VXLAN Flood and learn configuration on Nexus 9000

Virtual eXtensible Local Area Network (VXLAN) is an overlay technology described in RFC 7348. It allows layer-2 frames to be tunneled through an IP network. The goal is to carry layer 2 traffic on top of a more extensible media. Layer 2 is historically convenient for many types of applications. While new ones should avoid relying on it, the use case is often encountered. It has been created for massively scalable datacenter - to overcome current layer-2 protocols scalability issues - to allows more flexible layer-2 networks - to accommodate with multi-tenancy There…Read more …

IOS XR – Basic IS-IS and iBGP configuration

In this topology we are building a small core network made of 3 routers. Those 3 routers will run basic IS-IS (intermediate-system to intermediate-system) routing protocol as IGP. Once the IGP is OK a full mesh iBGP will be configured. For IS-IS we will proceed with integrated IS-IS as we are carrying IP prefixes. Each of the routers are located in a different site in this scenario so I decided to configure each one of them in separate area. Thus all the peering between the core routers will be L2 type only. The…Read more …

Fortigate flow troubleshooting tools

In this article I will go through the two Fortigate command line utils that are used for flow troubleshooting. There are different capture mechanisms as well as debugging outputs that can be useful to understand the packet walk and the inner working of the Fortigate unit. In the present case I will focus on flow verification and troubleshooting which is one of the most useful knowledge. 3007Read more …

RADIUS configuration on Cisco

Recently I had to work on a RADIUS configuration for Cisco network devices. The goal was to have a central authentication service, which is kind of the basis nowadays. Every devices in the network must use the corporate RADIUS server to authenticate the administrators. It simplifies the account management as the RADIUS server can rely on a pre-existing directory server for the user database (Active Directory or any LDAP speaking directory for some of them), the privileges are dynamically passed to the remote devices and the actions are logged, so we can see…Read more …

Anycast RP PIM

I recently worked with one of my colleagues on a multicast implementation on the Nexus 7000 platform. The source and the RPs were located on the datacenter side and the destinations on the rest of the network. We decided to setup two redundant RPs using the Anycast RP PIM feature available on NX-OS. The following article describe the configuration put in place and the inner mechanics of this redundant Rendez Vous point scheme. 3000Read more …

Fortigate High Availability FGCP

In this article I will detail how to put two Fortigate units in high availability. First, I really like Fortigate firewalls, they provide pretty neat firewalling features, a set of next generation services (not to buggy, well, things always happen when playing with SSL decryption) and last but not least the routing daemon is very good and offer real configuration capabilities. So in this article I will detail the implementation of the FortiGate Cluster Protocol (FGCP) HA mechanism. This redundancy mode is not the only one available but has the advantage of combining…Read more …

Hardware: Cisco UCS-E module

Cisco UCS-E (Unified Computing System - Express) is a technology that provides computing capacity to a Cisco ISR router. It has been introduced with the ISR G2 and has been continued with the ISR 4000 series. Basically this solution come as a single or dual-wide server blade that is inserted in the router. So this is a completely separated equipment. The main advantage of this architecture is that it provides independent resources for running third party services on the router. The most depicted use case is to run a hypervisor with several virtual…Read more …

Introduction to Akamai Connect

We will discuss what is Akamai Connect (also known as AKC) in the following article. Akamai Connect is a "plugin" (this is how I define it) for the Wide Area Application Services solution (WAAS). It is conjointly developed between Cisco and Akamai. Akamai is a leading provider for content distribution and caching technologies. They develops and operates an advanced platform that leverages multiple technologies : content distribution and replication, advanced caching mechanism, advanced delivery mechanisms (Sure Route IP). More information can be found on Akamai websites at the end of this article. 2910Read more …

WCCP configuration on Cisco routers and WAAS

WCCP stands for Web Cache Communication Protocol and is mainly used for traffic redirection towards third-party appliances such as proxies, optimization devices or cache engines. This protocol has been developed by Cisco and is currently in version 2. WCCPv2 replaced WCCPv1 by the end of the nineties. WCCP brings load balancing and redundancy features regarding the content processed. 2817Read more …