Knowledge with Hands-on Experience and Troubleshooting

Flow with respect to Networks in AWS which need to be clear to expose any application on AWS and having some of services in on-premises. I will compare AWS services with on-prem technology, so it become ease to understand.                                                           Building Block of AWS Networking VPC: Consider it as a switch place in multiple Data center and all switches are connected with each other we can further have small subnets on it which can be part of all switches or only one depend upon the planning and requirements. Route Tables : Each subnet we create in VPC can have each route table or all subnets have one, Route table is used to control the routing of subnets and how traffic will be routed for any workload on the subnets. Route table can be attached to few other services of AWS as per requirements. NAT Gateway: I...

Yes, HTTP is that old. Same of my age.  So today we were troubleshooting an issue and found that our application was consuming new TCP connection which led to SSL handshake between client and server communication while there was already open TCP connection with server. We are using HTTP 1.1 concurrent with pool numbers in which if a sequential call is not completed you cannot have another request until that call is completed default behavior  of HTTP 1.1. So, i put my hat of research and wanted that same TCP should be used for the new call instead creating new one so i Google it and found the concept of Pipelining in HTTP 1.1,  I  thought yes i crack the thing and now we will implement it and will use same connection for all the streams but wait what HTTP 1.1 pipelining have same serious issue and one should use HTTP 2.0 instead but i then again hit by a surprise that HTTP 2.0 also have some issue and now there is a new version of H...

We have different option available in market for the ALB (Application load balancer) one of them is Citrix. As per my experience with F5 and AVI Citrix flow is just like same mostly in interviews I say this that if one person has the understanding of the concepts and flow, he/she will be able to operate/manage the solution of any vendor. Same is the case with ALB's flow is same just name are different for each vendor. As in F5 we have a management IP to manage it in Citrix we have NetScaler IP to manage it and configure it. We do have Self IP/Floating IP to communicate with servers if we are using SNAT in Citrix we have Subnet IP serve the same purpose. For services to expose via F5 we have Virtual IP's Luckly in Citrix it also known as Virtual IP. We have different modes of deployment one Arm and Two Arm any one can be used. HA deployment is quite simple in Citrix then off F5 as we just need to add the Node its IP and username, Password to be added in HA also the Subnet IP...

In today's communication over the internet mostly servers and client communication are using secure communication and that's HTTPs not HTTP. To make this communication secure we use a protocol that is part of session layer (TCP OSI layer) TLS (Transport layer security) before a TCP session is initiated for data flow between a client and server TLS/SSL handshake is a must for HTTPs enabled servers. We will just discuss the type of SSL handshake without going into the details of its process. In SSL handshake process server and client can share their respective certificates (chain of certificates) signed by CA authorities or it can be signed locally (that communication will be only between trusted sources not for everyone over the internet. After receiving the certificate at client and server end respective nodes will verify the certificates either via root CA or via locally CA store certificates (if communication is only in between trusted parties). For a server to serve public u...

I have knowledge and hands-on experience with PTCL and Alibaba cloud but for AWS till today it was just knowledge. Today we have created an IPSEC tunnel with AWS and our on-prem DC, Before starting the process i study some material which is shared by AWS and it was quite helpful to understand the flow. Below mentioned are the steps which one need to take before creating the tunnel. 1)Decide which CIDR/Subnet you will use over the cloud so at AWS end you can create a VPC with same CIDR. 2)List down your public IP which will be use for the tunnel end point at on-prem DC. 3) Get a Public IP at AWS end which in AWS language we call it Elastic IP. 4) Decide you will use public IP or private IP subnet for VPN tunnel inner packet headers. Steps which we follow for the deployment: 1)First step is to create a VPC in respective region at AWS and assign planned CIDR to it. You can further divide VPC into subnets with desire subnet mask.  2)Create customer gateway, it will contain the informat...

Well for the first time I had interaction with Ansible back in 2017 at that time I did't knew how to spell it properly, Thanks to Google it gives me result by guessing it. In between I didn't use ansible at all till now. This time I need to use ansible for the automation of operations task on F5 and other network devices. I have started by installing the ansible on my virtual machine and enable SSH communication in between them. Further below mentioned are the steps for deploying ansible and then doing other setting for the first playbook to be run on F5. Installation of Ansible For different Linux flavors we do have different commands you can search it over the internet as per your requirements yum -y install ansible      ansible --version ansible 2.9.25 config file = /etc/ansible/ansible.cfg  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']   ansible python module location = /usr/lib/python2.7/site-pack...

  A network Engineer always has two solutions for a problem either search over the internet or go for TAC support. As per my practice i try both sometime first one gets failed, so you know failover happen. I am writing this blog so guys searching to solve OSPF problem can use first option. I was creating OSPF neighborship between Huawei Firewall and Cisco router, but it was in init state always so started debugging on router as well as on firewall what i found was interesting. Below are the steps of Troubleshooting: 1)Cisco router was sending the Hello Packets towards the peer but no Hello reach at Cisco end over the IPSEC tunnel. 2)Huawei Firewall playing well was receiving the Hello packets on tunnel interface and also sending back (only in debug) so I was like All well at Huawei end so start looking at Cisco end and also on Huawei firewall policies, as it was IPSEC tunnel, so policies was ruled out now culprit was Cisco Router and i was into it to find out. 3)I try my best to ge...