From: Huizinga, Rene (rhuizinga@upcbroadband.com)
Date: Sun Feb 17 2008 - 01:37:14 ARST
Wow...now this is one of the best topics I've seen in a while here !
:)))
A quick brainstorm of some tricks: (not that wild)
- PBR to work-around a FW (now is that really a 'hack' ? :| )
- Strong ACL-summarisations via 'creative' wildcard-masks (quickly
stopped doing that, got complaints and not so well manageable :P )
- Multiple OSPF proc's + controlled re-distribution (now is that really
a 'hack' ? :| )
- Static ARP-entries to deny connectivity to certain segments w/out
using filtering (BOFH)
- Share HSRP-groups to workaround IOS-limitation (hate that though and
not really lab-trick :S)
- 'Creative' BGP next-hop rewriting
But the best...(on a Juniper though)
- Prepended another pub-AS to transit to steer that third parties
traffic, retaining normal connectivity with the peer-AS... :)) (special
case :P And hey, it worked...[VEG])
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Patrick Galligan
Sent: Friday, February 15, 2008 12:44
To: groupstudy
Subject: Re: stupid lab tricks you've used in production
On Thu, Feb 14, 2008 at 2:00 AM, Swan, Jay <jswan@sugf.com> wrote:
> So what's the weirdest thing you thought you'd only use in the lab,
> that you ended up using in production?
>
PBR on a pair of 6500 core switches to send traffic over some new links
to a business partner, 10 branches at a time. Wasn't my preferred option
but the decision makers weren't convinced that the successful pilot was
actually successful. Idiots. Found an IOS bug with that one too.
Multiple OSPF processes on some FWSMs to selectively send redistributed
statics in either direction. Wouldn't have needed OSPF at all if the
FWSMs supported HSRP or VRRP.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:48 ARST