Fun in the Lab: FTDv & FMC – Install and Deploy

This is my Stealthwatch playground…. errrr… I mean … ahem… “work environment” for a Technical Solution Workshop I am working on for Stealthwatch.

Going to set up FTDv and FMC today.  A co-worker and friend, Scott Barasch, helped me get jump started… so figure I’ll pass on what I just learned to you. ?

What this blog will cover is

  1. DEPLOY
    1. Deploying the OVF for FTDv
    2. Deploying the OVF for FMC
  2. VMware settings
    1. Tweak for FTDv
    2. Tweak for FMC
  3. Prepping to Power On
    1. Snapshot Both Before Power On
    2. Power Both On
  4. Setup via Console
    1. FMC – console in and setup IP address
    2. FTDv – console in and step thru the prompts
  5. Test IP Connectivity
    1. Ping FMC and FTDv from the PC
    2. Notice Can’t ping FTDv
    3. Fix
    4. Ping
  6. Browse into FMC
    1. Change password
    2. Setup DNS
    3. Setup NTP
    4. Accept EULA
    5. Apply
  7. LICENSING
    1. License FMC
  8. FMC/FTDv: Make the Connection
    1. FTDv – Point FTDv to FMC
    2. FMC – bring the FTDv into the fold.  ?

 

So let’s begin.  What I have to host my FMC & FTDv VMs is a UCS M4 with a NIC connected to a Cat4948 in vlan 1.  That NIC is tied to vSwitch0 in the UCS. Continue reading

BrandPost: Top Ten Reasons to Think Outside the Router – No. 9: Sub-par SaaS Performance

In the form of the iconic David Letterman Top Ten List segment from his former Late Show, Silver Peak is counting down the Top Ten Reasons to Think Outside the Router. Click here for the #10 reason to retire traditional routers at the branch.The #9 reason it’s time to retire traditional routers at the branch: Sub-par SaaS Performance! We often hear from customers that their employees complain that Salesforce.com (or Office365 or Workday or any of myriad SaaS apps) is more responsive from home or from Starbucks than from the branch office.To read this article in full, please click here

Use Cumulus HTTP API to Help Automate Common Network Tasks

Cumulus Linux includes a RESTful programming interface for accessing network devices running that OS. It’s called HTTP API, and it implements an API to access the OpenStack ML2 driver and Network Command Line Utility, or NCLU. Understanding exactly what this means, and how it works, is essential before digging into the possibilities it presents. Here’s an overview to get this going.

The OpenStack ML2 Driver

The ML2 Driver, a.k.a. (in OpenStack’s terms) the Modular Layer 2 neutron plug-in, provides a framework. It enables OpenStack-based networking to use a variety of Layer 2 networking technologies, including those from Cumulus (for which a specific ML2 driver is available and ready to use). To use the OpenStack ML2 driver with Cumulus Linux switches, two essential ingredients must be present:

  1. The REST API, which comes installed in Cumulus Linux. This includes an ML2 HTTP Server, which recognizes and responds to such requests. This runs on Cumulus-based network nodes to which management consoles or nodes will attach to interrogate, configure, or otherwise interact underlying devices.
  2.  Elsewhere on the network, the Cumulus ML2 Mechanism Driver should be installed on a VM or system running Cumulus Linux. This is called a “controller node.” Continue reading

IETF 103, Day 3: DNS Privacy, TLS & IoT

This week is IETF 103 in Bangkok, Thailand, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Wednesday is a relatively light day in this respect, although there’s some pretty important matters being discussed today.

DPRIVE kicks off the day at 09.00 UTC+9, and will mostly be discussing user perspectives with respect to the recently introduced implementations of DNS-over-TLS and DNS-over-HTTPS, as well as the issues of DNS privacy between resolvers and authoritative servers. There’s also a new draft up for discussion on DNS-over-TLS for insecure delegations that describe an alternative authentication mechanism without need for DNSSEC support.

NOTE: If you are unable to attend IETF 103 in person, there are multiple ways to participate remotely.

TLS holds its second session of the week immediately after lunch at 12.20 UTC+7. This will carry-on where it left off on Monday, although will be discussing a DANE Record and DNSSEC Authentication Chain Extension for TLS. The intention is to allow TLS clients to perform DANE authentication of a TLS server without needing to perform additional DNS record lookups.

Then at 13.50 UTC+7, Homenet will be focusing on Homenet Naming Continue reading

Intel responds to the Epyc server threat from AMD

I do love seeing the chip market get competitive again. Intel has formally announced a new class of Xeon Scalable processors, code-named “Cascade Lake-AP” or Cascade Lake Advanced Performance, that in many ways leapfrogs the best AMD has to offer.The news comes ahead of the Supercomputing 18 show and was likely done to avoid being drowned out in the upcoming news. It also comes one day ahead of an AMD announcement, which should be hitting the wires as you read this. I don’t think that’s a coincidence.The Cascade Lake-AP processors come with up to 48 cores and support for 12 channels of DDR4 memory, a big leap over the old design and a leap over AMD’s Epyc server processors, as well. Intel’s current top-of-the-line processor, the Xeon Platinum 8180, has only 28 cores and six memory channels, while the AMD Epyc has 32 cores and eight memory channels.To read this article in full, please click here

Intel responds to the Epyc server threat from AMD

I do love seeing the chip market get competitive again. Intel has formally announced a new class of Xeon Scalable processors, code-named “Cascade Lake-AP” or Cascade Lake Advanced Performance, that in many ways leapfrogs the best AMD has to offer.The news comes ahead of the Supercomputing 18 show and was likely done to avoid being drowned out in the upcoming news. It also comes one day ahead of an AMD announcement, which should be hitting the wires as you read this. I don’t think that’s a coincidence.The Cascade Lake-AP processors come with up to 48 cores and support for 12 channels of DDR4 memory, a big leap over the old design and a leap over AMD’s Epyc server processors, as well. Intel’s current top-of-the-line processor, the Xeon Platinum 8180, has only 28 cores and six memory channels, while the AMD Epyc has 32 cores and eight memory channels.To read this article in full, please click here

BGP Unnumbered Overview

The Border Gateway Protocol (BGP) is an IP reachability protocol that you can use to exchange IP prefixes. Traditionally, one of the nuisances of configuring BGP is that if you want to exchange IPv4 prefixes you have to configure an IPv4 address for each BGP peer. In a large network, this can consume a lot of your address space, requiring a separate IP address for each peer-facing interface.

BGP Over IPv4 Interfaces

To understand where BGP unnumbered fits in, it helps to understand how BGP has historically worked over IPv4. Peers connect via IPv4 over TCP port 179. Once they’ve established a session, they exchange prefixes. When a BGP peer advertises an IPv4 prefix, it must include an IPv4 next hop address, which is usually the address of the advertising router. This requires, of course, that each BGP peer has an IPv4 address.

As a simple example, using the Cumulus Reference Topology, let’s configure BGP peerings as follows:

Between spine01 (AS 65020, 10.1.0.0/31) and leaf01 (AS 65011, 10.1.0.1/31)

Between spine01 (10.1.0.4/31) and leaf02 (AS 65012, 10.1.0.5/31)

Leaf01 will advertise the prefix 192.0.2.1/32 and leaf02 will Continue reading

Fight for net neutrality rules gains momentum

The U.S. Supreme Court has officially ended the court fight over the repealed net neutrality rules that required internet providers to treat all online traffic equally.On Nov. 5, 2018, the court rejected appeals from the telecommunications industry seeking to throw out a lower court ruling in favor of the net neutrality rules. The Federal Communications Commission (FCC) under President Donald Trump has rolled back the rules, but the industry also wanted to completely remove the lower court’s ruling off the books.The Supreme Court's decision is a victory for advocates of net neutrality rules, as supporters hope this will push Congress to enact new net neutrality laws or encourage other states to follow California’s lead by instituting their own requirements.To read this article in full, please click here

Internet Hall of Fame Nominations Open 1 January

Do you know someone who has played a major role in the development and advancement of the Internet? On 1 January 2019, the Internet Hall of Fame will open nominations for its 2019 class of inductees.

The Internet Hall of Fame was launched in 2012 by the Internet Society. With more than 100 inductees, the Internet Hall of Fame celebrates Internet pioneers and innovators from around the world who have helped change the way we live and work today. Their trailblazing accomplishments are as broad and diverse as the Internet itself; expanding the Internet’s benefits into new regions and communities, and creating new technologies and standards that were foundational to the Internet’s development and expansion.

The Internet Hall of Fame recognizes:

  • Individuals who were instrumental in the design and development of the Internet with exceptional achievements that impacted the Internet’s global advancement and evolution; or
  • Individuals who made outstanding technological, commercial, or other advances and helped to expand the Internet’s positive impact on the lives of others; or
  • Individuals who made major contributions to the growth, connectivity, and use of the Internet, either on a global scale or within a specific region that resulted in global impact.

If you know Continue reading

Tariffs on China cause new data center equipment prices to increase

As if the end of the year doesn’t present enough challenges for IT professionals, now there is the added concern coming from the Trump administration regarding the tariffs that were imposed on China back on Sept. 24.Companies including Cisco, Dell, HPE, and Juniper Networks all called for networking and server equipment to be dropped from the tariff regulations, but they were unable to persuade the U.S. government to do that.“By raising the cost of networking products, the proposed duties would impede the development and adoption of cloud-based services and infrastructure,” the group told trade regulators before the tariff was imposed, according to Reuters.To read this article in full, please click here

Tariffs on China cause new data center equipment prices to increase

As if the end of the year doesn’t present enough challenges for IT professionals, now there is the added concern coming from the Trump administration regarding the tariffs that were imposed on China back on Sept. 24.Companies including Cisco, Dell, HPE, and Juniper Networks all called for networking and server equipment to be dropped from the tariff regulations, but they were unable to persuade the U.S. government to do that.“By raising the cost of networking products, the proposed duties would impede the development and adoption of cloud-based services and infrastructure,” the group told trade regulators before the tariff was imposed, according to Reuters.To read this article in full, please click here

1 1,415 1,416 1,417 1,418 1,419 3,848