Inderdeep Singh ılılılı
Author Archives: Inderdeep Singh ılılılı
- Home → Author's archive:
Inderdeep Singh ılılılı
Software Defined Networking : Introduction to VeloCloud SD-WAN Solution
Today I am going to talk about the another article on the Software defined networking and that is SD-WAN. SD-WAN stands for the software defined WAN. Earlier i talk about the SD-WAN solution from the Viptela which is now acquired by Cisco systems.
As I earlier talked about the SD-WAN architecture and the main focus on the control, Data and management plane. The intent is to separate the Data and control plane from the devices. Data plane as usual will be there at the box level (Routers, switches) while separated the control plane to centralised management systems where all decisions will be taken care.
For Viptela SD-WAN solution, please go through the below link for further study
Viptela SD-WAN Solution - Cisco Systems Company
As I earlier talked about the SD-WAN architecture and the main focus on the control, Data and management plane. The intent is to separate the Data and control plane from the devices. Data plane as usual will be there at the box level (Routers, switches) while separated the control plane to centralised management systems where all decisions will be taken care.
For Viptela SD-WAN solution, please go through the below link for further study
Viptela SD-WAN Solution - Cisco Systems Company
I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
VeloCloud SD-WAN Solution
Let's talk about the VeloCloud SD-WAN solution, as similar to the other vendors, Velocloud uses the same Continue reading
Basics on Security : IPS Vs IDS Vs Firewalls
Today I am going to talk about the another security topic which i will going to highlight the difference between the IPS, IDS and the firewalls in their functionality. Before I will start with the IPS, IDS and Firewalls I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
IPS - Intrusion Prevention System
IPS-Intrusion Prevention System inspects traffic flowing through a network and is capable of blocking or otherwise remediating flows that it determines are malicious. Usually uses a combination of traffic and file signatures and heuristic analysis of flows.
In other words, we can say that a device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected.
 |
| Fig 1.1- IPS in the Network with Firewall |
It also provideds the analysis of low by sitting inline and seeing all traffic during an Continue reading
The concept of RD and RT in MPLS Scenario
Today I am going to talk about the other terms used in the MPLS and you guys surely heard about these terms named as RD and RT when ever you are going to configure or design the MPLS network in your enterprise. As RD and RT is the concept used on the MPLS platform where first you define the VRF and i already wrote about the VRF in my earlier post. Please have a look on the below mentioned link for the VRF concept and how to configure the VRF
Basics of VRF(Virtual Routing forwarding)
Before we are going to start with the RD and RT concept, I would like to inform you that we launched our Youtube Channel and will going to soon upload many Network related videos on the channel. Please subscribe for videos on the below mentioned link
Basics of VRF(Virtual Routing forwarding)
Before we are going to start with the RD and RT concept, I would like to inform you that we launched our Youtube Channel and will going to soon upload many Network related videos on the channel. Please subscribe for videos on the below mentioned link
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
Thanks for your huge support always, Now lets start with the today's topic RD and RT. Below is just a basic topology just to show the connectivity of PE and CE with MPLS scenario
 |
| Fig 1.1- Sample MPLS topology |
What is RD and why is the purpose of RD in MPLS network ?
Basics of VRF(Virtual Routing forwarding)
Today I am going to talk about one of the most important concept on which MPLS works. I understand many of you already knew about the MPLS but some of you guys are still want me to explain the concept of MPLS and the MPLS starts from the concept of VRF.
Before we will start with the concept of the VRF, Please subscribe our Youtube Channel, as we are going to upload many networking videos there soon.
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
What is VRF- Virtual Routing forwarding ?
As you already knew that VRF stands for Virtual Routing Forwarding and is a separate routing table within a router. VRFs are to a router what VLANs are to a switch. Using VRFs, it is possible to virtualize a single router into several instances, each of them being (relatively) independent of each other, allowing for overlapping subnets, separate instances of routing protocols, separate set of interfaces assigned to each VRF.
In other words you can say that VRF stands for virtual routing and forwarding. When you create a vrf, you tell it what routes to import/export. Then you assign that vrf to an interface. Once the vrf is attached to Continue reading
Comparison between Cisco Catalyst 2950 Series Switches vs HP Pro-curve 2500/4000M
Today I am going to talk about the fair comparison between the two vendors access switches which are widely used in the various campus networks or you can use there in various enterprises. Both Switches are excellent with their features and in this article i will talk about the comparison with features.
Before we start with this article I would like to announce that we started our Youtube Channel and want your support to subscribe that channel. We are going to add many videos based on the networking basics, designs, configurations and pre-sales part. We are going to add the featured posts and the videos of the different vendors on the different technologies. You can subscribe us on the below mentioned link.
Before we start with this article I would like to announce that we started our Youtube Channel and want your support to subscribe that channel. We are going to add many videos based on the networking basics, designs, configurations and pre-sales part. We are going to add the featured posts and the videos of the different vendors on the different technologies. You can subscribe us on the below mentioned link.
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
I Knew a huge support from your side operate us to make many more videos and articles for you. Thanks for supporting us in huge number. Now lets talk about the topic which i started from the beginning. Earlier i wrote an article regarding the comparison of Cisco 2960X vs Cisco 3650 vs Cisco 3850. The link for that article is shown as below.
Cloud Managed Wireless Solution : Cisco Meraki MR52
Today I am going to talk about the Cisco Meraki solution which is totally a cloud based managed system and the product name is Cisco Meraki MR52. It is based on the next generation wireless systems that can be deployed in various departments like Education systems, Manufacturing units, Offices, Enterprise networks and so on. The way Cisco Meraki works is totally a next generation revolution where all management can be done via cloud and you just need to deploy the hardware in your network to work.
What is the purpose to deploy and how much time it takes to configure Cisco Meraki MR52 ?
Well if you have the requirement to have the wireless network with various SSIDs you should go with the site surveys and on the basis of it you should go with the suitable model of the wireless WLCs. If I talk about the Cisco Meraki cloud managed MR52, It is simple to deploy and self configured via cloud. So you need not to require any resource for the configuration of the Meraki MR52 at the remote sites.
What is the throughput of the Cisco Meraki MR52 ?
Well Cisco Meraki MR52 is a high performance box and will provides Continue reading
What is the purpose to deploy and how much time it takes to configure Cisco Meraki MR52 ?
Well if you have the requirement to have the wireless network with various SSIDs you should go with the site surveys and on the basis of it you should go with the suitable model of the wireless WLCs. If I talk about the Cisco Meraki cloud managed MR52, It is simple to deploy and self configured via cloud. So you need not to require any resource for the configuration of the Meraki MR52 at the remote sites.
What is the throughput of the Cisco Meraki MR52 ?
Well Cisco Meraki MR52 is a high performance box and will provides Continue reading
Cloud Managed Wireless Systems : Cisco Meraki MR52
Today I am going to talk about the Cisco Meraki solution which is totally a cloud based managed system and the product name is Cisco Meraki MR52. It is based on the next generation wireless systems that can be deployed in various departments like Education systems, Manufacturing units, Offices, Enterprise networks and so on. The way Cisco Meraki works is totally a next generation revolution where all management can be done via cloud and you just need to deploy the hardware in your network to work.
What is the purpose to deploy and how much time it takes to configure Cisco Meraki MR52 ?
Well if you have the requirement to have the wireless network with various SSIDs you should go with the site surveys and on the basis of it you should go with the suitable model of the wireless WLCs. If I talk about the Cisco Meraki cloud managed MR52, It is simple to deploy and self configured via cloud. So you need not to require any resource for the configuration of the Meraki MR52 at the remote sites.
What is the throughput of the Cisco Meraki MR52 ?
Well Cisco Meraki Continue reading
What is the purpose to deploy and how much time it takes to configure Cisco Meraki MR52 ?
Well if you have the requirement to have the wireless network with various SSIDs you should go with the site surveys and on the basis of it you should go with the suitable model of the wireless WLCs. If I talk about the Cisco Meraki cloud managed MR52, It is simple to deploy and self configured via cloud. So you need not to require any resource for the configuration of the Meraki MR52 at the remote sites.
 |
| Fig 1.1- Cisco Meraki MR25 Wireless Systems |
What is the throughput of the Cisco Meraki MR52 ?
Well Cisco Meraki Continue reading
Introduction to Virtual Device Context- VDC in Nexus Environment
Today I am going to talk about the virtual feature in the Cisco Nexus devices called as VDC. VDC stands for Virtual Device Context. With the help of VDC we can convert a single physical Nexus device or chassis into various virtual devices or chassis and that depends upon the SUP engine we are using in the device.
Keep in mind that VDC feature is not available in any of the Nexus device below 7K. So now we have the question like how many VDCs we can create in a single Nexus Chassis.
Look at the below picture, you are going to replace Core and Distribution physical switches with the a single Nexus Switch where we create two different VDC for Core and Aggregation layer. The picture defines the right way for your 3 layer architecture in the Datacenter environment.
Hope picture and the below mentioned description will help you guys to understand the concept of the VDC in the datacenter environment.
How many VDC, we can create ?
Well VDC depends upon the SUP engine we are using. Like if we are using SUP 1, we can create maximum of 3 VDCs, if we are using Continue reading
Keep in mind that VDC feature is not available in any of the Nexus device below 7K. So now we have the question like how many VDCs we can create in a single Nexus Chassis.
Look at the below picture, you are going to replace Core and Distribution physical switches with the a single Nexus Switch where we create two different VDC for Core and Aggregation layer. The picture defines the right way for your 3 layer architecture in the Datacenter environment.
Hope picture and the below mentioned description will help you guys to understand the concept of the VDC in the datacenter environment.
 |
| Fig 1.1- VDC Topology |
How many VDC, we can create ?
Well VDC depends upon the SUP engine we are using. Like if we are using SUP 1, we can create maximum of 3 VDCs, if we are using Continue reading
Introduction to TACACS and TACACS+ (Terminal Access Controller Access Control System)
Today I am going to talk about the TACACS and TACACS+ basics with you. I am sure most of you already knew TACACS and TACACS+ as many of you worked and configured the configuration on your devices whether it will Cisco, Juniper or any other vendor in your network.
Here in this article I am Just talk about TACACS and TACACS+ as follow.
What is TACACS and TACACS+ ?
TACACS and TACACS+
Here in this article I am Just talk about TACACS and TACACS+ as follow.
What is TACACS and TACACS+ ?
Well all of you already listern this term so many times but many of you confuse what is TACACS and TACACS+.
Terminal Access Controller Access Control System or called as TACACS is a authentication protocol and is commonly used within the UNIX based networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system.
TACACS and TACACS+
TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET. TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.
 |
| Fig 1.1- TACACS and TACACS+ Server |
TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS by separating the functions of authentication, authorization, and accounting (AAA) and Continue reading
Difference Between Cisco ACI Multi-Pod Vs Cisco ACI Multi-Site
Today I am going to talk about the difference between the Cisco ACI Multi-Site and Cisco ACI Multi-Pod deployment. I already talk about the basics of Cisco ACI Multi-Site and Cisco ACI Multi-Pod in my earlier posts. If you want to look through it, Please have a look to the below link to understand the Cisco ACI Multi-Pod and Cisco ACI Multi-Site
Introduction to Cisco ACI stretched fabric and ACI Multi-pod Fabric Designs
Introduction to ACI Multi-Site Fabric Design Network
Hope you go through the above links to understand, So let me talk about the basic difference between the Cisco ACI Multi-Pod and Cisco ACI Multi-Site.
Below are the difference as :
Introduction to Cisco ACI stretched fabric and ACI Multi-pod Fabric Designs
Introduction to ACI Multi-Site Fabric Design Network
Hope you go through the above links to understand, So let me talk about the basic difference between the Cisco ACI Multi-Pod and Cisco ACI Multi-Site.
 |
| Fig 1.1- ACI Multi-Site and Multi-Pod Deployments |
Below are the difference as :
- In Multi-Pod you can have, Full ACI functionality across an entire Multi-Pod fabric while in in Multi-Site you can have Tenants, Applications, VRFs, BDs, Subnets, EPGs (including μSeg), policies stretched across ACI fabrics
- Availability Zone: In Multi-Pod, Single availability zone with one APIC cluster for an entire Multi-Pod fabric that provides central point of management while in Multi-Site we have Multiple availability zones.In each fabric with its separate APIC cluster is an availability zone managed by Multi-Site.
- VM Migration : In Multi-Pod, Live Continue reading
Introduction to RADIUS- Remote Authentication Dial-In User Service
Today I am going to talk about the major component of the network which provide you the authentication services whenever called from the user. The major component is called as RADIUS. This major component hosted on the server which is capable of giving the right reports of the users authentication. Let's talk about the RADIUS server or so called Remote Authentication Dial-In User Service
What is RADIUS- Remote Authentication Dial-In User Service?
What is RADIUS- Remote Authentication Dial-In User Service?
RADIUS( Remote Authentication Dial-In User Service) is a server systems with which we can secures our networks against unauthorised access. So RADIUS clients run on supported routers and switches. Clients send authentication requests to a central RADIUS server, which contains all user authentication and network service access information.
If i talk about RADIUS in other simpler words you can say that the system is a network protocol by which we are defining rules and conventions for communication between network devices - for remote user authentication and accounting.
What is the main purpose of RADIUS servers ?
Well the major purpose of the RADIUS server in the network is described as below.
- Authenticates users or devices before allowing them access to a network
- Authorises those users or devices Continue reading
Introduction to Next Generation Network Technology: IOT- Internet Of Things
Today I am going to talk about the next generation technology where we are going to connect many other infrastructure and electronic things and controlled and managed by single user or with group of the users. IOT is now the demand of many enterprise, Schools, Hospitals, Factories and many other places. IOT helps ease to work with the help of the latest technology.
IOT is the new technology where we automated the various appliances may be electronic and electric to make this world better. A aspect, within the internet of things, can be someone with a heart monitor implant, a farm animal with a biochip transponder, an car that has built-in sensors to alert the driver whilst tire pressure is low -- or every other natural or guy-made item that can be assigned an IP address and provided with the capacity to switch facts over a network.
The IoT permits objects to be sensed and managed remotely across current network infrastructure, developing opportunities for extra direct integration of the physical global into pc-based totally systems, and resulting in improved efficiency, accuracy and financial advantage.
What is the Basic Purpose of IOT ? How it will helpful for my Business ?
IoT Continue reading
The Use of the Asymmetric routing
Today I am going to talk about the the concept of asymmetric routing and what is the purpose of the asymmetric routing in details. In simple words, Asymmetric routing is used when a packet takes one path to the destination and takes another path when returning to the source. It can be used of manual purposes where we want the sending and the receiving path will be different.
Asymmetric routing is common within most networks i.e. the larger the network, the more likely there is asymmetric routing in the network. Asymmetric routing is an undesirable situation for many network devices including, firewalls, VPNs, and Load Balancer appliances. These devices all rely on seeing every packet to function properly.
Below is the example showing the asymmetric routing where we have two different paths for sending and receiving the packets or you can say traffic flow path are different for sending and receiving the packets. In the below topology, you can see that Site A sending the traffic to internet via Primary Router and then to ASA and then to internet Router while receiving from Internet router then secondary router and then to Site A via MPLS cloud. So this Continue reading
Firewalls Checkpoint : Check Point 1100 Security Appliances Introduction
Today I am going to talk about the Checkpoint Firewalls where i am talking about the Checkpoint 1100 security appliances. There are lot of vendors who have head to head competition on the security domain which includes Palo-Alto, Cisco, Brocade and Checkpoint. The market is moving away from the stateful firewall as they are moving towards the Next generation firewalls which Gartner provide the set of features.
What is Next Generation Firewalls ?
Well I wrote so many articles here in this blog about the Next Generation Firewalls. Next Generation Firewall includes the features like Firewall, IPS, Stability and Reliability with Visibility feature. Below is the basic topology where it is showing where we can deploy the firewalls in the network. The below mentioned network topology showing the firewall is deployed on the gateway and for the internal segmentation of the networks. The network topology uses here is just for the demo purposes and have no relevance with any of the live or enterprise network.
 |
| Fig 1.1- Basic Firewall deployment in the Network |
I had write some of the articles on Next generation firewalls earlier. Please go through the below links to get the more ideas of Next Generation Firewalls Continue reading
Cisco Access Points- Basics, Comparison with Aruba and Ruckus
Today I am going to talk about the Cisco Wireless topic where I will talk about Aironet 3700 Series Access point which features and the comparison with the other vendors as well. But before we are going to talk about the Aironet 3700 Access point we will talk about the Access points.
What is Access Point ?
Well if you talk about the Access point, It is a hardware device which is capable to creating the Wireless network in the campus or in the office. An access point connects to a wired router, switch, or hub via an Ethernet cable, and projects a Wi-Fi signal to a designated area.
What is the use of the Access Points?
High-density experience through a purpose-built, innovative chipset with best-in-class RF architecture for a high-performance enterprise network. Below is showing the basic topology of the Cisco Aironet Access points.
 |
| Fig 1.1- Cisco Aironet Network Topology |
Cisco Aironet 3700 Access Points
The Cisco Aironet 3700 Series Access Point is designed for high-density network environments that utilize mission-critical, high-performance applications.
 |
| Fig 1.2- Cisco Aironet Models |
The Aironet 3700 Series delivers:
- The industry's first wireless access point with integrated 802.11ac Wave 1 radio to support a 4x4 MIMO with Continue reading
Introduction to Cloud Computing : Private, Public and Hybrid Cloud Models
Today I am going to talk about the most demanding cloud technology where so many companies are moving towards the next generation cloud computing approach. Even as per the demand, vendors and service providers are taking the new route to provide the cloud based technology to their customers.
There are so many questions as many of you are not aware of what cloud actually is and how they migrate the traditional network to cloud based infrastructure. But make sure if you are moving to the cloud based technology the hardware should be cloud ready to support and even support the third party APIs.
What is Cloud Computing and how are they helpful to the customers ?
Cloud computing approach storing and gaining access to information and applications over the internet rather than your computer's tough power. It is going again to the times of flowcharts and displays that would constitute the huge server-farm infrastructure of the internet as nothing but a puffy, white cumulonimbus cloud, accepting connections and dishing out facts because it floats.
Cloud computing is the result of the evolution and adoption of existing technology and paradigms. The aim of cloud computing is to permit customers to take benefit Continue reading
Service Provider MPLS : Inter-AS MPLS Options
Today I am going to talk about the Inter-AS MPLS or you can say that Inter-provider MPLS option. So in this case i am taking the example on the Cisco devices. To maintain the continuity of MPLS VPN services across multiple service providers, mainly for customers who span world wide on different service providers, IETF described 3 types of options. These options are
- Option A
- Option B
- Option C
Inter-AS or Inter-Provider MPLS VPN solutions, while Cisco implemented three options (1, 2 and 3) with Cisco IOS (these options are also known in Cisco documents as 10A, 10B and 10C).
Lets start with all these option one by one. The first option is called as VRF to VRF connection between two different AS border routers and the explanation is as below.
Option A: VRF-to-VRF connections at the AS (Autonomous System) border routers
In this procedure, a PE router in one AS attaches directly to a PE router in another. The two PE routers will be attached by multiple sub-interfaces, at least one for each of the VPNs whose routes need to be passed from AS to AS.
 |
| Fig 1.1- Inter-AS option A |
Each PE will treat the other Continue reading
Introduction to Port Channels and LACP
Today I am going to talk about the LACP protocol or people also knew this as port-channel or ether-channel. This topic is basically based on the Arista Networks switches. I will discuss the basics of port channel and then we will have the configurations on the switches.
What is Port Channel ? when and where it is used ?
What is Port Channel ? when and where it is used ?
A port channel is a communication link between two switches that consists of matching channel group interfaces on each switch. A port channel is also referred to as a Link Aggregation Group (LAG). Port channels combine the bandwidth of multiple Ethernet ports into a single logical link.
A channel group is a collection of Ethernet interfaces on a single switch.
 |
| Fig 1.1- LACP between Cisco and HP Switches |
A port channel interface is a virtual interface that consists of a corresponding channel group and connects to a compatible interface on another switch to form a port channel. Port channel interfaces can be configured and used in a manner similar to Ethernet interfaces. Port channel interfaces are configurable as layer 2 interfaces, layer 3 (routable) interfaces, and VLAN members. Most Ethernet interface configuration options are available to port channel interfaces.
Introduction to Symantec Web Application Firewalls
Before we are starting with the Symantec Web Application Firewalls, first we need to understand
What and why we need WAF or so called Web Application Firewalls ?
What and why we need WAF or so called Web Application Firewalls ?
If you are talking about the Web servers, they are often targeted by attackers to help them host and deliver malware. In the Verizon’s 2015 Data Breach Investigation Report it was found that the attacks on web applications were one of the most common threats enterprises faced.
How to mitigate these kinds of risks ?
To mitigate the risks a compromise poses to their reputation and ongoing operations, enterprises are implementing Web Application Firewalls (WAF) to protect their web properties and enforce the security and privacy of their web applications. To ensure the security they implement does not adversely affect the performance of the web. So for avoiding the various attacks from the outside world enterprises need WAF kind of services and there are lot of providers in the WAF.
Now in this case we required WAF or so called Web Application Firewalls, Now let's talk about the Symantec Web Security Application Firewalls in details with features and the purpose. I will try to put another article on Cisco WAF as well as Continue reading
Firewall Standard Zones and Configurations
Lets talk about the security Zone in the enterprise network or you can say that implementing the Security Zone in the university that approach to firewall configuration and deployment. These “Security Zones” are implemented as rule-sets on University firewalls.
 |
| Fig 1.1- Standard Firewall Zones |
Each firewall will provide multiple “Security Zones” to implement specific security controls for each zone. Default sets of “Security Zones” are created during the implementation of each University firewall as follows:
- Workstation Zone
- Server Zone
- DMZ Zone
CSSD defines these “Security Zones” to be implemented for each firewall as follows:
- Workstation Zone – The Workstation zone is designed to protect a University Unit’s workstations, network printers, and other local network devices (inside the firewall) from all other zones. Access to this zone from all other zones is restricted and controlled
- Server Zone – The Server zone is designed to protect a University Unit’s critical infrastructure such as domain controllers, file, print, intranet (internal web applications), application, and database servers. Access to this zone is limited to the Unit’s Workstation Zone.
- DMZ Zone– The DMZ zone is designed to protect any server that is accessed by a broad audience. An example Continue reading