Table of Contents

Description

A customer recently asked me about extending his existing Aviatrix environment from Azure to GCP.
This came with a small caveat.

In GCP he is using Functions.
One of those functions needs to:

• reach a backend in Azure
• be accessed from the Internet
• be accessed by customers landing over Site2Cloud connections on Spokes

My initial lab setup for this scenario looked similar to this

Can you see the challenge here?
Wherever I would deploy a GCP function, it would just live outside the VPC by default.
I would NOT be able to control where traffic flows.
NOT able to easily apply various layers of security to it.
Have NO straightforward and consistent way to monitor what happens in real time and take measures in case I need to troubleshoot and fix its functionality.
I would be walking blind in the dark and get annoyed with the whole process.

For any challenge there is a solution :)
That’s the reason I chose to be a techie.

Continue reading

Table of Contents

Description

To start things off, a little while back someone asked me how he can have:
Incoming Traffic from Outside -> Azure Aviatrix Environment with FW Inspection -> Spoke with his Application
and also Preserve the source IP address when it hits the FW Rules.

Why this ?

He wanted to use the real source IP for logging and filtering purposes on Aviatrix FireNet attached FWs.
Pretty understandable and reasonable.

He read our article from here:
Spoke Ingress with Application Gateway
He saw the Diagram:

but noticed that the Azure Application Gateway does SNAT and as such his Firenet Firewalls are not seeing the original User IP of the request.

One could argue that the X-Forwarded-For header added by the Azure Application Gateway can be used to preserve the original IP…

Do you see a corner case here ?
I for one did not at the beginning. I always rush through things.

What if your Application is NOT a WebApp and as such there is NO HTTP Header where to add the X-Forwarded-For to?

Continue reading

Welcome to my first post since I joined Aviatrix.
What is Aviatrix for the first time reader?

In very simple words:

• Cisco/Juniper = the foundation for On-Prem solutions and traditional Datacenters.
• Aviatrix steps in when it comes to the world of Multicloud.
  Connectivity, Visibility, Security in the datapath, Cloud born and IaaS powered (Terraform).

Spoiler Alert - Security on top
Log4J Detect & Block with Aviatrix inside your Cloud Environment

Coming back on topic…
Any system you deploy comes with its own alerting capabilities.
Most alerting capabilities offer first the functionality of sending emails to a noc or operations list where the Engineer On Duty usually monitors the events and takes action.
Simple, right?
Not when you’re growing and you have multiple different departments and solutions running in your company…each one sending you emails for each event that takes place.

A “normal” day in the life of an engineer can easily turn into this (yes, that is my very own mailbox):

I’ve been through this, especially when coming back after a bank holiday and it has always been painful to figure out what is still DOWN.
It was also challenging not to skip some alerts while rushing through emails and then be called later in the day to be asked why connectivity between some application components still does not work => Headache moment…

What if there was a different way of doing it ?
What about the Chatops model ?
MS Teams, Slack, Webex and the list goes on.

A pop-up you can never easily ignore :)

Scroll down to see how you can both personalise your Aviatrix alerts as well as have them delivered on an MS Teams chat channel.

Continue reading

Hello/Salut/Hoi/Hallo,

If you landed here, then you probably want to learn a bit about the person behind it.
Let me try and make a nice introduction then.

I’m Mihai, a Customer Solutions Architect, former Network/Systems/Security/whatever falls upon my hands engineer, a techie person always eager to learn more and expand his knowledge.

Wait, wait…what does this really mean ?

I am a deep dive techie that wanted to also learn a bit about how a company and the sales process works so I reoriented myself toward a more mixed role (technical PreSales and its various names across the industry spectrum).

Tech side experience

I work on a daily basis with various Clouds (AWS, Azure, GCP, OCI, Alibaba) and went through the whole spectrum of technologies like Linux (lately also a bit of eBPF), FreeBSD/OpenBSD, Solaris, Cisco (6500, 7600, ASR9K, Nexus, UCS), Juniper (MX, QFX, Contrail), Security (Linux based firewalls, ASA, SRX, penetration testing / trying out vulnerabilities in API of services or exploits and patching accordingly), Virtualization (VMWare, KVM) and Containers (Docker, Kubernetes, Openshift).

I’m also fascinated with seeing how a blackbox solution works (this means breaking into it, seeing how it’s built, tracing its logic and most fun…finding where programmers cut corners in implementation as a consequence of strict timelines and sales push).

Despite being able to read code, reverse engineer it, change it or adapt it to my needs I don’t see myself as a programmer, albeit ChatGPT & Bard make programming seem easy nowadays. => Intent based programming

Hobbies

• Hiking
• Badminton
• Cooking, albeit sometimes it ends up with smoke signals
• Travelling to non-touristic places, learning about the culture, customs, traditions around the world
  (still wanting to reach Buthan at some point in my life)

Self improvement courses

• Financial Education / Passive income course + coaching
• NLP (Neuro-linguistic Programing) course + bootcamp
• Public Speaking course

Languages I speak

• Romanian and sometimes being a grammar freak
• English
• German
• French
• Italian

Books I’ve read

• Hoi, your Swiss German survival guide (Sergio J. Lievano, Nicole Egger) :)
• How to Stop Worrying and Start Living (Dale Carnegie)
• Amp it UP (Frank Slootman)
• From Strength to Strength (Arthur C. Brooks)
• The Subtle Art of Not Giving a F*ck (Mark Manson)
• The 7 Habits of Highly Effective People (Stephen R. Covey)
• Crossing the Chasm (Geoffrey A. Moore)
• Launch (Jeff Walker)
• The Wisdom of Insecurity (Alan Watts)
• The Qualified Sales Leader (John McMahon)
• Yes!: 50 Scientifically Proven Ways to Be Persuasive (Noah Goldstein’s, Steve Martin’s and Robert Cialdini)
• Influence Science and Practice (Tom Peters)
• Negotiation Genius (Deepak Malhotra, Max Bazerman)
• How to Win Friends and Influence People (Dale Carnegie)
• Why we sleep (Matthew Walker)
• The Warren Buffett Way (Robert Hagstrom)

What will basically be around here?

Anything in the lines of:

• Cloud/MultiCloud
• Network / Systems Engineering
• Openshift / Openstack / virtualization / datacenter topics
• Security (after some sleepless nights I passed the Offensive Security OSCE)
• Reverse engineering products, solutions, Linux stuff
• Other topics (I did my own Romanian automated Sour Cabbage solution using a pump, a Raspberry PI, a Relay Board and Home Assistant)

Continue reading

Welcome to my first non-work related article and to my curiosity of building an automated installation for making sour cabbage. To those that never came across this, it’s what we use you in Romania for 2 purposes:

• making minced meat rolls we call “sarmale” (the Turkish call them sarma and the Greeks dolma)
  (spoiler alert: Sarmale)
• making sour soups we call “ciorba” or bors (do not confuse with the Russian borsh that despite sounding the same is a completely different dish)

The sour juice resulting from the fermentation you can also drink on empty stomach. Beware though..depending on your stomach you might feel that you are getting purged :)

Continue reading

This article is part of a bigger document that I wrote for myself with notes about Cisco ACI, Openshift, HP Synergy, 3PAR integration and contains the part I found most challenging considering I learned it from 0 in a rather constraining time interval and with some pressure.

As such I felt the need to document it and do a sort of braindump in order to avoid reinventing the wheel in the future in case I start forgetting.

Continue reading

You know those moments when you need to connect to a corporate VPN and all the steps and clicks are just getting terribly annoying? Well I went through the same phase and decided to write something to make my life a tad easier.

Setup:

• Cisco Anyconnect
• After clicking on Connect you get a username and password prompt
• Password is the token generate inside MobilePASS app (that runs on the Mac and not on the phone:) )
• MobilePASS app has a token registered inside of it and synced with your employer called generically “My Token”

Continue reading