A common way to establish an IPsec tunnel on Linux is to use an IKE daemon, like the one from the strongSwan project, with a minimal configuration1:
conn V2-1 left = 2001:db8:1::1 leftsubnet = 2001:db8:a1::/64 right = 2001:db8:2::1 rightsubnet = 2001:db8:a2::/64 authby = psk auto = start
The same configuration can be used on both sides. Each side will figure out if
it is “left” or “right”. The IPsec site-to-site tunnel endpoints are
2001:db8:1::1
and 2001:db8:2::1
. The protected subnets are
2001:db8:a1::/64
and 2001:db8:a2::/64
. As a result, strongSwan
configures the following policies in the kernel:
$ ip xfrm policy src 2001:db8:a1::/64 dst 2001:db8:a2::/64 dir out priority 399999 ptype main tmpl src 2001:db8:1::1 dst 2001:db8:2::1 proto esp reqid 4 mode tunnel src 2001:db8:a2::/64 dst 2001:db8:a1::/64 dir fwd priority 399999 ptype main tmpl src 2001:db8:2::1 dst 2001:db8:1::1 proto esp reqid 4 mode tunnel src 2001:db8:a2::/64 dst 2001:db8:a1::/64 dir in priority 399999 ptype main tmpl src 2001:db8:2::1 dst 2001:db8:1::1 proto esp reqid 4 mode tunnel […]
This kind of IPsec tunnel is a policy-based VPN: encapsulation and decapsulation are governed by these policies. Each of them contains the following elements:
out
, in
or fwd
2),A month ago I told you how dr. Olivier Bonaventure starts his networking course with IPv6. But there’s more: the full textbook for the undergraduate course (Computer Networking: Principles, Protocols and Practice) is open-sourced and available (in source form) on GitHub.
You might wonder why I’m so enthusiastic, so let me tell you another story…
Read more ... Amdocs created a partner ecosystem that provide more than 80 VNFs.
The SaaS includes a built-in kill switch.
The Internet Society’s story has been 25 years in the making.
The foundation for a global community of people dedicated to bringing the Internet to everyone started in 1992. We have come a long way since then, and today our mission has never been more important or challenging.
This milestone year presents a unique opportunity for us all to reflect on our rich heritage, and to consider how we can impact the Internet for the next 25 years. Our community has a critical role in guiding the decisions that must now be taken for the future Internet in today’s rapidly changing world.
Network Automation is so hot right now! Joking aside, DevOps tools like Ansible, Puppet, Chef and Salt as well as proprietary tools like Apstra are becoming all the rage in computer networks everywhere. There are python courses, network automation classes and even automation focused events for the first time in the history of computer networks (or at least it feels like it).
For this blog post I want to focus on automating network troubleshooting, the forgotten stepchild of network automation tasks. I think most automation tools focus on provisioning (or first time configuring) because so many network engineers are new to network automation in general. While I think that is great (and I want to encourage everyone to automate!) I think there is so much more potential for network automation. I am introducing Sean’s third category of automation use-cases — OPS!
I want to combine Cumulus NetQ, a fabric validation system, with Ansible to:
Because I think looking at terminal windows is super boring (no Continue reading
VMware NSX network virtualization is the bridge between the Vodafone and IBM clouds.
Customers can group and manage transport links from a single entity.
The post On the ‘web: The Future of Data Center Fabrics appeared first on rule 11 reader.
This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited.
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. We found that between 4% and 10% of the web’s encrypted traffic (HTTPS) is intercepted. Analyzing these intercepted connections further reveals that, while not always malicious, interception products most often weaken the encryption used to secure communication and puts users at risk.
This blog post presents a short summary of our study’s key findings by answering the following questions:
IBM views commodity solutions as put together with "tape and bailing wire."
The post Worth Reading: Gen-Z appeared first on rule 11 reader.
Generally speaking there is nothing that people want to talk about less than email delivery and for good reason, Email is continuously seen as one of those archaic protocols that everyone wants to improve but unfortu