Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stupid Data Center Tricks

Posted by timothy on from the ejector-seat-toilet dept.

jcatcw writes "A university network is brought down when two network cables are plugged into the wrong hub. An employee is injured after an ill-timed entry into a data center. Overheated systems are shut down by a thermostat setting changed from Fahrenheit to Celsius. And, of course, Big Red Buttons. These are just a few of the data center disasters caused by human folly."

4 of 305 comments (clear)

  1. Re:Network meltdown due to hub cross-connects by omglolbah · · Score: 4, Informative

    Oh yes, it works quite well for sabotaging a network.

    It used to be a constant issue at LAN parties where "pranksters" would do it before going to sleep... Usually we never found them but when we did we flogged them with cat5 cables stripped of insulation :p

  2. Re:Not using Cisco ACLs by jimicus · · Score: 4, Informative

    Hours?

    You get something on the network which has an IP from the offending DHCP server, use ARP to establish what that DHCP servers' MAC address is then lookup the switches' own tables to figure out which port that MAC is plugged into and switch that port off and wait for the equipment owner to start complaining. Takes about 3-5 minutes to do by hand, and some switches can do it automatically.

  3. Re:Not using Cisco ACLs by fluffy99 · · Score: 4, Informative

    Cisco switches have a wonderful feature called dhcp snooping.

    Not supported on many of the lower end Cisco edge switches. It believe it also interferes with DHCP relaying.

    Another great tool is "ip verify source vlan dhcp-snooping
    " which can be used to block traffic from IPs/macs that did not obtain their IP from the DHCP server. This nicely prevents users from statically assigning addresses and/or spoofing their mac address.

  4. Re:Network meltdown due to hub cross-connects by Geoff-with-a-G · · Score: 5, Informative

    I'm CCNP, taking my CCIE lab next month, I'll give this a shot.

    Yes, the "cow goes moo" level definitions you get are "hub = L1, switch = L2, router = L3" but the reality is more complex.
    A hub is essentially a multi-port repeater. It just takes data in on one port and spews it out all the others.
    A switch is a device that uses hardware (not CPU/software) to consult a simple lookup table which tells it which port(s) to forward the data, and does so very fast (if not always wire-speed). Think like the GPU/graphics card in your PC. Something specific super fast.
    A router is a device that understands network hierarchy/topology (in the case of IP, this is mainly about subnetting, but there are plenty of other routed protocols) and can traverse that hierarchy/topology to determine the next hop towards a destination.

    Now, because of the protocol addressing in Ethernet and IP, these lend themselves easily to hub/switch/router = L1/L2/L3, but they're not really defined that way.

    These days, most Cisco switches (3560, 3750, 6500, etc) run IOS, the software which can do routing, and which uses CEF. CEF in a nutshell takes the routing table (which would best be represented as a tree) and compiles it into a "FIB", which is essentially a flat lookup-table version of that same (layer 3, IP) table. It also caches a copy of the L2 header that the router needs to forward an L3 packet. The hardware (ASICs) in the switches hold this FIB, and thus allow them to "switch" IP/L3 packets at fast rates and without CPU intervention, thus making them still "switches", even if they run a routing protocol and build a routing table.

    Meanwhile, when Cisco refers to a "router" in marketing terms, they're talking about a device with a (relatively) powerful CPU, which can not only perform actual routing, but also usually more CPU-intensive inter-network tasks like Netflow and NBAR.