© 2012 Yeo Networks
Aug 14, 2009 No Comments
Just implemented jumbo frame today on a network. Initially I had the servers and switches configured for 9000 MTU. However later I discovered that Cisco FWSM only supports up to 8500 byte MTU. Jumbo frame should reduce CPU utilization and improve network throughput, especially for a single TCP connection because of bandwidth delay product. Network [...]
Read more...Aug 14, 2009 No Comments
Network Attached Storage (NAS) is very common in today network. A lot of NAS (like EMC Celerra) supports VLAN trunking and multiple CIFS servers on one box. Thus it is very common for storage administrators to connect one NAS box to multiple networks. What is usually overlooked is the security implication of that setup. Connecting [...]
Read more...Aug 13, 2009 No Comments
It is very clear to network architects that video is going to be the killer application for enterprises and the Internet. However a lot of network architects came from pure networking background and thus may not have the knowledge of the video protocols and standards. The two major standards that tell us how to run [...]
Read more...Aug 6, 2009 No Comments
I like to introduce you to a handy network tool. Have you ever want to ping many hosts with just one syntax? How about having a tool that can send out 1 ICMP echo per ms (that is 1000 ICMP echos in a second). fping is the tool. It is basically ping on steroid. It [...]
Read more...Aug 5, 2009 No Comments
I have been reading on IPv6 lately preparing to deploy it in my network. Here is a pretty good video tutorial on IPv6 basic. I expect to cover more on IPv6 in the future.
Read more...Jul 14, 2009 No Comments
I have recently migrated a subnet from a network with no firewall to a network behind a firewall. Just as normal, I had the firewall rule wide open, the plan is to monitor the traffic and configure firewall rules after the migration. Everything should be okay, except in the next business day, some applications jobs [...]
Read more...Jun 16, 2009 No Comments
If you use Cisco ACS with Cisco IOS devices and Cisco ACE. You want to make sure the ACS group or user “Custom Attribute” under TACACS+ setting is configured with an * instead of an = sign. If = sign is configured, authorization to your IOS devices would fail. So do this: shell:Admin*Admin default-domain Do [...]
Read more...Jun 9, 2009 No Comments
My application team has a requirement to run a single TCP connection over FWSM up to 380mbps. However the Cisco FWSM limits a single TCP connection throughput to 200mbps (with 1500 MTU)! The reason is because packets leaving FWSM may not be in the same sequence as they entered, and thus slow down TCP connections. [...]
Read more...