27 – Bis-Bis – Stateful Firewall devices and DCI challenges – Part 1 (cont)

Back to the recent comments on  what is “officially” supported or not ?

First of all, let’s review the different Firewall forwarding mode officially supported

ASA cluster  deployed inside a single data center:

Firewall forwarding mode within single DCFig.1 Firewall forwarding mode within a single DC. Please note the firewall routed mode supported with the Layer 2 load balancing (LACP) Spanned Interface mode.

When configured in Routed mode (e.g. default gateway for the machines), the same ASA identifiers IP/MAC are distributed among all ASA members of the cluster. When the ASA cluster is stretched across different locations, the Layer 2 distribution mechanism facing the ASA devices is achieved locally using pair of switches (usually leveraged the a Multi-chassis EthernetChannel technique such as VSS or vPC).

Subsequently the same virtual MAC address (ASA vMAC) of the ASA cluster is duplicated on both sites and as the result it hits the upward switch from different interfaces.

 

 

 

 

 

 

 

 

 

 

Fig.2 ASA and duplicate vMAC address

When the ASA cluster runs the firewall routed mode with Spanned interface method, it breaks the Ethernet rules due to the duplicate MAC address, with risks of affecting the whole network operation. Consequently Continue reading

SDN Router @ Spotify on Software Gone Wild

Imagine you need a data center WAN edge router with multiple 10GE uplinks. You’d probably go for an ASR or a MX-series router, right? How about using a 2 Tbps ToR switch and an SDN solution to make it work with full Internet routing table?

If you happen to have iTunes on your computer, please spend 10 seconds rating the podcast before you start listening to it. Thank you!

Read more ...

The Importance of Product Education

brainI learned something new this afternoon. While other users of this product were already aware of it, I was not. This is something that is specific to the Wi-Fi community, but there is a larger point affecting all practitioners of technology that I will attempt to illustrate in this post.

The Problem

I have been doing a lot of wireless surveys lately. These particular surveys have been large enough to require two engineers to be on site. We’ll divide up the location by floors or sections in order to get the job done in less time. These particular surveys are in place assessments, so we aren’t putting survey AP’s up on poles and measuring signal strength, determining attenuation of walls, etc. We’re simply measuring the signal of all AP’s in place and making recommendations based on the requirements of the business(e.g. moving to support voice at 5GHz or location based services). In addition to using a survey tool, which in our case is Ekahau’s Site Survey, we are also doing spectrum analysis at various points within the given facility with Metageek’s Wi-Spy DBx hardware and Chanalyzer software.

The spectrum analysis portion is where my problem resided. I happen to have a pair Continue reading

Golang for Network Ops

I get asked quite often where the traditional network engineer / network ops should start if they want to broaden their horizons with better code hacking skills or they have spent the last 20 years using Perl scripts or more recently Python and need a change. The answer is easy, Golang. At Socketplane, we all ditched the past couple of ... The post Golang for Network Ops appeared first on NetworkStatic | Brent Salisbury's Blog.

...

Show 221 – Marriott, Wifi, + the FCC with Glenn Fleishman & Lee Badman

A funny thing happened on Twitter a week or so ago. I saw this message from Glenn Fleishman. If anyone wants me on a podcast to explain why Marriott wants the FCC to give it license to block personal hotspots, let’s talk. — Glenn Fleishman (@GlennF) January 2, 2015 I thought that the topic would be a […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 221 – Marriott, Wifi, + the FCC with Glenn Fleishman & Lee Badman appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Networking FAQ 3: Names and Addresses

Continue reading · No comments

Open vSwitch to gain network virtualization

Developers of Open vSwitch, the open source networking component for hypervisors, are adding network virtualization capabilities to the code. According to this post in Network Heresy, the developers are working on the Open Virtual Network (OVN) project which is intended to bring native support for virtual network abstractions, such as virtual Layer 2 and Layer 3 overlays and security groups, to OVS.The design goal of the OVN developers is to have a production quality implementation that can operate at significant scale, state the authors of the post, two of whom work at VMware. A third is CEO of DevOps start-up Socketplane, and the fourth is the chief technologist at Red Hat.To read this article in full or to leave a comment, please click here

Open Networking Accelerated with Help from Experts

Any major technology shift in the data center, such as open networking, is about much more than just swapping out today’s hardware and software for the better, faster, more affordable next generation products.

It’s just as much about people and their processes – and the learning curve required for accelerated success as the new technology takes hold.

Open networking is at this stage now. It’s broadly seen as an inevitable tech trend as data center architectures change to a software-driven model to resolve challenges around agility, scalability and cost. The trend is reminiscent of the transformation of the server infrastructure that gave customers choice, better tools, and TCO improvements – and that allowed data center system admins to develop new technical skills along the way.

2015 is the year when open networking will expand from big cloud operators and early adopters to organizations of all sizes. The technology is proven, and now there’s support for layer 2, layer 3 and layer 3 overlay architectures.

So what does that mean to the people who keep all the world’s data centers running? It’s an opportunity to expand their technical horizons (and their contributions to the business) by learning how to leverage open Continue reading

Transit vs peering: what makes sense when?

Iljitsch van Beijnum, Network Engineer and author, is our guest blogger today with a post about peering sponsored by Noction Intelligent Routing Platform. Most farmers most of the time sell their produce to super market chains. Most consumers most of the time buy their produce from super market chains. Alternatively, some farmers bring their produce […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post Transit vs peering: what makes sense when? appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

Connecting Edge Router to physical LAN using VMware NSX

On a previous post an Edge router has been deployed and configured with OSPF. Now the edge router must be connected to external networks: An uplink interface needs to be bound to a PortGroup not configured for NSX. In other words a PortGroup named 172.31.30./27 has been manually added to the same Distributed vSwitch used […]

Plexxi Is Growing Again

We’re dodging scaffolding and flying paint cans around the office in our Nashua, N.H. headquarters this week as work crews knock down walls to expand our current office space to keep pace with Plexxi’s growth. Since Rich Napolitano was announced as CEO two months ago, the company has grown 20 percent (and we’re hiring across the board in development, sales, support and marketing!).

The office expansion will increase our headquarters footprint by 5,600 square feet to 23,000 square feet. The new space that’s being set up this week will house our growing sales, marketing and business operations. It will also feature customer meeting and demonstration areas that will be up and running soon.

We’ll keep you posted on our growth and promise to share more pictures once the space is complete. Now if I could only figure out where my desk was moved to…

Office expansion2

Office expansion1

The post Plexxi Is Growing Again appeared first on Plexxi.

Notes on the CIA spying case

The CIA announced it wasn't going to punish those responsible for spying/hacking on Senate computers. Since journalists widely get this story wrong, I thought I'd write up some notes getting it right. That's because while the CIA organization is guilty of gross misconduct, it's actually likely that no individual employees did anything wrong. The organization is guilty, but (possibly) the people aren't.

The first thing to note is that no hacking happened. These were CIA computers, at a CIA facility, managed by CIA sysadmins, who had the admin passwords.

That's the complicated bit. In 2009 when the Intelligence committee demanded to look at the torture/interrogation documents, the CIA balked about the security issues of staffers taking documents offsite. Therefore, they came to an agreement with the Senate: the CIA would set up a special secured network at their building, disconnected from the rest of the CIA network. The Senate staffers would go there to work. Documents would be transferred from the CIA's main network onto this special network by hand (probably USB flash drive or something).

The Senate committee didn't have to agree to this. By law, they have oversight, and can make decisions that screw the CIA. But the Continue reading

VMware NSX Loves Hardware

One of the core value propositions of VMware NSX is ability to take advantage of any underlying hardware infrastructure and deliver a fully decoupled virtualized network in software. VMware NSX loves a Modern Infrastructuregood hardware fabric,.

But that’s not the only hardware VMware NSX loves.

The votes have been cast and counted, and we are pleased to announce that VMware NSX was selected as the winner in the “Best Software Defined Infrastructure” category in the 2015 Modern Infrastructure Impact Awards. The awards were judged by the Modern Infrastructure e-zine editorial staff, in conjunction with users, readers, and industry experts.

The Modern Infrastructure Impact Awards recognize the top products, technologies and services in the essential areas of technology that Modern Infrastructure covers. The award-winning tools are those helping to run enterprise businesses with efficiency and insight — whether they’re used inside the data center or out.

VMware NSX delivers secure network services to applications running in the data center, resulting in instant and programmatic provisioning, fast and highly available infrastructure, and increased security and micro segmentation capabilities.

Read about the award here and to learn more about the business value of VMware NSX visit  vmware.com/products/nsx.

Roger

A Non-Programmer’s Introduction to Git

Git is a distributed version control system that is widely used by a number of open source projects. In this post, I’m going to provide a quick non-programmer’s introduction to Git, and encourage readers to spend some time getting familiar with Git. I think it is a time investment that will pay off down the road.

First, I’m going to provide some definitions/brief explanations in order to establish a foundation upon which you can build your Git knowledge. A version control system (sometimes just referred to as a VCS) is a system that tracks changes to files (or groups of files) over time.

The group of files that a VCS tracks is called a repository. The basic idea behind a VCS is that you could use it to “roll back” to an earlier version of any file (or group of files) in the repository in the event that the current version isn’t working or isn’t optimal. Almost all version control systems, including Git, support multiple repositories, and typically each repository would represent a particular project, component, or function. (I say “almost all version control systems” because there may be some VCS out there of which I am not aware that Continue reading

Case Study: Cogapp

cogapp

Our latest Ansible Case study features Cogapp, who helps the BBC, MoMA, and others organize their digital media, use Ansible for environment provisioning and content deployment. 

We use Ansible to build out the servers for deployments and to provision development VMs for our team. We also use Ansible to populate sample content for our development environments.

Our development team is 12 people; at least half of them have written or edited playbooks, and all of them have run playbooks to provision environments. When we started working with Ansible, each new project would cannibalize the last one and take some of the Ansible content. Now we have built a more standard library of content so we can spin up new projects quicker. We also use Galaxy roles wherever possible to standardize our server hardening playbooks so they can be shared across deployments.

Read the full case study.

 

1 3,650 3,651 3,652 3,653 3,654 3,841