When designing a network, consideration should be given to separating traffic into VLANs. This is done for logical separation, security and performance reasons.
This affects the convergence of a Layer 2 Network. Most Cisco switches running STP (Spanning-Tree Protocol) will be running an instance per VLAN. This is called PVST (Per VLAN Spanning-Tree), or RPVST (Rapid Per VLAN Spanning-Tree), depending on whether you are running …
This blog has now been moved on to AWS using entirely serverless technologies, meaning both reduced cost and better performance.
To do this, a number of technologies have been employed to automate the deployment. As there is really only one Always Networks site, a lot of this was probably a lot more effort than it could have been - it would probably have been easier to …
One of the challenges with managing any zone based firewall on a large
scale is knowing which zone everything is in. We all know that the
network should be well documented, but we also know that routing tables
get unwieldy, and it's not uncommon when adding a firewall rule to be
wondering exactly which zone that source or destination is in.
I recently had cause to do some auditing of a pre-built AWS environment.
The lazy guy in me tried out some free tools to speed things up.
up was Security Monkey. This was made by Netflix. It can be found on
their github: https://github.com/Netflix/security_monkey. It's
actually really well documented, and I just followed their setup guide
verbatim - I …
I've recently been working with a client on magically spinning up entire
environments in AWS. This means I've learned a fair bit about AWS on the
Without going into too much detail (as it's the clients work), we have
been bootstrapping Palo Alto firewalls. This allows you to be able to
stand up a fully configured Palo Alto firewall using a CloudFormation
script in …
My client recently did a fairly big change to the edge network in their
data centre, including a migration to 4-byte AS numbers. This wasn't
without it's challenges. So here is a (long) post about the challenges
we faced, and some explanations of some of the more advanced features of
BGP such as local-as no-prepend replace-as, and bestpath as-path
Have you ever needed to prove a gigabit Internet circuit? It's more of a
headache than you'd think. I had to prove one recently - we were seeing
some errors which seemed to happen every time the bandwidth went over
about 400mbps outbound, so we needed to prove we could push more. We
could ask the ISP to run some tests - but I'm an untrusting kinda …
I recently updated my VMware certification from 5.5 to 6. My 5.5 was
expiring so it made sense to do the delta exam and upgrade, rather than
recertify the same level. I realise I've done this just as 6.5 is coming
out, but I've been using 6 lately so it made sense to me.
I recently bought a 4 bay synology NAS (DS416 Play), to move away from
Dropbox and OneDrive. The main issue I had before choosing to do this,
was off-site backups. It's ok having 4 disks for resilience, but if my
house burns down or gets burgled, I still lose everything.
So I started to think up ways of doing an offsite backup, without having
A few days ago I stumbled upon the python interpreter on the Nexus
platform. It got me to tinkering.
In the past, I have had a requirement to grab a list of all of the
interfaces on a box, the IP's, and the masks. The interfaces and IP's
can easily be obtained from a show ip int br, and using column select to
grab the …