Port isolate vs. Mac Forced Forwarding

Let me first say that these two features are supposed to do very similar things – they are designed to separate access users so their traffic cannot go directly between them without any control. The firs possible solution is a port-isolate command which separates L2 and L3 traffic between the isolated (access) ports. This leads to complete separation with all the advantages and disadvantages. The biggest disadvantage is that all traffic trunked up to another switch where it will be dealt with – usually it will be routed. As the separation is also on L2 and L3 you cannot use arp proxy which could resolve the overhead on access switch. The advantage is that the separation is absolute which could be quite useful in ISP’s access networks. read more

IPsec overview

IPSec is a framework of symmetric encryption of IPv4 protocol which is good for VPN creation etc. Parts of the IPSec are Internet Key Exchange (binding all the pieces together), Diffie-Hellmanalgorithm (for secure key exchange) and symmetric pre-shared key or certificate based authentication. This main three components make IPSec very reliable and very difficult to break into (even though some of the algorithms are weak/vulnerable). read more

RFC2544 Testing explained

This next article in this mini-series about testing Ethernet/IP networks I will write about one of the most common test – the RFC2544  ”Bench-marking Methodology for Network Interconnect Devices”. The purpose of this test is quite often misunderstood even though it is clearly stated in the introduction of the standard itself. So let’s start with clarifying what this testing suite is and what it should be used for. read more

Bit Errror Rate Test (BERT) explained

This article will be rather short in comparison with the others in the mini-series about various Ethernet/IP testing methods but it is one that is necessary as Bit Error Tests have a long tradition in telco environment (circuit based networks) but are still quite valid even in nowadays packet networks – at least for some specific cases. So without further delay let start with some theory behind the testing and some practical use followed by some use cases and best practices. read more