Enterprise Network on GNS3 – Part 2 – Access Layer

This is the second from the series of the articles that discuss a complete configuration of the enterprise network. Our enterprise campus network consists of the core, distribution and access layer. This network infrastructure design is called a three-tier network model. Each layer has specific function. The access layer provides access for end users to the network . They are two access switches located inside the access layer. The access switches OpenSwitch-Acc-I and OpenSwitch-Acc-II are OpenSwitch Qemu appliances installed on VMware VMDK disks. The switches run OpenSwitch network OS version 0.4.0 and they have assigned 1024 MB memory by GNS3. More details about building OpenSwitch appliance prior to version 2.0 can be found here.

The ports Ethernet 3 a and 4 on both switches are configured as access ports and they connect PC1 and PC4 to the campus network. The ports Ethernet 1 and Ethernet 2 are uplinks that connect access switches to the distribution switches. They are configured as trunk ports, carrying traffic from multiple VLANs. Thanks to redundant uplink connection, the access switches remain connected to the upper layer, even in case of the failure one of the distribution switches.

Picture 1 - Access Switches Connected Continue reading

What is last mile and first mile ?

What is last mile and first mile ? This is an important telecommunication term which is used in all broadband communication methods. In this post, I will explain the term, differences and some detail about this term.   In fact, last mile and the first mile is the same thing.   The link between the […]

The post What is last mile and first mile ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Upcoming Webinars and Events

Here’s the list of webinars and events planned for October and November 2017:

Hint: you get access to all live webinar sessions, and 170 hours of downloadable videos with ipSpace.net subscription.

Microcell through a mobile hotspot

I accidentally acquired a tree farm 20 minutes outside of town. For utilities, it gets electricity and basic phone. It doesn't get water, sewer, cable, or DSL (i.e. no Internet). Also, it doesn't really get cell phone service. While you can get SMS messages up there, you usually can't get a call connected, or hold a conversation if it does.

We have found a solution -- an evil solution. We connect an AT&T "Microcell", which provides home cell phone service through your Internet connection, to an AT&T Mobile Hotspot, which provides an Internet connection through your cell phone service.


Now, you may be laughing at this, because it's a circular connection. It's like trying to make a sailboat go by blowing on the sails, or lifting up a barrel to lighten the load in the boat.

But it actually works.

Since we get some, but not enough, cellular signal, we setup a mast 20 feet high with a directional antenna pointed to the cell tower 7.5 miles to the southwest, connected to a signal amplifier. It's still an imperfect solution, as we are still getting terrain distortions in the signal, but it provides a good Continue reading

Ruby Quick Reference

Best Practices Ruby Style Guide Rails Testing Best Practices Comment Variable String Stings are mutable in Ruby HERE Doc HERE are used for multi-line strings Symbol Symbols are similar to strings except they are immutable Integer Boolean Array Hash # New syntax - Ruby >= 1.9 For Loop #...continue reading

Ansible AWX Part 1

Ansible AWX is the upstream open source project to Ansible Tower. This is the first part of a series on Ansible AWX. In this part we will install Ansible AWX. Code versions used for this post Centos 7 - minimal 1705.02 (vagrant box) Python - 2.7.13 Ansible - 2.4.0 docker - 1.12.6 ...

Why Cisco Catalyst 9K is so special ?

Well today I am going to talk about the new Switches which Cisco introduces in July 2017. These are very much powerful switches and going to replace Cisco 3850 and Cisco 4500 Switches with more innovation and high qualities.

I already wrote two articles on Cisco catalyst 9K series switches and articles are below

Cisco Catalyst 9300 Switch
Cisco Catalyst 9400 Switch

Now the question is Why Cisco Catalyst 9K is so special ?
Cisco Catalyst 9K is a next Generation platform switches introduces to support DNA infrastructure which Cisco just came up this year. Cisco comes up with the innovation and below are the support features set up in Cisco Catalyst 9K Switches.

  • IOT devices convergenceCoAP / IoT Device profiling, Perpetual PoEIEEE 1588 / AVB and Emerging Standards: MUD
  • Mobility Device Features : Fabric Enabled Wireless, Embedded WLC, Distributed Wireless Scale, Unified Control & Policy with Wired & Wireless Guest
  • Security : Encrypted Traffic Analytics; 256bit MacSec / IPSec; Trustworthy Systems; Group based policy; Full Netflow for StealthWatch
  • Open to Cloud: DevOps Toolkit; Netconf/Yang Models; Streaming telemetry; Patching/GIR and Application Hosting.
  • IOS Features : Open IOS-XE with UDAP 2.0 features best in industry.
Fig 1.1- Cisco Continue reading

Go Hack Nights at Cloudflare

At Cloudflare we're extensively using the Go programming language to build a better Internet. Go is a free and open source programming language created by Google in 2007 and open sourced in 2009. Earlier this year, Go made news when it entered the list of top 10 programming languages on the TIOBE Index.

Our inaugural Go Hack Night

Recently we launched an internal monthly Go Hack Night at our San Francisco office, open to anyone who works at Cloudflare regardless of their department or position. Anyone from newbie programmers to our most experienced Go engineers are encouraged to attend, and experienced engineers are asked to throw on a mentor badge and help guide colleagues with installing and learning Go.

We had over 30 attendees at our inaugural Go Hack Night, and our survey reveals some great stats:

  • 26% of attendees were completely new to programming
  • 61% of attendees were experienced in other languages but new to Go
  • Every attendee said they learned something!

We actively encourage an inclusive learning culture and we're super excited to make the Go programming language more accessible to our entire company.

If you're interested in working with Go and helping to build a better Internet, we're hiring!

P.S. if Continue reading

Cisco POE, POE+ and UPOE introduction

Today I am going to talk about Cisco UPOE. Before we are going to discuss about the Cisco UPOE we will run through POE and POE+

Cisco POE : Cisco POE means Power over Ethernet by which you can provide the power to the endpoint in the LAN infrastructure. So now question is where and why we required POE in the LAN infrastructure. Well sometimes we have the infrastructure where we have some power issues or cabling issues while extending the power to the IP phones. The best to provide the power via LAN network POE switch.

Fig 1.1- Basic POE Switch connected with IP Cameras


IP telephones need power for operation, and Power over Ethernet supports scalable, manageable power delivery and simplifies IP telephony deployments. As wireless networking emerged, Power over Ethernet began powering wireless devices in locations where local power access did not exist.

As per the Cisco offers a comprehensive range of 802.3af-based Power over Ethernet support across the Cisco Catalyst Intelligent Switching portfolio which includes both 10/100/1000 and 10/100 PoE LAN connections, including a 96-port 10/100 PoE module for the Cisco Catalyst 6500 Switch.

Fig 1.2- POE switch with IP-Phones

Well Cisco 802. Continue reading

A New Cybersecurity Strategy for Europe

October is European Cybersecurity Month, an annual advocacy campaign to raise awareness of cyber risks among citizens and businesses, and to share best practices in cybersecurity. This year’s campaign was launched at an event in Estonia, a country which both holds the current Presidency seat of the European Council and is well known as being highly cyber aware and digitally savvy.

It is fitting, therefore, that it is under Estonia’s Presidency that the European Commission announced a number of initiatives last month aimed at stepping up the European Union’s cybersecurity capacity and response to cyber attacks, while laying the foundations for increased cyber awareness and better cyber hygiene overall.

This EU’s Cybersecurity Strategy is a welcome initiative, as we already know that the overall cyber threat level is rising. At Cloudflare, we deal with a new type of DDoS attack every 3 minutes, and it has been that way for the last 6 months. This year alone, we've seen a DDoS attack that peaked at 300 Mpps and another at 480 Gbps. Furthermore, as DDoS mitigation companies like Cloudflare have become adept at handling 'traditional' DDoS attacks, the attackers have also adapted and increasingly try out new techniques.

A holistic Continue reading

Introduction to Sophos XG Firewalls

Today I am going to talk about the Sophos Firewall. The article is basically an introduction to the firewalls by Sophos. I am not taking all segment firewalls here and will take you through for Sophos XG firewall series in this article.

Sophos XG Firewall brings a fresh new approach to the way you manage your rewall, respond to threats, and monitor what’s happening on your network. Get ready for a whole new level of simplicity, security and insight. 

Sophos XG Firewalls provide the unified policy and provide you the single pane of glass to manage, view, filter of the users on the basis of the traffic flow, application used and other stuff in a single screen, I knew we have other firewalls in this segments who are doing the same. Looking what NGFW is doing now a days, all vendors are working hard to make the innovation in this segment. Palo-Alto and Cisco NGFW are head to head in this space. I am so impressed with the Cisco NGFW and Palo-Alto feature sets what they are providing to their customers.

Here, I am not going to talk about the Cisco NGFW or Palo-Alto as this article is basically Continue reading

All Of Ethan’s Podcasts And Articles For September 2017

Here’s a catalog of all the media I produced (or helped produce) in September 2017.

Packet Pushers Weekly Podcast

Packet Pushers Priority Queue Podcast

Datanauts Podcast

EthanCBanks.com

Newsletters

I closed down the Hot Aisle newsletter after months of struggling to know what to do with it. Originally, the Hot Aisle was a way for me to express my individual voice about networking, design, emerging trends, and the IT industry without necessarily having that opinion attached to Packet Pushers, my company. It was also an unsponsored newsletter, which I felt was a nice thing to be able to Continue reading

All Of Ethan’s Podcasts And Articles For September 2017

Here’s a catalog of all the media I produced (or helped produce) in September 2017.

Packet Pushers Weekly Podcast

Packet Pushers Priority Queue Podcast

Datanauts Podcast

EthanCBanks.com

Newsletters

I closed down the Hot Aisle newsletter after months of struggling to know what to do with it. Originally, the Hot Aisle was a way for me to express my individual voice about networking, design, emerging trends, and the IT industry without necessarily having that opinion attached to Packet Pushers, my company. It was also an unsponsored newsletter, which I felt was a nice thing to be able to Continue reading

Arista’s Programmability Strategy

Arista is largely known for its operating system, best known as EOS. Arista has been known to deploy new features at a more rapid pace than other vendors and to have a more open OS–since EOS was the first production-grade network network operating system to expose any form of Linux to end users.

Because of this, I believe it’s perceived Arista has a better programmability strategy than other vendors. From what I can tell, it is not the case. However, given a few features Arista has in EOS, it makes programming EOS a bit easier than other platforms. Let’s take a look.

At Network Field Day 16, Arista reviewed their programmability strategy. There were 5 core components reviewed:

  1. EAPI
  2. OpenConfig
  3. NetDB Streaming
  4. Turbines
  5. EosSdk

Arista Programmability Strategy

Before diving into each of these, I’ll first point out that when I look at “OS programmability,” what is important [to me] is device-level programmability (not controllers or streaming capabilities–those are important topics, but should be covered on their own). Programmability is the ability to program change on a device, isn’t it? Now let’s look at the 5 components in Arista’s strategy.

EAPI - it’s a great API for learning to program an EOS switch. This Continue reading

Arista’s Programmability Strategy

Arista is largely known for its operating system, best known as EOS. Arista has been known to deploy new features at a more rapid pace than other vendors and to have a more open OS–since EOS was the first production-grade network network operating system to expose any form of Linux to end users.

Because of this, I believe it’s perceived Arista has a better programmability strategy than other vendors. From what I can tell, it is not the case. However, given a few features Arista has in EOS, it makes programming EOS a bit easier than other platforms. Let’s take a look.

At Network Field Day 16, Arista reviewed their programmability strategy. There were 5 core components reviewed:

  1. EAPI
  2. OpenConfig
  3. NetDB Streaming
  4. Turbines
  5. EosSdk

Arista Programmability Strategy

Before diving into each of these, I’ll first point out that when I look at “OS programmability,” what is important [to me] is device-level programmability (not controllers or streaming capabilities–those are important topics, but should be covered on their own). Programmability is the ability to program change on a device, isn’t it? Now let’s look at the 5 components in Arista’s strategy.

EAPI - it’s a great API for learning to program an EOS switch. This Continue reading

Your Docker Agenda for JavaOne

If you are one of the thousands that will be in San Francisco for JavaOne Oct 1-5th, don’t miss the opportunity to level-up your knowledge around container technology and Docker Community and Enterprise Edition. We’ve listed our must-attend sessions below:

Monday, October 2nd

Monday, Oct 02, 11:00 a.m. – 11:45 a.m. | Java in a World of Containers [CON4429]

Speakers: Paul Sandoz and Mikael Vidstedt, Oracle

This session explains how OpenJDK 9 fits into the world of containers, specifically how it fits with Docker images and containers. The first part of the session focuses on the production of Docker images containing a JDK. It introduces technologies, such as J-Link, that can be used to reduce the size of the JDK and discusses the inclusion of class-data-sharing (CDS) archives and ahead-of-time (AOT) shared object libraries. The second part describes how the Java process can be a good citizen when running within a Java container and obeying resource limits. The presentation also covers the role of CDS archives and AOT shared object libraries that can be shared across running containers to reduce startup time or memory usage.

 

Tuesday, October 3rd

8:30 a.m. – 10:30 a.m. |   Continue reading

Not Rolling the KSK

Until a few days ago the intention was to roll the KSK of the root zone of the DNS on the 11th October, altering the root to trust used by DNSSEC for all DNSSEC-validating DNS resolvers. However, earlier this week, ICANN announced the postponement of this key roll.
1 1,893 1,894 1,895 1,896 1,897 3,852