Extract private key from Cisco private-config

This blog post discusses extracting a private key from Cisco IOS’s private-config file. I recently generated a keypair on an IOS router and had forgot to flag it as “exportable”, making it difficult to backup. As the key-pair was used for IPSec authentication it was an important key to backup.

The first step is to recover private-config from the device, which I’m not going to cover in this post. Opening the file in a text editor, locate the section that begins “crypto RSA-key-pair” and save the hexadecimal values to a text file, the section will look like this:

crypto RSA-key-pair MyKey 0 1440004978
308204BC 02010030 0D06092A 864886F7 0D010101 05000482 04A63082 04A20201
00028201 0100DE8D 63241465 57356A77 57FC2C3D BBDD8454 F25B6B1A DB487C6D
AA0C1157 F665AF18 08EFC785 C23D3185 06F3D51A 42C94F06 5A97756A C83693C6
...

When saving to a text file, omit the section beginning “crypto RSA-key-pair”, only the hexadecimal values are required.
Continue reading Extract private key from Cisco private-config

Getting started with DN42

A week or two ago I became aware of DN42, a private network run to teach people how to use BGP. DN42 users connect to each other using site-site VPNs and then use BGP to exchange routing information. As someone who learns best from hands-on activity I simply couldn’t resist.

This blog post will discuss getting connected to the DN42 network using a Cisco router, be it physical or in a virtualisation solution such as GNS3/VIRL. At a high level there are three main steps:

  1. Create a number of “objects” in order to allocate a network address that you advertise in BGP;
  2. Configure your router so it can access the internet;
  3. Locate a suitable network to establish a VPN with and then form a BGP adjacency;

I’ll try and cover off the various DN42 specifics, but do not plan on covering basic router configuration tasks.
Continue reading Getting started with DN42

Faster than Gigabit on a budget

For some time now Gigabit has been the de-facto speed for networking equipment. The days of vendors getting away with selling Gigabit at premium is mostly gone. The only real exception to that seems to be Cisco, who inside on providing Fast Ethernet (100Mb) ports on many of their devices and charging a premium for Gigabit.

Ten Gigabit is becoming more widely available in enterprise environments, but comes at a cost that is out of reach of many home labs and those on a tight budget. Depending on what you need to achieve there are low-cost options for getting your feet wet with 10Gb or faster.

Those on a tight budget are likely to consider LACP to aggregate multiple GbE connections in order to provide more available bandwidth. Unfortunately this isn’t always suitable, especially so if you need a single connection to consume much of the bandwidth. Thankfully assuming you only need to connect two hosts together there is a better way.

Continue reading Faster than Gigabit on a budget