Configure a Highly-Available IPSec VPN tunnel on IOS

It is possible to configure Highly-Available IPSec VPN tunnel on IOS so that the SA information is replicated between the routers. This ensures that a potential failover will be transparent to users and it will not require adjustments or reconfiguration of any remote peers.

There are two protocols used to deploy this feature, HSRP and Stateful Switchover (SSO). HSRP is one of the First Hop Redundancy Protocols that provide network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from failures in network edge devices. The protocol monitors the interfaces so that if either interface goes down, the whole router is deemed to be down and the ownership of IKE and IPSec SAs is passed to the standby router (which now transitions to the HSRP active state). SSO allows the active and standby routers to share IKE and IPSec state information so both routers have enough information to become the active router at any time.

Before we take a look at the configuration, let’s have few words about our topology. The internal network (VLAN 146 below) configuration is outside the scope of this post, but it would be normally configured with a separate HSRP instance, tracking not Continue reading

A Deeper Look at Cisco’s SDN Certifications

It’s time to look in depth at one of the SDN certs in the market: Cisco’s Network Programmability certs. I’ve written about the emerging SDN certifications before, and will continue to update those certs as news appears. However, I’ve not yet blogged to any depth about any one certification here at SDNSkills.com. This post begins a new series that does exactly that with a deeper dive into one branch of SDN certifications: those currently offered by Cisco Systems.

Series Intro

The plan for this series is as follows: Work through some details about at least half of the 8 Cisco exams related to SDN (billed as network programmability by Cisco). I think half of them should be enough to get a sense for the whole, even if I don’t look at every single one of the eight exams. For each exam, I’ll look at the associated courses, the exam topics, take the exams, and write a summary of impressions. I’ll probably weave in and out of this topic over the coming months, hitting the first exam here in January.

 

SDN Market and Certifications Perspective

Some of you might already be thinking: Cisco and SDN? Isn’t SDN what Continue reading

Cisco Wireless Transmit Power Control

Power substation outside a VERY large data center in Atlanta,GA.

I’m going to start out by telling you something you probably already know. Every vendor has their own way of doing things. Sometimes it makes perfect sense, and other times you end up scratching your head wondering why that particular vendor implemented this feature or product. Since I have been spending a lot more time on wireless these days, I came across an issue that forced me to reconsider how transmit power control(TPC) actually works in a Cisco wireless deployment. I thought I would impart some of this information to you, dear reader, in the hopes that it may help you. If you spend a lot of time inside Cisco wireless LAN controllers, this may not be anything new to you.

The Need For TPC

If you have been around wireless long enough, you have probably dealt with wireless installs where all of the access points(AP) were functioning autonomously. While this isn’t a big deal in smaller environments, consider how much design work goes into a network with autonomous access points that number into the hundreds. It isn’t as simple as just deciding on channels and spinning all the access Continue reading

Updated Big Switch Labs

Just a quick note to say that Big Switch have updated their demo lab system. This is an entirely virtual lab environment that simulates a Big Switch network. You can try out both Big Cloud Fabric and Big Tap Monitoring Fabric.

The lab gives you full CLI & GUI access to a sandboxed environment, with controllers, leaf/spine switches, and endpoints. Big Switch have written a sample lab you can work through, to show off the features, but you’re not limited there. You’re free to try out whatever features you like.

If you’re interested in what they’re doing, I recommend signing up.

NB: Big Switch was a sponsor of NFD8. Usual disclaimer applies

Needs more Hitler

Godwin's Law doesn't not apply to every mention of Hitler, as the Wikipedia page explains:
Godwin's law applies especially to inappropriate, inordinate, or hyperbolic comparisons with Nazis. The law would not apply to mainstays of Nazi Germany such as genocide, eugenics, racial superiority, or to a discussion of other totalitarian regimes, if that was the explicit topic of conversation, because a Nazi comparison in those circumstances may be appropriate.
Last week, I wrote a piece about how President Obama's proposed cyber laws were creating a Cyber Police State. The explicit topic of my conversation is totalitarian regimes.

This week, during the State of the Union address, I compared the text of Mein Kampf to the text of President Obama's speech. Specifically, Mein Kampf said this:
The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation.
Obama's speech in support of his cyber legislation says this:
No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or Continue reading

Docker Networking 101 – Host mode

imageIn our last post we covered what docker does with container networking in a default configuration.  In this post, I’d like to start covering the remaining non-default network configuration modes.  There are really 4 docker ‘provided’ network modes in which you can run containers…

Bridge mode – This is the default, we saw how this worked in the last post with the containers being attached to the docker0 bridge.

Host mode – The docker documentation claims that this mode does ‘not containerize the containers networking!’.  That being said, what this really does is just put the container in the hosts network stack.  That is, all of the network interfaces defined on the host will be accessible to the container.  This one is sort of interesting and has some caveats but we’ll talk about those in greater detail below.

Mapped Container mode – This mode essentially maps a new container into an existing containers network stack.  This means that while other resources (processes, filesystem, etc) will be kept separate, the network resources such as port mappings and IP addresses of the first container will be shared by the second container.

None – This one Continue reading

PQ Show 43 – HP Networking – Beyond Traditional Network Management

This is the last in a series of podcasts sponsored by HP, all recorded at HP’s Discover conference in Barcelona, Spain in early December 2014. The series is made up of interviews and technical discussions with HP engineers and lab geeks about products in HP’s networking portfolio. Ken Gott, Product Line Manager, joins Chris Young, Senior Solutions […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post PQ Show 43 – HP Networking – Beyond Traditional Network Management appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Don’t Underestimate Your Users

The “consumerisation of IT” has an interesting side-effect. Historically people mainly used computers for work. But now that many people have smartphones, tablets and laptops at home, their perception and understanding of technology has shifted. Old assumptions about training required when upgrading applications or client operating systems may no longer apply.

This comment at The Register aligns with what I’m seeing:

…We’re at the point now where users are using Windows 8 at home and wondering why the work computer is so dated. It’s the perception of IT people that users can’t handle change holding up that change, not the ability of the users. At home that same set of users has managed quite well with updated versions of Office, updated Windows, iPads, Android tablets, Facebook, video messaging and various other completely new things. Somehow they coped without extensive training and therapy. From what I’ve seen, it’s actually IT staff who don’t like Windows 8 and are trying to keep users away from it…

I can recall being involved in Office upgrades just a few years ago, and being nervous about how that would be perceived. We were concerned that there would be major push-back, because the exact locations of the buttons Continue reading

Network Automation @Interop Vegas 2015

In case you are planning on attending Interop in Las Vegas this year, I’d like to let you know about my two sessions, both centered around emerging methodologies and technologies in the networking space. Practical Network Automation With Ansible and Python This is going to be a 3 hour workshop, aiming to be a practical look into network automation. I picked the topics that I have been working with most heavily in this space, and I think this workshop will be a great way to get up to speed with some down-to-earth network automation methodologies.

Network Automation @Interop Vegas 2015

In case you are planning on attending Interop in Las Vegas this year, I’d like to let you know about my two sessions, both centered around emerging methodologies and technologies in the networking space. Practical Network Automation With Ansible and Python This is going to be a 3 hour workshop, aiming to be a practical look into network automation. I picked the topics that I have been working with most heavily in this space, and I think this workshop will be a great way to get up to speed with some down-to-earth network automation methodologies.

Flexible SSL & WordPress: Fixing “Mixed Content” Errors

As many are aware, CloudFlare launched Universal SSL several months ago. We saw lots of customers sign up and start using these new, free SSL certificates. For many customers that didn’t already have an SSL certificate, they were able to use “Flexible SSL”.

Flexible SSL creates a secure (HTTPS) connection between the website visitor and CloudFlare and then an in-secure (HTTP) connection between CloudFlare and the origin server. For any site using absolute links to assets (i.e. javascript, css, and image files), this can lead to a “Mixed Content” error.

Mixed Content = Mixed Protocol

What is “Mixed Content”? This can be understood as mixed protocol. When the webpage is loaded over SSL (HTTPS protocol), most browsers expect all of the assets to be loaded over the same protocol. Some browsers will display an error about loading “insecure content” while others will just block the insecure content outright.

This error only applies to pages loaded over SSL, since the browser is working to make sure that secure pages only load equally secure assets.

Wordpress Plugin Updates

The latest version of the CloudFlare plugin for Wordpress works to resolve a lot of these errors by altering the protocol within the Continue reading

Netvisor Takes SDN Switching Mainstream with $50M Series D

We closed our Series D in financing right before Christmas. This is a $50M round lead by Temasek and Ericsson. Temasek is a $170B plus sovereign fund out of Singapore that is best described as Berkshire Hathaway of Technology. They were the people responsible forinvestments into Alibaba. This is important to understand that with Netvisor achieving success in Enterprise Datacenter and Private Cloud markets, the bigger players now believe that SDN switching and applications on Server-Switches is pretty real.

The finding is primarily to scale our business side and help sell more products, build support infrastructure and create a application group that can write more applications on Netvisor to exploit the world of programmable networks.

Netvisor as an Application Platform

The best way to explain this is to draw a parallel between Netvisor as a switch Hypervisor and Smartphone.

seriesD_pic1

When Apple released a IOS based smartphone, the world was full of small hardware devices like camera, GPS navigators etc. IOS (and later Android) become a software platform that allowed many applications to come of top of this platform.

seriesD_pic2

Netvisor is creating the same paradigm for datacenter switching. Today, you have a physical fabric, a separate Observability fabric (using TAPS and Continue reading

OSPF inter-area and intra-area routing rules

The following lab focuses on intra-area and inter-area route selection process. For the sake of clarity, I put the final conclusions first, wrapped in a table form, with some explanations to ponder upon, followed by the different lab cases used to check OSPF route selection rules. For each case, I used interface costs and states […]

OSPF inter-area and intra-area routing rules

The following lab focuses on intra-area and inter-area route selection process. For the sake of clarity, I put the final conclusions first, wrapped in a table form, with some explanations to ponder upon, followed by the different lab cases used to check OSPF route selection rules. For each case, I used interface costs and states […]

OSPF routing protocol

OSPF Open shortest path first is a dynamic routing protocol which creates a topology between the routers to distribute routing information inside an Autonomous system. If you are not familiar with OSPF, don’t worry ! In this article OSPF will be explained in great detail. Are you interested in design aspect of OSPF, many OSPF design examples will […]

The post OSPF routing protocol appeared first on Network Design and Architecture.

Ansible Adds Over 300 Customers in 2014

2014 was a great year for Ansible.

Ansible Highlights from 2014

  • Named SD Times #1 Company to Watch in 2015 and a Top 10 open source project in 2014 by Red Hat’s opensource.com.

  • The Ansible open source project has had over one million downloads in 2014.

  • O’Reilly released the preview of its first Ansible book (available on Ansible.com) with the full book due out in early 2015.

  • There are over 40 regular worldwide Ansible meetups, with new meetups popping up weekly around the world from Sydney to South Africa.

  • Over 600 people attended AnsibleFests in San Francisco, Austin & New York in 2014, and 400 people are expected at the first AnsibleFest London in February 2015.

  • Ansible Tower - Ansible’s enterprise IT automation solution - has been downloaded over 5,000 times and by 27 of the Fortune 100.

  • Ansible Tower is in production managing tens of thousands of servers, VMs and cloud instances across enterprise verticals that include financial services, government, high-tech manufacturing, education, web & e-commerce and media.

  • Ansible released three major upgrades of Ansible Tower in 2014, most recently adding capabilities for delivering self-service IT and HA for enterprise IT organizations.

  • Ansible released agentless support for Continue reading

ComputerWeekly: Ansible’s secret agentless route to IT automation

ComputerWeekly recently posted a great breakdown of Ansible's role in IT automation.

Ansible Inc (upper case) is a company that makes "agentless" orchestration and configuration management tools in the form of an automation engine designed to help deploy both applications and the wider software systems that they exist within.

The core technology proposition here is a developer play yes -- but it's also an opportunity for less technical users to get involved with IT automation because Ansible avoids the need to write custom scripts or code to manage applications.

Read the full atricle on ComputerWeekly

 

Open Source Networking

We’ve heard a lot of Software Defined Networking (SDN), Open Networking, APIs, and policy models over the past few months (and years).  There are days where it’s sickening to hear the term SDN, but even on those darkest days, the reality is that the network industry has a bright and open future.  In this post, I’m going to share a list of networking projects that I’m aware of that are not only open, but also open source.  It is definitely eye opening and extremely positive to see so much open source activity in the network industry.
Picture
From the movie Daylight starring Sly Stallone ++ Source: Flickfacts.com
OpenDaylight (ODL) – established in April 2013 is an open source Software Defined Networking (SDN) controller platform(s).  There are different controller platforms for different use cases.

OpenFlow (OF) – established in the late 2000s, the OpenFlow 1.0 release launched in December 2009.  The Open Networking Foundation took over the development (not actually coding) of OpenFlow when ONF formed in late March / early April in 2010.

Open vSwitch (OVS) – established in mid to late 2009 by the Nicira team to replace the standard Linux bridge.  It’s Continue reading
1 3,566 3,567 3,568 3,569 3,570 3,760