Introduction to VPN (Virtual Private Network)

Introduction to VPN (Virtual Private Network)

Let’s start with the definition. VPN is a logical network and created over shared physical infrastructure.

Shared infrastructure can be private such as MPLS VPN of a Service Provider or over the Public infrastructure such as Internet.

There are many concepts to understand VPN in detail but in this article I will cover the definition, common design considerations, and some not well known concepts about it.

We can group VPNs into two categories. WAN and the Datacenter VPN Technologies.

WAN VPN Technologies

1.GRE

2.mGRE (Multipoint GRE)

3. IPSEC

4. DMVPN

5.GETVPN

6.L2TPV3

7.LISP

8. MPLS L3 VPN

Datacenter VPN Technologies

1.EoMPLS (Ethernet over MPLS (a.k.a VPWS)

2. VPLS (Virtual Private Lan Service)

3. OTV (Overlay Transport Virtualization)

4. EVPN

5. PBB-EVPN

6. VXLAN (And other host based overlays such as NVGRE, STT, GENEVE)

Of course this is not the complete list. Please note that some of the technologies which I grouped into WAN technologies can be used in the Datacenter and vice versa.

For example LISP can be used in Datacenter as well and VPWS and VPLS can be used on the Wide Area Network as well.

I Continue reading

Should I use Cisco OTV for the Datacenter Interconnect ?

Should I use Cisco OTV for the Datacenter Interconnect? This question comes from not only from my students but also the companies which I provide consultancy.

I will not go through the OTV details, how it works, design recommendations etc. But let me remind you what is OTV and why OTV is used , Where it makes sense very briefly. 

OTV (Overlay Transport Virtualization) is a tunnelling mechanism which provides to carry Layer 2 ethernet frame in IP. (As I indicated in other articles, when I say MAC in IP, it is the same thing with MAC over IP).

So, OTV is Layer 2 in Layer 3 tunnelling mechanism. You can hear it is an encapsulation mechanism as well, which is true although there is small difference.

You don’t need to have MPLS underlay to create OTV tunnels. It uses IS-IS for the MAC address reachability and stops layer 2 protocol PDUs at the OTV Edge device where encapsulation happens.

This is good because, you don’t want to extend Layer 2 protocol PDUs such as Spanning Tree if you have multiple datacenters. Failure stays and affects only one datacenter, not all. (Failure domain boundary concept)

Another datacenter interconnect requirement Continue reading

Carrier Ethernet – Definition | Service Types | Requirements

CARRIER ETHERNET DEFINITION

Carrier Ethernet is an attempt to expand Ethernet beyond the borders of Local Area Network (LAN), into the Wide Area Networks (WAN).

With Carrier Ethernet, customer sites are connected through the Wide Area Network. Carriers have connected the customers with ATM (Asynchronous Transfer Mode) and Frame Relay interfaces in the past. (User to Network Interface/UNI).

Carrier Ethernet is not about the Ethernet within the Local Area Networks.

Driver of Carrier Ethernet is; since Ethernet is the de-facto protocol on the Local Area Network, why not to use Ethernet everywhere, and not only within LAN. When any other Wide Area Network protocol is used such as ATM, customer Ethernet frame is encapsulated into another protocol.

This reduces the overall efficiency of customer service, consumes more network bandwidth, makes troubleshooting harder and many other drawbacks.

Carrier Ethernet is also known as Carrier Class Ethernet and Carrier Grade Ethernet.

Another reason for Carrier Ethernet is; Ethernet interfaces and the devices are cheaper compare to the other technologies. This result cheaper service to the customers.

CARRIER ETHERNET REQUIREMENTS  

Traditional Ethernet lacks many features which are required to transport critical services, time sensitive applications and voice services.

These are:

• Traffic Engineering
• Bandwidth Guarantee
• Quality of Service
• OAM
• Decoupling of Providing and Customer Networks
• Continue reading

What is Colocation, POP , Carrier Hotels and Meetme Room ?

What is Colocation, POP , Carrier Hotels and Meetme Room ?

If you are working in operator domain or a network engineer who wants to learn what is colocation , what is POP (Point of Presence) , how POPs are physically connected , POP terminology , understand meetme room and carrier hotel, this post is for you.

POP locations can be located in the Datacenter or in very small buildings , meetme room and the carrier hotel is placed in the datacenter.

Colocation is provided by the datacenters.

But there are other details which you should be aware.

I explained these details in the below video. This video is one of the 20 topics from the network interconnection module of Service Provider Design Workshop. You can take this workshop and watch the on demand 10+hours service provider technology videos right away.

If you are not a subscriber yet ,you should subscribe to youtube channel right now.

If you any question or comment, please share in the comment box below.

Orhan Ergun

Let’s Connect on Social Media !

More info about me click here

Qualcomm Bolsters 5G Outlook on Silicon Demand

How to harden web browsers against cyberattacks

Use these techniques to limit attackers’ ability to compromise systems and websites.

Digital Realty’s Plan to Overthrow Equinix Hinges On Data Gravity

Infoblox Snaps Up SnapRoute, Eyes SASE Market

Printers: The overlooked security threat in your enterprise | TECHtalk

Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online’s J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

T-Mobile’s ‘Nationwide’ 5G Goes Live Dec. 6

DX NetOps Intent Based Networking for SD-WAN

This $387 Azure certification prep bundle is currently on sale for $29

Modern tech companies require more computing power than ever before, so many of them are turning to cloud services like Microsoft Azure to meet their needs. As such, becoming cloud-certified is a necessity if you want to pursue today’s highest-paying IT jobs. With this 4-course bundle, you can become an Azure master for just $29. To read this article in full, please click here

Musing: WiFi Alliance Copyright Assertions

word trademark salad

The post Musing: WiFi Alliance Copyright Assertions appeared first on EtherealMind.

Social Media Crisis Drives Ongoing Decline In Global Internet Freedom

Global Internet freedom declined for the ninth consecutive year in 2019, largely as a result of social media increasingly being used by governments around the world as a conduit for mass surveillance and electoral manipulation. The Freedom on the Net 2019 report, the latest edition of the annual country-by-country assessment of Internet freedom, was released on November 5 by Freedom House, and highlights the shift in social media from a level playing field for civic discussion to an instrument of political distortion and societal control.

The Freedom on the Net 2019 report analyzed Internet freedom in 65 countries worldwide, covering 87% of global Internet users. Surveyed countries are designated as ‘Free’, ‘Partly Free’, or ‘Not Free’ based on an examination of, and scoring against, three categories: obstacles to access, limits on content, and violations of user rights.

Of the 65 countries assessed, 33 of them saw Internet freedom decline over the last year, with the biggest drops observed in Sudan and Kazakhstan. The longtime presidents of both countries were ousted, leading to widespread blocking of social media platforms, disruptions of Internet connectivity, and the increased use of electronic surveillance to undermine free expression.

The report called digital platforms Continue reading

Explore the Content Outline of Our Networking in Public Clouds Online Course

A few days ago we published the content outline for our Networking in Public Clouds online course.

We’ll start with the basics, explore the ways to automate cloud deployments (after all, you wouldn’t want to repeat the past mistakes and configure everything with a GUI, would you?), touch on compute and storage infrastructure, and the focus on the networking aspects of public cloud deployments including:

SEC 2. Data plane and control plane protection in the networking (Nokia, Cisco and Mellanox/Cumulus) for IPv6.

Hello my friend,

After the release of the previous article outlining the data and control plane security for IPv4 in Cisco, Nokia and Mellanox/Cumulus (link) I’ve got several requests about the security in IPv6. The requests were fair enough and with this article we close this gap.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests. 

Disclaimer

This is the fourth article in the series about the Mellanox/Cumulus switch. The three previous are:

• Building lab with Mellanox SN2010
• Configuring Segment Routing on Mellanox/Cumulus, Cisco IOS XR and Nokia SR OS and connecting physical and virtual networks
• Data and control plane protection in Mellanox/Cumulus, Cisco IOS XR and Nokia SR OS

Brief description

The importance of the security for the network in terms of the control and data plane protection was explained in the previous article Continue reading

Junos – Loading configs – 4 of 5 – Update

This is the fourth post in the Loading Configs series. In this post, we will cover the load update command. …

Continue reading →

The post Junos – Loading configs – 4 of 5 – Update appeared first on Fryguy's Blog.

Cheap IoT satellite network gets approval

Space communications start-up Swarm Technologies will begin delivering commercial, bi-directional Internet of Things (IoT) data early next year, according to the company, which has just received its regulatory go-ahead to launch its satellites and transmit.“Swarm will begin rolling out its commercial, two-way data offerings in early 2020,” Sara Spangelo, co-founder and CEO told me in a recent e-mail. The company aims to deploy 150 satellites before the end of 2020, she says. The FCC, in October, granted Part 25 approval for the startup to deploy and operate 150 non-geostationary, Low Earth Orbit (LEO) satellites, for non-voice purposes.To read this article in full, please click here

Arista targets cloud networking with CloudEOS software

Arista this week rolled out software it hopes will help customers more easily fuse enterprise-class networking with on-premises and hybrid-cloud services.The company rolled out two new packages. One, CloudEOS Multi Cloud, normalizes the network connectivity to and between private clouds or public clouds. The package sets up a virtual machine and can redirect traffic across the most effective and efficient networking path using real-time topology, in-band telemetry and other attributes, the company said. It also automatically encrypts all traffic on those paths as well. To read this article in full, please click here

Spirent Test Center Series: Overview and Part 1

The Spirent Test Center is one of the traffic generation tools I use in my job. I am creating a youtube series on varying use cases and aspects with it. Kinda a “how to” and “lessons learned over the years”... Read More ›

The post Spirent Test Center Series: Overview and Part 1 appeared first on Networking with FISH.