VRRP – Virtual Redundancy Routing Protocol in Linux systems could be implemented with keepalived. Also, keepalived could be used to implement High Availability (active/passive) or load balancing (active/active). Four aspects need to be configured on a VRRP HA server: keepalived, iptables, sysctl and the service itself (rsyslog in this case). Sysctl. The host’s kernel needs […]
Category: Network design
Case: revew firewall configuration
Case: Customer concerns about firewall configuration. Firewall implemented on Linux server. Firewall includes NAT. Discovery: During review of firewall configuration I discovered following – total number of lines in configuration are ~5500. Some rules grouped in groups (chains). Some groups have no rules in them. Many rules never have had traffic passing through them. Advice […]
How to configure PAT on Mikrotik (RouterOS)
Download WinBox and connect to Mikrotik. Select “IP” – > “Firewall”. Select NAT. Click on plus and select “Chain” -> “dsnat”. Enter dst.address – this is tipically public IP address of Mikrotik router. Enter protocol type (for HTTP this is “tcp”). Enter dst.port – port, what will be NAT-ed. Click “Atcion” tab. Select “Action” -> […]
Case: Separate call-center/support team from production network and from management network
Customer have one big network with all users in same network fragment. Customer want to improve security. Problem description: All employee reside in one big network fragment and have some level of access to all corporate servers. Production and support team span acros entire building. Proposed solution: Split network in 4 fragments: servers, support, production […]
Case: improve resilency and throughput of network.
Customer have issues with LAN. Customer do not want to spend money on new switches/routeres. Bottleneck – connection between datacenter switches and distribution/access level switches. Problems description: low througput. No redundancy for access switches 1 & 2 for cases, when link from access witch to distribution switch fail. Proposed solution: increase througput between DC switches […]
Fault tolerant Zabbix monitoring cluster
Let’s say, you decided to NOT use a great complex solution from SolarWinds, but still look for a great monitoring solution. In this case, Zabbix is your best friend. Its flexibility could be a great asset for the company, but it is still not the ideal solution. Here is a simple solution to how to […]
Fault tolerant DNS cluster
Yep. For small companies, it might be not important, how you build/configure your DNS servers, as you might need to serve just a few queries per second or a few queries per minute. But good design is key to success if your goal is to serve thousands and thousands of queries per minute or second.Here […]