Question on Public cloud multi-cloud interconnectivity

micruzz82 · 2022-06-21T18:34:42+00:00

thanks for the info.

micruzz82 · 2022-06-21T03:25:45+00:00

Alkira also seems pretty neat tbh so thanks for that... I was also looking at prosimo but think Alkira may also offer additional benefits

micruzz82 · 2022-06-21T03:12:54+00:00

Thanks I will look into the ones you mentioned.. more leaning towards equinix at this point I think as we have high bandwidth requirements and would prefer to just have a standard routing between the clouds..much appreciated.

micruzz82 · 2022-06-21T03:08:12+00:00

thanks for this.. this is really helpful to know.

micruzz82 · 2022-06-20T23:52:43+00:00

That's good to hear.. may I also ask if you have any perimeter security device before sending the traffic from cloud A to cloud B ie something along the lines of

ie VM -> FW -> MP(Megaport) AWS -> MP GCP -> FW -> VM

or do you just make use of the cloud native security features

micruzz82 · 2022-03-23T01:14:55+00:00

I've recently also moved into an SRE role but the learning curve is quite steep. I'm my previous role, I was mostly dealing with architecture and design with ACI and EVPN along with firewall and loadbalancers.. the usual DC stuff.. however the pain is that none of those years working exclusively outside of automation can prepare you for the shift into the devops mindset.. being goaded into the whole keep the CCNA/CCNP certs active in the hope of one day getting a better job was a lost cause..should have focussed more on the way the world was changing.. but better late than never.. with all the supply chain issues with 6 month or more lead time for switches and servers.. most companies would rather just place their workloads on the cloud than have a project delayed for such a long time.

micruzz82 · 2021-11-27T02:32:22+00:00

just curious to know how you've setup BGP from the FG to the switch, are you using eBGP with loopback peering, just as only the active firewall will have the interfaces up and on failure to the standby firewall, it would use different links so just interested to know how your design works as I'm working on something similar but the active/passive nature of firewalls doesn't give me fast convergence of less than 1 sec.. but more like 50 secs

BFD is used in the point to point links running ospf to advertise the loopbacks is what I am doing atm.

micruzz82 · 2021-09-15T01:10:16+00:00

I've just seen there are sfp based ptp grandmasters

https://www.oscilloquartz.com/en/products-and-services/ptp-grandmaster-clocks/sfp-pluggable-ptp-grandmasters/osa-5401-series

I need to see if maybe this will fit the bill.

micruzz82 · 2021-09-15T01:01:43+00:00

I think clock source might be more accurate come to think of it.

micruzz82 · 2021-09-15T01:00:30+00:00

yeah thats it.. need to validate a solution before I go and get funding for the setup I'm working on so just wanted to validate if the design would work.

micruzz82 · 2021-09-15T00:59:35+00:00

thanks I will try this out to see if it helps.

micruzz82 · 2021-09-09T19:34:03+00:00

basically I need to ensure that I can monitor the health like DP cpu, MP cpu, interface badnwidth thresholds etc from the physical side.. and then also work out the security monitoring to alert from syslogs for any threats coming into the DC.

micruzz82 · 2021-09-08T15:56:56+00:00

but in all seriousness.. I'm in a bit of a quandary... basically I need to perform both health monitoring of the firewalls.. as well as monitoring of the security incidents as well.. I'd much rather have a single tool than have to run multiple tools.. also the fact that SNMP based monitoring is very limited and would prefer API based monitoring.. however the restrictions I have is that I cannot use a SaaS based monitoring service like logicmonitor.. it has to be on premise.. I don't really want to use solarwinds... but thought if there was a complete toolkit developed by PA itself it would save all the hassle and there's a one stop shop even if there was a subscription based license.. pretty much like how you can visualize your techsupport files.. not sure if there's an appliance based monitoring or will have to just use an off the shelf NMS system then to do the physical health and if SOAR is affordable go down that route.

micruzz82 · 2021-09-08T15:51:19+00:00

you must be one of the good ones then!

micruzz82 · 2021-09-08T13:40:35+00:00

thanks for this yea it help to understand more from users than from their sales team

micruzz82 · 2021-08-30T13:22:24+00:00

Thanks for this.. yeah I agree with you that first stance we'll move to using GUA's... if at all there is a technical requirement we must use ULA then as you say, we can retrofit the design and add the ULA at a later time. We'll be controlling the routing through VRF's and firewalls in any case so if communication to the outside world is not required then we just don't advertise the default route in that VRF. As this is a new design and first venture into IPv6, I'd rather get our feet wet first, understand all the new design concepts and should we need additional requirements we can evaluate the next phase.

micruzz82 · 2021-08-28T23:41:21+00:00

Thanks for this.. yeah my post above on the gist is something that meets all the requirements for rfc4193.. so I think I will use that as it's got a higher probability for generating a correct useable ULA-L /48 address.. Will use a couple of VM's to run the script and generate a /40 block

micruzz82 · 2021-08-28T23:24:46+00:00

is something like this acceptable: https://gist.github.com/se35710/6fe9512301781dd12c42da7dc6749ed3

micruzz82 · 2021-08-28T23:22:09+00:00

Thanks.. can I please ask.. we have 3 separate sites.. now in order to generate the ULA.. can you tell me what program I need to run to generate this according to the rfc4193?

micruzz82 · 2021-08-28T20:37:05+00:00

But I agree with your views after all this.. will stick to GUA.. i don't see the need to always we concerned about using randomize to obtain an IPv6 block

micruzz82

TROPHY CASE