Avatar
https://supportforums.cisco.com/thread/2074141 (or built in software in Win7?)
"We sort of have two main categories of VPN. 1) Lan to Lan (aka Site to Site) and 2) Remote access. With lan to lan VPN's, there is some device (router, firewall, concentrator) that terminates bot ends of the connection. With Remote access, there is a piece of software installed on a PC/Laptop on one end and the other end would be terminated into a router, firewall or concentrator"
https://supportforums.cisco.com/thread/2074141
[ view entry ] ( 1562 views ) | print article
1.- The Factory
2.- The Singleton
3.- The Observer
4.- The Chain-of-Commands
5.- The Strategy
6.- The Adapter
7.- The Iterator
8.- The Decorator
9.- The Delagate
10.- The State
TO DO: Add a sample for each.
[ view entry ] ( 1584 views ) | print article
It's a common misconception that user input can be filtered. PHP even has a (now deprecated) "feature", called magic-quotes, that builds on this idea. It's nonsense. Forget about filtering (Or cleaning, or whatever people call it).
What you should do, to avoid problems is quite simple: Whenever you embed a string within foreign code, you must escape it, according to the rules of that language. For example, if you embed a string in some SQL targeting MySql, you must escape the string with MySql's function for this purpose (mysql_real_escape_string).
Another example is HTML; If you embed strings within HTML markup, you must escape it with htmlspecialchars. This means that every single echo or print statement should use htmlspecialchars.
A third example could be shell commands; If you are going to embed strings (Such as arguments) to external commands, and call them with exec, then you must use escapeshellcmd and escapeshellarg.
And so on and so forth ...
The only case where you need to actively filter data, is if you're accepting preformatted input. Eg. if you let your users post HTML markup, that you plan to display on the site. However, you should be wise to avoid this at all cost, since no matter how well you filter it, it will always be a potential security hole.
http://stackoverflow.com/questions/1296 ... t-with-php
[ view entry ] ( 1663 views ) | print article
//Generate server key
openssl genrsa -out server.key 1024
//Create a Certificate Signing Request
openssl req -new -key server.key -out server.csr
//Sign your own certificate (for development purposes)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
//Install your certificate. Add in httpd.conf :
SSLCertificateFile "/webserver/ssl_certs/server.crt"
SSLCertificateKeyFile "/webserver/ssl_certs/server.key"
//Finally, configure a virtual-host with a document root and port 443 (httpd.conf)
:)
### Update 4-27-2018 ###
# looks like you can generate server.key and server.csr using only one command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
#Also, it looks like wee can create a self-signed key and certificate pair with OpenSSL in a single command:
(Tested on 11/15/2023 !)
[admin@PHP8 ~]$ openssl req --x509 --nodes --days 3650 --newkey rsa:2048 --keyout nginx-selfsigned.key --out nginx-selfsigned.crt
...
[admin@PHP8 ~]$ ls -ltrh nginx-selfsigned.*
-rw-------. 1 entadmin entadmin 1.7K Nov 15 18:47 nginx-selfsigned.key
-rw-rw-r--. 1 entadmin entadmin 1.5K Nov 15 18:48 nginx-selfsigned.crt
# From Comodo.com, To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command (creates two files) :
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
# Also from Comodo.com,Alternatively one may issue the following command to generate a CSR:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"
# Note: If the "-nodes" is entered the key will not be encrypted with a DES pass phrase.
# 5-14-2018 - Verifying that a private key matches its Certificate
[aesteban@localhost TLS-TESTS]$ openssl x509 -noout -modulus -in nginx-selfsigned.crt | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$ openssl rsa -noout -modulus -in nginx-selfsigned.key | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$
6-15-2018 Documenting the following:
# user curl's resolve to test endpoints that are behind a CDN or loadbalancer. IPADDRESS represents the endpoint (app server) ip address.
[aesteban@localhost ~]$ curl -v https://api.example.com --resolve "api.example.com:443:IPADDRESS"
8-9-2019 - extracting expiration date from certificate
[aesteban@localhost ~]$ openssl x509 -enddate -noout -in Documents/ansible/files/star.angelcool.com.crt
notAfter=Jul 9 23:25:42 2019 GMT
[aesteban@localhost ~]$
[aesteban@localhost ~]$
[ view entry ] ( 1616 views ) | print article
PHP's SplPriorityQueue class implements a max-heap. PHP also separately has SplHeap, SplMinHeap, and SplMaxHeap classes.
CODE:
$ph= new SplPriorityQueue;
$pq->insert('Clear drains',3);
$pq->insert('Feed cat',4);
$pq->insert('Make tea',5);
$pq->insert('Solve RC tasks',1);
$pq->insert('Tax return',2);
// This line causes extract() to return both the data and priority (in an associative array),
// Otherwise it would just return the data
$pq->setExtractFlags(SplPriorityQueue::EXTR_BOTH);
while (!$pq->isEmpty()) {
print_r($pq->extract());
}
OUTPUT:
Array
(
[data] => Make tea
[priority] => 5
)
Array
(
[data] => Feed cat
[priority] => 4
)
Array
(
[data] => Clear drains
[priority] => 3
)
Array
(
[data] => Tax return
[priority] => 2
)
Array
(
[data] => Solve RC tasks
[priority] => 1
)
See:Data Structures
[ view entry ] ( 1505 views ) | print article
:) Today I passed CCNP 642-902 ROUTE exam !!!
•EIGRP
•OSPF
•IGP Redistribution(Route Maps,Prefix Lists,Distribute Lists)
•Policy-based routing and IP service-level agreement (IP SLA)
•BGP
•IPv6
•IPv4 and IPv6 coexistence
•Routing over branch Internet connections
[ view entry ] ( 1417 views ) | print article
IP SLA is a feature that measures the ongoing behavior of the network, it acts as a tool to test and gather data abouth the network. Network management tools can then collect that data and report whether the network reached the desired SLAs for the network, many management tools support the ability to configure IP SLA from the management tool's gui. When configure, the routers gather the results of network operation, storing the statistics in the IOS RTTMON MIB, management applications can later gather the statistics from this MIB on various routers and report whether the SLAs are met.
CCNP ROUTE (4th printing) p. 371.
-------------------------------------------------
IP SLA is a function of Cisco’s IOS enabling you to analyze a Service Level Agreement (SLA) for an IP application or service. IP SLAs use active traffic-monitoring to continuously monitor traffic across the network. This is very different from SNMP or Netflow data which give you more volume oriented statistics. Many different metrics can be analyzed using IP SLA, here is a break down of a few.
* UDP Jitter .– Probably the most used operation in all of IP SLA. This IP SLA generates UDP traffic and measures Round-trip Delay, One-way Delay, One-way Jitter, One-way Packet Loss, and overall Connectivity.
* ICMP Path Jitter .– Hop-by-hop Jitter, Packet Loss, and Delay.
* UDP Jitter for VoIP .– Enhanced test for VoIP monitoring. It can simulate various codecs and spits out voice quality scores (MOS, and ICPIF). Also shows us Round-trip Delay, One-way Delay, One-way Jitter, and One-way Packet Loss.
* UDP Echo .– Round-trip Delay for UDP traffic.
* ICMP Echo .– Round-trip Delay, full path.
* ICMP Path Echo .– Round-trip Delay and Hop-by-hop round trip delay.
* HTTP .– Round-trip time using simulated http traffic.
* TCP Connect .– Allows us to sample the time to connect to a target using TCP.
* FTP .– Round-trip time for file transfers.
* DHCP .– Round-trip time for dynamic host configuration.
* Frame-Relay .-–Round-trip Delay, and the Frame Delivery Ratio. Mostly used for circuit availability.
http://routerjockey.com/2011/05/06/ip-sla-basics/
-------------------------------------------------
Cisco IP SLA is an embedded feature set in Cisco IOS Software that allows you to analyze service levels for IP applications and services. It is one of those Cisco device instrumentation features with a long history. IOS 11.2 introduced the Response Time Reporter (RTR), which supported three functions: ICMP Ping, ICMP Echo Path, and SSCP (IBM SNA native echo). In those days, multiple customers migrated their dedicated IBM SNA infrastructure to an IP network and realized how limited IP reporting functions were compared to IBM's SNA network. RTR addressed this issue and significantly increased functionality over the years. Cisco renamed RTR Service Assurance Agent (SAA) in Cisco IOS Software Release 12.0(5)T. New features were continuously added and, in 2004, Cisco changed the name to IP SLA. Despite the name changes, the basic principle of IP SLA remained the same: an active measurement that uses injected test packets (synthetic traffic) marked with a time stamp to calculate performance metrics. The results allow indirect assessment of the network, such as Service-Level Agreements (SLA) and QoS class definitions.
http://etutorials.org/Networking/networ ... 1.+IP+SLA/
-------------------------------------------------
Also: See Cisco's NetFlow
[ view entry ] ( 1572 views ) | print article
Hi,
BGP synchronization assumed an older approach of BGP deployment for a transit autonomous system. In this approach, BGP would be configured only on ASBRs, not on internal routers. The ASBRs would have eBGP peerings with outside autonomous systems, and they would also have iBGP peerings to each other. Internal routers, however, would not be running BGP.
Naturally, this constellation would result in blackholing traffic because while the ASBRs know all routes thanks to their eBGP and iBGP peerings, any internal router would have no idea about external networks. So as an additional step, the BGP routes were redistributed into the internal routing protocol. The full reachability would be therefore gained by combining the BGP on and between the ASBRs, and the redistribution of BGP routes into IGP within an AS. The internal routers are therefore spared the need to run full BGP.
Now, an ASBR can know about an external network from another iBGP peer via iBGP and theoretically, it can immediately install it into its routing table and advertise it to further eBGP neighbors. However, if the internal protocol, say, EIGRP, does not yet have that route fully advertised to all internal routers, advertising the route to eBGP neighbors would be futile: the traffic would be still misrouted or blackholed inside our AS until the EIGRP has truly advertised the network.
This is where BGP Synchronization comes in. An ASBR can know about a route via iBGP peering with another ASBR. However, it will not consider that route as valid until the same route comes through an IGP, say, EIGRP, and gets installed in the routing table. Seeing the route learned via iBGP installed as an IGP route means that the neighboring ASBR has redistributed the route correctly into EIGRP and that it is already known to all internal routers between that ASBR and your ASBR, and that means that the path is truly valid - each router on the path between you and the neighboring ASBR knows how to route packets to that destination.
So the state of seeing an iBGP-learned route as IGP-learned in your routing table means that the route itself is synchronized. Only now, you can consider the route as valid, subject it to BGP bestpath algorithm and advertise it to eBGP peers - not sooner.
"I already understand that Sync. must be disabled in case if i have a full meshed IBGP in order for IBGP routes to be entered in the IGP routing table."
iBGP peers must always be fully meshed (let us ignore route reflectors and confederations for now). However, the BGP synchronization should be deactivated if all your routers within an AS are BGP speakers and are supposed to learn the external routes via BGP. In such case, you would never redistribute BGP-learned routes into an IGP (there would be no sense in doing that as all routers speak BGP already) but the activated synchronization would prevent these routers from treating these iBGP-learned routes as valid.
In other words, the BGP Synchronization must be deactivated in all iBGP scenarios where BGP routes are not redistributed into IGP protocol. Otherwise, an iBGP speaker will wait for an iBGP-learned route to be also learned via IGP - which will never happen.
Please feel welcome to ask further!
Best regards,
Peter
https://supportforums.cisco.com/thread/2107257
:)
[ view entry ] ( 1918 views ) | print article
Routers become OSPF Neighbors if they have an interface connected on a common network. For example, two routers connected on a point-to-point serial link could be neighbors.
An Adjacency is required for two ospf routers to exchange route updates. Not all neighbor routers will form adjacencies.
https://learningnetwork.cisco.com/thread/2010
[ view entry ] ( 1442 views ) | print article
Common LSAs:
[ view entry ] ( 1371 views ) | print article
<<First <Back | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | Next> Last>>