Posts

AWS Transit Gateways

Image
Transit Gateways are a new introduction within AWS architecture to connect different VPCs together to achieve a more controlled routing behavior. This was earlier being achieved by Transit VPC AWS architecture. Transit gateway is a regional object and can be understood as a centralized router to which different VPCs connect. AWS IAM can be used to allow access to users to a Transit Gateway. Presently at the time of writing this article, Maximum of  5000 Attachments are supported per Transit Gateway. Maximum of 5 Transit Gateway attachments are supported per VPC Following components are required to establish a Transit Gateway: ASN (Autonomous System Number) This is required to ensure routing between different AS number. Transit Gateway Attachments There are different ways to connect a VPC or an On-Premise devices to a Transit Gateway. These are called Attachments. There are 2 types of attachments: VPC Attachment VPCs can be attached t
Post a Comment
Read more

Traffic flow within NSX

Image
Below article details the traffic flow that happens within NSX Host preparation process during NSX installation creates the VXLAN (netcpa) and firewall (vsfwd) capabilities within every host or cluster. Thus every host gets ready to operate NSX attributes. Transport Zone are considered as the boundary of the VXLANs or the logical switches. Whenever a logical switch is created it is attached to a Transport Zone (Global or Universal). Since the hosts or the clusters are VXLAN ready thus they communicate with NSX Controllers through User World Agent (UWA) process that operates via netcpa services. NSX Controllers are privotal in NSX architecture and are part of control plane of NSX architecture as they build and retain VTEP table, MAC table and ARP table for every VNI or VXLAN. In case any host that is not having any of these information first contacts NSX Controllers to gain respective destination MAC/IP details. NSX Controllers on the other hand build these tables (VTEP tabl
Post a Comment
Read more

NAT Instances & NAT Gateways

Image
NAT Instances & NAT Gateway NAT Instances & NAT Gateways are used to provide internet to Private Subnet instances. NAT Instances are similar to the EC2 Instances except that they are used for NAT predominantly. These are Amazon provided Amazon Linux AMIs configured to be used as NAT Instances. These are created in the Public Subnet to provide internet connectivity for instances in Private Subnet thus it is important to have the right route tables associated with the Private Subnets updated to point the internet routes towards these. Since these are internet instances so they are to be linked with the Security Groups just like any other EC2 instances to allow traffic towards these instances. Each EC2 instances perform Source/Destination checks by default i.e. the EC2 instance must be either the source or destination of the traffic flows it sends or receive. For NAT instance this needs to be disabled as NAT instance will not be source or destination but will only be per
Post a Comment
Read more

DHCP Overview

Image
Dynamic Host Configuration Protocol As the name suggests this protocol is used to dynamically assign the IP address, DNS, Default gateway and other intended parameters to the requesting client. DHCP Servers are configured with scope or pool of IP addresses. We can set up IP exclusions for ip addresses which we do not want to be scoped or assigned dynamically. MAC based reservations are also possible which reserve an IP address to a particular machine even when it gets assigned dynamically. Other attributes like DNS, Default gateway can be included in the DHCP messages under OPTIONS. Default gateway as Option 3. DNS server is included as Option 6, Lease time as to how long a machine can use the IP address assigned under Option 51 The client sends an initial broadcasts in the network in the form of a  Discovery  message requesting for its IP addresses and other details. The DHCP server in the network responds to the client by sending an  Offer  message. The  Offer  message con
Post a Comment
Read more

Wireless Classification Types

Image
Classification Types Based on Distance  Wireless Personal Area Network (WPAN) Personal Area Network is usually defined as anything at one arm distance from a person. It extends upto 30feet / 10m. Applications such as Infra red, Bluetooth, Passive RFIDs are generally considered in this. Wireless Local Area Network (WLAN) Extending PAN by 10 times approx. makes it within the boundaries of LAN thereby defining its range upto 300 feet / 100m. Cordless phones and Zigbees are its typical examples. Wireless Metropolitan Area Network (WMAN) There is no specific range defined for this but it generally extends to few kms/miles. Cellular, WiMAX are few of its examples. Wireless Wide Area Network (WWAN) This exists beyond a country or nation or entire world. It is generally extended to several hundreds/thousand miles/km. Typical examples include Satellite communication, long range cellular communications.  2.  Based on Modes Peer to peer  / Adhoc mode
Post a Comment
Read more

AWS VPC Overview

Image
Virtual Private Cloud VPC   or  Virtual Private Cloud  as the name exemplifies is the private cloud which can be built on AWS. It comprises of: Subnet:  Subnet are smaller subnets within VPCs where in EC2 instances reside and are associated with a  Route Table . Route Table : These are tables which carries the next hop details for reaching a subnet. Main Route Table :   Route Table  by default. If a subnet is not associated with any  Route Table  it gets associated with  Main Route Table . Access Control List :  These are stateless and are defined at the subnet. These are defined to allow or deny a particular subnet/IP addresss from reaching the associated Subnet. These are to be defined bothways. Security Group :  These are stateful and are applied on every instance to permit or block the flows/subnets/IP addresses. Internet Gateway :  These are gateways which are applied to a VPC to allow connectivity towards internet. NAT gateway :  For private subnets to access interne
Post a Comment
Read more

BUM traffic flow in ACI

Image
BUM traffic flow in ACI (Single Pod) Below article details the insights on the BUM traffic flow within ACI. The article is based on the assumption that reader is aware of the ACI basic terminology. Cisco ACI as understood uses the hardware VTEP Leaf/Spine architecture. Both Leaf and Spine are allocated the VTEP address assigned dynamically from the pool provided in the APIC configuration. ACI works efficiently in a way to reduce the flooding within the ACI fabric. The bridge domain is defined as the broadcast domain within the  ACI architecture. There can exist different EPGs within the same bridge domain. The EPGs within the same bridge domain can be associated with different VLANs. Thus inspite of being in different VLANs the EPGs associated in the same bridge domain are bound to experience flood traffic within the same Bridge domain unlike to the traditional architecture where every VLAN is a different broadcast domain. ACI works on the concept of no un
Post a Comment
Read more