Addressing 2016
Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself.Flokibot Invades PoS: Trouble in Brazil
Introduction Threat actors salivate at the thought of an increased volume of credit and debit card transactions flowing through endpoints they have compromised with card-stealing malware. While there are many distinct malware families that scrape unencrypted process memory to obtain cards, some of these malware capabilities overlap with generic information stealing trojans such as Flokibot […]VRF Series Article 5 – Stateful Inter-Vrf connectivity
This is the fifth and final article in a series that focused on Segmenting Layer 3 Networks with VRFs. In the third article, we discussed creating a shared services VRF and using it within the otherwise segmented network. In that article I alluded to the fact that we would 
later cover a way to securely allow traffic to flow between security zones. That is the intent of this article.
In this article, I am going to attach two sub interfaces between asav-1 and Main. One will attach into data and the other into pci. We will apply a simple policy that denies all traffic from data to pci, but allows telnet from pci to data (bad security example, but easy to demonstrate).
Before we jump into the configuration, I want to share the entire topology and give a summary of the current configuration status.
Current Configuration
In the above topology, anything that starts with “data” is in the data VRF. Likewise, anything that starts with “pci” is in the pci VRF. Everything within a given VRF can communicate with everything else in that same VRF. Both pci and data can communicate with the shared VRF (test IP address is Continue reading
Telefónica Selects Huawei for Virtual EPC Network in 13 Countries
Fulfilling its promise to work with a variety of virtualization vendors.
Ciena COO to Take the Reins at F5
François Locoh-Donou has an optical networking background.
VRF Series Article 4 – VRF-lite in a DMVPN Network
As we’ve progressed through the Segmenting Layer 3 Networks with VRFs series, we have continued to build out a network that looks more like what we would see within an enterprise environment. This post takes it one step further and leverages the DMVPN (dynamic multipoint VPN) functionality to extend the network securely over the public
Internet. In the examples here, we actually go one step beyond a typical DMVPN and map VRFs to tunnels using the tunnel key. This allows the pci and data VRFs to maintain isolation across the VPN.
One more thing that we will do that isn’t related to the core requirement of segmenting pci from data is leveraging a F-VRF (or front side vrf) on the DMVPN routers to isolate the Internet facing interfaces that connect them to the public cloud. This is my preferred method for DMVPN deployment if I’m not doing split tunnelling (i.e. I am back-hauling all traffic to a central location).
As a prerequisite, I will go ahead and build out the Internet router and the interface on Main that connects to DMVPN-hub.
Internet
hostname Internet interface gig2 description to DMVPN-hub ip address 1.1.1.1 255.255.255. Continue reading
Keysight to Acquire Ixia for $1.6B
Ixia fills a portfolio gap for Keysight.