Doing Infrastucture-as-Code (IaC) with Ansible has given me a headache – so I’ve recently been playing around with Terraform as an alternative to Ansible for certain tasks that require Cloud IaaS interactions.
The goal of this blog post is to build an HA-VPN solution between GCP and an on-premises Cisco IOS-XE device (CSR) using Terraform. BGP will be established over the VPN in order to exchange routes dynamically. GCE compute instances will be deployed in GCP for testing connectivity over the VPN.
Let’s get started.
What is Digital Ceiling?
Looking back at the evolution of the network in the past decade, we see a constant trend of devices migrating to Ethernet, resulting in a migration to IP. IP telephony took off in 2005 and is now the de facto standard for any phone system. Coax-connected cameras migrated to IP surveillance in the late 2000s. Legacy building management systems using BACnet started migrating to low-voltage PoE systems in the early 2010s. Within the past year, we’ve seen a new trend of high-voltage systems like lighting start migrating towards low-voltage PoE, dubbed “Smart Lighting”. This move towards digitization makes sense on all fronts. It’s cheaper, scalable, extensible, can easily be managed and monitored, and opens the door for new experiences with intelligent buildings. (more…)
I’ve been in this situation a few times now, where I need to move a physical production UCS blade from one chassis to another. It can make you nervous, worried that your server won’t come back up properly after the relocation. What if the network configuration changes, what about storage, what about the OS?! Rest assured, this is quite an easy procedure. If you can bake a cake, you can relocate a UCS blade. (more…)
I’ve been keeping the very corner of my eye on Cisco’s IWAN and it’s rapid evolution in the realm of SD-WAN. At the recent Network Field Day event (NFD10), some light was shed on the application-centric aspects of IWAN under APIC-EM that I believe really sets it apart from some of the competing solutions out there. Sumanth Kakaraparthi, Principal Product Manager with Cisco, discussed the company’s approach to SD-WAN in a concise presentation to the NFD10 delegates and live viewers. Two key differences stand out to me – (more…)
No lie, this one took me a while to figure out. First, if you haven’t done so already, check out this article which clearly explains (with pictures!) how to accomplish this basic URL filtering without user awareness:
URL Filtering on a FireSIGHT System Configuration Example
If you only desire to filter based on something basic like networks, you’re all set. However, if you want to get more granular and start creating policies based on AD/LDAP group membership, this post is for you. I’ll go ahead and assume you already have the FirePOWER modules or appliances installed somewhere in your network and they’re being managed by FireSIGHT. Follow the steps below: (more…)
This page is simply to provide quick and dirty notes for performing standard packet captures on various Cisco devices. I use these fairly often and needed a place for quick reference. Always refer to vendor documentation for more detail. (more…)
Some quick template-style notes on deploying clustered ASAs running multiple context mode with transparent contexts. There are some well-documented guides and a few blog posts out there already detailing clustering and transparent-mode firewalls. The purpose of this post is just to dive in to configuration. You may run into some caveats depending on which feature you want to run simultaneously, please refer to the ASA General Operations CLI guide for particulars before deploying clustering. (more…)
Cisco Live US 2015, the largest networking conference in the world, is right around the corner, June 7th-11th in San Diego, CA. This year is promising to be ever larger, with more training sessions, bigger events, futurist keynotes, and a massive World of Solutions expo. But think about it – do you really want to go? Let us consider some reasons not to attend this year’s Cisco Live. (more…)
If I can do this, so can you! Some of you may be just starting out, some of you may be on the homestretch with a lab right around the corner. Either way, this post may have some interest to you. I’d like to share my story, how I prepared, what study methods worked best for me, how I picked myself back up after defeat, and what I did to prepare once more for ultimate victory. (more…)