BGP between ScreenOS and IOS
October 26, 2011
There are some times where using static routing on firewalls is simply not scalable… As long as the routing is inside a trusted network, I do not see any reason to avoid dynamic routing. Juniper devices (Junos and ScreenOS) can even use virtual routers to split the routing domain into several domains. In the example here below, we will only show how to build a BGP peering between a ScreenOS cluster and two Cisco routers.
ACE Stickyness
October 24, 2011
Load-balancers like ACE are used – as their name says – to balance traffic among several servers able to serve the same content. The easiest case is to load-balance web static content. In that particular case, when a client get a page composed of several objects (e.g. style sheets, images) it does not really matter which server is providing the different objects because each server has a local copy of the same content. So if the server farm is composed of four servers, it does not matter if server 1 is providing the html code, server 2 some images, server 3 the style sheet and server 4 nothing… It is completely transparent to the end user.
HA Load-balancing with IP Anycast
September 7, 2011
Nowadays, having a load-balancer in datacenters is more and more crucial not only to assure an easy scalability but also to assure high availability (HA). If properly configured, the load-balancer will be able to detect a failed application server, will remove it from its resource pool and will eventually reassign clients to other available servers. [Read more]
exp-Networks is IPv6 ready
April 23, 2011
Our website is IPv6 enabled and is registered to take part to the World IPv6 day. During that day major websites will offer their content over IPv6 for a 24-hour “test flight”.
You can test your IPv6 connectivity by checking the logo here above…
On our side, we’re assuring this website is still IPv6 reachable via the IPv6 Forum certification program:
Zone-based IOS firewall
February 21, 2011
Starting with IOS 12.4(6)T Cisco introduced the Zone-Based Policy Firewall in all the IOS with an advanced feature set. This new configuration model allows the router’s administrator to define security zones, assign interfaces to zones, apply security policies between zones as he would have done on a Juniper firewall or on a Cisco ASA.
With CBAC stateful inspection was done on interface level. Now with zone-based firewalls, the inspection is done based on zone pairs (source and destination zones).
Here is an over-simplified exemple [Read more]
Recent Comments