CCDE – Introduction to GET VPN and GET VPN Design Considerations

Introduction to GET VPN

GET VPN is a Cisco proprietary technology aimed for private WAN designs where there is a need to encrypt the traffic. This may be due to regulatory requirements or just a need to keep traffic private. GET VPN is common deployed over private WAN topologies such as MPLS VPN or VPLS.

GET VPN uses IPSec to encrypt the traffic but the main concept of GET VPN is to use group security association (SA) as opposed to the standard LAN to LAN tunnels where the SA is created in a point to point fashion.

Technologies such as DMVPN requires overlaying a secondary routing infrastructure through the tunnels while GET VPN can use the underlying routing infrastructure. Traditional point to point IPSec tunneling solutions suffer from multicast replication issues because the replication must be performed before tunnel encapsulation and encryption at the router closest to the source. The provider will see all traffic as unicasts due to the overlay which means that replication can not performed in the provider network.

In GET VPN, all group members (GMs) share a common SA which is also known as the group SA. A GM can then decrypt traffic that was encrypted Continue reading

The Cure for Network Downtime is Not Just Technology

Design and tune your network all you want. But if your company doesn’t also have a culture of high availability, your High Availability and Fast Convergence is not complete.

**This blog is a formatting cleanup and update to a previous blog I posted in 2011 on NetworkWorld.

You just finished watching a CiscoLive session from the online CiscoLive On Demand Library and now you want to run and start figuring out the alphabet soup of choices and decisions that is High Availability (HA) and Fast Convergence (FC) – NSR, NSF, GR, BFD, SSO…

Happens all the time whether it be from reading, classes, discussions with fellow engineers, or in my backyard in the Cisco Customer Proof of Concept lab (CPOC)… You take the proverbial magnifying glass and pair it up with your new found knowledge and proceed to give your network a good looking at while asking the question:

“What can be done with this network so that when a failure occurs the transition from failure to recovery happens as quickly as possible?” 

 

So once you figure that out for your network, and implement changes, you are done.  Right?  My opinion?  No, no, no and Continue reading

Building an OpenStack home lab – Installing OpenStack

If you’ve made it this far, hopefully you’ve already completed steps similar to those outlined in my previous two posts…

The Lab
Prepping the VMs

If you have, we’re now ready to start installing OpenStack itself.  To do this, I’ve built a set of installation scripts.  All of the files are out on Github…

https://github.com/jonlangemak/openstackbuild

I suggest you pull them from there into a local directory you can work off of.  There is a folder for each VM that needs to be built and each folder has a file called ‘install’.  This file contains all of the steps required to build each on one of the three nodes.  The remaining files are all of the configuration files that need to change in order for OpenStack to work in our build.  We’ll be copying these files over to the VMs as part of the install.

A couple of notes before we start…

-The beginning of each each install file lists all of the packages that need to be installed for this to work.  I suggest you start the package install on each VM at the same time as it can take some time Continue reading

Hackers of two Ukrainian utilities probably hit mining and railroad targets, too

The attackers who crippled Ukrainian power operators in December probably committed attacks shortly before against a mining company and a railway operator, Trend Micro said Thursday.The security company said its latest technical research shows that the same malware -- dubbed BlackEnergy and KillDisk -- were probably used in the earlier actions. It didn't name the targets of those attacks, which took place in November and December."There is remarkable overlap between the malware used, infrastructure, naming conventions, and to some degree, the timing of use for this malware," wrote Kyle Wilhoit, a senior threat researcher.To read this article in full or to leave a comment, please click here

NextNine’s security platform helps to reduce industrial cyber risks

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  In October 2012, then-U.S. Secretary of Defense Leon Panetta gave a speech in which he warned that the United States was facing the possibility of a “cyber Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government. According to Panetta, the nation's adversaries have been acquiring technologies that could allow an aggressor nation or extremist group to gain control of critical infrastructure. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”To read this article in full or to leave a comment, please click here

VMware narrowing SDN gap with Cisco

VMware is closing the SDN gap with Cisco ever so slightly. Last fall saw Cisco with a 2:1 edge in customer adoption but the most recent numbers fall just a hair below 2:1.Even though Cisco’s second fiscal 2016 quarter saw switching revenue decline 4% and data center revenue dip 3% due to a pause in customer spending, the company actually gained Nexus 9000 and ACI customers in the quarter.To read this article in full or to leave a comment, please click here

Big Data as a Service delivers the analytics benefits without the grunt work

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

As organizations work to make big data broadly available in the form of easily consumable analytics, they should consider outsourcing functions to the cloud. By opting for a Big Data as a Service solution that handles the resource-intensive and time-intensive operational aspects of big data technologies such as Hadoop, Spark, Hive and more, enterprises can focus on the benefits of big data and less on the grunt work.

The advent of big data raises fundamental questions about how organizations can embrace its potential, bring its value to greater parts of the organization and incorporate that data with pre-existing enterprise data stores, such as enterprise data warehouses (EDWs) and data marts.

To read this article in full or to leave a comment, please click here

Einstein was right: Gravitational waves exist!

A ripple in the space-time continuumIn one of the great astronomical discoveries scientists today said they made direct observation of gravitational waves -- ripples in space-time foretold by Albert Einstein 100 years ago. Physicists said the detected gravitational waves were produced during the final fraction of a second of the merger of two black holes – that were about 29 and 36 times the mass of the sun, to produce a single, more massive spinning black hole. This collision which happened about 1.3 billion years ago, had been predicted but never observed, according to the National Science Foundation. The gravitational waves were detected on Sept. 14, 2015 at 5:51 a.m. EDT by both of the twin Laser Interferometer Gravitational-wave Observatory (LIGO) detectors, located in Livingston, La., and Hanford, Wash.To read this article in full or to leave a comment, please click here

A glance into host routes: Tenant networking & routing using Neutron (Openstack)


Software Defined Networks (SDN) and solutions have been making a lot of noise for a few years now. Rather slowly the networking industry has begun to notice this and affect change. Not only this but SDN has also become a pioneer - a big brother - a guide persona to other complementary technologies. We now have Software Defined - Storage, Data Center, Infrastructure and so on. It's Software Defined "everything" and Software Defined "anything". Software is slowly invading the big hardware only players and the sole reason being ease of customization and lower both; capex and opex. Networking in particular is very volatile and extremely configurable.

The neutron project of openstack is also fairly customizable bringing complexity with it. I recently ran into a requirement of having isolated networks talk to each other as well as some specific networks though isolated having access to the outside world (be it outside the cloud or the company WAN). This is what's giving rise to this particular blog post. I will lay out the premise of the discussion and then explain the solution. For networking experts out there, this might seem fairly obvious. I would suggest you stop right here and jump over Continue reading
1 3,142 3,143 3,144 3,145 3,146 3,841