11 posts
A comprehensive guide to prefix-lists and route-maps in Cisco BGP โ what they do, how they differ from ACLs, when to use each, and practical configurations for inbound/outbound BGP policy.
Everything you need to know about Autonomous System Numbers โ what an AS is, the difference between public and private ASNs, how they work in BGP, 2-byte vs 4-byte ASNs, how to look one up, and the process for getting your own.
A deep dive into Bidirectional Forwarding Detection โ why BGP's default failure detection is dangerously slow, how BFD provides sub-second link failure detection, and how to configure it on Cisco IOS-XE, IOS-XR, and NX-OS.
How a 2018 BGP hijack redirected Amazon Route 53 traffic, harvested private keys from MyEtherWallet users, and stole $152K in Ethereum โ BGP and DNS weaknesses chained.
How a government censorship order, a leaked more-specific route, and one upstream provider that didn't filter turned into a global internet outage that took YouTube offline for nearly two hours in 2008 โ and what it proved about BGP's fundamental trust problem.
Practical Claude API patterns for Cisco routers โ generating complex routing policies, parsing BGP and OSPF state, building WAN automation tools, and creating intelligent diagnostic assistants for IOS-XR and IOS-XE routers.
A complete breakdown of all five BGP EVPN route types defined in RFC 7432 and RFC 8365 โ what information each carries, when each is generated, and how they work together to build a VXLAN fabric.
A deep technical breakdown of VXLAN EVPN โ what the underlay and overlay are, how VTEPs encapsulate traffic, why BGP replaced flood-and-learn, and how symmetric IRB enables Layer 3 routing across the fabric.
What Magic Transit is, how it protects your IP infrastructure at the network layer, and best practices for onboarding your prefixes.
Understanding Nexus Dashboard's two-network design, persistent IP addresses, BGP configuration for L3 deployments, and required firewall ports for ND 4.2.
BGP was built for trust, not security. RPKI fixes that by cryptographically validating route origins โ here's how to deploy it on Cisco IOS-XE, IOS-XR, and NX-OS.
