First Hop Redundancy Protocols have been invented for one main reason, providing redundancy for a getaway, but by the occassion they provide load balancing as well. There are 3 FHRP: HSRP, VRRP and GLBP, 2 of them belong to Cisco, VRRP is an opened standard.
Each protocol has to calculate somehow the metric in order to choose the best route. So we have the cost in OSPF, K-values in EIGRP, BGP doesn’t differ from them and also calculate the best route, but the metric of BGP is much more complicated.
Generic Route Encapsulation enables us bulding point to point tunnels. There are 2 kinds of tunnels GRE over IPSEC and IPSEC over GRE. They both work in tunnel mode by default but as we see in a while, work in completely different way.
Logical volume manager is a storage virtualization that allows us easily manage the disk space. Without any problems we can expand, shrink, add disks to the virtual Volume and for the sake of redundancy apply RAID if required.
The one of the biggest issue that we may encounter on during redistribution is routing loop. If suboptimal routing causes latencies and network inefficiency , routing loops causes the loops until TTL value gets decrease to 0, what influence not only on network efficiency but also causes that some part of the network will be inaccessible at all.
The ‘BGP community’ is an additional information (attribute) adding to prefixes, that is being advertised to the BGP neighbors. Based on this information a BGP neighbor can make a decision what else to do with received prefix. For example we may mainpulate attributes, filter routes, etc.
Linux provides 3 levels regarding filesystem security: standard permissions, ACL and SELinux. SELinux handles not only with files permissions but with applications, resources and network ports as well. SELinux may put a ban on an application access to the spicified system files or may not allowed a user changing file permission. What is, how work and how to troubleshoot SELinux, let’s get to know!
Firewalld alike iptables relies on Netfilter service that is responsible for packets filtering.The difference is that iptables works based on “chain of filter” rules, alike ACLs on the router, firewalld based on “zones” similar to ASA. The idea that stands behind the firewalld is that interfaces and networks are grouped into zones. Each zone has different level of trust.
If you use VRFs, sometimes you may want to use something what is being called “route leaking”. Route leaking consists in importing and exporting prefixes between VRFs or between VRF and global routing table. In this article I’ll show you how to implement route leaking in 5 different ways.
NAT and ACL are one the first things that are being configured right after deployment of the new ASA or Router on the edge. They behave differently in both cases and knowing which feature is proceed first over the other in particular direction can save us a lot of time and nerves.