AWS to ASA VPN Issues

I needed to build a VPN tunnel from Threat Defence to AWS, which seemed to work fine. Until the VPN had been up for an hour that is…
After an hour, I was getting reports of tunnel traffic dropping out. This happened regularly every hour.
After a few hours of watching debugs and discussions with TAC, the answer presented itself.

High CPU in Firepower

I use Firepower Management Center quite a bit. Recently, I started getting health monitoring alerts telling me that CPU was at a critically high level.
These alerts were spamming me every 5 minutes for a few hours. One of our ASA’s running Firepower Services was having a bad time.

BGP With a Service Provider

So you want to peer with a service provider. Never done it before? Overwhelmed? Don’t know where to start? If this sounds familiar, then this article is for you!
We’re going to have a look at the process of peering with an ISP. We’re not going to look too deeply into the technical details. Rather, we’ll focus more on the process.

vPC and LAG Convergence

A new Nexus release brings two new features, called vPC Fast Convergence and LACP Convergence.
There wasn’t a lot of information readily available, so I’m going to share what I’ve learned here. I’d like to take a moment to thank Amith Ronad from Cisco for helping me to understand these features.

Hitless vPC Role Change

There has always been a primary and secondary role in a vPC relationship. But, they’ve always been non-preemptive. That means that a secondary will not automatically become primary unless there’s a failure of some sort.

Dynamic Routing and FEX

A few weeks ago I was working on a customer’s network when I found an OSPF problem. For some reason, an ASA wouldn’t peer with a Nexus switch. To make it a bit weirder, the problem only happened on the default VRF, and only with OSPFv3. On the Nexus side, I could see the ASA neighbour, but it was stuck in INIT. On the ASA side, I couldn’t see the neighbour at all.

Cisco Live Melbourne 2017 – Day 1

We all want to be better at what we do. You wouldn’t be reading this if you didn’t. In the IT industry, we go to vendor events, where we get to broaden our horizons, and network woth potential colleagues.
I was one fortunate man in a crowd of many who just attended day 1 of Cisco Live in Melbourne.