VPC Peering Security Groups

A security group serves as a protective barrier, functioning like a firewall to manage the flow of network traffic to and from the resources within your Virtual Private Cloud (VPC). With security groups, you have the flexibility to select the specific ports and communication protocols that are permitted for both incoming (inbound) and outgoing (outbound) network traffic. You have the capability to modify the inbound or outbound rules within your VPC’s security groups to make reference to security groups in a peered VPC. This adjustment enables the smooth exchange of network traffic between instances associated with the specified security groups … Continue reading VPC Peering Security Groups

Hyperautomation with GCP (draft)

Hyperautomation Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet and automate as many business and IT processes as possible. Hyperautomation involves the orchestrated use of multiple technologies, tools or platforms, including: artificial intelligence (AI), machine learning, event-driven software architecture, robotic process automation (RPA), business process management (BPM) and intelligent business process management suites (iBPMS), integration platform as a service (iPaaS), low-code/no-code tools, packaged software, and other types of decision, process and task automation tools. Gartner Here are some use cases: Prime: AI Artificial intelligence (AI) is a key component of hyperautomation, as it enables organizations … Continue reading Hyperautomation with GCP (draft)

Aviatrix Notification using WebHooks

Aviatrix CoPilot CoPilot leverages the intelligence, advanced network, and security services delivered by Aviatrix’s multi-cloud network platform to provide enterprise cloud network operations teams both familiar day-two operational features such as packet capture, trace route and ping and new operational capabilities specifically built for multi-cloud network environments. The following previous blog post provides more details: The following previous posts go into details on how to deploy Aviatrix: Avitrix CoPilot Notifications is where alerts can be configured so that you can be notified about changes in your Aviatrix transit network. The alerts can be based on common telemetry data monitored in … Continue reading Aviatrix Notification using WebHooks

Cisco ASAv and Aviatrix Firenet Integration

In this blog I’m revisiting an old friend, ok… colleague, checking how ASAv and FTDv customers can leverage them with Aviatrix. From Cisco website “Secure Firewall ASA Virtual is a firewall with powerful VPN capabilities. It supports site-to-site VPN, remote-access VPN, and clientless VPN functionalities.” More info at: https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/adapt-security-virtual-appliance-ds.html ASAv has 4 interfaces: Management: management interface can also be used for data with the configuration option no management-only GigabitEthernet 0/0 GigabitEthernet 0/1 GigabitEthernet 0/2 One of possible design for ASAv is show on the diagram below where the management interface is dedicated. The FireNet design below is for the case … Continue reading Cisco ASAv and Aviatrix Firenet Integration

Hybrid Google Cloud DNS Connectivity with Aviatrix

The following services are offered by gcp for name resolution: Internal DNS (169.254.169.254) is a service that automatically creates DNS names for virtual machines and internal load balancers on Compute Engine. Cloud DNS is a service providing DNS zone serving. Zones Cloud DNS supports public and private zones: Private zones have the following options: forward queries to another server DNS peering Manage reserve lookup zone Use a service directory namespace Cloud Networking Reference Architecture The Aviatrix FireNet reference architecture is described below: Hybrid approach with two authoritative DNS systems For hybrid environments there are a few options but the recommended … Continue reading Hybrid Google Cloud DNS Connectivity with Aviatrix

Connecting Cisco ACI to Aviatrix

Cisco ACI Overview It is a Software Defined Network (SDN) solution from Cisco for Data Centers. ACI fabric consists of discrete components connected in a spine and leaf switch topology that it is provisioned and managed as a single entity: Application Policy Infrastructure Controller (APIC): The APIC is the point of configuration for policies and the place where statistics are archived and processed to provide visibility, telemetry, and application health information and enable overall management of the fabric. The controller is a physical appliance based on a Cisco UCS rack server with two interfaces for connectivity to the leaf switches. … Continue reading Connecting Cisco ACI to Aviatrix