Route Summarization from Distribution to the Core This post is about a particular problem being faced once route summarization is introduced and how it can be avoided. This concept is covered very well in these books from Cisco Press: http://www.ciscopress.com/store/ccde-study-guide-9781587143809 http://www.ciscopress.com/store/optimal-routing-design-9781587051876 In this topology diagram 1 above, C1 and C2 are the core routers. … Continue reading Route Summarization from Distribution to Core
Content Filtering Techniques on Palo Alto Firewall
Content filtering techniques on Palo Alto firewall 1. URL filtering URL filtering allows you to block web browsing based on URL category. For example, you could block these categories available on Palo Alto - abused drugs, alcohol and tobacco, phishing, peer to peer. Palo Alto also allows you to check URL category for a particular … Continue reading Content Filtering Techniques on Palo Alto Firewall
Palo Alto – x forwarded for feature
Enterprise internet set ups incorporate systems like Proxy Servers. Such systems help cache internet data and eventually save a lot of internet bandwidth and cost. What do proxy servers additionally do? a. Source NAT (SNAT) client IPs and source internet traffic from itself. Here you are hiding/masking client IP address. Such mechanism prevents client IP … Continue reading Palo Alto – x forwarded for feature
Usage of failover exec mate command in Cisco ASA
So, recently I came across this situation where I had to check the TACACS shared secret on standby ASA without directly logging into it. Reason being that the standby firewall just wouldn't let me log in directly.Standby unit was earlier integrated with the AAA server. My efforts of firstly removing the standby device from AAA … Continue reading Usage of failover exec mate command in Cisco ASA
Always avoid Single Point of Failures SPOFs
I was told recently that organization XYZ suffered outage because one of their core devices did not have redundancy. In other words, there was a single point of failure somewhere in their network. And then their technical team kept fire fighting until the issue was resolved. This post is about avoiding this nuisance called SPOF … Continue reading Always avoid Single Point of Failures SPOFs
OSPF Area Border Connection Behavior
OSPF Area Border Connection Behavior Reference: Designing Cisco Network Service Architectures ARCH Foundation Learning Guide - Cisco Press In the case of OSPF, area definition is on a per layer 3 interface basis. For example, referencing the topology above, the link between router D and router F is placed in area 1 Traffic crossing the … Continue reading OSPF Area Border Connection Behavior
Protecting passwords from brute force and dictionary attacks
Reference: Sybex Study Guide for CISSP Protecting passwords from brute force and dictionary attacks requires numerous security precautions and rigid adherence to a strong security policy. First, physical access to systems must be controlled. Second, tightly control and monitor electronic access to password files. End users and non– account administrators have no need to access the password database file … Continue reading Protecting passwords from brute force and dictionary attacks
SDN
SDN - BasicsGetting Started:The key idea of an SDN is to split the network forwarding function, performed by the data plane, from the network control function, performed by the control plane. This allows a simpler and more flexible network control and management, and also network virtualization. OpenFlow is the main SDN implementation.The network controller communicates with … Continue reading SDN
Nexus 1000v
Cisco Nexus 1000vI am writing this blog to mention below key components/terms/definitions related to Nexus 1000vWhat is a hypervisor?Hypervisor is a program that allows multiple OS to share single hardware hostBasic Building BlocksVSM- It is the control/management plane of 1000vVEM- Data PlaneTraffic flow with VSM and VEM:Traffic flow from VEM northbound does not go through … Continue reading Nexus 1000v
Networking & Security 