I ran into an unexpected issue the other day that kept me scratching my head for a few minutes when a new ASA refused to take a code upgrade. Read on for the details.
Recently I was called out to one of my customers, a local college, which had been fighting a variety of disruptive network issues for several days following a campus-wide power-down. After a short phone call, we agreed that I’d better get out there and take a look first-hand at what was going on. Remote work is almost always an option, but I always feel that getting my eyes directly on a problem helps. Sometimes I feel like “The Network Whisperer” when I get out to a customer in trouble — something just speaks to me and points me in the right direction.
I had an interesting issue yesterday where I had to prove that a firewall was injecting TCP RST packets to drop active connections. The details of the firewall problem aren’t relevant, but in order to tie several packet traces together and prove beyond doubt that the mysterious RST packets were being injected and not coming from the end host I had to turn to a little-remembered field in the IP packet header — the identification field.
File this one under “things I’ve missed so many times I should write a blog article about them.”
Here’s the scenario: You’ve ordered a new Ethernet-delivered circuit from your ISP to connect to equipment in your cabinet at a colo facility. The carrier has dropped the circuit, the colo staff has done the cross-connect and left you a fiber pigtail in your cabinet. You’ve configured your port, inserted your SFP optical module, and plugged in the fiber. You “no shut” your port and….. nothing. Nada. Zilch. Not even a link light.
Virtualization, Storage, and other techy stuff
I ask those questions you're too clever to.
Pluribus Networks Founder's Blog on OS, Networking, Virtualization, Cloud Computing, Solaris Architecture, etc
Just another WordPress.com weblog
Data networking, stray thoughts, nerdy fun...
Tales of the network reformation
Jottings on the intersection of tech and humanness
Ramblings about my thoughts, experiences, and ideas.
Looking for the next big thing.
Attaining my CCIE with the help of Warhammer 40k
just another networking blog
Network Architect . CCIE 17846 . CCDE 2012::1
Making Packets Do Silly Things
Jonathan Davis (@subnetwork) keeps layers 1-7 working so that Layer 8 can be productive.