Category Archives for "Chandan Dutta Chowdhury"

Connecting my Dev VM to GCP: Test driving sshuttle

I have been working on a project which requires me to connect to my test environment deployed on GCP. We don’t have public IPs available for all the VMs in the test environment, but one of the VMs in the deployment is configured as a JumpHost i.e it has a public IP available. We need … Continue reading Connecting my Dev VM to GCP: Test driving sshuttle

A Simple Virtual Network based on proxy ARP and Policy Based Routing

Introduction Choosing a Virtual networking to connect VMs or Containers across Hosts is always a complicated decision. Most of us would have found the virtual networking on a single VM/Container Host to be very simple, easy to implement and debug. Just plug the VM/Container to a bridge and your are done. For access from the … Continue reading A Simple Virtual Network based on proxy ARP and Policy Based Routing

No surprise performance test

Recently I had a need to deploy some python FLASK based application. Although FLASK has a convenience CLI built-in to run your application while developing the deployment documentation provided a bunch of production ready deployment method. After going through the various documentation and learning about the event loop based implementation of Gevent, I decided to … Continue reading No surprise performance test

Test Driving transmission for multi-site file sync

As the industry moves towards more distributed deployment of services, syncing files across multiple location is a problem that often needs to be solved. In the world of file synching there are two algorithms that are outstanding. One being rsync which is a very efficient tool for synching files. It works great when you have … Continue reading Test Driving transmission for multi-site file sync

Test Driving Inter Regional VPC peering in AWS

Connect AWS VPCs hosted in different regions. AWS Virtual Private Cloud(VPC) provides a way to isolate a tenant’s cloud infrastructure. To a tenant a VPCs provide a view of his own virtual infrastructure in the cloud that is completely isolated, has its own compute, storage, network connectivity, security settings etc. In the physical world, Amazon’s … Continue reading Test Driving Inter Regional VPC peering in AWS

Custom VPC and Internet Access in AWS

Create your VPC, launch EC2 instances and get internet access with Public IP. With a Virtual Private Cloud(VPC), tenants can create his own cloud based infrastructure in AWS. While AWS provides a default VPC for a new tenant, there are always use cases that need creation of custom VPC. While exploring custom VPC, I found … Continue reading Custom VPC and Internet Access in AWS

Stateful vs Stateless firewalls: Which one to use when?

Firewalls provide traffic filtering and protects the trusted environment for the untrusted. A firewall can be stateful or stateless A stateful firewall is capable of tracking connection states, it is better equipped to allow or deny traffic based on such knowledge.  A TCP connection for example goes through the handshake (SYN-SYN+ACK-SYN), to EASTABLISHED state, and … Continue reading Stateful vs Stateless firewalls: Which one to use when?

Home network traffic analysis with a Raspberry Pi 3, a NetGear Switch and Ntop

I had the Raspberry Pi laying around for some time without doing any major function and so was a the NetGear switch [1]. So, I decided to do a weekend project to implement traffic analysis on my home network. I have a PPPoE connection to my ISP that connects to my home router [2]. The … Continue reading Home network traffic analysis with a Raspberry Pi 3, a NetGear Switch and Ntop

SecureNet: Simulating a Secure Network with Mininet

I have been working with OpenStack(devstack) for a while and I must say it is quite convenient to bring up a test setup using devstack. At times, I still feel it is an overkill to use devstack for a quick test to verify your understanding of the network/security rules/routing etc. This is where Mininet shines. … Continue reading SecureNet: Simulating a Secure Network with Mininet

Control Plane for our L3VPN based virtual network

In the last two blogs, I have gone through the process of developing a L3VPN base virtual network. One thing that we ignored is the amount of configuration that we need to change to add or remove nodes or provision new edge routers. While, some of these steps are part of the infrastructure provisioning, like … Continue reading Control Plane for our L3VPN based virtual network

Test driving App Firewall with IPTables

With more and more application moving to the cloud, web based applications have become ubiquitous. They are ideal for providing access to applications sitting on the cloud (over HTTP through a standard web browser). This has removed the need to install specialized application on the client system, the client just needs to install is a … Continue reading Test driving App Firewall with IPTables

Running a standalone OpenStack Neutron server

One of the great advantage for an OpenStack developer is the ease with which a dev environment can be created. I cannot say enough good things about devstack. Devstack is a tool that provides a very flexible way of creating development environment for OpenStack. Devstack is very flexible and can be configured using simple config … Continue reading Running a standalone OpenStack Neutron server

Test-driving arbitrary data publishing over BGP

BGP is a routing protocol known for its strength in scaling and resilience. It is also flexible and extensible.  With its Multi-Protocol extension BGP can support distribution of various data types. Still to extend BGP for every new route data type  requires introduction of new address family(AFI/SAFI) and making BGP aware of the new data … Continue reading Test-driving arbitrary data publishing over BGP

Test-driving EVPN route publishing with GoBGP

In recent times there has been a lot of interest in tunnel based L2 networks, especially for Cloud Networks implemented with VXLAN.  The tunnel based networks were initially proposed with the idea of alleviating the 4k limit imposed with VLAN based networks. EVPN based VXLAN tunneled networks use BGP as control plane for L2 learning. … Continue reading Test-driving EVPN route publishing with GoBGP