Archive

Category Archives for "costiser.ro"

MACsec over WAN

MACsec is an interesting alternative to existing tunneling solutions, that protects Layer 2 by performing integrity, origin authentication and, optionally, encryption. Normal use-case is to use MACsec between hosts and access switches, between two hosts or between two switches. This article is a leftover from MACsec on Linux that I first tested in 2016 when support for MACsec was just included in the kernel. I will describe how MACsec is used together with a Layer 2 GRE tunnel to protect the traffic between two remote sites, over WAN or Internet, like a site-to-site VPN at Layer 2.

SDN Lesson #2 – Introducing Faucet as an OpenFlow Controller

Welcome back to a new article about SDN - this time introducing an OpenFlow controller called Faucet, developed as a RYU application by New Zeeland's Research and Education (REANNZ). In this article, I am not going to write about Faucet's architecture and features since you can read about it on its github page or here or here>. Instead, I will describe the setup used for a demo presented at the Irish Network Operators Group 11th meetup (iNOG::B).

Quiz #25 &#8211 Troubleshooting IPsec Authentication Headers (AH)

Your company has an IPsec tunnel with another company for achieving network connectivity between servers in 10.10.10.0/24 on your side to 10.20.20.0/24 on theirs. Lately they complained that their equipment has problems dealing with ESP and requested to migrate this existing IPsec tunnel from Encapsulating Security Payloads (ESP) to Authentication Headers (AH), since encryption/confidentiality was never a requirement for this tunnel. What could go wrong ?

MACsec Implementation on Linux

As you noticed from the previous articles, lately I have been playing with some various tunnelling techniques and today I am presenting MACSEC. Most of the documentation resources about MACSEC implementation on the web, at this moment, are the ones showing various vendors implementation, especially Cisco's approach. Although it's not a new topic, Linux support for MACSEC was added only recently.

Performance Review of Overlay Tunnels with Open vSwitch

In my previous article I presented various encapsulation techniques used to extend Layer 2 reachability across separate networks using tunnels created with Open vSwitch. Although the initial intention was to include some iperf test results, I decided to leave these for a separate post (this one!) because I hit few problems.

Overlay Tunneling with Open vSwitch – GRETAP, VXLAN, Geneve, GREoIPsec

Building overlay networks using tunnels was always done to achieve connectivity between isolated networks that needed to share the same policies, VLANs or security domains. In particular, they represent a strong use-case in the data center, where tunnels are created between the hypervisors in different locations allowing virtual machines to be provisioned independently from the physical network.

My SDN Testbed

Over the next few articles, I will write about OpenFlow, Open vSwitch and other SDN related topics. As always, I'm combining the theory part with some hands-on practice and for this, I put this article together describing one way of building such a testing environment.

Website Reborn and Migrated to Pelican

Hello and Welcome, again, to my newly brushed website !! After a long period of inactivity, I decided to resume my on-line activity and started by migrating away from Wordpress onto a new platform based on something that I use pretty often these days: Python !

OSPF Default-Information Originate – Built-in Loop Prevention with ALWAYS keyword

This post represents the solution and explanation for quiz-24. Quiz Review Quiz #24 opens the discussion about a scenario in which traffic is black-holed when a certain link fails. Let’s summarize the quiz: company ABC runs OSPF internally, in all 3 buildings internet access is provided via 2 Border Routers (BR-B and BR-C) each connected to a separate ISP each BR receives a default route from its directly connected ISP... [read more]

SDN Lesson #1 – Introduction to Mininet

Intro Welcome to a new series of articles that will be structured as lessons with the target of bringing SDN closer to everyone’s understanding. Each article will present a topic plus one or more exercises that will show that topic in action. The lessons will wrap up with some questions asking the readers to exercise on their own and provide the answers. As you see, the approach is pretty similar... [read more]

SDN Lesson #1 &#8211 Introduction to Mininet

Welcome to a new series of articles that will be structured as lessons with the target of bringing SDN closer to everyone's understanding. Each article will present a topic plus one or more exercises that will show that topic in action. The lessons will wrap up with some questions asking the readers to exercise on their own and provide the answers.

QoS Pre-Classify – Where to Apply the Service Policy ?

This post represents the solution and explanation for quiz #23. Quiz Review This quiz shows a scenario where the network engineer has to configure Low Latency Queuing (LLQ) for some traffic that will be encrypted into an IPsec tunnel. The configuration of the policy-map is given but it has not been applied yet anywhere, as shown below: The final question is “what is missing to finish this task ?” giving... [read more]

Quiz #24 – OSPF Default-Information Originate Always

Type: Lab Difficulty: Intermediate Company ABC has multiple buildings (A, B, C and D) and two internet connections to ISP-1 (in Building-B) and ISP-2 (in Building-C). Building-A has a CORE router connected to the Border Router in Building-B (BR-B). Both BR-B and BR-C receive a default route via eBGP from the ISPs and are configured identically to inject it into the OSPF Area 0 that covers all internal routers as... [read more]
1 2 3 4