Author: Fahadi Muhumuza

Written by Fahadi Muhumuza11Jan, 2024

Unconventional Out-of-Band Management using MikroTik LtAP mini-LTE kit and OpenVPN server

Welcome to the dynamic cosmos of networking and connectivity, where the quest for resilient yet budget-friendly solutions takes centre stage. Today, we’re not merely delving into the technical aspects; we’re embarking on a journey into the avant-garde of connectivity solutions – the fusion of the sleek MikroTik LtAP mini-LTE Kit and the powerful OpenVPN.

In this post, brace yourself to unveil the covert potential hidden within the MikroTik LtAP mini-LTE Kit. We’re not merely scratching the surface of its features; we’re unleashing its power and flexibility to provide solutions beyond its initial design. Get ready for a journey where the possibilities of this kit extend far beyond the expected.

What is Out-of-Band (OOB) Management? Now, picture this scenario: You’re overseeing a network device situated miles away from your headquarters. Through the wonders of remote protocols like SSH, you’ve been managing it seamlessly. Suddenly, the device throws a fit, and you are cut off. Oh no! Cue the need for a physical sprint to the device, employing console access to assess the damage – time wasted, money drained, and downtime soaring.

But hold on! What if I told you there’s a smoother way to confirm the device’s status without breaking a sweat? Yes, you guessed it right – Out-of-Band Management! It’s not just a term; it’s the networking world’s century-defining invention, saving you from the hassle of always needing physical access during failures a thing of the past.

While In-Band Management operates through the LAN using conventional remote access methods like SSH, web or Telnet, Out-of-Band Management offers a secure alternative to administering connected devices and IT assets without relying on the corporate LAN – through a separate connection.

Figure 1:Out-of-Band Management
Continue reading “Unconventional Out-of-Band Management using MikroTik LtAP mini-LTE kit and OpenVPN server”
Written by Fahadi Muhumuza07Jan, 2021

Q-in-Q Tunneling for ELS support on Juniper Switches

In a network where Service Providers run customers’ VLAN traffic over their backbone network, there is a possibility of VLAN crushing if different customers use overlapping VLAN IDs. With Q-in-Q Tunneling Providers can segregate different customers’ VLAN traffic on a link (for example, if the customers use overlapping VLAN IDs) or bundle different customer VLANs into a single service VLAN.

With Q-in-Q tunneling, providers can segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag.

This makes it a suitable solution for service providers since it gives them freedom on which S-VLANs to use without changing customers’ C-VLANs and customers can use any VLANs they want.

 

How Q-in-Q Tunneling Works

In Q-in-Q tunneling, as a packet travels from a customer VLAN (C-VLAN) to a service provider’s VLAN (S-VLAN), a customer-specific 802.1Q tag (Customer’s S-VLAN tag) is added to the packet. This additional tag is used to segregate traffic into service-provider-defined service VLANs (S-VLANs). The original customer 802.1Q tag (C-VLAN(s) tag(s)) of the packet remains and is transmitted transparently, passing through the service provider’s network. As the packet leaves the S-VLAN in the downstream direction, the extra 802.1Q tag (Customer’s S-VLAN tag) is removed.

This solution has been illustrated on a Juniper EX-2300-C Switch with Enhanced Layer 2 Software (ELS) support.

There are multiple ways Q-in-Q tunneling maps C-VLAN(s) to S-VLAN(s).

  1. All-in-one bundling
  2. Many-to-one bundling
  3. Many-to-many bundling
  4. Mapping a specific interface

In this tutorial, only “All-in-one bundling” will be covered.

Continue reading “Q-in-Q Tunneling for ELS support on Juniper Switches”

Written by Fahadi Muhumuza06Jan, 2021

VPLS Multihoming in a Sub-ring setup using rpm and event-handlers for Juniper

Virtual private LAN service (VPLS) multihoming enables you to connect a customer site to two or more PE routers to provide redundant connectivity. A redundant PE router can provide network service to the customer site as soon as a failure is detected. VPLS multihoming helps to maintain VPLS service and traffic forwarding to and from the multihomed site in the event of the following types of network failures:

  • PE router to CPE device link failure
  • PE router failure
  • MPLS-reachability failure between the local PE router and a remote PE router

Ideally, each customer should have dedicated physical connections to PEs, but this kind of setup is expensive for service providers to maintain. Therefore, a new approach of Sub Rings connecting different customers with the use of different VLAN-IDs has been lately utilized as shown below. This makes each CPE logically appear as if it’s connected directly to PEs.

However, VPLS Multihoming was designed to detect failures when the physical interface it’s running on goes down and with this kind of setup, if CPE-2 is multihomed between PE-01 and PE-02 as primary and backup respectively, and the link between CPE-2 and CPE-1 goes down, PE-01 will not notice that failure, therefore, VPLS multihoming will not failover to PE-02 and hence fail-over will not be achieved.

In this blog, we shall cover the set up and configuration of VPLS Multihoming with BGP signaling in a Sub-ring scenario to address the challenge mentioned above.

Continue reading “VPLS Multihoming in a Sub-ring setup using rpm and event-handlers for Juniper”