Posts

Showing posts from January, 2018

My 100Gb Spine

Image
As a sort of engineering art form, no two computer network designs are ever really exactly alike, and in that spirit of variety today I’m going to play some designer make-believe. I’m going to focus on building a new high capacity, high performance and future-proofed IP underlay that should hopefully satisfy even the most performance-demanding customer applications.

For that I’m going to build a leaf-spine fabric to support an at-maximum 2:1 over subscription ratio, for it to be able to support both 10Gb and 25Gb node connectivity and all without breaking the bank on capex or power+cooling costs. These imaginary business requirements include a scale goal for connecting 1,700 1RU nodes day one, and with a business stretch goal of 5,000 before ever needing to think about a redesign.

Given that info we should be good to start dreaming and digging through some vendor data sheets. So let’s go shopping!
The Spine
Cisco Nexus 9236C

I primarily chose this switch because of it's incredible…

Configuring Cisco ASA for Route-Based VPN

Image
Here I'll attempt to give an overview of Cisco ASA's implementation of the static virtual tunnel interface (aka "SVTI", or "VTI" for short), also known more simply as "route-based VPN", and how to configure it on Cisco ASA firewalls.

Some benefits of using VTI is it that does away with the painful requirement of configuring all of those joyless static crypto map access-lists, meaning you no longer have to manually maintain all possible local-to-remote prefix security associations. IPSec VPN deployments ultimately become easier and with BGP you also satisfy HA requirements to public cloud connectors such as AWS and GCP.
Guidelines Below are a snapshot of guidelines for using SVTI specific to the ASA platform (keep in mind that SVTI is not ASA or even Cisco-specific technology, each device will have a different implementation):
You can use dynamic or static routes for traffic over the tunnel interface The MTU for VTIs is automatically set, accordin…