Skip to main content


Showing posts with the label Networking

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

[How to] Enable Multi-cast in VMware on AWS - NSX environment

I had a customer who were running few application VMs in their on-premises datacenter which uses multicasting as main mechanism in order to form cluster blocks. They are in process of migrating the workloads from On-premises to VMware on AWS SDDCs. The application Architect wanted to ensure that the VMC supports multicasting within AWS VMC so that they migrate the VMS ( Life & Shift) without major downtime/config changes to their applications clusters. Let's see how things works within VMC world In VMC setup the Multi casting feature is enabled by default. In SDDC networks, layer 2 multicast traffic is treated as broadcast traffic on the network segment where the traffic originates. It is not routed beyond that segment.   VMC Limitation:  Optimisation features such as IGMP snooping are not supported.  Layer 3 multicast (such as  Protocol Independent Multicast) is not supported in VMware Cloud on AWS.   In the above example case, the customer has L2 multicast, let's check i


 An  interface  on a computer to which you can connect a device.Personal computers have various types of ports. Internally, there are several ports for connecting disk drives, display screens, and keyboards. Externally, personal computers have ports for connecting  modems ,  printers ,  mice , and other  peripheral devices . Almost all personal computers come with a  serial   RS-232C  port or  RS-422 port for connecting a modem or mouse and a  parallel port  for connecting a printer. On  PCs , the parallel port is a  Centronics interface  that uses a 25- pin connector .  SCSI  (Small Computer System Interface) ports  support  higher transmission speeds than do conventional ports and enable you to attach up to seven devices to the same port. (2)  In  TCP/IP  and  UDP  networks, an endpoint to a  logical  connection. The port number identifies what type of port it is. For example, port 80 is used for  HTTP traffic. Also see  Well-Known TCP Port Numbers  in the  Quick Reference section o

port knocking

A method of establishing a connection to a secured network  or computer within a network that does not have an open  port . A remote  device sends a series of series of connection attempts, in the form of packets , to the computer??s closed ports, and the attempts are silently ignored but logged by the  firewall . When the remote device has established the predetermined sequence of port connection attempts, a  daemon   triggers a port to open, and the network connection is established. This security method is analogous to knowing a "secret knock," and only people who know the proper knock sequence will be allowed access. An advantage of using a port knocking technique is that a malicious  hacker  cannot detect if a device is listening for port knocks.

port scanning

The act of systematically scanning a computer's  ports . Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks , but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer. Types of port scans: vanilla: the scanner attempts to connect to all 65,535 ports strobe: a more focused scan looking only for known services to exploit fragmented packets: the scanner sends  packet  fragments that get through simple packet filters in a  firewall UDP: the scanner looks for open  UDP  ports sweep: the scanner connects to the same port on more than one machine FTP bounce: the scanner goes through an  FTP   server  in order to disguise the source of the scan stealth scan: the scanner blocks the scanned computer from recording the port scan activities. Port scanning in and of itself is not a crime.

SSH port forwarding

An  SSH  service that provides secure and  encrypted  connections to traditionally non-encrypted services, such as  e-mail  or news. SSH  port forwarding   allows you to establish a secure SSH session and then  tunnel TCP  connections through it. It works by  opening a connection to forward a local port to a remote port over SSH. The client  software  (e.g. your e-mail client) is then set to connect to the local port. With SSH port forwarding passwords  are sent over an encrypted connection. Also called  SSH tunneling .

Well-Known TCP Port Numbers

Port Number Description 1 TCP  Port Service Multiplexer (TCPMUX) 5 Remote Job Entry (RJE) 7 ECHO 18 Message Send Protocol (MSP) 20 FTP  -- Data 21 FTP -- Control 22 SSH  Remote Login Protocol 23 Telnet 25 Simple Mail Transfer Protocol  (SMTP) 29 MSG ICP 37 Time 42 Host Name Server (Nameserv) 43 WhoIs 49 Login Host Protocol (Login) 53 Domain Name System  (DNS) 69 Trivial File Transfer Protocol  (TFTP) 70 Gopher  Services 79 Finger 80 HTTP 103 X.400  Standard 108 SNA Gateway Access Server 109 POP2 110 POP3 115 Simple File Transfer Protocol (SFTP) 118 SQL Services 119 Newsgroup ( NNTP ) 137 NetBIOS  Name Service 139 NetBIOS Datagram Service 143 Interim Mail Access Protocol (IMAP) 150 NetBIOS Session Service 156 SQL Server 161 SNMP 179 Border Gateway Protocol  (BGP) 190 Gateway Access Control Protocol (GACP) 194 Internet Relay Chat  (IRC) 197 Directory Location Service (DLS) 389 Lightweight Directory Access Protocol  (LDAP) 396 Novell Netware over