Check Point – Don’t Use the ‘Install On’ Column
I got caught out by Check Point’s “Install On” column recently. Most people don’t need this setting any more, but it’s still there for legacy reasons. Time to re-evaluate.
When you create a firewall policy using Check Point, you define the set of possible installation targets. That is, the firewalls that this policy may be installed on. When you compile & install policy, you can choose from this list of targets, and only this list.
Most organisations will only have one installation target per policy. But sometimes you want to have the same policy on multiple firewalls. This is pretty easy to do, and might make sense if you have many common rules.
But then you say “What if I had 30 common rules, 50 that only applied to firewall A, and another 50 that only applied to firewall B?” That’s where people start using the “Install On” column. This lets you define at a Continue reading
Video: End-to-End High Availability in Dual Stack Networks
One of the topics I discussed in the IPv6 High Availability webinar is the problem of dual-stack deployments – what do you do when the end-to-end path for one of the protocol stacks breaks down. Happy eyeballs is one of the solutions, as is IPv6-only data center (Facebook is moving in that direction really fast). For more details, watch the short End-to-End High Availability in Dual Stack Networks demo video.
The Two “Network As Code” Domains
You’ve probably heard the term “network programmability” at this point. You probably also heard it equated to anything to do with code, automation, and networking. This was not always the case. Network programmability really first hit the big time back in 2011 in the early days of the public OpenFlow discussion. That phrase was almost universally understood to be a data plane concept - because it was describing the revolutionary ideas brought up by abstracting away a forwarding pipeline.The Two “Network As Code” Domains
You’ve probably heard the term “network programmability” at this point. You probably also heard it equated to anything to do with code, automation, and networking. This was not always the case. Network programmability really first hit the big time back in 2011 in the early days of the public OpenFlow discussion. That phrase was almost universally understood to be a data plane concept - because it was describing the revolutionary ideas brought up by abstracting away a forwarding pipeline.SD-WAN with Viptela
Software Defined Wide Area Networking (SD-WAN) is bubbling up to be one of the prime use cases of SDN. The vendors that fall into the SD-WAN bucket often include Glue Networks, Nuage, Viptela, CloudGenix, VeloCloud, etc. As you dive into each of the solutions from the vendors, you may realize that some are truly unique technologically and some may just be offering a better way to manage existing wide area networking equipment (which is still a huge value add).
In this post, I’m going to give some background on what is driving me to deploy an SD-WAN solution. Follow up posts will cover the deployment a bit more technically.
Requirements
Since I now have equipment in a colo, moved into a new office, and of course, have the home office, I figured it may be a good idea to look at some of these SD-WAN technologies. In reality, my requirements have a mobile 4th site too that will be used when doing consulting and training onsite at customers to give dynamic site to site access just back to the colo.
To be perfectly honest, I didn’t have strict requirements – they are probably equivalent to those of a small IT Continue reading
OPNFV Targets ‘Spring’ for Arno, Its First Code Release
First Mission: Just get something done!
Structs in C
Back in March 2014 I wrote an app in Python that would log in and check various OSPF properties. When putting the data into a structure, I was limited both by knowledge and Python at the time. I ended up using a dictionary which worked rather well, but I was never 100% happy with it. … Continue reading Structs in CProduct Update :: CCIE Collaboration 8-Hour Mock Lab Workbook (Vol. 2)
We’re excited to announce the full-scale launch of our CCIE Collaboration 8-Hour Mock Lab Workbook (Vol. 2)! Written and tested by the world’s best Collaboration Instructor – Andy Vassar CCIE #22042 (Collaboration, Voice, and R&S), it’s a must have solution for any student that’s preparing for their Cisco Collaboration Certification.
Here’s what you get:
Five Complete 8-hour Mock Lab Scenarios
- Scenarios you’ll encounter during your actual lab!
Detailed Solution Guide (DSG):
- What to configure.
- Why you need to configure.
- What to look for when configuring your labs.
Web-based access to our workbooks
- Study on the go.
- Download PDF’s.
Pathway to success:
- Purchase your Volume 2 Workbook here today
- Purchase your rack rental vouchers
- Start preparing for your Lab Exam!
- Reserve a spot in a Collaboration 5-Day Bootcamp and get direct training from our world-class instructor Andy Vassar!
After you’ve purchased your CCIE Collaboration 8-Hour Mock Lab Workbook (Vol.2), don’t forget to reserve rack time with our CCIE Collaboration Rack Rental Vouchers – time slots book fast. Purchase your vouchers today!
Could IPv6 Drown My Wireless Network?
By now, the transition to adopt IPv6 networks is in full swing. Registrars are running out of prefixes and new users overseas are getting v6-only allocations for new circuits. Mobile providers are going v6-only and transition mechanisms are in place to ease the migration. You can hear about some of these topics in this recent roundtable recorded at Interop last week:
One of the converstaions that I had with Ed Horley (@EHorley) during Interop opened my eyes to another problem that we will soon be facing with IPv6 and legacy technology. Only this time, it’s not because of a numbering scheme. It’s because of old hardware.
Rate Limited
Technology always marches on. Things that seemed magical to us just five years ago are now antiquated and slow. That’s the problem with the original 802.11 specification. It supported wireless data rates at a paltry 1 Mbps and 2 Mbps. When 802.11b was released, it raised the rates to 5.5 Mbps and 11 Mbps. Those faster data rates, combined with a larger coverage area, helped 802.11b become commercially successful.
Now, we have 802.11n with data rates in the hundreds of Mbps. We also have 802. Continue reading