Enterprise Network on GNS3 – Part 7 – DMZ

This is the last article from the series of the articles discussing configuration of the enterprise network. The article explains the configuration of Demilitarized Zone (DMZ). Our DMZ consists of three devices - ASAv-DMZ-I, a multilayer switch vIOS-DMZ-I and Serv-DMZ-I. All the devices in DMZ are run by Qemu hypervisor. The ASAv_DMZ-I device is Cisco Adaptive Security Appliance Software version 9.6.1 and it has assigned 2048 MB RAM by GNS3. The device vIOS-DMZ-I is Cisco vIOS-L2 version 15.2 and it has assigned 512 MB RAM by GNS3. And finally, the device Serv-DMZ-I is Linux Ubuntu 16.04.3 LTS with 1024 MB RAM assigned by GNS3. The server Serv-DMZ-I provides DNS, NTP, Syslog services for devices in DMZ and a public web service for all hosts in the Internet.

Picture 1 - Demilitarized Zone - DMZ

All devices located in DMZ have their IP addresses assigned from the subnet 195.1.1.128/25. The subnet 195.1.1.128/27 is further divided with /30 mask, creating 8 subnets suitable for point-to-point link configuration . Servers located in DMZ are assigned to different VLANs. Currently, there is only server Serv-DMZ-I deployed in DMZ and configured with the IP addresses Continue reading

Memcached DDoS – There’s Still Time to Save Your Mind

In case you haven’t heard, there’s a new vector for Distributed Denial of Service (DDoS) attacks out there right now and it’s pretty massive. The first mention I saw this week was from Cloudflare, where they details that they were seeing a huge influx of traffic from UDP port 11211. That’s the port used by memcached, a database caching system.

Surprisingly, or not, there were thousands of companies that had left UDP/11211 open to the entire Internet. And, by design, memcached responds to anyone that queries that port. Also, carefully crafted packets can be amplified to have massive responses. In Cloudflare’s testing they were able to send a 15 byte packet and get a 134KB response. Given that this protocol is UDP and capable of responding to forged packets in such a way as to make life miserable for Cloudflare and, now, Github, which got blasted with the largest DDoS attack on record.

How can you fix this problem in your network? There are many steps you can take, whether you are a system admin or a network admin:

  • Go to Shodan and see if you’re affected. Just plug in your company’s IP address ranges and have it Continue reading

Hardware as a Service: The New Missing Middle?

Computing used to be far away.

It was accessed via remote command terminals, through time sliced services. It was a pretty miserable experience. During the personal computing revolution, computing once again became local. It would fit under your desk, or in a small dedicated “computer rooms”. You could touch it. It was once more, a happy and contented time for computer users. The computer was personal again. There was a clue in the name.

However, as complexity grew, and as networks improved, computing was effectively taken away again and placed in cold dark rooms once more far, far away for

Hardware as a Service: The New Missing Middle? was written by James Cuff at The Next Platform.

How to deal with networking IoT devices

Networking IoT devices can be challenging for IT managers because the communications requirements can be very different from those for typical PCs, tablets and smartphones currently connected to corporate networks. +RELATED: Most powerful internet of things companies; What is the industrial IoT? And why the stakes are so high+In addition, there is an incredible diversity of IoT devices and how they are used. For example:To read this article in full, please click here

How to deal with networking IoT devices

Networking IoT devices can be challenging for IT managers because the communications requirements can be very different from those for typical PCs, tablets and smartphones currently connected to corporate networks. +RELATED: Most powerful internet of things companies; What is the industrial IoT? And why the stakes are so high+In addition, there is an incredible diversity of IoT devices and how they are used. For example:To read this article in full, please click here

Video: Create an NSX Logical Switch with PowerNSX

After introducing PowerNSX Anthony Burke illustrated how easy it is to use with a Hello, World equivalent: creating a logical switch (VXLAN segment).

You’ll need at least free ipSpace.net subscription to watch the video.

Want to know more about VMware NSX? We’ll run an NSX-focused event and a NSX Deep Dive workshop in Zurich on April 19th 2018, an overview webinar comparing NSX, ACI and EVPN on March 1st, and a deep dive in VMware NSX architecture later in 2018.

Watch the video

NSX Layer 2 VPN: Migrating workloads between Datacentres

Selecting a migration strategy

As a consultant within the NSX PSO practice, one of the conversations that comes up with customers often is how NSX enables migration from a legacy datacentre to an NSX managed datacentre. This was the case with a customer recently who were looking to move out of a datacentre that was scheduled to be decommissioned. The problem was that the customer workloads needed to be migrated to a Logical Switch within the new datacentre without changing IP addressing, and with minimal downtime.

There are four approaches available to us with NSX for vSphere that might help solve this problem:

  • Universal Logical Switching – we could deploy NSX to the remote site and extend L2 networks using Cross-vCenter NSX and Universal Logical Switches, then migrate the workload
  • Native L2 Bridging – within the same datacentre we could use the NSX Distributed Logical Router native functionality to create a Layer 2 Bridge between a VLAN and a Logical Switch
  • Hardware VTEP – using a compatible hardware device from a VMware Partner that acts as a VXLAN Tunnel Endpoint and can bridge between a VLAN and a Logical Switch
  • Layer 2 VPN – using an NSX managed Edge, or Continue reading

IDG Contributor Network: How to choose the right SD-WAN transport and why it matters

Businesses and their distributed enterprise locations grow more dependent on connected resources every day. That’s because employee and customer expectations and behaviors are evolving and having quick access to business information or constant connection to personal applications is changing the game for business networks. Every report I see indicates that our dependence on connected systems will continue to skyrocket. In fact, Cisco recently predicted that global IP traffic is set to nearly triple by 2021.To read this article in full, please click here

IDG Contributor Network: How to choose the right SD-WAN transport and why it matters

Businesses and their distributed enterprise locations grow more dependent on connected resources every day. That’s because employee and customer expectations and behaviors are evolving and having quick access to business information or constant connection to personal applications is changing the game for business networks. Every report I see indicates that our dependence on connected systems will continue to skyrocket. In fact, Cisco recently predicted that global IP traffic is set to nearly triple by 2021.To read this article in full, please click here

IDG Contributor Network: Digital transformation of cities: Creating smart and engaged communities with IoT

What makes a city a “smart city?” Some would argue that it has to do with the degree to which the city is staying abreast of technology advancements, but that is too one-dimensional. Smart cities require an integrated approach to IoT, connectivity, AI, distributed computing and other technologies.To truly capitalize on smart city technology, technologists must understand the immediate and long-term pain points for city governments; the procurement framework including budgetary and funding issues; and the overall bureaucratic and legislative processes.An integrated approach to technology implementation – cutting across all departments in the city – can help alleviate specific challenges such as parking management, traffic management, street lighting, energy consumption (and demand response), and public safety.To read this article in full, please click here

BrandPost: What Is an Autonomous Network?

Automation itself, and the idea that technologies could be self-provisioning, self-diagnosing, and self-healing, has been around for some time. But with advances in Artificial Intelligence (AI) and cloud technologies, such fanciful notions are quickly becoming realities.Nowadays, most of us use AI-enabled apps when we ask Apple’s Siri or Amazon’s Alexa for help with a task. And even streaming services like Netflix help us pick movies and TV shows using AI.WHITE PAPERIntroducing the Adaptive Network VisionTo read this article in full, please click here

The Server Market Booms, And It Could Last For A While

The general consensus, for as long as anyone can remember, is that there is an insatiable appetite for compute in the datacenter. Were it not for the constraints of budgets, for both the acquisition of iron, the facilities to house it, the electricity to power and cool it, and the people to manage it, it is safe to say that the installed base of servers worldwide would be much larger than it is.

But the world doesn’t work that way, and there are constraints. But thanks to ever more complex applications, ever richer media, and a burning desire to save

The Server Market Booms, And It Could Last For A While was written by Timothy Prickett Morgan at The Next Platform.

1 1,657 1,658 1,659 1,660 1,661 3,794