Ads 468x60px

18 October 2021

Nokia Nuage SDN

When someone asks you what SDN is and what the benefits are, sometimes we don’t know what to reply. However, we know how to design a network architecture and we know what devices we have to buy for the customer’s request but, actually, we don’t know sometimes we are deploying an SDN solution. For instance, when a customer with several internet links wants all VoIP traffic use only one link and another one for backup, and the rest of the traffic use another internet link, we know they need an SD-WAN solution, which is actually an SDN solution.

At the beginning of WAN networks, if you wanted a private network between an office and the datacenter, or between two offices, you had to buy a leased line, which was really expensive. Later on, frame relay allowed us to share the same physical network for several customers. Therefore, it was cheaper. Today, IP/MPLS networks are like frame relay but it also allows us better QoS for applications. However, I think SD-WANs are the networks of the future because they are transport independent and we can manage and control the whole network from a centralized perspective.

WAN networks evolution

Nokia Nuage is one of the SD-WAN solutions based on SDN. This solution has mainly four components. The Virtualized Services Directory or VSD is the management console where network administrators are going to design the architecture and they are going to define the network policies. The Virtualized Services Controller or VSC has the network control plane and all branches’ configurations are stored in this device. The Network Service Gateway or NSG is the edge router where the data plane takes place. Finally, the Elastic Search or ES component is a database which is used by VSD to show network statistics.

Nuage Virtualized Network Services (VNS)

The Nokia Nuage is an SDN solution where we can see each component of an SDN architecture very well because data plane, control plane and management plane are each of them a component. The control plane (VSC) and the management plane (VSD) are usually deployed in high availability, thus, a load balancer is needed. In addition, we could install NSG-UBRs to breakout traffic to another network. For example, we can configure a backup private network through the Internet when the main IP/MPLS network fails.

Nuage VNS standard deployment architecture

Finally, if you are going to configure and deploy a Nokia Nuage SD-WAN solution, you have to know how to configure the network topology. First of all, we have to configure an Enterprise, which is a tenant or end user and they are isolated from each other. The Domain is a layer 3 instance, like a VPRN or VRF, and they are also isolated from other domains, although shared domains with route leaking is possible. A Subnet is a layer 2 instance, like VPLS. A Zone is an administrative group of subnets, which shares the same policies. The last component is the Vport which is a virtual interface of a VM (virtual machine) or LAN side port+vlan.

Service abstractions

Regards my friends! What SD-WAN solution do you like?

11 October 2021

Juniper 128T Session Smart SD-WAN

I’ve installed and configured SD-WAN networks just for redundant Internet links where customers have more than one Internet link for high availability, thus, if the primary link is down, another one works as a backup link, or even it works as active/active link. I’ve configured this kind of service mainly with FortiGate devices because customers wanted NGFW and SD-WAN in the same box but I would like to write today about Juniper 128T which is a revolutionary SD-WAN solution with Session Smart Routing.

First of all, I would like to tell you who is 128T. This is a U.S. company acquired by Juniper last year which has sold mainly SD-WAN solutions in the US. For instance, they have deployed SD-WAN in the U.S. DoD where performance and security is really important. Juniper wants to deploy this solution to the rest of the world as well as accelerate the industry evolution from the first generation SD-WAN technology that focuses on optimizing connections from branch-to-cloud to a modern AI-driven network that optimizes user experiences from client-to-cloud.

128 Session Smart

There are four business benefits I would like to tell you. The first one is that SD-WAN works without tunnels which I think is really powerful and revolutionary because there is no overhead and increases the network performance. The second one is the adaptative encryption technology which is very interesting because we can encrypt all traffic or only the one that is not encrypted. The third benefit is that it is software based, thus, we can install 128T wherever we want. Finally, the fourth benefit is the session awareness where there is a forwarding table with source addresses to route traffic from clients properly.

Business Benefits

There are many reasons why 128T is replacing Cisco, Silver Peak or Citrix solutions. Money is one of them because an architecture without tunnels reduces 75% in infrastructure costs and 30-50% in bandwidth costs because we can install 128T in any server and there is no traffic overhead. In addition, 128T scales rapidly and easily to lots of edges thanks to the tunnel-less architecture while other vendors require hard work to deploy new branches and services. However, there are many other reasons we could comment on.

Session Smart Routing

The Secure Vector Routing is revolutionary because routers send the first packet with a metadata, where the original addresses are inserted, and next packets are sent without this metadata because it is no needed due to the fact that there is already a session table to know how to translate addresses. Therefore, there is an important traffic saving with no overhead.

Secure Vector Routing

To sum up, Juniper 128T is revolutionary in SD-WAN networks because it is a tunnel-less architecture and it is an alternative to encapsulation with IPSec and/or IPSec + VxLAN, GRE or MPLS. As a result, there is an important saving traffic and money.

Regards my friends! What SD-WAN solution are you deploying?

4 October 2021

Best Cybersecurity Practices

I knew almost nothing about cybersecurity when I finished University twelve years ago. However, I started working at Ariadnex where I’ve been working for lots of projects till now. I’ve been installing lots of security systems such as firewall, IPS, antivirus, vulnerability scanners, antispam, etc. In addition, Ariadnex was certified in ISO 27001 & ISO 20000, and I was working on it. Therefore, I’ve been working last days in a speech for the FAROTIC project where a training about best cybersecurity practices has been carried out.

When I have to speak about best cybersecurity practices, I always like to speak about ISO 27001 because we have 114 security controls, which are really interesting, in this international standard. The first group is about information security policies. It’s really important. However, most companies don’t have any security policy. Organization of information security is another group which should be taken into account. For instance, companies should force segregation of duties to reduce the opportunities for unauthorised modification.

When we speak about best cybersecurity practices, the human resource security is also a best practice because companies should ensure that all employees are qualified for the job as well as employees understand their roles and responsabilities. Asset management and access control are also two best practices but I think both are increasingly known by most companies. Most of us have an asset inventory and users have the minimum privileges.

Encryption is well known by most employees. They know it is a requirement for sending and receiving information on the net but they forget saving their passwords in a secure way with a password manager. Physical and environmental security is also well known by most companies. We are used to seeing guards at the doors and rooms locked. However, operations security is very important and there are still companies who forget to schedule backups.

I don’t understand how there are companies that they don’t have any VLAN on the network. There is no communications security. There are also lots of companies without a policy for system acquisition, development and maintenance. However, this is usual for companies who has almost no security controls. What’s more, supplier relationships is another group of security controls that few companies take into account.

All of these are some groups of security controls, although we should also add incident management, business continuity and compliance, that companies should take into account for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Maybe, it seems 114 security controls are too many but it’s important to start small, but most of all, start.

Regards my friends! What kind of best cybersecurity practices are you applying.

Related Posts Plugin for WordPress, Blogger...

Entradas populares