There was recently a scenario we had whilst working with a client, where we had an ESXi host running version 5.5 using a single VLAN. All of the Virtual Machines were in a single port-group, and they were untagged, sending traffic to a neighbouring Cisco switch where the port was configured as an access port. There were a couple of vmkernel ports on the …Read whole post...
GRE Tunnelling. It's a tool that should be in every network engineer's toolbox, but not one we like to use very often.
But sometimes, it's needed. Sometimes you need to just make something work, across somebody else's network. This week's task is to do just that, in support of an office migration for a client.
So, let's have a look at how GRE works, and …Read whole post...
When designing a network, consideration should be given to separating traffic into VLANs. This is done for logical separation, security and performance reasons.
This affects the convergence of a Layer 2 Network. Most Cisco switches running STP (Spanning-Tree Protocol) will be running an instance per VLAN. This is called PVST (Per VLAN Spanning-Tree), or RPVST (Rapid Per VLAN Spanning-Tree), depending on whether you are running …Read whole post...
This blog has now been moved on to AWS using entirely serverless technologies, meaning both reduced cost and better performance.
To do this, a number of technologies have been employed to automate the deployment. As there is really only one Always Networks site, a lot of this was probably a lot more effort than it could have been - it would probably have been easier to …Read whole post...
One of the challenges with managing any zone based firewall on a large scale is knowing which zone everything is in. We all know that the network should be well documented, but we also know that routing tables get unwieldy, and it's not uncommon when adding a firewall rule to be wondering exactly which zone that source or destination is in.
There are three ways …Read whole post...
I recently had cause to do some auditing of a pre-built AWS environment. The lazy guy in me tried out some free tools to speed things up.
First up was Security Monkey. This was made by Netflix. It can be found on their github: https://github.com/Netflix/security_monkey. It's actually really well documented, and I just followed their setup guide verbatim - I …Read whole post...
I've recently been working with a client on magically spinning up entire environments in AWS. This means I've learned a fair bit about AWS on the way!
Without going into too much detail (as it's the clients work), we have been bootstrapping Palo Alto firewalls. This allows you to be able to stand up a fully configured Palo Alto firewall using a CloudFormation script in …Read whole post...
My client recently did a fairly big change to the edge network in their data centre, including a migration to 4-byte AS numbers. This wasn't without it's challenges. So here is a (long) post about the challenges we faced, and some explanations of some of the more advanced features of BGP such as local-as no-prepend replace-as, and bestpath as-path multipath-relax.
Here is a very simplified …Read whole post...
Have you ever needed to prove a gigabit Internet circuit? It's more of a headache than you'd think. I had to prove one recently - we were seeing some errors which seemed to happen every time the bandwidth went over about 400mbps outbound, so we needed to prove we could push more. We could ask the ISP to run some tests - but I'm an untrusting kinda …Read whole post...
I recently updated my VMware certification from 5.5 to 6. My 5.5 was expiring so it made sense to do the delta exam and upgrade, rather than recertify the same level. I realise I've done this just as 6.5 is coming out, but I've been using 6 lately so it made sense to me.
A lot of the maximums in VMware have …Read whole post...
- Check Point
- Feature Navigator
- General Networking
- Monitor Capture
- network type
- Nexus 1000v
- Packet Capture
- Palo Alto
- Parser Views
- Raspberry Pi
- Spanning Tree
- Study Notes