Header Navigation

Saturday, October 08, 2016

IPSec Configuration in NOKIA 7705-SAR8

Wikipedia says, "Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session."

For IPSec, the 7705 SAR-8 supports VPRN when 8-port Gigabit Ethernet Adapter card, version 3, When we use Nokia Router to running IPSec, we need to service instance (Maybe we can use VPRN-VPRN or VPRN-IES), one service for public network (sometimes naming as untrusted zone) and the other one is for private network (sometimes naming as trusted zone).

Thursday, September 01, 2016

Nokia-Juniper-Cisco Part- 3 - BGP-4 Routing Protocol Configuration

1. Overview

Border Gateway Protocol (BGP) is an inter-Autonomous System routing protocol – RFC 4271
Figure 1 - NJC BGP Part
This protocol provides reachability information to external network with enabling the exchange of routing information between AS’s to allow data flow between them. Routing information exchanged via BGP supports only the destination based forwarding paradigm, which assumes that a router forwards a packet based solely on the destination address carried in the IP header of the packet.
BGP using TCP port 179 as its transport protocol. The TCP connection is formed between two system, then exchange messages to open and confirm the connection parameters. The initial data flow is the portion of the BGP routing table that is allowed by the export policy, called the Adj-Ribs-Out. Incremental updates are sent as the routing tables change. BGP does not require a periodic refresh of the routing table.

Thursday, August 25, 2016

Interworking StrongSWAN IPSec with NOKIA 7750-SR Security Gateway

1. Overview

Secure connection is mandatory nowadays, almost each device provide security service ass additional to prevent threats or to create secure communication between endpoint. IP Security was defined in RFC 4301 and be standard for each vendor to implement in their device. However, inter-operability test must be done for assure the device can inter-working properly.

Wednesday, August 17, 2016

Spanning Tree Protocol between Cumulus VX and Cisco IOS

1. Overview

The spanning tree algorithm and protocol configure a simply connected active topology from the arbitrarily connected component of a Bridged LAN. - 802.1D - 1998

1.1 System Overview

Because the arbitrarily LAN topology can be trigger looping. With Spanning Tree Protocol (STP), make bridged LAN forward frame in some ports which are held in forwarding state and not through others which are held in blocking state. Port that are in Blocking state do not forward frames until active topology change i.e. Port be put in to forwarding state if components fail, are removed, or are added. 
Bridge that be center of calculation is known as Root Bridge. And this bridge has port that called designated port that has function to forward frame from LAN towards the root, and vice versa. The bridge that connected to this port called Designated Bridge and The ports on this bridge that are in forwarding state are the root port (if that closes to the root) and Designated port (if there any). Port that are not disabled and are neither Root Port nor designated ports do not forward frame onto the LANs to which they connected are called Alternate Port.
Figure 1 - Bridge Active Topology

Thursday, August 04, 2016

Deploy Open Network Operating System in CENTOS 7

Hi Everyone, I think it's time to change our perception with network. Nowadays, Network Operating System be Trend for simplest and faster service delivery. There is a lot of NOS were researched, deployed, tested, due to achieve the Network Automatization concept

ONOS, Open Network Operating System, is a newly released open-source SDN controller that is focused on service provider use-cases. Similar to OpenDaylight, the platform is written in Java and uses Karaf/OSGi for functionality management. - SDNHub.org

The Open Network Operating System (ONOS) is a software defined networking (SDN) OS for service providers that has scalability, high availability, high performance and abstractions to make it easy to create apps and services. The platform is based on a solid architecture and has quickly matured to be feature rich and production ready. The community has grown to include over 50 partners and collaborators that contribute to all aspects of the project including interesting use cases such as CORD. - onosproject.org