My bloG notes

To share ideas and tips

Résilience de l’Internet français

Rédigé par Lui - - aucun commentaire


En faisant des recherches sur l’Anycast, je suis tombé par hasard sur un article réalisé par l’Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) et par l’Association Française pour le Nommage Internet en Coopération (AFNIC) qui a dressé un état des lieux de l’Internet français en 2011. Cette étude s’est focalisée sur le BGP et le DNS puisque ce sont les deux éléments clés de l’accessibilité et la résilience de l’Internet d’un pays.


L’article est accessible ici.

High availability of IPSec VPN on Cisco router

Rédigé par Lui - - aucun commentaire

Hi falks,

The first thing is that VRRP, compared to HSRP, is an open standard protocol for router redundancy. But when we talk about routers we think Cisco, Nortel or Juniper…

I used VRRP to implement high availabality of Linux routers (a failover cluster). The solution was really reliable. But when I was thinking to enlarge the experience to Cisco routers I found my self asking this question: Can I use VRRP to allow high availability of IPsec Lan-To-Lan VPNs ?

After some reading, the answer from Cisco is Yes but with the use of HSRP and not VRRP, here’s a link from Cisco discussing the subject :

This worked on a lab with HSRP, unfortunatly VRRP did not. My question to Cisco : Why VRRP based features are not more developped on Cisco routers ?

Riverbed SteelHead : degraded hard drive

Rédigé par Lui - - aucun commentaire


In the network we manage there are Riverbed Steelhead equipments. Unfortunatly, these machines have many hard drives issues. May be this is normal, cause of the many read/write events on the hard drive.

Every month I need to call the TAC to ask them to change at least 2 hard drives. You agree, in a production network, this is not optimal.

When a hard drive on a Riverbed SteelHead machine is in a degraded state, you have to gatter these information before you call the TAC :
- The serial number of the machine : show info
- a sysdump : debug generate dump
- show raid err-mess
- show raid info
- show raid conf
- show raid diagram
- show raid physical

and then you need to plan for changing the hard drive. Be careful, when doing this you may get a small interruption of the network connections, the optimisation service may stop and start. I suggest to plan this in a maintenance window and inform the users when you begin/finish the operation.

You can try to remove the hard drive and insert it before changing it. Normally you don’t need to shutdown the machine unless the TAC ask you to do.

Some times, when you have this issue, you can’t log in the managment interfaces (HTTP/HTTPS/SSH/Serial Console), you need to reboot the machine to get in again.