNSMASQ Follow-up.”
It has been a while since my last post. Too many things going on.
But in a previous post regarding the setup of DDNS, DHCP and IPV6, I mentioned that while Android phones are IPV6 enabled, they only support SLAAC configuration.
I also stated that using DNSMASQ, this could be overcome.
So here it is, keep on reading.
Continue reading “Dynamic DNS, Android Phones, IPv6 and DNSMASQ”
As you already know IPv6 uses stateless configuration right off the bat.
If you have a small network, this is not a problem, and I mean small meaning maybe 10 or so devices.
You can manually update your devices using DNS and you will be fine.
But in the enterprise where you can have hundreds if not thousands of devices then you have a nightmare.
You will not remember IPv6 addresses as you did with IPv4, you need DDNS so devices can register themselves with DNS.
For this you would need the following.
- A DNS server that allows IPV6 dynamic registrations
- A DHCP server that supports such registrations.
- A DHCP server that can issue IPv6 addresses and other options.
- A RADVD or Router that is capable of advertising a default route.
I want to show you how to configure this using GNS3 and VirtualBox. This lab hopefully will be instructional.
Continue reading “IPv6, DHCPv6 and DDNS”
It has been a while since I have entered anything on my blog. But a few days ago I came across a very interesting situation that is not common but it is counter-intuitive. It has to do with the way the Cisco ASA treats NAT in a very particular situation.
An ASA was configured to have split tunneling disabled for clients using the Any Connect Cisco client. The ASA we are using has several IPSEC tunnels to remote sites. As soon as the clients connected they did not have access to either the Internet or the remote sites. They can access the Internal LAN though.
The reason of course as you may have guessed it has to do with how to configure NAT.
So here we go.
Continue reading “ASA Any Connect Split Tunneling Or Why Are You Doing NAT from the Outside?”
Well it has been about a week since I was able to use a Ubuntu 13.04 box and make it a hotspot for wireless. It works great.
So a few remarks.
When hostapd is started it clobbers the IPV6 setup. This is a Kernel bug and an old one see:
of course the developers have not fixed it and sarcastically pointed out that the interface needs to go do down in order for hostpad to enable the features needed for an access point.
But hello it does not clobber IPV4 so I am sorry they are too lazy to fix it. There is a workaround as always, after you start hostapd just add the IPV6 address to your wireless interface. This can be done automatically at rc.local when you boot the machine.
You can run the router virtually. I use VirtualBox of course you need a machine to run VirtualBox with enough resources to run VMs.
But the router does not need that much overhead, if you do not install X then you can get away with 256 MB of memory for the VM.
The you start the VM headless:
“/usr/bin/VBoxManage startvm “VMName” –type headless”.
And remember to allow the USB wireless to be recognized by the host and VM. Then you need to “ifconfig wlan0 down” on the host.
So the setup is fairly general that it you want to use it so the Ubuntu box also acts as your Internet router it can be done. In this case you will need three interfaces, ETH0 to the web, ETH1 to your LAN and WLAN0 for wireless.
The setup should be straight forward but you now need a good IPTABLES configuration since you need to forward packets between the three interfaces.
In a previous post I did show how to use an Ad-Hoc network using IPTables masquerading to allow Wi-Fi clients to connect.
The main reason was that I already have a dual stack with FC running that connects me to my cable provider.
On the other hand I use a cheap wireless router when I need Wi-Fi connectivity to my smart-phone or my laptop but my Wi-Fi router does not support IPV6 so the setup worked as a charm.
The setup has a drawback. On my wireless router I used MAC filtering, while a determine hacker could in principle get in anyway, in most cases MAC filtering provides sufficient security, only those clients with MAC addresses you allow can get an address and connect.
In addition the Ad-Hoc network was unreliable so I decided to make the FC server a hotspot and use DNSMASQ for DHCPV6. It works great.
So here we go.
Continue reading “Hostapd + DHCPV6 + IPV6 + Ubuntu 13.04”