Archive

Category Archives for "Networking"

Enterprise Network on GNS3 – Part 6 – Edge Router and ISPs

This is the sixth article from the series of the articles discussing the configuration of an entire enterprise network. The article explains the configuration of the edge router vIOS-EDGE-I and configuration of ISP routers.  Now let's say few words about the router vIOS-EDGE-I. The router is Cisco IOSv Qemu appliance, version 15.6(2)T. It has assigned 512MB RAM by GNS3. The router connects all three parts of the company network to the Internet. These parts are the the campus network, data center and DMZ.

Picture 1 - Company Connection to the Internet via vIOS-EDGE-I

The company has assigned the prefix 195.1.1.0/24. Devices located in DMZ have assigned the prefix 195.1.1.128/25. The prefix 195.1.1.0/25 is assigned for devices hidden behind NAT. NAT is configured on vIOS-EDGE-I router, translating campus and data center subnets to the subnet 195.1.1.128/25. The router is connected to the upstream providers via their Ethernet ports Gi0/1 and Gi0/3. This is a single multi homed topology when a company is connected to two upstream providers with a single edge router. The entire prefix 195.1.1.0/24 is advertised to the both ISPs via BGP routing protocol. Continue reading

How to eliminate the default route for greater security

If portions of enterprise data-center networks have no need to communicate directly with the internet, then why do we configure routers so every system on the network winds up with internet access by default?Part of the reason is that many enterprises use an internet perimeter firewall performing port address translation (PAT) with a default policy that allows access the internet, a solution that leaves open a possible path by which attackers can breach security.+Also on Network World: IPv6 deployment guide; What is edge computing and how it’s changing the network?+To read this article in full, please click here(Insider Story)

How to eliminate the default route for greater security

If portions of enterprise data-center networks have no need to communicate directly with the internet, then why do we configure routers so every system on the network winds up with internet access by default?Part of the reason is that many enterprises use an internet perimeter firewall performing port address translation (PAT) with a default policy that allows access the internet, a solution that leaves open a possible path by which attackers can breach security.+Also on Network World: IPv6 deployment guide; What is edge computing and how it’s changing the network?+To read this article in full, please click here(Insider Story)

First Speakers in Building Next-Generation Data Center Online Course

Although it’s almost three months till the start of the Building Next-Generation Data Center online course, we already have most of the guest speakers. Today I’d like to introduce the first two (although they need no introduction).

You might have heard about Russ White. He was known as Mr. CCDE when that program started and recently focused more on data centers, open networking and whitebox switching. He’s also an authority on good network design and architecture, network complexity, and tradeoffs you have to make when designing a network.

Read more ...

Why use named pipes on Linux?

Just about every Linux user is familiar with the process of piping data from one process to another using | signs. It provides an easy way to send output from one command to another and end up with only the data you want to see without having to write scripts to do all of the selecting and reformatting. There is another type of pipe, however -- one that warrants the name "pipe", but has a very different personality. It's one that you may have never tried or even thought about -- the named pipe.One of the key differences between regular pipes and named pipes is that named pipes have a presense in the file system. That is, they show up as files. But, unlike most files, they never appear to have contents. Even if you write a lot of data to a named pipe, the file appears to be empty.To read this article in full, please click here

Why you should use named pipes on Linux

Just about every Linux user is familiar with the process of piping data from one process to another using | signs. It provides an easy way to send output from one command to another and end up with only the data you want to see without having to write scripts to do all of the selecting and reformatting.There is another type of pipe, however, one that warrants the name "pipe" but has a very different personality. It's one that you may have never tried or even thought about — the named pipe.Also read: 11 pointless but awesome Linux terminal tricks One of the key differences between regular pipes and named pipes is that named pipes have a presense in the file system. That is, they show up as files. But unlike most files, they never appear to have contents. Even if you write a lot of data to a named pipe, the file appears to be empty.To read this article in full, please click here

Don’t Miss Our LIVE CCNA Kickoff Tomorrow!

Tune into our live CCNA Kickoff session to get advice from a seasoned professional on what to expect during the CCNA Certification exam, and how to pass the first time.

When: February 1st at 10 am PST/ 1 pm EST

Estimated Length: 3 hours

Instructor: Keith Bogart CCIE #4923

Cost: FREE

Who Should Watch:
This webinar is for anyone and everyone! Since this webinar is geared towards those who are just starting out on their journey towards CCNA certification, no prior knowledge is needed in order to participate, just an interest in earning your CCNA.

What We’ll Discuss:
We will cover common trouble areas that most people experience when getting started with their CCNA certification, such as how to approach making a study schedule and strategies for not becoming overwhelmed by the sheer quantity of topics to be learned. We will also discuss the testing experience and the CCNA Certification test format. Topics include: Deciding whether to take one test or two to get your CCNA, What to expect when you walk into the testing center, which topics to study and how in depth, and what study tools can be useful. Last, Keith will talk about his own experience taking Continue reading

Cisco brings intent-based networks to the data center

When the company unveiled its intent-based network system (IBNS) solution at its “Network. Intuitive.” event in San Francisco last year, that version focused on bringing the concept of a “self-driving” network to the enterprise campus and was dependent on customers having the new Catalyst 9000 switches. Cisco’s solution works as a closed-loop system where the data from the network is collected and then analyzed to turn intent into commands that can be orchestrated.To accomplish that, Cisco’s IBNS requires two components: translation to capture intent, translate it into policy, and check integrity, and activation to orchestrate the policies and configure the systems.To read this article in full, please click here

Cisco brings intent-based networks to the data center

When the company unveiled its intent-based network system (IBNS) solution at its “Network. Intuitive.” event in San Francisco last year, that version focused on bringing the concept of a “self-driving” network to the enterprise campus and was dependent on customers having the new Catalyst 9000 switches. Cisco’s solution works as a closed-loop system where the data from the network is collected and then analyzed to turn intent into commands that can be orchestrated.To accomplish that, Cisco’s IBNS requires two components: translation to capture intent, translate it into policy, and check integrity, and activation to orchestrate the policies and configure the systems.To read this article in full, please click here

Cisco brings intent-based networks to the data center

When the company unveiled its intent-based network system (IBNS) solution at its “Network. Intuitive.” event in San Francisco last year, that version focused on bringing the concept of a “self-driving” network to the enterprise campus and was dependent on customers having the new Catalyst 9000 switches. Cisco’s solution works as a closed-loop system where the data from the network is collected and then analyzed to turn intent into commands that can be orchestrated.To accomplish that, Cisco’s IBNS requires two components: translation to capture intent, translate it into policy, and check integrity, and activation to orchestrate the policies and configure the systems.To read this article in full, please click here

Rapid Micro-segmentation using Application Rule Manager Recommendation Engine

Customers understand the need for micro-segmentation and benefits it provides to enhance the security posture within their datacenter. However, one of the challenges for a Security admin is how to define micro-segmentation policies for applications owned and managed by application teams. This is even more challenging especially when you have tens or hundreds of unique applications in your data center, all of which use different port and protocols and resources across the cluster. The traditional manual perimeter firewall policy modeling may not be ideal and may not be able to scale for the micro-segmentation of your applications as it would be error-prone, complex and time consuming.

NSX addresses the how & where to start micro-segmentation challenge by providing the built-in tool called Application Rule Manager (ARM), to automate the application profiling and the onboarding of applications with micro-segmentation policies. NSX ARM has been part of NSX, since the NSX 6.3.0 release but here we will talk about Application Rule Manager (ARM) enhancement, Recommendation Engine, introduced as part of NSX 6.4.0 release. This enhancement allows you to do Rapid Micro-segmentation to your data center application by recommending “ready to consume” workload grouping & firewall policy rules.

To Continue reading

IDG Contributor Network: Securing the largest IoT deployments in the world, the smart electric grid

Once you remove the hype surrounding the ‘Internet of Things’, you seldom find large, real-world deployments of ‘Smart, connected things’ that forms it. You also don’t co-relate the words IoT and Electric Grid. However, the Smart Electric Grid is actually one of the largest IoT deployments, with an estimated 500 million meters installed to date. This is expected to grow to 1 billion by 2020.The smart grid infrastructure A Smart Grid is nothing but a network of electrical suppliers, which is managed by a system of digitally controlled interfaces that can dynamically alter the flow and supply of electricity in response to micro and macro changes in demand. One way to think about this complex web of systems is in layers:To read this article in full, please click here

1 1,460 1,461 1,462 1,463 1,464 3,423