Network Security Quest

What is VXLAN? VXLAN is an encapsulation protocol that provides data center connectivity using tunneling to stretch Layer 2 connections over an underlying Layer 3 network. In data centers, VXLAN is the most commonly used protocol to create overlay networks that sit on top of the physical network, enabling the use of virtual networks. The VXLAN protocol supports the virtualization of the data center network while addressing the needs of multi-tenant data centers by providing the necessary segmentation on a large scale. VXLAN Packet: • VXLAN is point to multi-point tunneling mechanism to extend Layer 2 networks over an IP network. • VXLAN uses MAC in UDP encapsulation (UDP destination port 4789) Two Modes of VXLAN: 1. Flood-and-Learn VXLAN:   • No control plane   • Data driven flood and learning   •  Ethernet in the overlay network  2. VXLAN EVPN:  • EVPN as control plane  • VTEPs exchange L2/L3 host and subnet reachability through EVPN control plane  •  Routing protocol for both L2 and

What is an ACI network? At a very basic level ACI is really just a Spine/Leaf network of Nexus 9k switches with a management platform The network management platform (APIC) provides you with a single place from which to manage the network  Is ACI an Overlay or Underlay network? ACI is an automated (VXLAN) overlay network running over an automated (ISIS) underlay network. ACI can transport any IP traffic including “Overlay” networks based on VXLAN*, NVGRE* etc. How ACI Fabric is Built - Zero Touch: What Do We Mean by Policy ? • Access Policies = Define how a switch or switch port is configured. Specifically Ethernet and link layer properties such as LLDP, LACP, CDP, speed/duplex, etc.  • Tenant Policies = Govern traditional networking. This is where logical connectivity is defined.  • Access policies and Tenant policies work in tandem to define where and how endpoints or applications are connected  1. Tenants: Isolated configuration “zones” on common physical infrastructure 2. VRFs are

Check Point commands generally come under cp (general), fw (firewall), and fwm (management). CP, FW & FWM cphaprob stat List cluster status cphaprob -a if List status of interfaces cphaprob syncstat shows the sync status cphaprob list Shows a status in list form cphastart/stop Stops clustering on the specfic node cp_conf sic SIC stuff cpconfig config util cplic print prints the license cprestart Restarts all Check Point Services cpstart Starts all Check Point Services cpstop Stops all Check Point Services cpstop -fwflag -proc Stops all checkpoint Services but keeps policy active in kernel cpwd_admin list List checkpoint processes cplic print Print all the licensing information. cpstat -f all polsr