Skip to main content

Posts

Showing posts from September, 2011

NTP access control

Important trick I found on INE forum that should be remembered about NTP when you are using NTP access-control. One of the important things that are not mentioned in the INE post is that by default no one will be rejected from the NTP master if it's not trying to authenticate that's why you will restrict those stations with ACL.  "If your router is configured as NTP master, and you set up any access-control group, you must allow “peer” access type to a source with IP address “127.127.7.1”. This is because “127.127.7.1” is the internal server created by ntp master command, which the local router synchronizes to. If you forget to enable it peer access, your server will always be out of sync. Here are some examples. First one: configure R1 as NTP master and allow the server to be polled for NTP updates just by one client. Client should receive updates just from one source:" reating an Access Group and Assign a Basic IP Access List to It To control access to NT...
Read more >>
Ethernet over SDH. It's interesting topic though, I got such question on job interview few days ago and I think I was too stressed to give the answer straight away but after I left the interview I came out with few answers about that and I used such solution few years ago in Iceland. So, you want to carry native Ethernet over SDH but for some historical reasons you have a huge SDH/PDH network which carry mainly IP - so what you can do about it? I was thinking of Ethernet-over-IP-over SDH? why not? I tried something like that couple of years back and it works. The Telco way is to convert the SDH to ethernet with pseudo-wire (tunnelling) and Axerra networks and Tellabs have such solutions or using the so well advertised rfc4448 (ethernet-over-mpls)
Read more >>