Basic Configuration for Cisco ASA 5505 Interfaces- Trunk Port

Today I am going to talk about the basic Cisco ASA configuration of trunk ports and also to make that Cisco asa with the failover link. We are putting two ASA where one is the primary one and another is the failover ASA in the DMZ zone. I already discuss on the Cisco ASA access port configurations. If you want to have a look on the configurations, please go through the below link as a reference
Basic Configuration for Cisco ASA 5505 Interfaces- Access Ports


Before we talk about these protocols,  I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos

Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go

Now let's talk about the basic Cisco ASA configuration for the trunk port. Below is the basic topology showing the Cisco ASA placed in the enterprise network. The configurations, IP addresses and topology shown here is only for the demo purposes and has no relevance with any of the enterprise networks.

Fig 1.1- Continue reading

Basic Configuration for Cisco ASA 5505 Interfaces- Access Ports

Today I am going to talk about the basic Cisco ASA configuration on the access ports and also to make that Cisco asa with the failover link. Later on i will come up with the configuration part of the Cisco asa with the trunk port configurations. We are putting two ASA where one is the primary one and another is the failover ASA in the DMZ zone.

Before we talk about these protocols,  I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos

Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go

Lets talk about the Cisco ASA configurations where we configures five VLAN interfaces, including the failover interface which is configured using the failover lan command. 
Fig 1.1- Cisco ASA 5505

Configuration Examples for ASA 5505 Interfaces
Here in the below example, we are taking VLAN 2, VLAN 3, VLAN 4 and VLAN 5 where VLAN 6 will be the failover link and after that all VLANs will be assigned to the Continue reading

The New DDoS Landscape

The New DDoS Landscape

News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? The greater the volume of traffic a victim receives, the harder to mitigate an attack - right?

At least, this is how things used to work. An attacker would gain capacity and then use that capacity to launch an attack. With enough capacity, an attack would overwhelm the victim's network hardware with junk traffic such that they can no longer serve legitimate requests. If your web traffic is served by a server with a 100 Gbps port and someone sends you 200 Gbps, your network will be saturated and the website will be unavailable.

Recently, this dynamic has shifted as attackers have gotten far more sophisticated. The practical realities of the modern Internet have increased the amount of effort required to clog up the network capacity of a DDoS victim - attackers have noticed this and are now choosing to perform attacks higher up the network stack.

In recent months, Cloudflare has seen a dramatic reduction in simple attempts to flood our network with junk traffic. Whilst we continue to see large network level attacks, in Continue reading

Want to try Warp? We just enabled the beta for you

Tomorrow is Thanksgiving in the United States. It’s a holiday for getting together with family characterized by turkey dinner and whatever it is that happens in American football. While celebrating with family is great, if you use a computer for your main line of work, sometimes the conversation turns to how to setup the home wifi or can Russia really use Facebook to hack the US election. Just in case you’re a geek who finds yourself in that position this week, we wanted to give you something to play with. To that end, we’re opening the Warp beta to all Cloudflare users. Feel free to tell your family there’s been an important technical development you need to attend to immediately and enjoy!

Hello Warp! Getting Started

Warp allows you to expose a locally running web server to the internet without having to open up ports in the firewall or even needing a public IP address. Warp connects a web server directly to the Cloudflare network where Cloudflare acts as your web server’s network gateway. Every request reaching your origin must travel to the Cloudflare network where you can apply rate limits, access policies and authentication before the request hits your Continue reading

Pseudo-wires With Vagrant and Libvirt

Libvirt has the ability to create a pseudo-wire between virtual guest interfaces using either TCP or UDP. The advantage of using pseud-wires is that you do not need to create virtual switches to attach your guest VM interfaces to. Virtualbox has an annoying trait of stripping vlan tags on...

OpenStack SDN – NFV Management and Orchestration

In the ongoing hysteria surrounding all things SDN, one important thing gets often overlooked. You don’t build SDN for its own sake. SDN is just a little cog in a big machine called “cloud”. To take it even further, I would argue that the best SDN solution is the one that you don’t know even exists. Despite what the big vendors tell you, operators are not supposed to interact with SDN interface, be it GUI or CLI. If you dig up some of the earliest presentation about Cisco ACI, when the people talking about it were the actual people who designed the product, you’ll notice one common motif being repeated over and over again. That is that ACI was never designed for direct human interaction, but rather was supposed to be configured by a higher level orchestrating system. In data center environments such orchestrating system may glue together services of virtualization layer and SDN layer to provide a seamless “cloud” experience to the end users. The focus of this post will be one incarnation of such orchestration system, specific to SP/Telco world, commonly known as NFV MANO.

NFV MANO for Telco SDN

At the early dawn of SDN/NFV era a Continue reading

NetNeutrality vs. limiting FaceTime

In response to my tweets/blogs against NetNeutrality, people have asked: what about these items? In this post, I debunk the fourth item.
The issue the fourth item addresses is how AT&T restrict the use of Apple's FaceTime on its network back in 2012. This seems a clear NetNeutrality issue.

But here's the thing: the FCC allowed these restrictions, despite the FCC's "Open Internet" order forbidding such things. In other words, despite the graphic's claims it "happened without net neutrality rules", the opposite is true, it happened with net neutrality rules.

The FCC explains why they allowed it in their own case study on the matter. The short version is this: AT&T's network couldn't handle the traffic, so it was appropriate to restrict it until some time in the future (the LTE rollout) until it could. The issue wasn't that AT&T was restricting FaceTime in favor of its own video-calling service (it didn't have one), but it was instead an issue of "bandwidth management".

When Apple released FaceTime, they Continue reading

NetNeutrality vs. Verizon censoring Naral

In response to my anti-NetNeutrality blogs/tweets, people ask what about this? In this post, I address the second question.
Firstly, it's not a NetNeutrality issue (which applies only to the Internet), but an issue with text-messages. In other words, it's something that will continue to happen even with NetNeutrality rules. People relate this to NetNeutrality as an analogy, not because it actually is such an issue.

Secondly, it's an edge/content issue, not a transit issue. The details in this case is that Verizon provides a program for sending bulk messages to its customers from the edge of the network. Verizon isn't censoring text messages in transit, but from the edge. You can send a text message to your friend on the Verizon network, and it won't be censored. Thus the analogy is incorrect -- the correct analogy would be with content providers like Twitter and Facebook, not ISPs like Comcast.

Like all cell phone vendors, Verizon polices this content, canceling accounts that abuse the system, like spammers. Continue reading

NetNeutrality vs. AT&T censoring Pearl Jam

So in response to my anti-netneutrality tweets/blogs, Jose Pagliery asks "what about this?"

Let's pick the first one. You can read about the details by Googling "AT&T Pearl Jam".

First of all, this obviously isn't a Net Neutrality case. The case isn't about AT&T acting as an ISP transiting network traffic. Instead, this was about AT&T being a content provider, through their "Blue Room" subsidiary, whose content traveled across other ISPs. Such things will continue to happen regardless of the most stringent enforcement of NetNeutrality rules, since the FCC doesn't regulate content providers.

Second of all, it wasn't AT&T who censored the traffic. It wasn't their Blue Room subsidiary who censored the traffic. It was a third party company they hired to bleep things like swear words and nipple slips. You are blaming AT&T for a decision by a third party that went against AT&T's wishes. It was an accident, not AT&T policy.

Thirdly, and this is the funny bit, Tim Wu, the guy who defined the Continue reading

The Internet Society and NetBlocks Team up to Keep it on!

By Constance Bommelaer de Leusse and Alp Toker

How much do government shutdowns cost? How do they impact growth and prosperity?

In 2016 Internet shutdowns cost globally about $2.4 billion USD, and across 10 African countries they led to loss of $237 million USD over 236 days.

If we don’t act now, shutdowns and restrictions of access will continue to rise and the economic cost will increase over the next few years. At a time where developing countries can benefit the most from Internet access for economic growth, education and health, we cannot let this situation become the new normal.

The economic rationale of keeping it on

The impact of shutdowns on freedom of expression and human rights is already well understood. Unfortunately, this has little effect in reversing the trend. This is why we need the ear of economic and trade Ministers, investors, development banks, and others who can ensure the Internet isn’t shut down. Because they care about the growth and prosperity the Internet can bring.

Today we are excited to announce that the Internet Society and NetBlocks are teaming up to develop a tool to better measure the cost of shutdowns, and convince governments to keep the Continue reading

The FCC has never defended Net Neutrality

This op-ed by a "net neutrality expert" claims the FCC has always defended "net neutrality". It's garbage.

This wrong on its face. It imagines decades ago that the FCC inshrined some plaque on the wall stating principles that subsequent FCC commissioners have diligently followed. The opposite is true. FCC commissioners are a chaotic bunch, with different interests, influenced (i.e. "lobbied" or "bribed") by different telecommunications/Internet companies. Rather than following a principle, their Internet regulatory actions have been ad hoc and arbitrary -- for decades.

Sure, you can cherry pick some of those regulatory actions as fitting a "net neutrality" narrative, but most actions don't fit that narrative, and there have been gross net neutrality violations that the FCC has ignored.


There are gross violations going on right now that the FCC is allowing. Most egregiously is the "zero-rating" of video traffic on T-Mobile. This is a clear violation of the principles of net neutrality, yet the FCC is allowing it -- despite official "net neutrality" rules in place.

The op-ed above claims that "this [net neutrality] principle was built into the architecture of the Internet". The opposite is true. Traffic discrimination was built into the architecture since Continue reading

Holiday Weekend Reads (22nov17)

The coming holiday is cutting my publishing schedule short, but I didn’t want to leave too many interesting stories on the cutting room floor. Hence the weekend read comes early this week, and contains a lot more stuff to keep you busy for those couple of extra days. For the long weekend, I have five on security and one on culture. Enjoy!

This first read is about the US government’s collection and maintenance of security vulnerabilities. This is always a tricky topic; if a government knows about security vulnerabilities, there is at least some chance some “bad actor” will, as well. While the government might want to hoard such knowledge, in order to be more effective at breaking into systems, there is at least some possibility that refusing to release information about the vulnerabilities could lead to them not being fixed, and therefore to various systems being comrpomised, resulting in damage to real lives. The US government appears to be rethinking their use and disclosure of vulnerabilities

There can be no doubt that America faces significant risk to our national security and public safety from cyber threats. During the past 25 years, we have moved much of what we value Continue reading

Worth Reading: A Request for Clarity

The other day I was researching a product for a blog I was writing. After twenty or so minutes on the Web page, I still had no clear idea what the product did or how it worked. Like a fortune teller reading entrails, it was up to me to make sense out of a bloody mess of the marketing grizzle strewn among the bones of “intent” “automation” and “machine learning.” And then I realized that was the point. If, like a fortune, a vendor’s language is broad enough and vague enough, it can. — Drew Conry-Murray @ Packet Pushers

On the ‘net: Three for the week

Because this is a short week, I’m going to combine three places I showed up on other sites recently.

The lessons of trying to prevent failures, rather than live with them, is something I saw this in my time in electronics, as well. World events conspired, at one point, to cause us to push our airfield equipment into operation 24 hours a day, 7 days a week, for a period of about 2 years. For the first 6 months or so, the shop was a very lazy place; we almost took to not coming in to work. We painted a lot of walls, kept the floor really shiny, reorganized all the tools (many times!), and even raised a few shops and sheds at various people’s houses. After this initial stretch, however, the problems started. Every failure turned into a cascading failure, taking many hours to troubleshoot and repair, and many replaced parts along the way. —ECI

I was also featured on the IT Origins series over at Gestalt IT.

A while back yet, but Shawn Zandi and I I also talked to Greg Ferro over at Packet Pushers about white box switching.

Letter from Ethiopia: Can We Use Technology to Help Privacy Evolve?

I’m writing from Addis Ababa, where the African Union’s Specialist Technical Committee on ICT is having its biannual conference. I won’t report on that, as it’s still happening, but I can report that some of the hallway conversations have been both interesting and reassuring.

The topic of privacy came up over coffee, of course – and I was glad to hear that it is not only seen as a key issue for technology and governance, but it’s also seen as being closely interconnected with issues of cybersecurity. As readers of the Internet Society’s blogs will know, we think so too. You can’t have good privacy if you don’t have good security tools, and you can’t have good security in the absence of privacy.

As you would expect in a continent with all of Africa’s rich diversity, the cultural and social approaches to privacy can also vary widely, and people face exactly the same challenges as elsewhere, about how to translate them into workable technical and governance solutions. Today I will have a few minutes to set out some thoughts on that, in one of the afternoon sessions. I plan to suggest that we keep asking the “why?” question. Why Continue reading

A Deep Dive Into NEC’s Aurora Vector Engine

We caught wind of the “Aurora” Vector Engine vector processor and the “Tsubasa” system from NEC that makes use of it ahead of the SC17 supercomputer conference, and revealed everything we could find out about the system and speculated a bit about how the underlying processor in the absence of real data. At the conference in Denver, NEC formally unveiled the Tsubasa system and its vector motors, and now we can tell you a bit more about them and how NEC stacks them up against CPUs and GPUs when it comes to floating point work.

Just to be consistent with

A Deep Dive Into NEC’s Aurora Vector Engine was written by Timothy Prickett Morgan at The Next Platform.

1 1,828 1,829 1,830 1,831 1,832 3,855