Purge all the firewall rules – Part 2
In my previous post I used an API call from a REST client that allowed me to purge all the rules within the Distributed Firewall function of NSX. I have also made this into a python script. The snake script…
SPARK: VIRL is launched!
Cisco VIRL Cisco VIRL has been officially release. Cisco VIRL is Ciso’s network topology platform that allows the study, testing, simulation and validation of enterprise and service provider topologies in a lab environment. Built on KVM using OpenStack, this platform…
CCIE Study: EIGRP interface types
I have come across some interesting behaviour at the interface level with EIGRP. Dynamic By default many people use the network command to form a neighbor with EIGRP. This involves sending Hellos to 224.0.0.10 or FE02::A at the default interval…
VMware NSX Use Case Library – #003
NSX Edge – Routing failover of primary route to a backup route with NSX Edge Services Gateway (ESG) Summary This use case demonstrates these of a backup route via Open Shortest Path First (OSPF) by the NSX Edge Services Gateway…
VMware NSX Use Cases – 002
Distributed Firewall – Providing tiered security policy through distributed firewall for Micro segmentation Summary This use case demonstrates the use of NSX’s distributed firewall with the aim to restrict lateral compromise of an application tier. Many internet facing assets are…
VMware NSX Use Case Library – #001
Distributed Firewall – Using vCenter objects to provide policy enforcement for VM to VM traffic Summary This use case demonstrates the use of NSX’s distributed firewall in conjunction with vCenter object. In addition to Source and Destination IP address and…
VMware NSX Use Case Library – #004
NSX Edge – Routing between NSX Edge and physical network with Border Gateway Protocol (BGP) Summary This use case demonstrates logical routing between a NSX edge and physical network segment. It demonstrates to the administrator the benefits of dynamic routing.…
Installing VMware NSX – Part 7
So far the topology in this series has a three tier logical application deployed. It also has an Edge Services Gateway connected to the uplink of the logical router with an uplink of its own to the physical infrastructure. The…
Review: Networking for VMware Administrators
Recently Chris Wahl, VCDX #104, along with Steve Pantol released Networking for VMware Administrators. This book covered off many aspects of networking in a VMware environment. The book starts out with fundamental network topics. This is a good sounding board…
Creating NSX objects with REST API
As has been purported many times it is possible to create objects via a RESTful API. Lets first look at the logical network segments in my environment. Whilst I show the GUI creation here this post highlights the the GUI…
Installing ASAv into vCenter
As announced last month and quickly covered off by this post, Cisco announced the evolution of the ASA 1000v, the ASAv. There is no longer a requirement on Nexus 1000v. I have a variety of technology in my lab for studies. For…
Installing VMware NSX – Part 5
The previous posts in this series have stepped through how to enable NSX and get some logical switches configured. Workloads now have L2 adjacency across IP subnets thanks to VXLAN logical switch overlays. It is time for routing. This post is…
Installing VMware NSX Part 4
In Part 4 of this series we will start deploying some Logical Switches. The focus of this series in walking administrators through performing tasks in the NSX environment. Details on how Logical Switching functions can be found here within the…
Cisco ASAv and ASA 9.2
The other day marked a pretty big security release for Cisco. For a long time the Cisco ASA has been a physical firewall and recently evolved to a Virtual Appliance known as the ASA 1000v. The problem with this Virtual…
Virtual firewalls and 3 Tier apps
The topology below depicts a standard three tier application comprised of a web front end with a load balancer, application tier and a database backend. Each tier is a separate IP subnet on a logical switch connected to a logical…
Micro segmentation and NSX
When you speak of security architectures the word Micro segmentation isn’t new. A Micro segment or a small subset of a larger overall has its roots in the financial industry. When micro segmentation is brought up in terms of a…
Context vs Isolation
Security is an industry that can excite and frustrate, extract tears from the unsuspecting and cause insurmountable problems when protecting among many disparate systems. For a long time security was an after thought and something that was bolted on. If…
Logical boy in a logical world
There always has been to the idea of thinking in the logical headspace. Since the inception of Virtual Local Area Networks the wizards of the ether, Network Administrators, have had a notion of a logical and physical representation of the…
Nuage Networks at #NFD6
Nu-âhj: French, meaning ‘cloud’ is a division acquired by the venerable Alcatel Lucent, presented to the delegates around their Network Virtualized Services Platform (VSP). The goal of Nuage is to deliver the instantiation of networks on demand when a workload…
VMware NSX resources
This page seeks to cultivate NSX resources from around the web to give you all the information you need with my commentary on the links. Stay tuned for updates and more links as NSX is adopted. Main Resource page VMware…
The year of 2013!
This year we saw the fruits and the go to market of many SDN and network virtualization products. It was great to see Nuage Networks NVP, Cisco ACI, Juniper’s Contrail and OpenContrail and VMware NSX hit the market. There were…
VMware VCP5-DCV
Last week I passed my VMware VCP5-DCV exam. This posts looks to review and give my impression on the sought after certification. Exam Quality Within the standard Pearson Vue test environment, VMware deliver an exam that is of high quality,…
SPARK: VMware NSX design document
I have spoken quite a bit about VMware NSX over the last couple of weeks. There were still quite a few unknowns amongst the twitterati and the community at large around designs. Today this has been solved with the release…
The Wall of Fire – 07 – SDN and the future of firewalls
There has been a quite a bit of ‘SDN-washing’ when it comes to what the future holds. Just because there is an API it doesn’t necessarily mean a product leverages SDN. As marketecture around next generations firewalls hits its peak…
Wall of Fire – 06 – Lifecycle management
Developing your own lifecycle and proactive maintenance should be considered at the start of any investment. It allows administrators and managers and all stakeholders to understand the cost of the network. In some environments the network is purely seen as…