VRF Series Article 5 – Stateful Inter-Vrf connectivity
This is the fifth and final article in a series that focused on Segmenting Layer 3 Networks with VRFs. In the third article, we discussed creating a shared services VRF and using it within the otherwise segmented network. In that article I alluded to the fact that we would 
later cover a way to securely allow traffic to flow between security zones. That is the intent of this article.
In this article, I am going to attach two sub interfaces between asav-1 and Main. One will attach into data and the other into pci. We will apply a simple policy that denies all traffic from data to pci, but allows telnet from pci to data (bad security example, but easy to demonstrate).
Before we jump into the configuration, I want to share the entire topology and give a summary of the current configuration status.
Current Configuration
In the above topology, anything that starts with “data” is in the data VRF. Likewise, anything that starts with “pci” is in the pci VRF. Everything within a given VRF can communicate with everything else in that same VRF. Both pci and data can communicate with the shared VRF (test IP address is Continue reading
Convince your manager to send you to DockerCon
Has it sunk in yet that DockerCon is in roughly 2 months? That’s right, this year we gather in April as a community and ecosystem in Austin, Texas for 3 days of deep learning and networking (with a side serving of Docker fun). DockerCon is the annual community and industry event for makers and operators of next generation distributed apps built with containers. If Docker is important to your daily workflow or your business, you and your team (reach out for group discounts) should attend this conference to stay up to date on the latest progress with the Docker platform and ecosystem.
Do you really want to go to DockerCon, but are having a hard time convincing your manager on pulling the trigger to send you? Have you already explained that sessions, training and hands-on exercises are definitely worth the financial investment and time away from your desk?
Well, fear not! We’ve put together a few more resources and reasons to help convince your manager that DockerCon 2017 on April 17-20, is an invaluable experience you need to attend.
Something for everyone
DockerCon is the best place to learn and share your experiences with the industry’s greatest minds and the guarantee Continue reading
Telefónica Selects Huawei for Virtual EPC Network in 13 Countries
Fulfilling its promise to work with a variety of virtualization vendors.
Looking Ahead: My 2017 Projects
For the last few years, I’ve been sharing my list of projects for each year (here’s the list for 2012, the list for 2013, 2015’s list, and last year’s list—I didn’t do a list for 2014). Toward the end of each year, I also publish a “report card” assessing my performance against that year’s list (here’s the 2016 assessment). In this post, I’m going to share my list of planned projects for 2017.
Without further ado, here’s the list for 2017:
-
Finish the network automation book. One way or another, the network automation book I’m writing with Jason Edelman and Matt Oswalt is getting finished in 2017. (It’s available now as an Early Access edition if you’d like to give it a look and provide some feedback.)
-
Launch an open source book project. This is something I’ve been tossing around for a while now. Since my efforts at making code contributions to an open source project aren’t going so well (though I’m going to keep moving in that direction), I figured I’d contribute in a way I know I can do. This is going to be a “cookbook”-style book, and the goal I’m setting Continue reading
Ciena COO to Take the Reins at F5
François Locoh-Donou has an optical networking background.
VRF Series Article 4 – VRF-lite in a DMVPN Network
As we’ve progressed through the Segmenting Layer 3 Networks with VRFs series, we have continued to build out a network that looks more like what we would see within an enterprise environment. This post takes it one step further and leverages the DMVPN (dynamic multipoint VPN) functionality to extend the network securely over the public
Internet. In the examples here, we actually go one step beyond a typical DMVPN and map VRFs to tunnels using the tunnel key. This allows the pci and data VRFs to maintain isolation across the VPN.
One more thing that we will do that isn’t related to the core requirement of segmenting pci from data is leveraging a F-VRF (or front side vrf) on the DMVPN routers to isolate the Internet facing interfaces that connect them to the public cloud. This is my preferred method for DMVPN deployment if I’m not doing split tunnelling (i.e. I am back-hauling all traffic to a central location).
As a prerequisite, I will go ahead and build out the Internet router and the interface on Main that connects to DMVPN-hub.
Internet
hostname Internet interface gig2 description to DMVPN-hub ip address 1.1.1.1 255.255.255. Continue reading
Keysight to Acquire Ixia for $1.6B
Ixia fills a portfolio gap for Keysight.