Introduction to Next Generation Network Technology: IOT- Internet Of Things
Today I am going to talk about the next generation technology where we are going to connect many other infrastructure and electronic things and controlled and managed by single user or with group of the users. IOT is now the demand of many enterprise, Schools, Hospitals, Factories and many other places. IOT helps ease to work with the help of the latest technology.
IOT is the new technology where we automated the various appliances may be electronic and electric to make this world better. A aspect, within the internet of things, can be someone with a heart monitor implant, a farm animal with a biochip transponder, an car that has built-in sensors to alert the driver whilst tire pressure is low -- or every other natural or guy-made item that can be assigned an IP address and provided with the capacity to switch facts over a network.
The IoT permits objects to be sensed and managed remotely across current network infrastructure, developing opportunities for extra direct integration of the physical global into pc-based totally systems, and resulting in improved efficiency, accuracy and financial advantage.
What is the Basic Purpose of IOT ? How it will helpful for my Business ?
IoT Continue reading
The Use of the Asymmetric routing
Today I am going to talk about the the concept of asymmetric routing and what is the purpose of the asymmetric routing in details. In simple words, Asymmetric routing is used when a packet takes one path to the destination and takes another path when returning to the source. It can be used of manual purposes where we want the sending and the receiving path will be different.
Asymmetric routing is common within most networks i.e. the larger the network, the more likely there is asymmetric routing in the network. Asymmetric routing is an undesirable situation for many network devices including, firewalls, VPNs, and Load Balancer appliances. These devices all rely on seeing every packet to function properly.
Below is the example showing the asymmetric routing where we have two different paths for sending and receiving the packets or you can say traffic flow path are different for sending and receiving the packets. In the below topology, you can see that Site A sending the traffic to internet via Primary Router and then to ASA and then to internet Router while receiving from Internet router then secondary router and then to Site A via MPLS cloud. So this Continue reading
Fortinet Next Generation Firewalls : Fortinet 5000 Series Firewalls
Today I am going to talk about Fortinet Next Generation Firewalls. As i already wrote many articles on Next Generation firewalls. Below are some of the links of other vendors describing Next Generation Firewalls
Above are some of the articles i wrote about Firewalls on different vendors which includes Cisco, Sophos, Checkpoint, Symantec, Meraki and Palo-Alto.
Now I am going to talk about the Fortinet Next Generation Firewalls.
Fortinet Next Generation Firewalls
Now I am going to talk about the Fortinet Next Generation Firewalls.
Fortinet Next Generation Firewalls
The Fort iGATE High-end series of Data Center and Next-Gen Firewalls deliver all the top-rated security effectiveness you expect from Fortinet, in an ultra-low latency compact appliance and flexible chassis platform.
 |
| Fig 1.1- Fortigate Next Generation Firewalls |
Purpose built Forti-ASIC processors and FortiOS, delivers exceptional throughput and enables security, scalability, flexibility and manageability you demand for data center edge Continue reading
Quick Facts on EIGRP
Today, i am going to discuss about the one of the important Cisco routing protocol in many of the enterprise domain network. EIGRP is now open source routing protocol and can be used by any vendor.
The Protocol is initially Cisco Propriety protocol but later on Cisco announces this protocol as open standard protocol and is now used in any of the routers ( It can be Juniper, Huawei, HP or any other ).
There are lot of interesting facts around the EIGRP protocol, Some says it is Link state routing protocol and some says it is distance vector routing protocol. Well it is a Hybrid routing protocol. I am expecting you guys know about the fact of Distance Vector routing protocol and also know about the features and working of the Link State routing protocols.
I already wrote about the distance vector routing protocol and Link State routing protocol below is the link for your reference
Now talk about the distance vector routing protocol.Whenever there is discussion on Distance vector routing protocol then there are two protocols and they are RIP ( Routing Information Protocol ) and IGRP Continue reading
Firewalls Checkpoint : Check Point 1100 Security Appliances Introduction
Today I am going to talk about the Checkpoint Firewalls where i am talking about the Checkpoint 1100 security appliances. There are lot of vendors who have head to head competition on the security domain which includes Palo-Alto, Cisco, Brocade and Checkpoint. The market is moving away from the stateful firewall as they are moving towards the Next generation firewalls which Gartner provide the set of features.
What is Next Generation Firewalls ?
Well I wrote so many articles here in this blog about the Next Generation Firewalls. Next Generation Firewall includes the features like Firewall, IPS, Stability and Reliability with Visibility feature. Below is the basic topology where it is showing where we can deploy the firewalls in the network. The below mentioned network topology showing the firewall is deployed on the gateway and for the internal segmentation of the networks. The network topology uses here is just for the demo purposes and have no relevance with any of the live or enterprise network.
 |
| Fig 1.1- Basic Firewall deployment in the Network |
I had write some of the articles on Next generation firewalls earlier. Please go through the below links to get the more ideas of Next Generation Firewalls Continue reading
Cisco Access Points- Basics, Comparison with Aruba and Ruckus
Today I am going to talk about the Cisco Wireless topic where I will talk about Aironet 3700 Series Access point which features and the comparison with the other vendors as well. But before we are going to talk about the Aironet 3700 Access point we will talk about the Access points.
What is Access Point ?
Well if you talk about the Access point, It is a hardware device which is capable to creating the Wireless network in the campus or in the office. An access point connects to a wired router, switch, or hub via an Ethernet cable, and projects a Wi-Fi signal to a designated area.
What is the use of the Access Points?
High-density experience through a purpose-built, innovative chipset with best-in-class RF architecture for a high-performance enterprise network. Below is showing the basic topology of the Cisco Aironet Access points.
 |
| Fig 1.1- Cisco Aironet Network Topology |
Cisco Aironet 3700 Access Points
The Cisco Aironet 3700 Series Access Point is designed for high-density network environments that utilize mission-critical, high-performance applications.
 |
| Fig 1.2- Cisco Aironet Models |
The Aironet 3700 Series delivers:
- The industry's first wireless access point with integrated 802.11ac Wave 1 radio to support a 4x4 MIMO with Continue reading
Introduction to Cloud Computing : Private, Public and Hybrid Cloud Models
Today I am going to talk about the most demanding cloud technology where so many companies are moving towards the next generation cloud computing approach. Even as per the demand, vendors and service providers are taking the new route to provide the cloud based technology to their customers.
There are so many questions as many of you are not aware of what cloud actually is and how they migrate the traditional network to cloud based infrastructure. But make sure if you are moving to the cloud based technology the hardware should be cloud ready to support and even support the third party APIs.
What is Cloud Computing and how are they helpful to the customers ?
Cloud computing approach storing and gaining access to information and applications over the internet rather than your computer's tough power. It is going again to the times of flowcharts and displays that would constitute the huge server-farm infrastructure of the internet as nothing but a puffy, white cumulonimbus cloud, accepting connections and dishing out facts because it floats.
Cloud computing is the result of the evolution and adoption of existing technology and paradigms. The aim of cloud computing is to permit customers to take benefit Continue reading
Cisco PIX Security Appliances Firewall modes
Today I am going to talk about the different modes of Cisco PIX firewall. By default if you talk about the mode of the firewall, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets.
Now let's talk about the different firewall modes. There are two modes of firewalls and they are as routed mode and transparent mode.
Cisco PIX Security Appliances Routed mode
Default mode of an ASA. The ASA acts as a single firewall and all interfaces are provisioned to be managed through a single firewall configuration.
Configuration Example for Cisco PIX security appliances in routed mode
Below is the basic way Continue reading
In recent years, a growing best practice has been to deploy firewalls not only at the traditional network perimeter-where the private corporate network meets the public Internet-but also throughout the enterprise network in key internal locations, as well as at the WAN edge of branch office networks. This distributed-firewall strategy helps protect against internal threats, which have historically accounted for a large percentage of cyber losses, according to annual studies conducted by the Computer Security Institute (CSI).
Now let's talk about the different firewall modes. There are two modes of firewalls and they are as routed mode and transparent mode.
Cisco PIX Security Appliances Routed mode
Default mode of an ASA. The ASA acts as a single firewall and all interfaces are provisioned to be managed through a single firewall configuration.
 |
| Fig 1.1- Firewall Routed mode |
Below is the basic way Continue reading
Alcatel-Lucent (Nokia) 7750 Service routers
Today I am going to talk about the Alcatel-Lucent 7750 Service routers as they are very much robust in nature and in demand with many of the enterprise networks. Now the Alcatel-Lucent 7750 Service routers are now rebranded and renamed as Nokia 7750 Service routers. The Nokia 7750 service routers are delivers the performance, service richness, and intelligence to drive the converged IP network edge.
The Alcatel-Lucent 7750 service Router (SR) portfolio is a collection of multi-provider edge routing structures that supply high performance, carrier richness, and creates first-rate value for networking in the cloud generation. it's far designed for the concurrent delivery of advanced residential, business and Wi-Fi broadband IP offerings, and gives cloud, records middle and department office connectivity for corporation networking on a commonplace IP part routing platform.
 |
| Fig 1.1- Alcatel-Lucent/Nokia 7750 service Routers |
Leveraging Alcatel-Lucent 400 Gb/s FP3 silicon technology and a comprehensive suite of IP/MPLS routing capabilities, the 7750 SR has the flexibility to be deployed in a wide range of applications:
- Broadband network gateway for residential service delivery with advanced subscriber management
- Multiservice edge router for business VPN/Internet access, cloud and data center interconnect services
- Enterprise router providing intelligent connectivity to the Continue reading
Service Provider MPLS : Inter-AS MPLS Options
Today I am going to talk about the Inter-AS MPLS or you can say that Inter-provider MPLS option. So in this case i am taking the example on the Cisco devices. To maintain the continuity of MPLS VPN services across multiple service providers, mainly for customers who span world wide on different service providers, IETF described 3 types of options. These options are
- Option A
- Option B
- Option C
Inter-AS or Inter-Provider MPLS VPN solutions, while Cisco implemented three options (1, 2 and 3) with Cisco IOS (these options are also known in Cisco documents as 10A, 10B and 10C).
Lets start with all these option one by one. The first option is called as VRF to VRF connection between two different AS border routers and the explanation is as below.
Option A: VRF-to-VRF connections at the AS (Autonomous System) border routers
In this procedure, a PE router in one AS attaches directly to a PE router in another. The two PE routers will be attached by multiple sub-interfaces, at least one for each of the VPNs whose routes need to be passed from AS to AS.
 |
| Fig 1.1- Inter-AS option A |
Each PE will treat the other Continue reading
Introduction to Port Channels and LACP
Today I am going to talk about the LACP protocol or people also knew this as port-channel or ether-channel. This topic is basically based on the Arista Networks switches. I will discuss the basics of port channel and then we will have the configurations on the switches.
What is Port Channel ? when and where it is used ?
What is Port Channel ? when and where it is used ?
A port channel is a communication link between two switches that consists of matching channel group interfaces on each switch. A port channel is also referred to as a Link Aggregation Group (LAG). Port channels combine the bandwidth of multiple Ethernet ports into a single logical link.
A channel group is a collection of Ethernet interfaces on a single switch.
 |
| Fig 1.1- LACP between Cisco and HP Switches |
A port channel interface is a virtual interface that consists of a corresponding channel group and connects to a compatible interface on another switch to form a port channel. Port channel interfaces can be configured and used in a manner similar to Ethernet interfaces. Port channel interfaces are configurable as layer 2 interfaces, layer 3 (routable) interfaces, and VLAN members. Most Ethernet interface configuration options are available to port channel interfaces.
Introduction to Symantec Web Application Firewalls
Before we are starting with the Symantec Web Application Firewalls, first we need to understand
What and why we need WAF or so called Web Application Firewalls ?
What and why we need WAF or so called Web Application Firewalls ?
If you are talking about the Web servers, they are often targeted by attackers to help them host and deliver malware. In the Verizon’s 2015 Data Breach Investigation Report it was found that the attacks on web applications were one of the most common threats enterprises faced.
How to mitigate these kinds of risks ?
To mitigate the risks a compromise poses to their reputation and ongoing operations, enterprises are implementing Web Application Firewalls (WAF) to protect their web properties and enforce the security and privacy of their web applications. To ensure the security they implement does not adversely affect the performance of the web. So for avoiding the various attacks from the outside world enterprises need WAF kind of services and there are lot of providers in the WAF.
Now in this case we required WAF or so called Web Application Firewalls, Now let's talk about the Symantec Web Security Application Firewalls in details with features and the purpose. I will try to put another article on Cisco WAF as well as Continue reading
Firewall Standard Zones and Configurations
Lets talk about the security Zone in the enterprise network or you can say that implementing the Security Zone in the university that approach to firewall configuration and deployment. These “Security Zones” are implemented as rule-sets on University firewalls.
 |
| Fig 1.1- Standard Firewall Zones |
Each firewall will provide multiple “Security Zones” to implement specific security controls for each zone. Default sets of “Security Zones” are created during the implementation of each University firewall as follows:
- Workstation Zone
- Server Zone
- DMZ Zone
CSSD defines these “Security Zones” to be implemented for each firewall as follows:
- Workstation Zone – The Workstation zone is designed to protect a University Unit’s workstations, network printers, and other local network devices (inside the firewall) from all other zones. Access to this zone from all other zones is restricted and controlled
- Server Zone – The Server zone is designed to protect a University Unit’s critical infrastructure such as domain controllers, file, print, intranet (internal web applications), application, and database servers. Access to this zone is limited to the Unit’s Workstation Zone.
- DMZ Zone– The DMZ zone is designed to protect any server that is accessed by a broad audience. An example Continue reading
Cisco Meraki Security – Meraki MX Security Appliances
Meraki Cloud Managed Security Appliance Series
Today I am going to talk about Cisco acquired Meraki or Cisco Meraki MX Security Appliances. These appliances are ideal for organizations with large numbers of distributed sites. Since the MX is 100% cloud managed, installation and remote management is simple. So it means that these security appliances will be managed on cloud.The Meraki MX has a comprehensive suite of network services, eliminating the need for multiple appliances. These services include Layer 7 application firewall, content filtering, web search filtering with intrusion prevention, web caching, Intelligent WAN with multiple uplinks and 4G failover.
 |
| Fig 1.1- Cisco Meraki MX Security Appliances |
Security Features
- With the help of Meraki MX Security appliances we can have Application-aware traffic control which can set bandwidth policies based on Layer 7 application type (e.g., YouTube, Skype, P2P).
- Another best feature is the content Filtering which can be used as CIPA-compliant content filtering and safe search enforcement.
- Meraki based Intrusion prevention ( IPS feature) : PCI-compliant IPS sensor using industry-leading SNORT signature database from Cisco Sourcefire.
- With the help of Meraki MX security appliances, you can have the Anti-virus and anti-phishing with flow Continue reading
Introduction to Cisco Wireless- Flex Connect Mode
Today I am going to talk about the Cisco Wireless Flex-connect mode and how it works in the enterprise or campus network with wireless connect with APs. There are two different modes, one is the local switched mode and another is called as Flex-connect mode.
In the case of the local switched mode, an AP creates two CAPWAP tunnels to the WLC. One is for management, the other is data traffic. This behaviour is known as "centrally switched" because the data traffic is switched(bridged) from the AP to the controller where it is then routed by some routing device.
Let's take an example here, let us suppose the below example about the difference between Local vs Flex-connect mode
Local Switching Vs Flex-Connect
In the case of the local switched mode, an AP creates two CAPWAP tunnels to the WLC. One is for management, the other is data traffic. This behaviour is known as "centrally switched" because the data traffic is switched(bridged) from the AP to the controller where it is then routed by some routing device.
Let's take an example here, let us suppose the below example about the difference between Local vs Flex-connect mode
Local Switching Vs Flex-Connect
Office 1 is located in New Delhi (using local mode)
Office 2 is located in Sydney(using flex connect)
Datacenter is located in San Jose
Local Mode means that a tunnel is created from Wireless AP to the WLC. All traffic goes to the WLC. Authentication and user traffic. If office 1(New Delhi) is configured with local mode, the wireless clients will actually have all of their traffic tunnelled to San Jose and will use an IP from Continue reading
Cisco Firepower 4100 Series introduction
Today in this article I am going to talk about the Cisco Firepower 4100 series. As in my earlier articles I talk about the Cisco Firepower 2100 series and Cisco Firepower 9300 series which is one of the most powerful box in security domain.
Before we start with the Cisco 4100 series Firewall, A next generation firewall with NGFW image, below are the Cisco Firepower 2100 and Cisco Firepower 9300 articles. You can go to that articles as well for your references.
Cisco Firepower 9300 Series
Cisco 2100 Series Firepower
Cisco Firepower 2100 BOQ guide
Before we start with the Cisco 4100 series Firewall, A next generation firewall with NGFW image, below are the Cisco Firepower 2100 and Cisco Firepower 9300 articles. You can go to that articles as well for your references.
Cisco Firepower 9300 Series
Cisco 2100 Series Firepower
Cisco Firepower 2100 BOQ guide
Cisco Firepower 4100 Series is a family of four threat-focused NGFW security platforms. Their throughput range addresses data center and internet edge use cases. They deliver superior threat defense, at faster speeds, with a smaller footprint.
 |
| Fig 1.1- Cisco Firepower 4100 Series |
Cisco Firepower 4100 Series supports flow-offloading, programmatic orchestration, and the management of security services with RESTful APIs. Network Equipment Building Standards (NEBS)-compliance is supported by the Cisco Firepower 4120 platform.
Cisco Firepower 4100 series comes in various models and these models are
- Cisco Firepower 4110
- Cisco Firepower 4120
- Cisco Firepower 4140
- Cisco Firepower 4150
Let's talk about the basic features of Continue reading
Cisco Firepower 9300 Series Introduction
Today I am going to talk about the Cisco Firepower 9300 series which is one of the most powerful box by Cisco systems. Cisco Firepower 9300 is a Next Generation Firewall and has various capabilities of AVC, IPS, AMP and URL filtering with the high throughput value.
- AVC stands for Application Visibility and Control
- IPS stands for Intrusion Prevention System
- AMP stands for Advance Malware Protection
- Cisco Firepower 2100 Series
- Cisco Firepower 4100 Series
- Cisco Firepower 9300 Series
In this article, I will only talk about Cisco 9300 Firepower next generation firewalls. Although you can have two different images in the box. You can use ASA image or NGFW image in all these 3 boxes as per the requirement in your network.
Cisco Firepower 9300 is a highly scalable with carrier-grade, modular platform designed for service providers, high-performance computing centres, large data centres, campuses, high-frequency trading environments, and other environments that require low (less than 5-microsecond offload) latency and exceptional throughput.
 |
| Fig 1.1- Cisco Firepower 9300 NGFW |
Cisco Continue reading
Cisco Catalysts Supervisor Engines,Interfaces and Modules- Cisco 6500 and Cisco 6800
Today I will talk about the Line cards in the Chassis and explain you where to use which line card and how we design the network with the user count. People asked me so many questions on the line card part and they are always confuse about the use of the line cards in the chassis. The article is based on the Cisco devices where we are using the line cards to accommodate the users in the network at the access layer and to have the smooth traffic flow.
Below image shows the two different Chassis in VSS format where we connect the chassis back to back with the SUP engines. The SUP can be 2T or 6T depends upon the requirement and the design of the campus or enterprise network.
 |
| Fig 1.1- VSS using SUP Engines |
Let's talk about one by one in details, First I will talk about the Supervisor Engines 6T and 2T. I will not talk about the previous SUP engines as they are going or they are already at the verge of end of sale/support.
SUPERVISOR ENGINES
C6800-SUP6T : This is a Supervisor Engine SUP6T with with 8 ports 10GbE, 2 ports 40GbE and Continue reading
Discussion about SFP, SFP+, QSFP, QSFP+, XFP and CFP Modules/Connectors
Today I am going to talk about the hardware generally used in many of the devices for the fiber/copper connectivity with the devices in the network.
I will talk about the various kinds of modules which includes the following types
Lets start with the SFP module discussion, then we will go with the SFP+, QSFP, QSFP+, XFP and then CFP modules. I will talk about the usage, Wavelength, data rate speed and so many factors which describe these modules in details. I hope with this article you will easily understand the various types of modules uses in industries now a days with the capacity and the data rate speed of these different modules.
SFP: SFP stands for small form factor pluggable, With the help of SFP you can extend the switching capability by connecting the fiber/copper cable between two devices. SFP is the way of technology to connect the devices. You can use as a Single fiber, Dual Fiber, DWDM, WDM. It can support maximum of 150 Km. SFP is based on IEEE802.3 and SFF-8472. SFP transceivers are designed to support Continue reading
I will talk about the various kinds of modules which includes the following types
- SFP
- SFP+
- QSFP, QSFP+, QSFP14, QSFP28
- XFP
- CFP
 |
| Fig 1.1- Sample QSFP+ to SFP+ Connectivity |
Lets start with the SFP module discussion, then we will go with the SFP+, QSFP, QSFP+, XFP and then CFP modules. I will talk about the usage, Wavelength, data rate speed and so many factors which describe these modules in details. I hope with this article you will easily understand the various types of modules uses in industries now a days with the capacity and the data rate speed of these different modules.
SFP: SFP stands for small form factor pluggable, With the help of SFP you can extend the switching capability by connecting the fiber/copper cable between two devices. SFP is the way of technology to connect the devices. You can use as a Single fiber, Dual Fiber, DWDM, WDM. It can support maximum of 150 Km. SFP is based on IEEE802.3 and SFF-8472. SFP transceivers are designed to support Continue reading
Basics of Multicast Addresses ( 224.0.0.0 to 239.255.255.255)
Today I am going to talk about basics of Multicast from the beginning. Before starting the concept of multicast you need to know about the unicast and the broadcast type of networks.
Unicast: Unicast is the traffic from from the single user to the single destination.
Broadcast: Broadcast is the traffic flow from the single user to everyone in the network.
Multicast: Multicast is the traffic flow from the single user to the specific group of the destinations in the network.
IP Multicast
Unicast: Unicast is the traffic from from the single user to the single destination.
Broadcast: Broadcast is the traffic flow from the single user to everyone in the network.
Multicast: Multicast is the traffic flow from the single user to the specific group of the destinations in the network.
 |
| Fig 1.1- Multicast Vs Unicast |
IP Multicast
IP multicast works as follows :
- Multicast groups are identified by IP addresses in the range 224.0.0.0 - 239.255.255.255 (class D address)
- Every host (more precisely: interface) can join and leave a multicast group dynamically : no access control
- Every IP datagram sent to a multicast group is transmitted to all members of the group
- IP multicast service is unreachable
- IP multicast only supports UDP as higher Layer which means there is no multicast TCP.
- All D class addresses are Multicast addresses. The addresses range are shown above from 224.0.0.0 to 239.255.255.255
- These addresses are dynamically Continue reading