Learn how subnetting can help improve network performance and security.
The updated platform uses NB-IoT and LoRa for connectivity
I’m positive I’ve answered this question a dozen times in various blog posts and webinars, but it keeps coming back:
You always mention that high speed links are always better than parallel low speed links, for example 2 x 40GE is better than 8 x 10GE. What is the rationale behind this?
Here’s the N+1-th answer (hoping I’m being consistent):
Read more ...This is the fifth and final article in a series that focused on Segmenting Layer 3 Networks with VRFs. In the third article, we discussed creating a shared services VRF and using it within the otherwise segmented network. In that article I alluded to the fact that we would later cover a way to securely allow traffic to flow between security zones. That is the intent of this article.
In this article, I am going to attach two sub interfaces between asav-1 and Main. One will attach into data and the other into pci. We will apply a simple policy that denies all traffic from data to pci, but allows telnet from pci to data (bad security example, but easy to demonstrate).
Before we jump into the configuration, I want to share the entire topology and give a summary of the current configuration status.
In the above topology, anything that starts with “data” is in the data VRF. Likewise, anything that starts with “pci” is in the pci VRF. Everything within a given VRF can communicate with everything else in that same VRF. Both pci and data can communicate with the shared VRF (test IP address is Continue reading
Fulfilling its promise to work with a variety of virtualization vendors.
François Locoh-Donou has an optical networking background.
As we’ve progressed through the Segmenting Layer 3 Networks with VRFs series, we have continued to build out a network that looks more like what we would see within an enterprise environment. This post takes it one step further and leverages the DMVPN (dynamic multipoint VPN) functionality to extend the network securely over the public Internet. In the examples here, we actually go one step beyond a typical DMVPN and map VRFs to tunnels using the tunnel key. This allows the pci and data VRFs to maintain isolation across the VPN.
One more thing that we will do that isn’t related to the core requirement of segmenting pci from data is leveraging a F-VRF (or front side vrf) on the DMVPN routers to isolate the Internet facing interfaces that connect them to the public cloud. This is my preferred method for DMVPN deployment if I’m not doing split tunnelling (i.e. I am back-hauling all traffic to a central location).
As a prerequisite, I will go ahead and build out the Internet router and the interface on Main that connects to DMVPN-hub.
hostname Internet interface gig2 description to DMVPN-hub ip address 1.1.1.1 255.255.255. Continue reading
Ixia fills a portfolio gap for Keysight.