Basic Datacenter Design with Redundancy (Colocation Datacenter)

-
The very basic thing that an organization expects while designing its network is maximum uptime, and this maximum uptime can only be achieved when there is redundancy in the network. So in this article, we'll design a network for a company hosted in a datacenter with redundant devices and links.
NOTE: The configuration of devices in this article does not include configuration for securing the control-plane of core or aggregation routers.

Full Network topology:
Topology of Part of Datacenter


Focused view on a specific customer:
Focused view on a specific customer


Download the Network Lab from here:

Datacenter with redundancy.7z

In the scenario, we (As the Service Provider) own network subnet of 192.168.200.0/24 and 172.16.0.0/24. Whereas the network subnet 192.0.2.1 is owned by the customer itself.
We are connected with the two different Internet Service Providers using eBGP. We are also exchanging routes with Internet Exchange Point, where one of our router is placed in their premises and connected to them using eBGP session.
In the setup, we are running OSPF to advertise uplink prefixes and Loopback IP addresses, while BGP is being used to advertise Customers' prefixes as well as the prefixes owned by Datacenter
In this article, the complete configuration of the different devices in the Network is displayed, and the explanation of the configurations can be found below the configuration of each device.



Configuration


 Core-1
hostname Core-2
!
interface Loopback0
 description ## For MGMT and BGP peering ##
 ip address 192.168.200.201 255.255.255.255
 ip ospf 1 area 0.0.0.0
!
interface FastEthernet0/0
 description ## Distribution-1 Fa0/0 ##
 ip address 192.168.200.5 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description ## Distribution-2 Fa0/1 ##
 ip address 192.168.200.17 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description ## Core-2 Fa1/0 ##
 no switchport
 ip address 192.168.200.1 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.0
!
interface FastEthernet1/1
 description ## XPoint Fa0/0 ##
 no switchport
 ip address 192.168.200.25 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.0
!
interface FastEthernet1/15
 description ## ISP-1 ##
 no switchport
 ip address 203.0.113.2 255.255.255.252
 ip ospf 1 area 0.0.0.0
 duplex full
 speed 100
!
interface Vlan1
 no ip address
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 0.0.0.0 authentication message-digest
 area 0.0.0.10 authentication message-digest
 passive-interface FastEthernet1/15
!
router bgp 64496
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 192.168.200.202 remote-as 64496
 neighbor 192.168.200.202 description ## Core-2 ##
 neighbor 192.168.200.202 update-source Loopback0
 neighbor 192.168.200.203 remote-as 64496
 neighbor 192.168.200.203 description ## Distribution-1 ##
 neighbor 192.168.200.203 update-source Loopback0
 neighbor 192.168.200.204 remote-as 64496
 neighbor 192.168.200.204 description ## Distribution-2 ##
 neighbor 192.168.200.204 update-source Loopback0
 neighbor 192.168.200.205 remote-as 64496
 neighbor 192.168.200.205 description ## XPoint ##
 neighbor 192.168.200.205 update-source Loopback0
 neighbor 203.0.113.1 remote-as 64510
 neighbor 203.0.113.1 description ## ISP-1 ##
 !
 address-family ipv4
  neighbor 192.168.200.202 activate
  neighbor 192.168.200.203 activate
  neighbor 192.168.200.203 route-map DISTRIBUTION-out out
  neighbor 192.168.200.204 activate
  neighbor 192.168.200.204 route-map DISTRIBUTION-out out
  neighbor 192.168.200.205 activate
  neighbor 192.168.200.205 route-map IXP-in in
  neighbor 192.168.200.205 route-map IXP-out out
  neighbor 203.0.113.1 activate
  neighbor 203.0.113.1 soft-reconfiguration inbound
  neighbor 203.0.113.1 route-map ISP1-in in
  neighbor 203.0.113.1 route-map ISP1-out out
  no auto-summary
  no synchronization
  network 172.16.0.0 mask 255.255.255.0
  network 192.168.200.0
 exit-address-family
!
ip route 172.16.0.0 255.255.255.0 Null0 254
ip route 192.168.200.0 255.255.255.0 Null0 254
!
ip as-path access-list 10 permit ^64510$
!
ip prefix-list ISP-1-default-route seq 5 permit 0.0.0.0/0
!
ip prefix-list NetworkGalaxy-prefix seq 5 permit 172.16.0.0/24
ip prefix-list NetworkGalaxy-prefix seq 10 permit 192.0.2.0/24
ip prefix-list NetworkGalaxy-prefix seq 15 permit 192.168.200.0/24
!
ip prefix-list PREFIX-IXP-in seq 5 permit 0.0.0.0/0 le 24
!
route-map IXP-out permit 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map ISP1-out permit 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map ISP1-in permit 5
 match ip address prefix-list ISP-1-default-route
 set local-preference 250
!
route-map ISP1-in deny 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map ISP1-in permit 100
 match as-path 10
!
route-map DISTRIBUTION-out permit 10
 match ip address prefix-list ISP-1-default-route
!
route-map IXP-in permit 999
 match ip address prefix-list prefix-IXP-in
In the above configuration, we are running OSPF

Core-2
hostname Core-2
!
interface Loopback0
 description ## For MGMT and BGP peering ##
 ip address 192.168.200.202 255.255.255.255
 ip ospf 1 area 0.0.0.0
!
interface FastEthernet0/0
 description ## Distribution-2 Fa 0/0 ##
 ip address 192.168.200.9 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description ## Distribution-1 Fa 0/1 ##
 ip address 192.168.200.13 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description ## Core-1 Fa 1/1 ##
 no switchport
 ip address 192.168.200.2 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.0
!
interface FastEthernet1/1
 description ## XPoint Fa0/1 ##
 no switchport
 ip address 192.168.200.29 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.0
!
interface FastEthernet1/15
 description ## ISP-2 ##
 no switchport
 ip address 198.51.100.2 255.255.255.252
 ip ospf 1 area 0.0.0.0
 duplex full
 speed 100
!
interface Vlan1
 no ip address
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 area 0.0.0.0 authentication message-digest
 area 0.0.0.10 authentication message-digest
 passive-interface FastEthernet1/15
!
router bgp 64496
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 192.168.200.201 remote-as 64496
 neighbor 192.168.200.201 description ## Core-1 ##
 neighbor 192.168.200.201 update-source Loopback0
 neighbor 192.168.200.203 remote-as 64496
 neighbor 192.168.200.203 description ## Distribution-1 ##
 neighbor 192.168.200.203 update-source Loopback0
 neighbor 192.168.200.204 remote-as 64496
 neighbor 192.168.200.204 description ## Distribution-2 ##
 neighbor 192.168.200.204 update-source Loopback0
 neighbor 192.168.200.205 remote-as 64496
 neighbor 192.168.200.205 description ## XPoint ##
 neighbor 192.168.200.205 update-source Loopback0
 neighbor 198.51.100.1 remote-as 64509
 neighbor 198.51.100.1 description ## ISP-2 ##
 !
 address-family ipv4
  neighbor 192.168.200.201 activate
  neighbor 192.168.200.203 activate
  neighbor 192.168.200.203 route-map DISTRIBUTION-out out
  neighbor 192.168.200.204 activate
  neighbor 192.168.200.204 route-map DISTRIBUTION-out out
  neighbor 192.168.200.205 activate
  neighbor 192.168.200.205 route-map IXP-in in
  neighbor 192.168.200.205 route-map IXP-out out
  neighbor 198.51.100.1 activate
  neighbor 198.51.100.1 soft-reconfiguration inbound
  neighbor 198.51.100.1 route-map ISP2-in in
  neighbor 198.51.100.1 route-map ISP2-out out
  no auto-summary
  no synchronization
  network 172.16.0.0 mask 255.255.255.0
  network 192.168.200.0
 exit-address-family
!
ip route 172.16.0.0 255.255.255.0 Null0 254
ip route 192.168.200.0 255.255.255.0 Null0 254
!
ip as-path access-list 10 permit ^64509$
!
ip prefix-list ISP-2-default-route seq 5 permit 0.0.0.0/0
!
ip prefix-list NetworkGalaxy-prefix seq 5 permit 172.16.0.0/24
ip prefix-list NetworkGalaxy-prefix seq 10 permit 192.0.2.0/24
ip prefix-list NetworkGalaxy-prefix seq 15 permit 192.168.200.0/24
!
ip prefix-list PREFIX-IXP-in seq 5 permit 0.0.0.0/0 le 24
!
route-map IXP-out permit 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map ISP2-out permit 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map ISP2-in permit 5
 match ip address prefix-list ISP-2-default-route
 set local-preference 200
!
route-map ISP2-in deny 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map ISP2-in permit 100
 match as-path 10
!
route-map DISTRIBUTION-out permit 10
 match ip address prefix-list ISP-1-default-route
!
route-map IXP-in permit 999
 match ip address prefix-list PREFIX-IXP-in prefix-IXP-in


IXP-RTR
hostname XPoint
!
interface Loopback0
 description ## For MGMT and BGP peering ##
 ip address 192.168.200.205 255.255.255.255
 ip ospf 1 area 0.0.0.0
!
interface FastEthernet0/0
 ip address 192.168.200.26 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.200.30 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.0
 speed 100
 full-duplex
!
interface FastEthernet1/0
 description ## Xchange Point RTR ##
 ip address 192.88.99.1 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.0
 duplex auto
 speed auto
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 area 0.0.0.0 authentication message-digest
 passive-interface FastEthernet1/0
!
router bgp 64496
 bgp router-id 5.5.5.5
 bgp log-neighbor-changes
 neighbor 192.88.99.2 remote-as 64505
 neighbor 192.88.99.2 description ## IXP ##
 neighbor 192.168.200.201 remote-as 64496
 neighbor 192.168.200.201 description ## Core-1 ##
 neighbor 192.168.200.201 update-source Loopback0
 neighbor 192.168.200.202 remote-as 64496
 neighbor 192.168.200.202 description ## Core-2 ##
 neighbor 192.168.200.202 update-source Loopback0
 neighbor 192.168.200.203 remote-as 64496
 neighbor 192.168.200.203 description ## Distribution-1 ##
 neighbor 192.168.200.203 update-source Loopback0
 neighbor 192.168.200.204 remote-as 64496
 neighbor 192.168.200.204 description ## Distribution-2 ##
 neighbor 192.168.200.204 update-source Loopback0
 !
 address-family ipv4
  neighbor 192.88.99.2 activate
  neighbor 192.88.99.2 soft-reconfiguration inbound
  neighbor 192.88.99.2 route-map IXP-in in
  neighbor 192.88.99.2 route-map IXP-out out
  neighbor 192.168.200.201 activate
  neighbor 192.168.200.202 activate
  neighbor 192.168.200.203 activate
  neighbor 192.168.200.203 route-map Distribution-out out
  neighbor 192.168.200.204 activate
  neighbor 192.168.200.204 route-map Distribution-out out
  no auto-summary
  no synchronization
 exit-address-family
!
ip prefix-list NetworkGalaxy-prefix seq 5 permit 172.16.0.0/24
ip prefix-list NetworkGalaxy-prefix seq 10 permit 192.0.2.0/24
ip prefix-list NetworkGalaxy-prefix seq 15 permit 192.168.200.0/24
!
ip prefix-list prefix-Distribution-out seq 5 deny 0.0.0.0/0 le 32
!
ip prefix-list prefix-IXP-in seq 5 permit 0.0.0.0/0 le 24
!
route-map IXP-out permit 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map IXP-in deny 10
 match ip address prefix-list NetworkGalaxy-prefix
!
route-map IXP-in permit 90
 match ip address prefix-list prefix-IXP-in
!
route-map Distribution-out permit 10
 match ip address prefix-list prefix-Distribution-out


Distribution-1
 hostname Distribution-1
!
interface Loopback0
 description ## For MGMT and BGP peering ##
 ip address 192.168.200.203 255.255.255.255
 ip ospf 1 area 0.0.0.10
!
interface FastEthernet0/0
 description ## Core-1 Fa0/0 ##
 ip address 192.168.200.6 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description ## Core-2 Fa0/1 ##
 ip address 192.168.200.14 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description ## To Client-1 setup ##
 switchport access vlan 101
!
interface FastEthernet1/15
 description ## L2 Trunk between Distribution-1 and Distribution-2 ##
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan101
 description ## To client-1 setup ##
 ip address 172.16.0.2 255.255.255.248
 standby 101 ip 172.16.0.1
 standby 101 priority 150
 standby 101 preempt
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 area 0.0.0.10 authentication message-digest
!
router bgp 64496
 bgp router-id 11.11.11.11
 bgp log-neighbor-changes
 neighbor 192.168.200.201 remote-as 64496
 neighbor 192.168.200.201 description ## Core-1 ##
 neighbor 192.168.200.201 update-source Loopback0
 neighbor 192.168.200.202 remote-as 64496
 neighbor 192.168.200.202 description ## Core-2 ##
 neighbor 192.168.200.202 update-source Loopback0
 neighbor 192.168.200.205 remote-as 64496
 neighbor 192.168.200.205 description ## XPoint ##
 neighbor 192.168.200.205 update-source Loopback0
 !
 address-family ipv4
  redistribute connected
  redistribute static
  neighbor 192.168.200.201 activate
  neighbor 192.168.200.201 route-map Core-1 in
  neighbor 192.168.200.202 activate
  neighbor 192.168.200.202 route-map Core-2 in
  neighbor 192.168.200.205 activate
  neighbor 192.168.200.205 route-map XPoint-in in
  neighbor 192.168.200.205 route-map XPoint-out out
  no auto-summary
  no synchronization
 exit-address-family
!
ip forward-protocol nd
ip route 192.0.2.0 255.255.255.0 172.16.0.4 name ##_Client-1_Vlan101_##
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list default-in seq 5 permit 0.0.0.0/0
!
ip prefix-list prefix-XPoint-in seq 5 deny 0.0.0.0/0 le 32
mac-address-table static 0000.0c07.ac65 interface FastEthernet1/15 vlan 101
!
route-map Core-2 permit 10
 match ip address prefix-list default-in
!
route-map Core-1 permit 10
 match ip address prefix-list default-in
!
route-map XPoint-in permit 10
 match ip address prefix-list prefix-XPoint-in
!
route-map XPoint-out permit 10


Distribution-2
hostname Distribution-2
!
interface Loopback0
 description ## For MGMT and BGP peering ##
 ip address 192.168.200.204 255.255.255.255
 ip ospf 1 area 0.0.0.10
!
interface FastEthernet0/0
 description ## Core-2 Fa0/0 ##
 ip address 192.168.200.10 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description ## Core-1 Fa0/1 ##
 ip address 192.168.200.18 255.255.255.252
 ip ospf message-digest-key 1 md5 cisco
 ip ospf 1 area 0.0.0.10
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description ## To Client-1 setup ##
 switchport access vlan 101
!
interface FastEthernet1/15
 description ## L2 Trunk between Distribution-2 and Distribution-1 ##
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan101
 description ## To Client-1 setup ##
 ip address 172.16.0.3 255.255.255.248
 standby 101 ip 172.16.0.1
!
router ospf 1
 router-id 12.12.12.12
 log-adjacency-changes
 area 10 authentication message-digest
 network 192.168.200.10 0.0.0.0 area 10
 network 192.168.200.18 0.0.0.0 area 10
 network 192.168.200.22 0.0.0.0 area 10
 network 192.168.200.204 0.0.0.0 area 10
!
router bgp 64496
 bgp router-id 12.12.12.12
 bgp log-neighbor-changes
 neighbor 192.168.200.201 remote-as 64496
 neighbor 192.168.200.201 description ## Core-1 ##
 neighbor 192.168.200.201 update-source Loopback0
 neighbor 192.168.200.202 remote-as 64496
 neighbor 192.168.200.202 description ## Core-2 ##
 neighbor 192.168.200.202 update-source Loopback0
 neighbor 192.168.200.205 remote-as 64496
 neighbor 192.168.200.205 description ## XPoint ##
 neighbor 192.168.200.205 update-source Loopback0
 !
 address-family ipv4
  redistribute connected
  redistribute static
  neighbor 192.168.200.201 activate
  neighbor 192.168.200.201 route-map Core-1 in
  neighbor 192.168.200.202 activate
  neighbor 192.168.200.202 route-map Core-2 in
  neighbor 192.168.200.205 activate
  neighbor 192.168.200.205 route-map XPoint-in in
  neighbor 192.168.200.205 route-map XPoint-out out
  no auto-summary
  no synchronization
 exit-address-family
!
ip route 192.0.2.0 255.255.255.0 172.16.0.4 name ##_Client-1_Vlan101_##
!
ip prefix-list default-in seq 5 permit 0.0.0.0/0
!
ip prefix-list prefix-XPoint-in seq 5 deny 0.0.0.0/0 le 32
!
route-map Core-2 permit 10
 match ip address prefix-list default-in
!
route-map Core-1 permit 10
 match ip address prefix-list default-in
!
route-map XPoint-in permit 10
 match ip address prefix-list prefix-XPoint-in
!
route-map XPoint-out permit 10



Comments

Post a Comment

Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

-
Image
The Cisco AnyConnect Secure Mobility Solution provides a comprehensive, highly secure enterprise mobility solution. the Cisco AnyConnect Secure Mobility Solution continues to lead with next-generation security and encryption, including support for the Suite B set of cryptographic algorithms, and support for IPv6 networks. More importantly, it adapts its tunneling protocol to the most efficient method. In the present scenario, we have to configure Anyconnect SSL remote access VPN for Sales department and Engineering department of a company. Engineering users will have to be provided with access to web server as well as FTP server, while sales users may only have access to the web server.
Read more

Filtering Routes in BGP using Route-maps and Prefix-list

-
Image
Order of preference of attributes in BGP The order of preference varies based on whether the attributes are applied for inbound updates or outbound updates. For inbound updates the order of preference is:     route-map     filter-list     prefix-list, distribute-list For outbound updates the order of preference is:     prefix-list, distribute-list     filter-list     route-map NOTE: The attributes prefix-list and distribute-list are mutually exclusive, and only one command (neighbor distribute-list or neighbor prefix-list) can be applied to each inbound or outbound direction for a particular neighbor. Scenario: We own the AS500 and advertising a network block of 192.0.2.0/24 and 180.179.179.0/16 to two different ISPs.
Read more

Open Shortest Path First (OSPF)

-
Image
The Open Shortest Path First (OSPF) is an Interior Gateway Protocol used to distribute routing information within a single Autonomous System. OSPF is a Link State routing protocol and has following features. Fast convergence VLSM support Scalable to large networks Stub capabilities Authenticaion Efficiency (Sends only hello messages to maintain neighbor relationship) Route tagging capabilities Uses multicast for routing updates. Specifications                              Protocol type            Link-state               Administrative Distance            110                                          Metric            Cost                             Authentication            None, Clear-text, MD5                                Seed metric            20 for all redistributed routes and 1 for BGP routes.      Multicast address used by All             224.0.0.5   Multicast add. used by DR/BDR             225.0.0.6                                            RFC       
Read more

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

-
Image
Though the crypto IKEv2 proposal command looks similar to the IKEv1 crypto isakmp policy command, there are many differences in how IKEv2 negotiates. Unlike IKEv1, the authentication method and SA lifetime are not negotiable in IKEv2, and they cannot be configured in the IKEv2 proposal. Also the IKEv2 proposal configuration supports specifying multiple options for each transform type and we can configure different pre-shared-key for local and remote authentication. Pseudo-Random Function (PRF) algorithm  is the same as the integrity algorithm, and hence, it is not configured separately. Our goal is to configure site-to-site or l2l IKEv2 IPsec VPN between ASA1 and ASA2 which are running IOS 8.4(2). IP addressing scheme is mentioned in the network diagram.
Read more

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

-
Image
There may be times when you wish to access your remote site even when the point-to-point link (lease line) to that site is down. This is possible if you have also an internet connection to that site. You can configure an IPsec VPN between both the sites. But the problem is that even if you configure IPsec VPN on both the locations, the VPN will never come up when the point-to-point connection goes down. This is because even though that point-to-point connection is down, the interface status of firewall will always remain up due to devices of ISP in between and thus the static route will not let the incoming traffic to match the interesting traffic for IPsec VPN. So the solution to this problem is either to configure dynamic routing protocols or IP SLA. Cisco IP SLA monitor can be used to track the reachability of other location. Here is an example of such scenario using Cisco IP SLA monitor. If you need the gns3 lab for this or have any queries, you can leave your queries and email ID
Read more

Border Gateway Protocol (BGP)

-
Image
Introduction Border Gateway Protocol is an Exterior Gateway Protocol (EGP) used for routing between the autonomous systems. It is the protocol which is used to to make core routing decisions on the internet. BGP has two flavours, eBGP and iBGP. eBGP is routing between the autonomous systems and iBGP is routing within an autonomous systems. BGP is a path-vector routing protocol and has following features: Reliable updaes (TCP -based, port 179) Triggered updates only Rich metric Scalable to massive networks   Specifications              Protocol Type                Path-vector                    eBGP AD                20                     iBGP AD                200               Update Mode                Triggered only                     Transport                TCP/179              Authentication                None, md5                            RFC                RFC 4271 Default Timers                       Holddown time          180 seconds              
Read more

Cisco ASA Active/Active Failover Configuration

-
Image
Active/Active failover is only available to security appliances in multiple context mode. In an Active/Active failover configuration, both security appliances can pass network traffic. In Active/Active failover, you divide the security contexts on the security appliance into failover groups. A failover group is simply a logical group of one or more security contexts. You can create a maximum of two failover groups on the security appliance. The admin context is always a member of failover group 1. Any unassigned security contexts are also members of failover group 1 by default. We have already seen the configuration for Active/Standby failover in the previous article. This article focuses on how to configure an Active/Active Failover configuration on ASA Security Appliance. Network Diagram  (Physical Topology)
Read more

Bypassing Proxy Server in Google Chrome

-
Image
There may be times when you might want to use Google Chrome and do not wish to use the proxy settings for which you are bound to use in Internet Explorer because of your company policies. If you try to change proxy settings in Google Chrome, by default it will open the System Internet Properties dialogue box, and most of the times, change in proxy setting options is restricted by domain group policy. So here is an alternate way to remove or disable proxy settings in Google Chrome.
Read more

Cisco ASA Active/Standby Failover Configuration

-
Image
The security appliance supports two failover configurations: Active/Active Failover and Active/Standby Failover. Each failover configuration has its own method to determine and perform failover. With Active/Active Failover, both units can pass network traffic. This lets you configure load balancing on your network. Active/Active Failover is only available on units that run in multiple context mode. With Active/Standby Failover, only one unit passes traffic while the other unit waits in a standby state. If Active unit fails, secondary will take over and starts forwarding the traffic. When Secondary becomes active, it will also change it's interface IP address and mac address as well.  In Active/Standby configuration, virtually all of the configuration from the active unit is replicated to the secondary unit through a failover cable. This article focuses on how to configure an Active/Standby Failover in ASA Security Appliance. Prerequisites Hardware Requirements The two
Read more