OSPF NSX The above topology illustrates OSPF Totally NSSA setup in NSX domain. Distributed logical router is handling east-west traffic within the data center while the edges E1 and E2 are handling north-south traffic. Edges E1 and E2 are configured in ECMP mode which allows more bandwidth to flow … Continue reading OSPF Routing Protocol in NSX
Totally NSSA Area – OSPF
This blog will discuss the benefits derived by configuring OSPF area type as Totally NSSA OSPF Area type NSSA and Totally NSSA both allow redistribution within the NSSA area. Such redistribution creates Type 7 LSAs which are converted to Type 5 LSA by the ABR. Referencing the topology above, R1 or R2 which serve as … Continue reading Totally NSSA Area – OSPF
Usage of VXLAN and VXLAN traffic flow
Traditionally, VLANs / Virtual LANs have been used to segment broadcast domains. Such segmentation has been beneficial due to numerous benefits: Smaller broadcast domains means fewer hosts that will process broadcasts from other hosts. This also saves CPU and memory of all involved devices in a broadcast domain. These VLANs are nowadys being replaced by … Continue reading Usage of VXLAN and VXLAN traffic flow
VMWare NSX Distributed Firewall
We tried to cover VXLAN and VXLAN traffic flow earlier. Every solution has three main components to it - Management, Control and Data Plane. NSX Manager is the management component of VMware NSX solution We now try to know more about Data Plane components of NSX. Data Plane of NSX has: · Logical Switch · … Continue reading VMWare NSX Distributed Firewall
Usage of VXLAN and VXLAN traffic flow
Traditionally, VLANs / Virtual LANs have been used to segment broadcast domains. Such segmentation has been beneficial due to numerous benefits: a. Smaller broadcast domains means fewer hosts that will process broadcasts from other hosts. b. This also saves CPU and memory of all involved devices in a broadcast domain. These VLANs are nowadys being … Continue reading Usage of VXLAN and VXLAN traffic flow
IP Routing Process
IP routing process is a fundamental concept in networks. Having a clear understanding of IP routing process helps network engineers troubleshoot complex network problems. A good hold of this concept also helps determine end to end traffic flow from any given source IP towards target IP. Below are key steps when traffic from source tries … Continue reading IP Routing Process
OSPF – Auto Cost Reference Bandwidth feature in Cisco IOS
In the case of OSPF, the OSPF metric – Cost is inversely proportional to interface bandwidth. Meaning, the higher bandwidth link on your device will have lower cost. But OSPF by default is unable to differentiate the cost properly for a device that has both TenG and Gig interfaces. The reason why OSPF is … Continue reading OSPF – Auto Cost Reference Bandwidth feature in Cisco IOS
QoS on Palo Alto Firewall
Quality of Service on Palo Alto Firewall Reference: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/quality-of-service/configure-qos 1. The process of classification Anyone who has prior experience of Modular QoS CLI (MQC) on Cisco IOS will know that you first classify traffic that needs to be prioritized against other types of traffic. Similar logic is applied while configuring QoS on Palo Alto firewall. … Continue reading QoS on Palo Alto Firewall
DNS Sinkhole feature on Palo Alto Firewall
DNS Sinkhole feature on Palo Alto Firewalls References: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/60/pan-os/NewFeaturesGuide/section_3.pdf https://www.sans.org/reading-room/whitepapers/dns/dns-sinkhole-33523 Why use DNS Sinkhole? Picture this that you have infected hosts on your network that are connecting to malicious websites, websites and portals that are totally not secure. DNS resolution and DNS queries play a vital role here in such communication. When there is a … Continue reading DNS Sinkhole feature on Palo Alto Firewall
Route Summarization from Distribution to Core
Route Summarization from Distribution to the Core This post is about a particular problem being faced once route summarization is introduced and how it can be avoided. This concept is covered very well in these books from Cisco Press: http://www.ciscopress.com/store/ccde-study-guide-9781587143809 http://www.ciscopress.com/store/optimal-routing-design-9781587051876 In this topology diagram 1 above, C1 and C2 are the core routers. … Continue reading Route Summarization from Distribution to Core
Networking & Security 