NSX Edge Load Balancer – One Arm Mode

In the topology above, NSX edge load balancer is deployed in one arm mode. NSX edge load balancer has a single layer 3 interface which is connected to Distributed Logical Router via a logical switch. This logical switch is dedicated for Load Balancing Tier. There is also a Web Tier hosting web servers and these … Continue reading NSX Edge Load Balancer – One Arm Mode

OSPF Routing Protocol in NSX

OSPF NSX         The above topology illustrates OSPF Totally NSSA setup in NSX domain.   Distributed logical router is handling east-west traffic within the data center while the edges E1 and E2 are handling north-south traffic.   Edges E1 and E2 are configured in ECMP mode which allows more bandwidth to flow … Continue reading OSPF Routing Protocol in NSX

Usage of VXLAN and VXLAN traffic flow

Traditionally, VLANs / Virtual LANs have been used to segment broadcast domains. Such segmentation has been beneficial due to numerous benefits: Smaller broadcast domains means fewer hosts that will process broadcasts from other hosts. This also saves CPU and memory of all involved devices in a broadcast domain. These VLANs are nowadys being replaced by … Continue reading Usage of VXLAN and VXLAN traffic flow

VMWare NSX Distributed Firewall

We tried to cover VXLAN and VXLAN traffic flow earlier. Every solution has three main components to it - Management, Control and Data Plane. NSX Manager is the management component of VMware NSX solution We now try to know more about Data Plane components of NSX. Data Plane of NSX has: ·         Logical Switch ·         … Continue reading VMWare NSX Distributed Firewall

Usage of VXLAN and VXLAN traffic flow

Traditionally, VLANs / Virtual LANs have been used to segment broadcast domains.Such segmentation has been beneficial due to numerous benefits:a. Smaller broadcast domains means fewer hosts that will process broadcasts from other hosts.b. This also saves CPU and memory of all involved devices in a broadcast domain.These VLANs are nowadys being replaced by VXLAN in … Continue reading Usage of VXLAN and VXLAN traffic flow

OSPF – Auto Cost Reference Bandwidth feature in Cisco IOS

  In the case of OSPF, the OSPF metric – Cost is inversely proportional to interface bandwidth. Meaning, the higher bandwidth link on your device will have lower cost. But OSPF by default is unable to differentiate the cost properly for a device that has both TenG and Gig interfaces. The reason why OSPF is … Continue reading OSPF – Auto Cost Reference Bandwidth feature in Cisco IOS

QoS on Palo Alto Firewall

Quality of Service on Palo Alto Firewall Reference:   https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/quality-of-service/configure-qos  1. The process of classification Anyone who has prior experience of Modular QoS CLI (MQC) on Cisco IOS will know that you first classify traffic that needs to be prioritized against other types of traffic. Similar logic is applied while configuring QoS on Palo Alto firewall. … Continue reading QoS on Palo Alto Firewall

DNS Sinkhole feature on Palo Alto Firewall

DNS Sinkhole feature on Palo Alto Firewalls References: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/60/pan-os/NewFeaturesGuide/section_3.pdf https://www.sans.org/reading-room/whitepapers/dns/dns-sinkhole-33523 Why use DNS Sinkhole? Picture this that you have infected hosts on your network that are connecting to malicious websites, websites and portals that are totally not secure. DNS resolution and DNS queries play a vital role here in such communication. When there is a … Continue reading DNS Sinkhole feature on Palo Alto Firewall