Author: Jeffrey Wilson
-
When the Spec Is the Only Source of Truth
This post began as a LinkedIn reflection on RFC reading and first-principles thinking. The story went deeper into RFC 2865 RADIUS authentication than a LinkedIn post could hold. RFC 2865 RADIUS Authentication The authentication failures were intermittent. Not every packet. Not every user. Just enough to know something was wrong at the byte level. I…
-
460 Devices, No Documentation, and the Pipeline That Changed That
The engagement had 460 managed devices and no current topology documentation. Network topology automation was the only viable path — manual spreadsheet work would have taken weeks and produced a point-in-time artifact no one could re-run. The Cisco design team needed three structured deliverables before they could move: device inventory, physical topology graph, VLAN/service map.…
-
1500 != 1500: MTU, OSPF ExStart, and a 14-Byte Blind Spot
What OSPF is actually doing when it stalls in EXSTART, why MTU is the non-obvious suspect, and what to check first when you hit it.
-
When the Fix Becomes the Failure: ECMP, Zone Protection, and a 64KB Ceiling
Three ECMP firewall cutovers went cleanly. The fourth did not — and the cause turned out to be Palo Alto MSS clamping, hidden inside a zone protection profile that had passed through three clean rollouts undetected. It was the highest profile pair in the sequence, sitting at the data center boundary. The Setup The Baylor…
-
BGP Prefix Leak, RPKI, and the Cold Email That Confirmed It
A BGP route leak at an Internet2 customer site propagated more-specific prefixes into the global table, causing every major CDN to black-hole return traffic to an entire campus network. Diagnosing it required a cold email to a Google network engineer at 8:40am. This is the full story: the triage, the root cause, and the architectural…
