Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

September 09 2011

finkregh

Network lab: site to site VPN | Vincent Bernat

The goal of this lab is to setup a site-to-site IPsec VPN. This lab is similar to my first lab using UML. The major differences are:

We only setup one VPN instead of two.
Static routing is used in place of BGP for inter-site routing. Moreover, BIRD is used as a routing daemon.
VPN are using an external network for Internet access.
Both internal network and external network are redundant using one OSPF instance each.
Tags: network routing redundant ospf ipsec

October 16 2010

finkregh
How you make such systems providing a tunnel highly available.

There is an old but easy answer: Not at all! And it get's clearer as soon as you think about such VPN tunnels as what they really are. From a networking perpective, they are not much more than a router, a cable and another router. Think about them as such, and the simplest way to provide high availability is obvious: Dynamic routing protocols between the routers in front and behind the VPN tunnel. Just use two server pairs for the VPN connection. Both pairs are acting absolutely independent. Other components take care of the redundancy.

Most decent L3 Switches or routers support those dynamic routing protocols. or you can even use a Solaris machine by using the Quagga suite available on Solaris 10. I've used for example BGP4 to make VPN end points highly available without the need for any high availability stuff like a cluster.

The idea behind that is simple: The dynamic routing protocol is capable to detect the failure of it's connections to other routers. When a server providing a VPN tunnel or the Internet connectivity is failing, the VPN tunnel fails, and thus the dynamic routing protocol can detect this and route around this proble. It's just business as usual for protocols like BGP4.
Making a VPN connection highly available - c0t0d0s0.org
Tags: work vpn routing
Reposted bydatenwolf datenwolf

September 12 2010

finkregh

GNS3 | Graphical Network Simulator

GNS3 is a graphical network simulator that allows simulation of complex networks.

To allow complete simulations, GNS3 is strongly linked with :

* Dynamips, the core program that allows Cisco IOS emulation.
* Dynagen, a text-based front-end for Dynamips.
* Qemu, a generic and open source machine emulator and virtualizer.

GNS3 is an excellent complementary tool to real labs for network engineers, administrators and people wanting to pass certifications such as CCNA, CCNP, CCIP, CCIE, JNCIA, JNCIS, JNCIE.

It can also be used to experiment features of Cisco IOS, Juniper JunOS or to check configurations that need to be deployed later on real routers.

This project is an open source, free program that may be used on multiple operating systems, including Windows, Linux, and MacOS X.
Tags: cisco network networking software virtualization emulation work router routing
Reposted bysicksinopalodefuego

July 29 2010

finkregh

A High-Level overview of LISP | CCIE Blog

Recently, there have been a lot of talks around LISP – location and Identity Separation Protocol. This is a “new” technology aiming to resolve some of the Internet scalability issues and which has been implemented in IOS 15.x. In this blog publication we are going to give a general overview of LISP, pointing out benefits as well as drawbacks of the technology.
Tags: network routing lisp toread work
finkregh

A High-Level overview of LISP | CCIE Blog

Recently, there have been a lot of talks around LISP – location and Identity Separation Protocol. This is a “new” technology aiming to resolve some of the Internet scalability issues and which has been implemented in IOS 15.x. In this blog publication we are going to give a general overview of LISP, pointing out benefits as well as drawbacks of the technology.
Tags: network routing lisp toread work

April 08 2010

finkregh

1slash8.pdf

Tags: networking fail 1.0.0.0/8 APNIC routing

August 24 2009

finkregh

The BIRD Internet Routing Daemon Project

The BIRD project aims to develop a fully functional dynamic IP routing daemon primarily targetted on (but not limited to) UNIX-like systems and distributed under the GNU General Public License. 24.08.2009 - New release 1.1.2! Important core bug fixed - BIRD used as route server in LoNAP and NIX.CZ. What do we support: * Both IPv4 and IPv6 (use --enable-ipv6 when configuring) * Multiple routing tables * BGP * RIP * OSPF (IPv4 only) * Static routes * Inter-table protocol * Command-line interface (using the `birdc' client; to get some help, just press `?') * Soft reconfiguration -- no online commands for changing the configuration in very limited ways, just edit the configuration file and issue a `configure' command or send SIGHUP and BIRD will start using the new configuration, possibly restarting protocols affected by the configuration changes * Powerful language for route filtering
Tags: routing networking bgp linux network ip router ospf ipv6

August 19 2009

finkregh

Policy Routing with Linux - Online Edition

Policy Routing With Linux - Online Edition
Tags: linux routing networking sysadmin policy QoS abschlussarbeit

July 17 2009

finkregh

BGP IPv4/IPv6 Looking Glass Servers - BGP Route Servers (BGP, Border Gateway Protocol / Advanced Internet Routing)

Tags: sysadmin reference network routing ipv6 monitoring lookingglass looking-glass

May 17 2009

finkregh

Pushing a packet back and forth between Linux subsystems - Zugschlusbeobachtungen

Linux policy routing is still incredibly painful if one wants to have more sophisticated routing than just “take source and destination IP address for the routing decision”. The mechanisms that have been in use seven years ago still work though, and I didn’t find any possibility to do it any easier. In this article, I’ll try to explain the “old” mechanisms and hope that somebody from lazyweb will comment and say “it can be done so much easier”. This is a translation of the Usenet article <gu48cs$rul$1@news1.tnib.de> in de.comp.os.unix.networking.misc in the hope that the english-speaking blogosphere can give additional insights. Given a Linux-based router with one internal network (int0), one perimeter network (per0) and two Internet connections (ext0, ext1) with one IP address each. We need to do source NAT to deliver Internet to the internal and perimeter networks. The internet connection on ext0 will be used for http and https, while all other traffic needs to go out on ext1.
Tags: linux routing policy-routing
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.