EVPN vs LISP - Campus Networks Why we are here to discuss EVPN vs LISP protocol. You may see for the campus network Cisco uses LISP protocol while Juniper uses EVPN. This is an initial article and we will come up with more detailed comparison in future. What is your thoughts, which one is better.. not sure but we can talk about both these one by one as below. What is EVPN? EVPN (Ethernet Virtual Private Network), enables virtualized Ethernet communication between various network devices. Data center and service provider networks frequently employ EVPN to offer effective and scalable network co ..read more

PAN-OS: OS Command Injection Vulnerability in GlobalProtect Vulnerability : CVE-2024-3400 For certain PAN-OS versions and feature configurations, a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software may allow an unauthorized attacker to run arbitrary code on the firewall with root capabilities. Only PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) are affected by this vulnerability. PAN-OS firewalls are not vulnerable to attacks based on this vulnerability if devic ..read more

Introduction of BGP Origin Attribute BGP is used to exchange routing information between multiple autonomous systems (AS) on the Internet. An autonomous system is a group of networks that share a common administrative area.  BGP is used to route traffic across multiple independent systems and is the protocol used by Internet Service Providers (ISPs) to communicate routing information with one another. ⭐Related : BGP Cheat Sheet for Network Engineers⭐Related : 51 facts about BGP routing Protocol for Network Engineers  BGP Origin Attribute The origin is a manda ..read more

Part 1: VRF-Aware IPsec Overview VRF-Aware IPsec is a feature that allows you to map IP Security (IPsec) tunnel & connect multiple Virtual Private Networks (VPNs) to a single router using IPsec encryption, all while keeping the traffic for each VPN separate. Every IPsec tunnel has two VRF domains connected to it. The inside, protected IP packet is part of a different domain known as the IVRF, while the outer encapsulated packet is part of one VRF domain that we will refer to as the FVRF. To put it another way, the source and destination addresses of the inner packet belong to the IVRF ..read more

Introduction to Switch Port Security  Port security monitors and blocks Layer 2 traffic on a switch on an individual port basis. Enabling this feature keeps track of permitted source MAC addresses and restricts the number of MACs that can use a specific port.  The switch can restrict access to a certain set of MAC addresses or employ a hybrid approach, with some addresses set statically and others learnt dynamically. When a port reaches its maximum number of allowed addresses or comes across a source MAC address that is not in its list of learnt or statically configured permissible a ..read more

Introduction to Breakout Cables and the purpose  Breakout cables take a single connector on one end and split it into multiple connectors on the other. This allows you to connect a single device to several others, or vice versa For example a 40 Gigabit (Gb) port can be divided into four independent and logical 10Gb ports using the breakout cables, a 100Gb port into four independent and logical 25Gb ports, or a 400Gb port into four independent and logical 100Gb ports using the breakout cables. Breakout cables are designed to separate or merge optical fibers or copper wires into multiple se ..read more

Intermittent VPN flapping issues Virtual private networks, or VPNs, are becoming increasingly important for businesses who  has remote workers. Through the creation of an encrypted tunnel for internet traffic, VPNs improve privacy, security, and access to resources that are banned. The purpose is to sending all traffic via a VPN tunnel.  If your VPN frequently disconnects and reconnects, it is probable that data packets are being lost or delayed between your device and the VPN server. This could be due to a problem with the VPN client, your router, or the network connection. Fi ..read more

Part 2: Cisco ASA/FTD Clustering Spanned EtherChannel Routed Mode In our example 2, we are going to talk about the ASA Clustering with Spanned EtherChannel Routed Mode which means that ASA cluster nodes at each of 2 data centers placed between the gateway router and an inside network at each site (East-West insertion). ⭐Related : Cisco Secure Firewall 7.x⭐Related : Cisco Secure Firewall: Clustering Basics Fig 1.1- Cisco ASA/FTD Clustering Spanned EtherChannel Routed Mode Over the DCI, the cluster control link connects the cluster nodes. To load balance traffic across cl ..read more

Part 1: Cisco ASA/FTD Inter-Site Clustering In our example 1, we are going to talk about the ASA/FTD Clustering with Individual Interface Routed Mode with North-South insertion Inter-Site which means that ASA/FTD cluster nodes at each of 2 data centers shown below in the diagram placed between inside and outside routers (North-South insertion). Over the DCI, the cluster control link connects the cluster nodes. To load balance traffic across cluster members, each data center's interior and outside routers use PBR, ECMP, and OSPF. Unless all ASA/FTD cluster nodes at a particu ..read more

Model-driven telemetry on Cisco IOS-XE Switches Switches like the Catalyst 9000, routers like the ASR 1000, CSR 1000v, and ISR 1000 and 4000, Catalyst 9800 Wireless LAN controllers, and a few more items from the IoT and Cable product lines are the platforms that run Cisco IOS XE. Model-driven telemetry has been supported since the introduction of IOS XE 16.6, giving network operators more choices for gathering data from their network. Fig 1.1- Model-driven telemetry on Cisco IOS-XE Switches Although SNMP has historically been very effective at monitoring enterprise networks, it ..read more