Archive

Category Archives for "Networking"

Getting grounded in IoT networking and security

download Getting grounded in IoT networking and security The internet of things already consists of nearly triple the number of devices as there are people in the world, and as more and more of these devices creep into enterprise networks it’s important to understand their requirements and how they differ from other IT gear.To read this article in full, please click here

Please don’t register to South Africa/Johannesburg CCDE Class, it is full !

Hi Everyone,   I would like to inform you that Instructor Led CCDE Class in South Africa/Johannesburg Training is full. So please don’t register for it.   Having more people will reduce the time required for discussions. Those who attended any of my earlier class know that we have already very packed agenda, approximately 2000 […]

The post Please don’t register to South Africa/Johannesburg CCDE Class, it is full ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Please don’t register to South Africa/Johannesburg CCDE Class, it is full !

Hi Everyone,   I would like to inform you that Instructor Led CCDE Class in South Africa/Johannesburg Training is full. So please don’t register for it.   Having more people will reduce the time required for discussions. Those who attended any of my earlier class know that we have already very packed agenda, approximately 2000 …

The post Please don’t register to South Africa/Johannesburg CCDE Class, it is full ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Please don’t register to South Africa/Johannesburg CCDE Class, it is full !

Hi Everyone,   I would like to inform you that Instructor Led CCDE Class in South Africa/Johannesburg Training is full. So please don’t register for it.   Having more people will reduce the time required for discussions. Those who attended any of my earlier class know that we have already very packed agenda, approximately 2000 …

The post Please don’t register to South Africa/Johannesburg CCDE Class, it is full ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Different IGP and BGP Methodologies of Multi National Service Providers

Different IGP and BGP Methodologies of Multi National Service Providers. I mentioned two different IGP and BGP design approaches for two different Multi National Service Providers in my last CCDE course   Both are these operators in Africa and one of them has an operation in 4 and another has an operation in 5 countries.   […]

The post Different IGP and BGP Methodologies of Multi National Service Providers appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Different IGP and BGP Methodologies of Multi National Service Providers

Different IGP and BGP Methodologies of Multi National Service Providers. I mentioned two different IGP and BGP design approaches for two different Multi National Service Providers in my last CCDE course   Both are these operators in Africa and one of them has an operation in 4 and another has an operation in 5 countries.   …

The post Different IGP and BGP Methodologies of Multi National Service Providers appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Different IGP and BGP Methodologies of Multi National Service Providers

Different IGP and BGP Methodologies of Multi National Service Providers. I mentioned two different IGP and BGP design approaches for two different Multi National Service Providers in my last CCDE course   Both are these operators in Africa and one of them has an operation in 4 and another has an operation in 5 countries.   …

The post Different IGP and BGP Methodologies of Multi National Service Providers appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Validating SGT Inline with Netflow and Embedded Packet Capture

In the last article, Learning TrustSec, An Introduction to Inline Tagging, we took a quick look at manual configuration of SGT Inline Tagging in a manual configuration. We also performed some validation with show commands and proved the operation by enabling enforcement.

In today’s article, we will perform slightly deeper validation of the inline imposition itself. For this process, we will use Netflow and Embedded Packet Capture. I happen to know that there is already EIGRP traversing the link that will help produce some output. Let’s just jump right in with a very basic Netflow configuration.

Netflow Configuration

//you could additionally configure and exporter
//if there is a proper netflow collector

flow record my_record_output
 match flow cts source group-tag
 match flow cts destination group-tag
 match ipv4 source address
 match ipv4 destination address
 match ipv4 protocol
 match transport source-port
 match transport destination-port
flow monitor my_monitor_output
 record my_record_output
!
interface GigabitEthernet1/0/1
 description trunk to c9kSW2
 switchport mode trunk
 ip flow monitor my_monitor_output output
 cts manual
  policy static sgt 100 trusted

Verification Using Netflow

c9kSW1#show flow monitor my_monitor_output cache
  Cache type:                               Normal (Platform cache)
  Cache size:                                10000
  Current entries:                               1

  Flows added:                                   9
  Flows aged:                                    8
    - Active timeout      (  1800 secs)          2
    -  Continue reading

Validating SGT Inline with Netflow and Embedded Packet Capture

In the last article, Learning TrustSec, An Introduction to Inline Tagging, we took a quick look at manual configuration of SGT Inline Tagging in a manual configuration. We also performed some validation with show commands and proved the operation by enabling enforcement.

In today’s article, we will perform slightly deeper validation of the inline imposition itself. For this process, we will use Netflow and Embedded Packet Capture. I happen to know that there is already EIGRP traversing the link that will help produce some output. Let’s just jump right in with a very basic Netflow configuration.

Netflow Configuration

//you could additionally configure and exporter
//if there is a proper netflow collector

flow record my_record_output
 match flow cts source group-tag
 match flow cts destination group-tag
 match ipv4 source address
 match ipv4 destination address
 match ipv4 protocol
 match transport source-port
 match transport destination-port
flow monitor my_monitor_output
 record my_record_output
!
interface GigabitEthernet1/0/1
 description trunk to c9kSW2
 switchport mode trunk
 ip flow monitor my_monitor_output output
 cts manual
  policy static sgt 100 trusted

Verification Using Netflow

c9kSW1#show flow monitor my_monitor_output cache
  Cache type:                               Normal (Platform cache)
  Cache size:                                10000
  Current entries:                               1

  Flows added:                                   9
  Flows aged:                                    8
    - Active timeout      (  1800 secs)          2
    -  Continue reading

Validating SGT Inline with Netflow and Embedded Packet Capture

In the last article, Learning TrustSec, An Introduction to Inline Tagging, we took a quick look at manual configuration of SGT Inline Tagging in a manual configuration. We also performed some validation with show commands and proved the operation by enabling enforcement.

In today’s article, we will perform slightly deeper validation of the inline imposition itself. For this process, we will use Netflow and Embedded Packet Capture. I happen to know that there is already EIGRP traversing the link that will help produce some output. Let’s just jump right in with a very basic Netflow configuration.

Netflow Configuration

//you could additionally configure and exporter
//if there is a proper netflow collector

flow record my_record_output
 match flow cts source group-tag
 match flow cts destination group-tag
 match ipv4 source address
 match ipv4 destination address
 match ipv4 protocol
 match transport source-port
 match transport destination-port
flow monitor my_monitor_output
 record my_record_output
!
interface GigabitEthernet1/0/1
 description trunk to c9kSW2
 switchport mode trunk
 ip flow monitor my_monitor_output output
 cts manual
  policy static sgt 100 trusted

Verification Using Netflow

c9kSW1#show flow monitor my_monitor_output cache
  Cache type:                               Normal (Platform cache)
  Cache size:                                10000
  Current entries:                               1

  Flows added:                                   9
  Flows aged:                                    8
    - Active timeout      (  1800 secs)          2
    -  Continue reading

Up and Running with Kubernetes and Tungsten Fabric

I have a predominantly technical background. You can show me all the slide decks you want but until I can get my hands on it, it’s not real to me. This has greatly influenced what I’m focusing on now that I’m doing more than just technical work - how to reduce the barrier to entry for people to become acquainted with a project or product.

As a result, I’ve been getting more involved with Tungsten Fabric (formerly OpenContrail). Tungsten is an open source Software-Defined Networking platform, and is a healthy candidate for building some tutorials. In addition, I’m new to the project in general - so, even if only for my own benefit, a blog post summarizing a quick and hopefully easy way to get up and running with it seems quite appropos.

Introduction to the Lab Environment

We’re going to spin up a 3-node cluster in AWS EC2 running Kubernetes, and using Tungsten Fabric for the networking. Why AWS instead of something like Vagrant? Simply put, a lot of advanced networking software require a lot of system resources - more than most laptops are able to provide. In this case, a total of four virtual machines (three-node cluster plus Continue reading

Up and Running with Kubernetes and Tungsten Fabric

I have a predominantly technical background. You can show me all the slide decks you want but until I can get my hands on it, it’s not real to me. This has greatly influenced what I’m focusing on now that I’m doing more than just technical work - how to reduce the barrier to entry for people to become acquainted with a project or product. As a result, I’ve been getting more involved with Tungsten Fabric (formerly OpenContrail).

Up and Running with Kubernetes and Tungsten Fabric

I have a predominantly technical background. You can show me all the slide decks you want but until I can get my hands on it, it’s not real to me. This has greatly influenced what I’m focusing on now that I’m doing more than just technical work - how to reduce the barrier to entry for people to become acquainted with a project or product. As a result, I’ve been getting more involved with Tungsten Fabric (formerly OpenContrail).

Unveiling Cognitive Campus Networking

At Arista Networks, the status quo inspires us to innovate and continue our mission to reinvent the network – from ­­cloud to client. Today, we’re continuing that journey – into the campus network. Let’s face it; the legacy three-tier architecture of access-aggregation-core is wasteful and oversubscribed – creating a perfect storm for market transitions and Arista innovation.

Unveiling Cognitive Campus Networking

At Arista Networks, the status quo inspires us to innovate and continue our mission to reinvent the network – from ­­cloud to client. Today, we’re continuing that journey – into the campus network. Let’s face it; the legacy three-tier architecture of access-aggregation-core is wasteful and oversubscribed – creating a perfect storm for market transitions and Arista innovation.

CloudVision: A Cognitive Management Plane

The last 40 years have seen tremendous growth and progress in the data networking industry. Ethernet, IP, MPLS, GRE, IPsec, MACsec, and VXLAN enable operators to build secure, multiservice, high-performance data planes that interoperate across multiple vendors, multiple operators, and multiple administrative domains. Likewise, BGP, OSPF, IS-IS, LDP, RSVP, BFD, LACP, L3VPN, VPLS, and EVPN enable operators to build scalable multi-vendor control planes that federate across organizational boundaries, supporting mission-critical networks with global reach.

CloudVision: A Cognitive Management Plane

The last 40 years have seen tremendous growth and progress in the data networking industry. Ethernet, IP, MPLS, GRE, IPsec, MACsec, and VXLAN enable operators to build secure, multiservice, high-performance data planes that interoperate across multiple vendors, multiple operators, and multiple administrative domains. Likewise, BGP, OSPF, IS-IS, LDP, RSVP, BFD, LACP, L3VPN, VPLS, and EVPN enable operators to build scalable multi-vendor control planes that federate across organizational boundaries, supporting mission-critical networks with global reach.

IDG Contributor Network: Container security: crafting application identity

Over the years, we have embraced new technologies to find improved ways to build systems.  As a result, today's infrastructures have undergone significant evolution. To keep pace with the arrival of new technologies, legacy is often combined with the new, but they do not always mesh well. Such fusion between ultra-modern and conventional has created drag in the overall solution, thereby, spawning tension between past and future in how things are secured.The multi-tenant shared infrastructure of the cloud, container technologies like Docker and Kubernetes, and new architectures like microservices and serverless, while technically remarkable, increase complexity. Complexity is the number one enemy of security. Therefore, to be effectively aligned with adoption of these technologies, a new approach to security is required that does not depend on shifting infrastructure as the control point.To read this article in full, please click here