Gateway to Networking Solutions. IPwithease is aimed at sharing Network,Security and IP collaboration knowledge across Design,Implementation and Troubleshooting.The goal being simply - "The more you share, the more you learn."
Multi-tenant environment (BIG-IP hardware chassis) and Virtualization (vCMP functionality) are 2 of the most debatable models, with each setup having its own features and benefits depending on volume of traffic we have in our environment. Let’s have a brief comparison of their features before actually focusing on vCMP d\feature on BIG-IP Viprion. Below is the table –
Below illustration shows the problem which we have in Multi-Tenant Environment: –
Now, let’s start focusing on the real topic – vCMP. vCMP feature allows BIG-IP to virtualize its hardware to provide multiple instances . vCMP stands for Virtualized Clustered Multiprocessing. vCMP is a hypervisor in F5 which allows you to divide one physical high powerful F5 device into multiple independent virtual F5 devices.
Below are the key takeaways of vCMP –
Some key notes on vCMP –
vCMP host is the hypervisor which allows you to create and configure BIG IP Instances.
This Instances are known as vCMP guests.
For every guest, vCMP host allocates CPU and memory to it.
A guest consists of a TMOS instance, plus one or more BIG-IP modules.
Each guest has its own share of hardware resources that the vCMP host allocates to the guest, as well as its own management IP addresses, self IP addresses, virtual servers, and so on.
Each guest can use TMOS features such as route domains and administrative partitions to create its own multi-tenant configuration.
Each guest requires its own guest administrator to provision, configure, and manage BIG-IP modules within the guest.
Depending on the hardware model, a vCMP system can support up to approximately six guests.
Class of Service (CoS) is a mechanism to manage various types of traffic over the network by giving specific type of traffic priorities over others. For example – one can make the voice traffic more preferred over email or the http traffic. This service is pretty much prevalent in service providers providing the MPLS (Multi-Protocol Label Switching) / Layer 3 / Layer 2 WAN service. COS is also used in LAN environments. CoS is the classification of a particular traffic at layer 2 through manipulating class of service bits in frame header. It effectively ‘marks’ the traffic so that the QoS can use this identification or classification as a means to actually manipulating the traffic according to customer required policy. It is one way for identifying the traffic along with ToS, ACLs, etc. so the QoS knows what to manipulate and how to manipulate. Unlike the QoS, CoS doesn’t offer guarantees with the bandwidth or delivery time it’s based on a best effort basis.
There are three main CoS technologies –
Layer 2 Tagging
Differentiated Services (DiffServ)
Type of Service (ToS)
CoS Value Marking –
Marking the packet with local CoS value gives users ability to associate with the Layer 2 Class of Service value with a packet. The value can then be used to classify packets based on user-defined requirements. CoS is the classification of a particular traffic at layer 2 through manipulating class of service bits in frame header. Layer 2 to Layer 3 mapping could also be configured through matching on CoS value, since switches already have the capability to match and set CoS values. If a packet that needs to be marked to differentiate user-defined QoS services is leaving a router and entering a switch, the router should set the CoS value of the packet, since the switch can process the layer 2 CoS header marking. CoS values aren’t marked as part of input traffic policy that has been attached to the interface through use of “service-policy input” command). A CoS values marking can only be applied to output traffic policies which are attached using the service-policy output command.
Configuring a CoS Value –
Below is an example where a service policy called policy-A is created. This service policy has been associated to a previously defined classification policy through the use of the class command. It is assumes that a classification policy called class-A was previously configured
DOS (Denial of Service) and DDOS (Distributed Denial of Service) are 2 commonly used terms where the target server or application are made unresponsive. In both cases, the attacks deprive legitimate users (customer and employees) of the service or resource they require. In this article we will deliberate both the terms and understand their differences.
While DoS attack is related to one computer and one Internet connection flooding a targeted system or resource to make it unresponsive, DDOS attack uses multiple computers and Internet connections to flood the targeted resource. Further, while DOS attack is easy to stop since only one source is sending illegitimate traffic, DDOS attacks are difficult to control and stop since such a vast distribution of attacking systems makes it very difficult to detect where the actual attacking party is from. Additionally, DOS attacks are limited to a smaller scale while DDOS can execute an attack of disruptive scale.
In terms of threat level, DOS is considered low level of threat whereas DDOS is considered medium to high threat level, as these can be used to do some serious damage to networks and end systems. Infact, Malware (like botnet) is typically related to DDOS based attacks while DOS is not related to malware based attacks. And finally, we can say that DOS assaults are easier to operate and manage as compared to DDOS which are complex to manage and operate on.
The above discussed points of comparison between DOS and DDOS have been encapsulated into below given table in a structured format –
What is the default space threshold for vSphere Storage DRS?
What VMware technology can be used to move physical servers to the vSphere infrastructure?
Which is the correct order for upgrading vSphere components (VMware Tools, Virtual Machine hardware, ESXi hosts, vCenter Server)?
What is the purpose of VMware Tools?
What are the roles of a master host in vSphere HA?
How is a Master host elected in vSphere HA environment?
What is location of general vCenter Server logs on a vCenter Server Appliance?
What availability mode does vCenter HA provide?
What is Raw Device Mapping (RDM)?
What is datastore?
Describe Virtual Disk Thin Provisioning?
What is VMware DRS and how does it works?
Which command can be run to troubleshoot connectivity problems with VMkernel network interfaces?
Regarding CPUs, what is key requirement to enable EVC in vSphere DRS cluster?
What is cold migration and hot migration?
How VMware Fault Tolerance works?
Why are snapshots significant in VMware?
Refer the following exhibit. Which column represent average device latency per command in milliseconds?
Refer the following exhibit –Resource Pool RP-KID is configured with an expandable reservation and VMs have reservations. If VM-M1, VM-M2, and VM-K1 are all powered on what happens when we tried to power on VM-K2?
Refer the following exhibit of NSX ManageWhat is the function of Negate Source check box?
Which NSX component can validate that security policies at your organization are being enforced correctly?
Which port is used for NSX REST API Requests?
What is the purpose of a DHCP Relay Agent in an NSX Edge configuration?
Refer the following exhibit with three standalone ESXi hosts Which VMware component is missing in order to support VMware DRS?
NIC stands for Network Interface Controller. It is is also known as network interface card or we may call it network adapter, Physical network interface, and some times LAN adapter.
Basically, it is computer hardware using which the computer is connected to the other computer networks. We can say that the NIC is a type of a middle man that will connect your computer to the other networks.
There are many kinds of network interface controller. Some of them connect using the USB whereas some of them can be connected in the PCI. It depends on the NIC card you are using.
The speed might also vary as per the NIC. The speed that is used can be as low as 10 Mbit/s or it can also go as high as 160 Gbit/s. Moreover, the network can be chosen from Ethernet, Wi-fi, FDDI, etc.
There are many kinds of NIC manufacturers such as Intel, Realtek, etc.
Why choose NIC?
There is always a query why we need the NIC card or the controller connected on the system. The network controller basically connects the physical layer of the OSI model to the data link layer using Wifi or the Ethernet. This means via the support of NIC card, we can connect your computer to another computer or the cloud storage using the Local Area Network. Moreover, if we want to access the cloud services and the data out there, we can also use the Internet Protocol (IP). Using IP, we access the internet.
The NIC comes as integrated part of computer system nowadays. However, many people also choose to purchase the NIC which is connected using the USB for more other interfaces. At times, USB network adapter is used by either networking employees or security professionals.
NIC physical access is done using the IEEE 802 or any other similar network. In the same way, the data is stored using the addressing system such as MAC. MAC addresses are the unique code or we can say address which you can find in the NIC. This address is used just in case something goes wrong and it is also used to identify the network and the computer from which the data is coming.
The performance of NIC card depends on type of NIC card we choose. Basically, 3 things will determine the overall performance of the NIC controller. These are –
Integration type: Whether the NIC you are using in integrated directly in the PCI or you have inserted it using the USB port.
Network type: Whether we are using the Wi-fi for the connection or Ethernet to connect. However, here the performance is not due to the NIC but due to the network type.
Manufacturer: Although, it is not an important part still the manufacturer matters when we are checking out the performance. We might see a slight performance change if we purchase the NIC of the unreputed company.
Gone are the days when the NIC were just used to provide a low-cost affordable solution to connect to the network. Nowadays, modern NIC also offers ability to easily transmit and also receive more data simultaneously. Moreover, the on-controller network also processes a TCP offload engine. The modern connection also includes the ATM and fiber channel as their supported network.
There are numerous connectivity options available for the modern network adapter. However, most of the people prefer the one that is integrated directly in the chipset or SoC and the other people who want more portable solution will choose to go with the USB. However, there are different other connectivity options also available.
ISP is the abbreviation for an Internet Service Provider. Typically, it is cable or Telephone Company that provides the user with internet service. ISPs use copper wires, satellites, fiber optics as well as other forms to enable their consumers to access the internet. The kind of access differs based on consumer preferences. Cable or DSL is the best types for use at home because they are affordable. Bandwidth determines the price for internet service. It is the amount of data that can pass through an internet connection at a given time. ISPs link with each other by forming a communication highway. The highway pushes extreme amounts of data to smaller cities, which then feed data to the neighborhoods and into our homes.
How does it work?
All computers that connect to the internet are part of a network. Whether using a dial-up connection or a local area network, there is an ISP company that provides you with internet service. When a user connects to an ISP, they become part of their system. The ISP then connects to a more extensive network and becomes part of their network. This series of network connections build up the internet. Though ISPs are commonly known for providing internet service, they also offer extra services such as remote storage of information files, email accounts, and basic web hosting. Some of these additional services have limited in terms of technical support and site development and thus are not recommendable for business.
Can I access the internet without an ISP?
It is impossible to connect to the internet without an ISP. When one connects to the internet all by themselves, then they become the internet service provider. Connecting to the internet individually requires one to acquire numbering resources from the right authority. Most of all you need to buy a bandwidth, which is very expensive. Thus, becoming your service provider is not rational unless it is for business purposes. However, there are various ways one can access the internet for free, for instance, open Wi-Fi networks.
Importance of ISP
The ISP serves as the road to the internet. It provides a direct connection from the firm’s network to the internet. Most modern business requires access to the internet and thus a service provider. The internet is an economical way of communication. ISPs act as the mediators between the user and internet by providing host sites for business.
Hypertext text transfer protocol abbreviated as HTTP is a set of policies for transferring files such as graphics, images, texts, videos, audios and other multimedia files on the internet. When a web user opens their browser, they make indirect use of HTTP. Typically, the HTTP is an applied protocol that operates on top of the foundation protocols such as the TCP or IP. HTTP has been an essential part of global web information since the 1990. The concept of HTTP is based on the idea that files should have references to other files whose selection will achieve further transfer requests.
How does it work?
Apart from the web page files, a web server also contains a program specially designed to receive and process HTTP requests as soon as they are obtained. This program is called the HTTP daemon. When a browser user clicks on a hypertext link or enters a file request by typing a URL, the browser creates an HTTP request and sends to the IP address identified as by the URL. Thus the web browser serves as a client of the HTTP. When the HTTP daemon in the recipient device receives a request, it sends it back with the files related.
Importance of HTTP
HTTP defines how messages are transferred and formatted, and the responses browsers and web servers should take in response to various commands. When a user enters a URL in their browser, the browser sends a command to the web server to obtain and broadcast the requested web page.
How we are very much sure that data which we are sending to our colleague has not been tampered with and arrives safely? How do we know that no one is sniffing the network and downloading sensitive data? We should be having some security mechanism in place to delivery data safely and securely. This can be achieved by Public Key Infrastructure (PKI), uses two keys (asymmetric encryption) to encrypt and decrypt the data to increase the security.
PKI is a framework/ guideline which different systems/ vendor/ technologies can interoperate and use to provide authentication and confidentiality in data transfer.
Let’s understand how public and private keys helps to secure the communication
As shown in the diagram PKI (Asymmetric encryption) uses two keys instead of one, these keys are known as public and private keys. This increases security but at the cost of speed. The keys are separate but mathematically related. Private key never leaves the original system whereas public key on the other hand is distributed to other systems and does not have to be protected. This way the sender uses the public key to encrypt the files and receiver decrypt the files using its private key.
Strength and Weakness of Asymmetric encryption –
Asymmetric Algorithms –
The most common asymmetric algorithms used are –
Diffie-Hellman (DH) Key Agreement: This algorithm does not rely on public and private keys for encryption. Instead it uses a mathematical function that helps generate a shared secret between two parties.
Rivest Shamir Adleman (RSA): An algorithm based on a series of modular multiplications that can be used for both encrypting and signing. You can control how secure this encryption is by using different key lengths. For instance you can use a 128 bit key or you can use a 256 bit key. Remember, longer keys (normally) result in a slower encryption and signing process but higher security.
Digital Signature Algorithm (DSA): This algorithm uses a series of calculations based on a selected prime number and it is only used for digital signing. The maximum key size used to be 1024 bits but longer key sizes are now supported
VPC (Virtual private Cloud) is an amazing offering by Amazon that enables customers to create their own logically isolated set of Amazon EC2 instances (AWS resources) defined for customer application workloads. So, we can say in simple words that a virtual private cloud (VPC) is a virtual network dedicated to your AWS account. Further, Security is given prime importance when AWS Cloud infrastructure is being shared with multiple customer contracts.
VPCs in AWS account are of 2 types –
Nondefault or Customer VPC
When customer launch resources in AWS account in a default VPC, they are benefited by buffet of networking functionalities of under EC2. Some of features under default VPC are –
Option to change security group membership almost instantly
Security group egress filtering
Multiple IP addresses
Multiple network interfaces without explicitly creating a VPC
Default VPC is a Virtual network which is automatically created for customer AWS account the very 1st time EC2 resources are provisioned. On the other hand, a nondefault (also called Customer VPC) is not automatically created when EC2 resources are provisioned and customer needs to create own VPC. Default VPC is automatically created by AWS system while customer/nondefault VPC needs to be manually configured by each customer and resources need to be provisioned. Whenever a new instance is launched, Default VPC is assigned when an instance is launched without allocating subnet.
Another key benefit of Default VPC is that access to Internet is available by default and default VPC has an internet gateway and public subnets with corresponding route table. This facility is not available by default in nondefault VPC. Infact Public IPv4 address are not assigned in nondefault VPC. In terms of numbers, only VPC is available per region while customer VPC are 5 by default in number for each region.
To make things more structured, it would be best to enumerate difference between Default VPC and nondefault VPC (customer VPC) in below table –