CCIE Study: Key chain rotation with EIGRP named mode

Key chain rotation with EIGRP named mode Here is a simply topology as per the CCIE RS material provided by INE. The DMVPN network is used a lot within the many examples and demonstrations to learn technologies due to the hub-spoke nature of the topology. This allows learners to understand the nuances of routing protocols and technologies on different network topologies. Topologies The above shows the connectivity via the topology diagram. Below shows how I have recreated it in Cisco VIRL.   Configuration The configuration for the routers are below. Simple EIGRP configuration with a rotating key that will allow the update of KEY_ROTATION’s key chain on New Years Day 2030. This will occur due to Key 10 being sent for five minutes past midnight, accepted up to fifteen minutes afterward all while Key 20 being accepted and sent since midnight. R1-4 Configuration

R5 uses the EIGRP named-mode for configuration. … Continue reading

VMware NSX Use Case Library – #003

NSX Edge – Routing failover of primary route to a backup route with NSX Edge Services Gateway (ESG) Summary This use case demonstrates these of a backup route via Open Shortest Path First (OSPF) by the NSX Edge Services Gateway (ESG) resulting in seamless transition to an alternate Layer 3 route. Pre Conditions vCenter and NSX manager configured. NSX host and cluster preparation complete. IP connectivity between hosts. Existing NSX Edges deployed onto a transport network or VLAN. Post Conditions Success End Condition Full routed connectivity on the alternate NSX ESG providing connectivity to remote segment. Failure End Condition Failure of route installation by OSPF through no backup route existing or misconfiguration. Minimal Guarantee Subnet or prefix misconfiguration result in a incorrect route installation and advertisement. Trigger(s) Administrator initiates a manual failover where OSPF is disabled on a NSX ESG, OR, Administrator shuts down active NSX ESG virtual appliance, OR, NSX ESG … Continue reading

VMware NSX Use Cases – 002

Distributed Firewall – Providing tiered security policy through distributed firewall for Micro segmentation Summary This use case demonstrates the use of NSX’s distributed firewall with the aim to restrict lateral compromise of an application tier. Many internet facing assets are vulnerable to machines existing in the same application tier or subnet and creating a Microsegment with VMware NSX can reduce this attack surface. Pre Conditions vCenter and NSX manager configured. NSX host and cluster preparation complete. IP connectivity between hosts. (Optional) Applications to ensure firewall service policies are enforced. Post Conditions Success End Condition Set firewall policy is distributed throughout environment to relevant end points requiring enforcement. Lateral enforcement across a tier ensures VM’s are isolated. Failure End Condition Distributed Firewall fails to update due to communication plane error. Incorrect ruleset applied to end point resulting in no enforcement. Minimal Guarantee Distributed Firewall delivers a partial match against ruleset due … Continue reading

VMware NSX Use Case Library – #001

Distributed Firewall – Using vCenter objects to provide policy enforcement for VM to VM traffic Summary This use case demonstrates the use of NSX’s distributed firewall in conjunction with vCenter object. In addition to Source and Destination IP address and Port matching the vCenter objects such as logical switch, VMtag, VMname, Datacenter or vApp level fire walling provide very granular control. Pre Conditions vCenter and NSX manager configured. NSX host and cluster preparation complete. IP connectivity between hosts. (Optional) Applications to ensure firewall service policies are enforced. Post Conditions Success End Condition Set firewall policy is distributed throughout environment to relevant end points requiring enforcement. Failure End Condition Distributed Firewall fails to update due to communication plane error. Incorrect ruleset applied to end point resulting in no enforcement. Minimal Guarantee Distributed Firewall delivers a partial match against ruleset due to operator error. Trigger(s) Virtual Machines initiate communication with desired end … Continue reading

VMware NSX Use Case Library – #004

NSX Edge – Routing between NSX Edge and physical network with Border Gateway Protocol (BGP) Summary This use case demonstrates logical routing between a NSX edge and physical network segment. It demonstrates to the administrator the benefits of dynamic routing. This use case will use Border Gateway Protocol (BGP). Pre Conditions vCenter and NSX manager configured. NSX host and cluster preparation complete. IP connectivity between hosts. Uplink port group preconfigured. End point peer (Router, Switch, NSX Edge) prepared for BGP routing. Post Conditions Success End Condition Communication of logical network into physical segments with routing protocols established and sharing routes. Failure End Condition NSX Edge virtual appliance fails to deploy. Misconfiguration of routing protocol results in lack of OSPF peering. Minimal Guarantee NSX Edge deploys and a neighbour relationship between physical and NSX edge occurs but routes are not dynamically learnt. Trigger(s) Virtual Machines initiate communication with addresses outside of … Continue reading