Chandan Dutta Chowdhury Archives - NetworkingNexus.net

Connecting my Dev VM to GCP: Test driving sshuttle

I have been working on a project which requires me to connect to my test environment deployed on GCP. We don’t have public IPs available for all the VMs in the test environment, but one of the VMs in the deployment is configured as a JumpHost i.e it has a public IP available. We need … Continue reading

A Simple Virtual Network based on proxy ARP and Policy Based Routing

Introduction Choosing a Virtual networking to connect VMs or Containers across Hosts is always a complicated decision. Most of us would have found the virtual networking on a single VM/Container Host to be very simple, easy to implement and debug. Just plug the VM/Container to a bridge and your are done. For access from the … Continue reading

System Monitoring: Glances at Top

System monitoring is one of the topics that has got a lot of attention lately. A lot of options already exists in the open but every-time I search a for a system monitoring tool I am presented with options suitable for large scale cluster of machines, capturing metrics over time, showing trends of resource utilization … Continue reading

No surprise performance test

Recently I had a need to deploy some python FLASK based application. Although FLASK has a convenience CLI built-in to run your application while developing the deployment documentation provided a bunch of production ready deployment method. After going through the various documentation and learning about the event loop based implementation of Gevent, I decided to … Continue reading

Test Driving transmission for multi-site file sync

As the industry moves towards more distributed deployment of services, syncing files across multiple location is a problem that often needs to be solved. In the world of file synching there are two algorithms that are outstanding. One being rsync which is a very efficient tool for synching files. It works great when you have … Continue reading

Extending my Private Lab behind NAT to AWS

WordPress on EC2 with DB in private LAN We have all known and talked about a hybrid cloud solution to spill over an On-Prem infrastructure to cloud providers like AWS. Recently I had a need to do (a POC that needed) the same for my private lab where part of my software runs on the … Continue reading

Test Driving Inter Regional VPC peering in AWS

Connect AWS VPCs hosted in different regions. AWS Virtual Private Cloud(VPC) provides a way to isolate a tenant’s cloud infrastructure. To a tenant a VPCs provide a view of his own virtual infrastructure in the cloud that is completely isolated, has its own compute, storage, network connectivity, security settings etc. In the physical world, Amazon’s … Continue reading

Custom VPC and Internet Access in AWS

Create your VPC, launch EC2 instances and get internet access with Public IP. With a Virtual Private Cloud(VPC), tenants can create his own cloud based infrastructure in AWS. While AWS provides a default VPC for a new tenant, there are always use cases that need creation of custom VPC. While exploring custom VPC, I found … Continue reading

Stateful vs Stateless firewalls: Which one to use when?

Firewalls provide traffic filtering and protects the trusted environment for the untrusted. A firewall can be stateful or stateless A stateful firewall is capable of tracking connection states, it is better equipped to allow or deny traffic based on such knowledge. A TCP connection for example goes through the handshake (SYN-SYN+ACK-SYN), to EASTABLISHED state, and … Continue reading

Home network traffic analysis with a Raspberry Pi 3, a NetGear Switch and Ntop

I had the Raspberry Pi laying around for some time without doing any major function and so was a the NetGear switch [1]. So, I decided to do a weekend project to implement traffic analysis on my home network. I have a PPPoE connection to my ISP that connects to my home router [2]. The … Continue reading

Using Mininet to test OpenStack Firewall drivers

OpenStack FWaaS project will be supporting a Layer 2 firewall based on OVS flow rules. While working on the OVS driver, I felt the need to do some quick tests to check if the flow rules are programmed correctly on the OVS bridge. Although we can run a complete devstack system within a VM, to … Continue reading

SecureNet: Simulating a Secure Network with Mininet

I have been working with OpenStack(devstack) for a while and I must say it is quite convenient to bring up a test setup using devstack. At times, I still feel it is an overkill to use devstack for a quick test to verify your understanding of the network/security rules/routing etc. This is where Mininet shines. … Continue reading

Control Plane for our L3VPN based virtual network

In the last two blogs, I have gone through the process of developing a L3VPN base virtual network. One thing that we ignored is the amount of configuration that we need to change to add or remove nodes or provision new edge routers. While, some of these steps are part of the infrastructure provisioning, like … Continue reading

Designing a L2 virtual network with L3VPNs

In the previous blog, we saw how we can connect two devices in the same subnet over a L3 device. With some configuration to enable ARP Proxying and host routes on the L3 device we were able to simulate a L2 network over a L3 device. The important thing to note from the previous blog … Continue reading

Using a Router for Switching

We all know that Routers are Layer3 devices and switches are Layer2. So how can a Layer 3 device be used to connect two or more devices at Layer2 ? In this blog, I will explore the mechanisms that make it possible to use a routing device as a switch. The test setup We start … Continue reading

Test driving App Firewall with IPTables

With more and more application moving to the cloud, web based applications have become ubiquitous. They are ideal for providing access to applications sitting on the cloud (over HTTP through a standard web browser). This has removed the need to install specialized application on the client system, the client just needs to install is a … Continue reading

IPTables: Matching A GRE packet based on tunnel key

I was trying to figure out a way to match packets with a certain GRE key and take some action. IPTables does not provide a direct solution to this problem but has the u32 extension modules that can be used to extract 4 bytes of the IP header and match against a pattern. So, I … Continue reading

Running a standalone OpenStack Neutron server

One of the great advantage for an OpenStack developer is the ease with which a dev environment can be created. I cannot say enough good things about devstack. Devstack is a tool that provides a very flexible way of creating development environment for OpenStack. Devstack is very flexible and can be configured using simple config … Continue reading

Test-driving arbitrary data publishing over BGP

BGP is a routing protocol known for its strength in scaling and resilience. It is also flexible and extensible. With its Multi-Protocol extension BGP can support distribution of various data types. Still to extend BGP for every new route data type requires introduction of new address family(AFI/SAFI) and making BGP aware of the new data … Continue reading

Test-driving EVPN route publishing with GoBGP

In recent times there has been a lot of interest in tunnel based L2 networks, especially for Cloud Networks implemented with VXLAN. The tunnel based networks were initially proposed with the idea of alleviating the 4k limit imposed with VLAN based networks. EVPN based VXLAN tunneled networks use BGP as control plane for L2 learning. … Continue reading

1 2 Next »