GRE over IPSec Tunnel Between Cisco and VyOS

The previous tutorial shown GRE tunnel configuration between Cisco router and Linux Core. The big advantage of GRE protocol is that it encapsulates L3 and higher protocols inside the GRE tunnel so routing updates and other multicast traffic can be successfully transferred over the tunnel. The main drawback of GRE protocol is the lack of built-in security. Data are transferred in plain-text over the tunnel and peers are not authenticated (no confidentiality). Tunneled traffic can be changed by attacker (no integrity checking of  IP packets). For this reason GRE tunnel is very often used in conjunction with IPSec. Typically, GRE tunnel is encapsulated inside the IPSec tunnel and this model is called GRE over IPSec.

The tutorial shows configuration of OSPF routing protocol, GRE and IPSec tunnel on Cisco 7206 VXR router and appliance running VyOS network OS. Devices are running inside GNS3 lab an they are emulated by Dynamips (Cisco) and Qemu (VyOS).

Picture1-Topology

Picture 1 - Topology

Note: VyOS installation is described here. You can easily build your own VyOS Qemu appliance using the Expect and Bash script shared in the article.

1. R3 Configuration

R3(config)# interface gigabitEthernet 1/0
R3(config-if)# ip address 1.1.1.1 255.255.255.0
R3(config-if)# no shutdown

R3(config-if)# interface gigabitEthernet 0/0
R3(config-if)# ip Continue reading

Juniper NXTWork 2015

  Coming this November, Juniper has finally jumped into the Customer Summit bandwagon.  This is something that has been asked for for many years now, a way for Juniper customers and advocates to get together and talk Juniper.  This event will allow you to connect with your peers in the industry, meet current and potential […]

The post Juniper NXTWork 2015 appeared first on Fryguy's Blog.

Manchester, UK: CloudFlare’s 63rd data center

Our new point of presence in Manchester, UK brings the CloudFlare network to 63 points of presence across 33 countries. In other words, the sun never sets across the CloudFlare network. Our data center in Manchester also admits the United Kingdom into a small club of countries with more than one CloudFlare data center, including the US, China, Japan, Australia, Germany, and France.

As of yesterday, traffic from the majority of Internet users in Northern England is now mere milliseconds away. More importantly, our Manchester and London data centers allow for redundancy and content localization within the UK for all of our customers.

In homage

The city of Manchester has made more than its fair share of technical contributions over the years. It is the city where Rolls met Royce (their first car drove off the line of their Manchester factory in 1904), and is also home to the first modern computer. The computer, nicknamed "Baby", was built at The University of Manchester using technology developed for WWII communications equipment, and ran the world's first stored program at 11am on Monday 21st June, 1948.

It is fitting, then, that in the last three years there has been a concerted effort Continue reading

Arista launches new security feature to cover growing East-to-West data center traffic

Five years ago, almost all of the traffic in a data center moved in a North-South direction. Traffic moved from one server through the different tiers of a network, passed through the core, and then up to another server. Enabling security and application optimization services with this model was fairly simple. Put a big, honking firewall or ADC in the core of the network and all traffic would pass through these devices.However, the past few years have seen an explosion in East-West traffic, primarily driven by servers and virtual machines (VMs) talking to each other and to database systems, storage systems, and other applications in the data center. Typically, East-West traffic never passes through the core of the network, where it can have the benefit of security inspection. Also, the volume of East-West traffic is rapidly becoming a much higher percentage relative to North-South. This makes it easier for a piece of malware that may have breached an unpatched server to spread laterally. To read this article in full or to leave a comment, please click here

Gartner: Top 10 strategic predictions that could shake up IT

ORLANDO-- The robots decidedly have it. They will help run businesses, make decisions for you and maybe even be your boss. Those were just some of the predictions put forth by Gartner vice president Daryl Plummer at the consultancy’s always interesting prediction of future IT technology directions. +More on Network World: Gartner: IT should simplify security to fight inescapable hackers+ “Robots are beginning to rise – don’t think Terminator robots – but smart robots that will have the ability to learn things better, faster,” PlummerTo read this article in full or to leave a comment, please click here

When it comes to security, trust but verify

ORLANDO -- It's time to rethink a bunch of security truisms, Gartner analysts said at the company's annual Symposium/IT Expo here this week.The security rules companies have relied on for decades are ready for retirement. These include: Prevention is better than cure, humans are the weakest link, and access should be limited to just an employee needs to do his or her job. These old saws have been "exploded" by today's tech trends, said Tom Scholtz, Gartner research vice president.[ Get the latest tech news with Computerworld's daily newsletters ] For one thing, employees are now mobile, digitally literate, embrace new tools without fear and expect access to whatever they need from wherever they're working.To read this article in full or to leave a comment, please click here

Machines will learn just like a child, says IBM CEO

ORLANDO – Technology is shifting to intelligent machines with a capability to reason, said IBM Chairman and CEO Virginia Rometty. These machines won't replace humans, but will augment them. It is a technology that will transform business, she said.This technology is the basis of IBM's work on Watson, its cognitive or thinking system.Rometty, interviewed Tuesday by Gartner analysts at the research firm's Symposium ITxpo, said cognitive systems understand not only data, but unstructured data, which includes images, songs, video, and then goes a step further: "They reason and they learn."To read this article in full or to leave a comment, please click here

Snowden talks about secret smartphone spying Smurfs, coming home to go to prison

During the BBC’s Panorama series “Edward Snowden: Spies and the Law,” which is not viewable per say from the US, Snowden discussed how intelligence agencies “want to own your phone instead of you.” The topic of hacking smartphones for surveillance starts about nine minutes into the interview as Snowden revealed the GCHQ’s “Smurf Suite.”“Dreamy Smurf is the power management tool,” explained Snowden, “which means turning your phone on or off without you knowing.” Yes, it can control the power even if your phone is off.“Nosey Smurf is the hot-miccing tool. So, for example, if it’s in your pocket they can turn the microphone on and listen to everything that’s going on around you.” Yes, “even if your phone is switched off because they’ve got the other tools for turning it on.”To read this article in full or to leave a comment, please click here

U.S. Critical Infrastructure Continue to Make Risky IT Bets

When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary, Leon Panetta, was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.  Panetta stated:’An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical (railroad) switches…they could derail passenger trains or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities or shut down the power grid across large parts of the country.”  To read this article in full or to leave a comment, please click here

Arista adds security to cloud software

Arista Networks this week extended its controller software with the ability to activate firewalls and application delivery controllers for workloads and workflows across its switches.The company’s Macro-Segmentation Services (MSS) is a feature of the company’s CloudVision software, which maintains a database of network state. MSS works across Layer 2 and 3 topologies and network virtualization overlays to insert security services for data centers with physical and virtualized workloads, extending the separate capabilities of virtualization hypervisors with micro-segmentation, and physical firewalls.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Counter cybersecurity threats with a human-machine dual strategy

Earlier this year, the 3.5-hour outage at the New York Stock Exchange (NYSE) raised a lot of eyebrows in the IT community. Opinions about the cause of this outage, including my own, came out of the woodwork despite official statements claiming "technical issues" following a software update. I have to ask: Would the NYSE really perform a software update on a production system first thing Wednesday morning?While I can't rule out a hack on the NYSE, the situation sparks another discussion: Was human error to blame?To read this article in full or to leave a comment, please click here

How to chat up Department of Homeland Security about DDoS attacks

The Department of Homeland Security's Science & Technology Directorate later this month will hold an hour-long Twitter chat to discuss the United States' plan to protect its networks against distributed denial-of-service attacks.The US, along with China, are the top targets for those who would disrupt networked machines and networks by bombarding them with traffic, according to security vendor Kaspersky Lab.You're invited to join @dhsscitech on Wednesday, Oct. 21 from noon to 1 p.m. EST for the conversation. Submit questions and comments about DDoS before, during or after the chat and use the #STTechTalk hashtag to engage in the discussion.To read this article in full or to leave a comment, please click here

1 3,294 3,295 3,296 3,297 3,298 3,840