But what is it about? It is actually at first difficult to conceive, as we are all so used that IP addresses identify both a person (or a company) and its location. It is like this by design because Internet is based on a hierarchical routing model.

What I wrote below is just a bad summary of this article by David Meyer. See it as a memo or as a short introduction if you don’t want to get deep into LISP. Otherwise, jump immediately to the original article or to Packetlife which gives some more links.

Now, why would we want to change it? Because with the growing lack of IPv4 free blocks, it became very difficult for the network providers to maintain contiguous blocks. So now the routing tables are bigger than they should be and not optimized. Customers want multihomming and mobility, while providers want to limit the routing overload. Two different point of views which can’t be satisfied with the hierarchical routing of today. BGP partially addresses some of these issues, but it has limits and misconfigurations with deep impacts (eg blackholes) happen regularly. Note that IPv6 can’t be of any help in this case.

But LISP tries. And in a nice way, as it is totally transparent to the end-users. Only the core network of the providers are impacted.

Basically, the customer IP stack remains untouched during the transit. With LISP, the customer IP address is only the identifier, no more the locator.

Then, LISP add a new IP stack on routers configured by the provider. These routers, named ITR (Ingress Tunnel Router) and ETR (Egress Tunnel Router) according to the direction of the flow, encapsulate the packets with the new IP stack with their own address as origin. A little bit as a proxy but at a lower level, their purpose is to route the packets on behalf of the customer.

In short, the role of an ITR is to find the appropriate ETR for the destination, to route the packet correctly. LISP comes with a directory used for the ETR lookup. The directory is supposed to be “manually” maintained by the provider (the overload should be acceptable because we are in a core network, where changes in topology don’t happen all the time). Now that the ITR knows what the location for the recipient is, it sends out the packet with the ETR as destination IP. The way back works just the same.

Between the ITR and the ETR, of course, there can be a number of different providers and routers, not supporting LISP, the routing part being handled by classic routing protocoles like BGP.

You should see clearly now the beauty of LISP : if a customer moves with his IP block, for the provider it is just a matter of updating the location within the LISP directory. There are also some great features like support of load balancing in the case of multi-homing . LISP appears to be efficient and straightforward, but not yet validated by the IETF. Keep an eye on this work in progress!

Netios 0.74 is out.

Complete changelog :

2010-04-08  (0.74) Jean-Christophe Baptiste <jc@phocean.net>

* improve logging and  error handling
* clean up some crapy code

Check there for more details and a download link.

The work that the author made is truly impressive : blog, cheat sheets, gentle forum and even a lab (I haven’t test because I don’t need it, but if you are a student, it is great for students and so far I have never seen any other website offering it), all integrated with a quality level that is rare to find even on professional website.

This is one the best website I have never seen in all categories and certainly the best about Cisco networking. If you are interested in this topic, visit there right now.

Complete changelog :

2010-02-10  (0.73) Jean-Christophe Baptiste <jc@phocean.net>

* remove useless options
* fix various bugs

Check there (tools page) for more details and a download link.

Hostcheck is a simple Perl script that can be useful to quickly check if a list of host is up.
It just read a host file and check if the host are available doing a ping test or trying to open a socket.

Nothing great, but it may help to quickly check that most of things are right after a network change, for instance.
Because we want to test many hosts, and not to scan, the pace is fast so it may not be 100% reliable. The idea is to see roughly is the connectivity is correct or if your whole LAN is down.
It uses colors and is easy to read, so it might be good to show to your manager !

I hope it will be useful. More info and download link are there.

Complete changelog :

2010-01-14  (0.72) Jean-Christophe Baptiste <jc@phocean.net>

* ciscoclass.py : forgot to remove a debug print
* ciscoclass.py : finish and fix a bunch of bugs in the show run function, format the config file properly
* ciscoclass.py : fix the prompt regex

Check there (tools page) for more details and a download link.

There are a lot of changes, starting with cosmetics, but the biggest one is the support of multiprocessing.

It is now able to process several routers at the same time, so using it on a large list of machines results in a big speed up.

A downside is that it now requires at least Python 2.6, as multiprocessing started to be supported with this version only. Most Linux distributions now include Python 2.6, but still not all. Anyway it will be more and more the case. If you can’t uprade your distribution, you can stick with 0.60 which still do most of the work fine.

It is also now able to fetch a configuration file remotly, but it requires more testing before I feel confident in the way it works.

The complete changelog :

2009-12-20  (0.71) Jean-Christophe Baptiste ;

* ciscoclass.py : handle correctly the cisco pager — More — so that “show run” mode should work even with large config files
* sshclass.py : allow to override terminal size system settings (make use of the cisco pager to avoid filling the buffer)

2009-11-16  (0.70) Jean-Christophe Baptiste (private release)

* implement multiprocessing
* improve code documentation
* clean up UI
* reduce useless logging
* netios.py : bug : missing startTime parameter in f_skip_error and f_command functions

I cross my fingers so that there are not too many bugs, but if so, please don’t forget to report it to me.

Check there (tools page) for more details and a download link.

Netios is a little tool aimed to help network administrators to administrate a large number of Cisco network devices.
Providing it with a list of equipments, it connects within SSH to remotly apply IOS commands.

It can automatically :

• retrieve and export in a CSV file the list of local users
• update the local user, the enable password
• change NTP settings
• execute a file of customed IOS commands
• retrieve configuration files

It can read the targets from the command line or from a text file.

Its primary goal is to improve the security by making it easier to renew regularly the local password of these equipments, but it can do more convenient things (and I will continue to work to add more of them).

Check there (tools page) for more details and a download link.