Category Archives: Computer Virtualization

MPLS VPN – option C – using bgp label exchange with cisco and Junos -part 1

It has been a while since I have done any labs after getting a new job. This time, I will be building a NNI option C using both Cisco IOS and Juniper MX. The reason I write this is because I do not find many resources on the internet about the inter AS connection using 2 different software at the same time. Hope this can be useful for anyone who is having the same struggle as i do.
(the AS# below are randomly picked!!)
lab-testing-mpls
Based on the lab diagram (dont feel like copping it up), as the internal VPN service is already running and the intra AS is running OSPF and LDP for MPLS, I will be connecting AS5052 (the green aren in middle) and AS7077 (the orange area at the bottom) together over NNIs to extend the MPLS VPN services.
Continue reading

Cisco ASA – Site to Site IPSec VPN with dynamic IP address

Setting up a policy based site to site IPSec VPN tunnel with static IP address is quite stright forward in Cisco ASA, but what if one of the end point is using dymanic IP address?
In this lab, I will be using 2 virtual ASA (9.6(2)) to create a site to site IPSec VPN tunnel, as well as setting up Cisco VPN client in one of the ASA with static IP address.
The ASA-F14 is the one with static IP address, and the ASA-F16 is using dynamic IP address.
20161221-mpls-2vrfs
Continue reading

Cisco ASA – simple 1 to 1 NAT and firewall policy setup

For those who had been working with Cisco routers, setting up a Cisco ASA stateful policy is as simple as setting up an ACL.  By default, ASA would drop any TCP connection that doesn’t have a session record created with a sync packet. In that case user doesn’t require to a setup ACL for return traffic like working with routers.
In this example, we have 192.168.104.250/32 as the server in the DMZ and have the have NAT 1 to 1 incoming traffic mapping applied to allow internet user accessing the http service only.
The IP address of the firewall is 10.50.2.10/29, and we will assign the mapping of the server to another external IP address of 10.50.2.11
20161215-vasa-lab-nat Continue reading

Traffic Engineering – MPLS

This time we will handle the basic traffic engineering within a MPLS network. This technique allows network admin to manipulate the traffic and fully utilize the subscribed bandwidth or circuits.
Traffic engineering within a MPLS network can be more accurate and convenience than in a typical TCP/IP network, because TE are happened at the MPLS level only, which would not affect the base of the whole network topology. If manipulate traffic at the IP level, everything running on top of IP level will be affected.
The network topology for this testing is listed below.
20160123-00-topo
Continue reading

Playing with Multicast – Part 2.

The part 1 of multicast was simply doing the streaming within a local area network. This time, I will put my multicast lab to a level higher and put a router between the sender and receiver.
The test bed for this time will involve a simple routings. Please refer to the topology below.
To keep the multicast lab simple, it will be running on Sparse mode and using static RP instead of dynamic.
TOPOLOGY:
Mcast_topo_with_1_router
Components:
1x Ubuntus as sender
1x Windows XP as receiver.
1x Junos router Continue reading