the worlds gone mad

we've lost the hope we had

Posted on 27 July 2021   11 min read

Virtual Tunnel Interface (VTI) VPN

vti ipsec vpn between asa and asr

Over the years I have built numerous IPsec VPNs on ASAs using crypto maps and an ACL for the interesting traffic. For a simple solution to join small sites with no need for routing these work great and keep the complexity down to a minimum. For more complex environments or cloud connectivity you are probably going to need to use VTIs, this post goes through the process of building VTI VPNs between an ASR and ASA.


Posted on 6 June 2021   5 min read

EVE-NG Cloud NAT

dynamically nat lab devices behind the eve primary ip

This post explains how to configure EVE-NG as a DHCP server (isc-dhcp-server) assigning IPs to lab devices that are then dynamically NATed behind the primary EVE management IP address (iptables masquerade) to provide Internet breakout.


Posted on 27 May 2021   6 min read

The Evolution of Labbing

how the worlds changed

A trip down memory lane on how things have changed in labbing from using prehistoric switches bought on eBay through emulators that took longer to configure than the labs to the present day solutions that can programmatically build a multi-vendor lab in minutes. Kids today don’t know they are born…..


Posted on 23 March 2021   14 min read

Automate Leaf and Spine Deployment - Part6

post validation

The 6th post in the ‘Automate Leaf and Spine Deployment’ series goes through the validation of the fabric once deployment has been completed. A desired state validation file is built from the contents of the variable files and compared against the devices actual state to determine whether the fabric and all the services that run on top of it comply.


Posted on 20 March 2021   25 min read

Automate Leaf and Spine Deployment - Part5

fabric services: tenant, interface, route

The 5th post in the ‘Automate Leaf and Spine Deployment’ series goes through the deployment of the services that run on top of the fabric. These services are grouped into 3 categories, tenant, interface and routing. Services are configured only on the leaf and border switches, the spines have no need for them as they just route the VXLAN encapsulated packets with no knowledge or care of what is within them.


Posted on 23 February 2021   9 min read

Automate Leaf and Spine Deployment - Part4

deploying the fabric with ansible

The 4th post in the ‘Automate Leaf and Spine Deployment’ series goes through the creation of the base and fabric config snippets and their deployment to devices. Loopbacks, NVE and intra-fabric interfaces are configured and both the underlay and overlay routing protocol peerings formed leaving the fabric in a state ready for services to be added.


Posted on 13 February 2021   15 min read

Automate Leaf and Spine Deployment - Part3

fabric variables and dynamic inventory

The 3rd post in the ‘Automate Leaf and Spine Deployment’ series goes the through the variables from which the core fabric declaration is made and how this transposes into a dynamic inventory. This uses only the base and fabric roles to create the fabric ready for the service sub-roles (tenant, interface and route) to be deployed on top of the fabric at a later stage.




fight_club