The latest articles on Forem by aakhtar3 (@aakhtar3). https://forem.com/aakhtar3 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F472831%2Fe3ca7828-4abf-484c-a61f-38342c1b2379.jpeg https://forem.com/aakhtar3 en aakhtar3 Sun, 12 May 2024 02:22:25 +0000 https://forem.com/aakhtar3/build-and-host-your-own-observability-solution-802 https://forem.com/aakhtar3/build-and-host-your-own-observability-solution-802 <p>Build and host your own observability solution with docker and open source software.</p> <h2> Network Traffic </h2> <blockquote> <p>Review source code @ <a href="https://github.com/osirislab/observability">https://github.com/osirislab/observability</a></p> </blockquote> <p>High level overview of how the control node will run SIEM, while hosts are sending telemetry data.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk8db20ob6dp1p5f1xd1p.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk8db20ob6dp1p5f1xd1p.png" alt="Network Traffic" width="540" height="1001"></a></p> <h2> Portainer </h2> <p>Create install portainer script, set execute permission, and run with docker</p> <blockquote> <p>./install-portainer.sh<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> docker volume create portainer_data docker run <span class="nt">-d</span> <span class="se">\</span> <span class="nt">--name</span> portainer <span class="se">\</span> <span class="nt">--restart</span><span class="o">=</span>always <span class="se">\</span> <span class="nt">-v</span> /var/run/docker.sock:/var/run/docker.sock <span class="se">\</span> <span class="nt">-v</span> portainer_data:/data <span class="se">\</span> <span class="nt">-p</span> 8000:8000 <span class="se">\</span> <span class="nt">-p</span> 9443:9443 <span class="se">\</span> portainer/portainer-ce:latest </code></pre> </div> <p>Head over to <code>https://localhost:9443</code> and create admin credentials.</p> <h3> Agent </h3> <p>Separately you can install an agent on a seperate host. This will allow you to manage multiple docker hosts from a single portal.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7hh5plunwxwby1x7s742.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7hh5plunwxwby1x7s742.png" alt="Agent" width="800" height="862"></a></p> <h2> Stack </h2> <p>Build your siem stack on portainer using an .env and docker-compose.yml</p> <h3> Create </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv7z82oiinld7agfdpvdg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv7z82oiinld7agfdpvdg.png" alt="Stacks" width="800" height="433"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feqi5486p88li0egve2fd.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feqi5486p88li0egve2fd.png" alt="Add" width="800" height="109"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fopn5payjac3grod8jwg8.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fopn5payjac3grod8jwg8.png" alt="Paste" width="800" height="592"></a></p> <h3> Env </h3> <blockquote> <p>siem.env</p> </blockquote> <ul> <li>Identify your username and replace $(whoami) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">PUID</span><span class="o">=</span>1000 <span class="nv">PGID</span><span class="o">=</span>1000 <span class="nv">TZ</span><span class="o">=</span>America/New_York <span class="nv">DOCKER_DATA</span><span class="o">=</span>/home/<span class="si">$(</span><span class="nb">whoami</span><span class="si">)</span>/siem/data <span class="nv">DOCKER__CONFIG</span><span class="o">=</span>/home/<span class="si">$(</span><span class="nb">whoami</span><span class="si">)</span>/siem/config </code></pre> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft8nu8w0jnmseb63mq8pp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft8nu8w0jnmseb63mq8pp.png" alt="env" width="800" height="137"></a></p> <h3> Compose Common Attributes </h3> <p>These attributes are meant to apply Do Not Repeat Yourself (DRY) templating.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.9"</span> <span class="na">x-common</span><span class="pi">:</span> <span class="nl">&amp;common</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">security_opt</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">no-new-privileges:true</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">logging=promtail'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">logging_jobname=containerlog'</span> <span class="na">x-environment</span><span class="pi">:</span> <span class="nl">&amp;environment</span> <span class="na">TZ</span><span class="pi">:</span> <span class="s">$TZ</span> <span class="na">PUID</span><span class="pi">:</span> <span class="s">$PUID</span> <span class="na">PGID</span><span class="pi">:</span> <span class="s">$PGID</span> </code></pre> </div> <h3> Agents </h3> <p>These service are intended to be applied to every host, which allows the portainer control node access to docker deployments and adding observability agents for metrics and logging.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="c1">######## Docker ########</span> <span class="na">portainer-agent</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">portainer-agent</span> <span class="na">image</span><span class="pi">:</span> <span class="s1">'</span><span class="s">portainer/agent:2.19.4'</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">/var/lib/docker/volumes:/var/lib/docker/volumes'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">/var/run/docker.sock:/var/run/docker.sock'</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">9001:9001</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="c1">######## Metrics ########</span> <span class="na">cadvisor</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">portainer-agent</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">cadvisor</span> <span class="na">image</span><span class="pi">:</span> <span class="s">gcr.io/cadvisor/cadvisor:v0.47.1</span> <span class="na">platform</span><span class="pi">:</span> <span class="s">linux/aarch64</span> <span class="na">devices</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/dev/kmsg:/dev/kmsg</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/:/rootfs:ro</span> <span class="pi">-</span> <span class="s">/var/run:/var/run:rw</span> <span class="pi">-</span> <span class="s">/sys:/sys:ro</span> <span class="pi">-</span> <span class="s">/var/lib/docker:/var/lib/docker:ro</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8080:8080</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="na">node-exporter</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">portainer-agent</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">node-exporter</span> <span class="na">image</span><span class="pi">:</span> <span class="s">prom/node-exporter:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">--path.procfs=/host/proc'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">--path.sysfs=/host/sys'</span> <span class="pi">-</span> <span class="s">--collector.filesystem.ignored-mount-points</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/proc:/host/proc:ro</span> <span class="pi">-</span> <span class="s">/sys:/host/sys:ro</span> <span class="pi">-</span> <span class="s">/:/rootfs:ro</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">9100:9100</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="c1">######## Logging ########</span> <span class="na">promtail</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">portainer-agent</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">promtail</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/promtail:2.9.3</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-config.file=/etc/promtail/config.yml</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$DOCKER__CONFIG/promtail/config.yml:/etc/promtail/config.yml:ro</span> <span class="pi">-</span> <span class="s">/var/lib/docker/containers:/var/lib/docker/containers:ro</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">9080:9080</span> <span class="pi">-</span> <span class="s">1514:1514</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="na">dozzle</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">portainer-agent</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">dozzle</span> <span class="na">image</span><span class="pi">:</span> <span class="s">amir20/dozzle:latest</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8082:8080</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="na">DOZZLE_LEVEL</span><span class="pi">:</span> <span class="s">info</span> <span class="na">DOZZLE_TAILSIZE</span><span class="pi">:</span> <span class="m">300</span> <span class="na">DOZZLE_FILTER</span><span class="pi">:</span> <span class="s2">"</span><span class="s">status=running"</span> </code></pre> </div> <h2> Metrics </h2> <p>Prometheus will scrape promtail for new metrics.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">prometheus</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node-exporter</span> <span class="pi">-</span> <span class="s">cadvisor</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">image</span><span class="pi">:</span> <span class="s">prom/prometheus:latest</span> <span class="na">user</span><span class="pi">:</span> <span class="s">root</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">--config.file=/etc/prometheus/prometheus.yml</span> <span class="pi">-</span> <span class="s">--storage.tsdb.path=/prometheus</span> <span class="pi">-</span> <span class="s">--web.enable-admin-api</span> <span class="pi">-</span> <span class="s">--web.enable-lifecycle</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$DOCKER__CONFIG/prometheus/config.yml:/etc/prometheus/prometheus.yml:ro</span> <span class="pi">-</span> <span class="s">$DOCKER_DATA/prometheus:/prometheus</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">9090:9090</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> </code></pre> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz3wj65w5weamuv22gb7r.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz3wj65w5weamuv22gb7r.png" alt="Metric 1" width="800" height="434"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftm4t4hc5vqenwstw6n53.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftm4t4hc5vqenwstw6n53.png" alt="Metric 2" width="800" height="428"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0zyp0aezwnl9k1tesx91.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0zyp0aezwnl9k1tesx91.png" alt="Metric 3" width="800" height="431"></a></p> <h2> Logging </h2> <p>These services will handle syslog/container logs and store on mini/loki.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">minio</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">minio</span> <span class="na">image</span><span class="pi">:</span> <span class="s">minio/minio:latest</span> <span class="na">user</span><span class="pi">:</span> <span class="s">root</span> <span class="na">entrypoint</span><span class="pi">:</span> <span class="s">sh</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-c 'mkdir -p /data/loki &amp;&amp; /usr/bin/docker-entrypoint.sh minio server /data'</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">30s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">CMD</span> <span class="pi">-</span> <span class="s">curl</span> <span class="pi">-</span> <span class="s">-f</span> <span class="pi">-</span> <span class="s">http://localhost:9000/minio/health/live</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">20s</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$DOCKER_DATA/minio:/data</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="na">MINIO_ACCESS_KEY</span><span class="pi">:</span> <span class="s">minio123</span> <span class="na">MINIO_PROMETHEUS_AUTH_TYPE</span><span class="pi">:</span> <span class="s">public</span> <span class="na">MINIO_SECRET_KEY</span><span class="pi">:</span> <span class="s">minio456</span> <span class="na">loki</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">minio</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">loki</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/loki:2.9.3</span> <span class="na">user</span><span class="pi">:</span> <span class="s">root</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-config.file=/etc/loki/loki-config.yml</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$DOCKER__CONFIG/loki/config.yml:/etc/loki/loki-config.yml:ro</span> <span class="pi">-</span> <span class="s">$DOCKER_DATA/loki:/tmp</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">3100:3100</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="na">syslog-ng</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">promtail</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">syslog-ng</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ghcr.io/axoflow/axosyslog:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-edv</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$DOCKER__CONFIG/syslog-ng/config.conf:/etc/syslog-ng/syslog-ng.conf:ro</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">514:514/udp</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> </code></pre> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foxk7flxgw417kcx0o298.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foxk7flxgw417kcx0o298.png" alt="Log 1" width="800" height="390"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftqbuptdh9whathal3ndy.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftqbuptdh9whathal3ndy.png" alt="Log 2" width="800" height="347"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe2xh6tx4vhpzimwbsks7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe2xh6tx4vhpzimwbsks7.png" alt="Log 3" width="800" height="866"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz8dboqfi3qonhvlx22vt.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz8dboqfi3qonhvlx22vt.png" alt="Log 4" width="800" height="803"></a></p> <h2> Alerting </h2> <p>Monitor your services and get notified if something goes down.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">uptime-kuma</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s1">'</span><span class="s">louislam/uptime-kuma:1'</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">uptime-kuma</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$DOCKER_DATA/uptime-kuma:/app/data</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">3001:3001</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> </code></pre> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0z3k4lhlrrk3qa9q3nmr.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0z3k4lhlrrk3qa9q3nmr.png" alt="Alerting" width="800" height="267"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8zztw9lvjut841n9tbpl.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8zztw9lvjut841n9tbpl.png" alt="Notification" width="752" height="1222"></a></p> <h2> Dashboard </h2> <p>Grafana Dashboard for displaying metrics and logs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">grafana</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">prometheus</span> <span class="pi">-</span> <span class="s">loki</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/grafana:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">grafana</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*common</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$DOCKER__CONFIG/grafana/provisioning/datasources:/etc/grafana/provisioning/datasources:ro</span> <span class="pi">-</span> <span class="s">$DOCKER__CONFIG/grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards:ro</span> <span class="pi">-</span> <span class="s">$DOCKER__CONFIG/grafana/dashboards:/var/lib/grafana/dashboards:ro</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">3000:3000</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*environment</span> <span class="na">GF_AUTH_ANONYMOUS_ENABLED</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">GF_AUTH_ANONYMOUS_ORG_ROLE</span><span class="pi">:</span> <span class="s">Admin</span> <span class="na">GF_AUTH_BASIC_ENABLED</span><span class="pi">:</span> <span class="s2">"</span><span class="s">false"</span> <span class="na">GF_AUTH_DISABLE_LOGIN_FORM</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH</span><span class="pi">:</span> <span class="s">/var/lib/grafana/dashboards/no_folder/syslog_overview.json</span> <span class="na">GF_INSTALL_PLUGINS</span><span class="pi">:</span> <span class="s2">"</span><span class="s">grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel,cloudflare-app"</span> </code></pre> </div> networking security devops sitereliabilityengineering aakhtar3 Wed, 08 May 2024 03:03:17 +0000 https://forem.com/aakhtar3/mine-xmr-on-raspberry-pi-4h5a https://forem.com/aakhtar3/mine-xmr-on-raspberry-pi-4h5a <p>I have been playing around with <a href="https://xmrig.com" rel="noopener noreferrer">xmrig</a> to see if I could make any money with a few raspberry pi v3 that have been collecting dust. I choose <a href="https://www.getmonero.org" rel="noopener noreferrer">XMR (Monero)</a> due to it being ASIC resistant. Which allows the little guys a chance to get rewards for contribution to the blockchain. Also, I am a big fan of the privacy coin.</p> <p>After testing for 5 months, the conclusion is that the Raspberry <a href="https://www.raspberrypi.com/products/raspberry-pi-3-model-b-plus/" rel="noopener noreferrer">pi v3</a> is very old and cannot compete with new powerful cpu/gpus. However, the Raspberry <a href="https://www.raspberrypi.com/products/raspberry-pi-5/" rel="noopener noreferrer">pi v5</a> is new and has potential to output more computation. In addition, I packaged the software on alpine container to run native to the ARM architecture and the results were very surprising.</p> <p>I am still in the red due to electricity cost, but ARM helps with the cost due to being energy efficient. The learning in this project is intangible and was worth the minor expense. </p> <h2> Pi Cluster </h2> <p>Building a compact cluster has advantages, by sharing electricity over USB hubs or Power Over Ethernet and segmenting the cluster into its own network.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcp357pm6axvnb7h37ofz.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcp357pm6axvnb7h37ofz.jpg" alt="Pi Cluster"></a></p> <ul> <li>ARM is energy efficient and can share power over USB hub of 5v</li> <li>Stackable nodes in a segmented network</li> <li>Egress over privacy VPN to remain anonymous</li> </ul> <h2> Upgrade Hardware </h2> <p>Switched from Pi v3 to Pi v5.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F542m63lp7wab88osx4p2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F542m63lp7wab88osx4p2.png" alt="Upgrade Hardware"></a></p> <ul> <li>Pi v3 - Over 5 months I made $0.00 with a 1 H/s</li> <li>Pi v5 - In a day was hitting consistent ~150 H/s and finally made $0.01</li> </ul> <h2> Use ARM architecture </h2> <p>Avoid cross architecture emulation on docker, which causes performance bottlenecks. Instead use native ARM Architecture when packaging your containers.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzslccc35xa3y7ctoth8r.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzslccc35xa3y7ctoth8r.png" alt="Use ARM architecture"></a></p> <ul> <li>Pi v3 arm - 1 H/s</li> <li>Pi v5 amd -&gt; arm - ~150 H/s</li> <li>m3 arm - ~1 KH/s</li> <li>Pi v5 arm - ~1.2 KH/s </li> </ul> <h2> Summary </h2> <p>Final summary of current setup</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0h2xsqn4iyr3bhcbww9e.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0h2xsqn4iyr3bhcbww9e.png" alt="Summary 1"></a></p> <ul> <li>Peaked at 3.5 KH - Improved by 3,500%</li> <li>Now make $0.05 per day</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85iiynh5gz1srci8bqxw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85iiynh5gz1srci8bqxw.png" alt="Summary 2"></a></p> <ul> <li>1 m1 2 core arm</li> <li>1 m2 2 core arm</li> <li>5 Pi v5 20 core arm</li> </ul> <h2> Quick Setup with Wallet </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># https://github.com/aakhtar3/xmrig</span> docker run <span class="nt">-d</span> <span class="se">\</span> <span class="nt">--name</span> xmrig <span class="se">\</span> <span class="nt">-e</span> <span class="nv">URL</span><span class="o">=</span><span class="k">${</span><span class="nv">POOL</span><span class="k">}</span> <span class="se">\</span> <span class="nt">-e</span> <span class="nv">WALLET</span><span class="o">=</span><span class="k">${</span><span class="nv">WALLET</span><span class="k">}</span> <span class="se">\</span> <span class="nt">-e</span> <span class="nv">NODE_NAME</span><span class="o">=</span><span class="si">$(</span><span class="nb">hostname</span><span class="si">)</span> <span class="se">\</span> <span class="nt">--cpus</span><span class="o">=</span><span class="s2">"2"</span> <span class="se">\</span> <span class="nt">--cpu-quota</span><span class="o">=</span>400000 <span class="se">\</span> <span class="nt">--cpu-period</span><span class="o">=</span>100000 <span class="se">\</span> aakhtar3/xmrig </code></pre> </div> <ul> <li>Create <a href="https://www.getmonero.org/downloads/" rel="noopener noreferrer">${WALLET}</a> and run software on docker</li> <li>Join a pool ${POOL} - pool.hashvault.pro:443</li> <li>Tweak CPU usage based on your cores</li> </ul> cryptocurrency docker kubernetes architecture aakhtar3 Mon, 18 Mar 2024 02:30:13 +0000 https://forem.com/aakhtar3/kubernetes-tldr-1k4o https://forem.com/aakhtar3/kubernetes-tldr-1k4o <p>Kubernetes is a dense topic, so here are some key topics to review.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Kubernetes</th> <th>Component</th> <th>Application</th> <th>Istio</th> </tr> </thead> <tbody> <tr> <td>Terraform</td> <td>Pod</td> <td>Service</td> <td>Control Plane</td> </tr> <tr> <td>Cluster</td> <td>Config Map</td> <td>Service Registry</td> <td>Data Plane</td> </tr> <tr> <td>Control Plane Node</td> <td>Secrets</td> <td>Service Discovery</td> <td>Traffic Management</td> </tr> <tr> <td>Worker Node</td> <td>Persistent Volume</td> <td>Deployment</td> <td>Security</td> </tr> <tr> <td>Namespace</td> <td>Policies</td> <td>Stateful Sets</td> <td>Observability</td> </tr> </tbody> </table></div> <h2> Kubernetes </h2> <p>Orchestration service to automate application deployments at scale.</p> <h3> Terraform </h3> <p>Infrastructure as code to deploy cloud resources that will be used to run Kubernetes.</p> <h4> Lifecycle </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwwo4lto5l5j9i40imo6u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwwo4lto5l5j9i40imo6u.png" alt="Lifecycle" width="601" height="231"></a></p> <ul> <li>terraform init - Set up backend and pull dependencies from providers <ul> <li>.tfstate - s3</li> <li>.lock - dynamodb</li> </ul> </li> <li>terrafrom validate - Validate Configs</li> <li>terraform fmt - lint suggestions for styling code</li> <li>terratest - Testing framework in Go</li> <li>terraform plan - Show plan to build desired state and observed state</li> <li>terraform apply - Build infrastructure to be in desired state</li> <li>terraform destroy - Clean up infrastructure</li> </ul> <h4> Files </h4> <ul> <li>provider.tf - terraform block, backend, provider config, alias</li> <li>main.tf - Resource blocks which define resources to be created <ul> <li>resource - declare new component</li> <li>data - pull resource from cloud provider</li> <li>module - pull resource from external source</li> </ul> </li> <li>variables.tf - variables declarations for resources</li> <li>output.tf - Key values generated on successful apply </li> <li>*.tfvars - environment specific default variables</li> </ul> <h4> Helpers </h4> <ul> <li>meta arguments - depends on, count, for_each, locals</li> <li>expressions - operators (arithmetic, equality, comparison, logical), conditionals, splat, constraints </li> <li>functions - String/Number/Collection types, encoding/crpyto/hash, IP networking, filesystem, date/time</li> </ul> <h3> Cluster </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futaxdo9kk2c6g9wrfa7j.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futaxdo9kk2c6g9wrfa7j.png" alt="Cluster" width="673" height="492"></a></p> <ul> <li>Cluster - Multiple Control plane nodes for High Availability</li> <li>Traffic <ul> <li>North &lt;-&gt; South - Client &lt;-&gt; VPC &lt;-&gt; Ingress</li> <li>East &lt;-&gt; West - AZ A &lt;-&gt; AZ B &lt;-&gt; AZ C</li> </ul> </li> </ul> <h3> Control Plane Node </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz2rp4utaj6qavdp6t74i.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz2rp4utaj6qavdp6t74i.png" alt="Control Plane Node" width="513" height="401"></a></p> <ul> <li>Api Server - Front end of cluster on RESTful API over HTTPS</li> <li>Cluster Store (etcd) - Holds desired state of all components of cluster</li> <li>Controller (Manager) - Cluster intelligence, watching cluster to reconcile observed state and desired state</li> <li>Scheduler - Handles tasks and assign to capable nodes for work</li> </ul> <h3> Worker Node </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcu1o98qlyr502fulap5h.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcu1o98qlyr502fulap5h.png" alt="Worker Node" width="572" height="224"></a></p> <ul> <li>Kublet - Agent handles workload from cluster and reporting</li> <li>Runtime - kernel tasks using <strong>containerd</strong> to manage lifecycle</li> <li>Kube-proxy - Cluster networking and load balancing</li> </ul> <h3> Namespace </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr17h07tex7yzq1coyv21.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr17h07tex7yzq1coyv21.png" alt="Namespace" width="800" height="491"></a></p> <ul> <li>Default Namespace - Components will be placed here if not specified</li> <li>Named Namespace - Isolate components into segmented namespaces</li> <li>Isolation <ul> <li>Soft - Segment by namespace</li> <li>Hard - Segment by cluster</li> </ul> </li> </ul> <h2> Component </h2> <p>Key atomic componentes to build applications on Kubernetes.</p> <h3> Pod </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnc1c580adzz8qecaz8uz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnc1c580adzz8qecaz8uz.png" alt="Pod" width="671" height="281"></a></p> <ul> <li>Init container - Runs once before main container</li> <li>Main container - Core functionality of service</li> <li>Sidecar container - Optional containers to side load computation <ul> <li>Proxy - Handles ingress traffic</li> <li>Ambassador - Handles egress traffic</li> <li>Adapter - Handles telemetry traffic</li> </ul> </li> </ul> <h3> Config Map </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdjacfy6arj5uskncu4qp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdjacfy6arj5uskncu4qp.png" alt="Config Map" width="705" height="215"></a></p> <ul> <li>Environment Variable - Data can be injected to container environment </li> <li>Container Argument - Pass arguments into a container status up command</li> <li>Files in Volume - Mount config file into container environment</li> </ul> <h3> Secrets </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyb5ikact42hzywcllpuo.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyb5ikact42hzywcllpuo.png" alt="Secrets" width="715" height="254"></a></p> <ul> <li>Native Secrets - Does not encrypt in transit or flight, stores in tmpfs as base64 and decode to plain text </li> <li>Vault Secrets - Require 3rd party integration to mange secrets</li> </ul> <h3> Persistent Volume </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk905ignrs7d8bho0cvgi.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk905ignrs7d8bho0cvgi.png" alt="Persistent Volume" width="573" height="361"></a></p> <ul> <li>Persistent Volume Claim (PVC) - Pod need to request/claim volume and grant access to PVs</li> <li>Persistent Volume (PV) - Maps to external storage providers</li> <li>Storage Classes (SC) - Proxy between PVC and SP and automates the connectivity</li> <li>Container Storage Interface (CSI) - Interface plugin to connect to external/cloud SPs</li> <li>Storage Providers (SP) - Physical storage disk drives</li> </ul> <h3> Policies </h3> <ul> <li>Role-based access control (RBAC) - Regulate access to groups when invoking the API</li> <li>Pod Security Standards (PSS) - Privileged, Baseline, Restricted</li> <li>Pod Security Admission (PSA) - enforce, audit, warn</li> </ul> <h2> Application </h2> <p>Package applications into segmented resources on Kubernetes cluster.</p> <h3> Service </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvyqqvy9uic0pch97cbgo.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvyqqvy9uic0pch97cbgo.png" alt="Service" width="457" height="799"></a></p> <ul> <li>Ingress - Handle many services on a single load balancer</li> <li>Load Balancer - Cloud load balancer to handle traffic for service</li> <li>Node Port - Port exposed on port to access service</li> <li>Cluster IP - Ip obtained from service registry for service</li> </ul> <h3> Service Registry </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1u793kupilekxdq0zxb9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1u793kupilekxdq0zxb9.png" alt="Service Registry" width="588" height="824"></a></p> <ul> <li>Kube-system (NS) - Cluster namespace for control plane</li> <li>Kube-dns (SVC) - Service registry and discovery</li> <li>Coredns (POD) - Application to handle dns traffic</li> </ul> <h3> Service Discovery </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6ap2sy6jmiaed7a42wh.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6ap2sy6jmiaed7a42wh.png" alt="Image description" width="800" height="372"></a></p> <ul> <li>Cluster Store - Stores DNS records from coredns</li> <li>Fully Qualified Domain Name (FQDN) - {service}.{namespace}.svc.cluster.local</li> </ul> <h3> Deployment </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpe1kya6ahwp022o5cp83.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpe1kya6ahwp022o5cp83.png" alt="Deployment" width="800" height="420"></a></p> <ul> <li>Deployment - Stateless application </li> <li>Replica Set - Deploy multiple pods in parallel</li> </ul> <h3> Stateful Sets </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcjjlmrta6awr771da5a7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcjjlmrta6awr771da5a7.png" alt="Stateful Sets" width="800" height="424"></a></p> <ul> <li>Stateful Sets - Stateful application that needs to mount data</li> <li>Replica Set - Deploy multiple pods in sequence</li> <li>Persistent Volume - Requires volume for application</li> </ul> <h2> Istio </h2> <p>Use Service Mesh to mange Kubernetes traffic, security, and observability.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0u67pmxpu9ide7aptaf6.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0u67pmxpu9ide7aptaf6.png" alt="Istio" width="800" height="386"></a></p> <h3> Control Plane </h3> <ul> <li>Pilot - Service Discovery and configuring sidecar proxies</li> <li>Citadel - Automated key and certificate management</li> <li>Galley - Validate and deploy Istio configuration</li> <li>Container Network Interface (CNI) - Network initialization, init container to sidecar proxy</li> <li>Core DNS - DNS resolution</li> <li>Policy - CDA Policy enforcer</li> <li>Cert Manger - Issue and renew TLS certifications </li> <li>Prometheus - Metrics collector</li> <li>Sidecar Injector - Namespace enabled sidecar poxy</li> <li>Ingress Gateway - Handle incoming traffic into mesh</li> <li>Egress Gateway - Handle outgoing traffic from mesh</li> </ul> <h3> Data Plane </h3> <ul> <li>Envoy - Reverse Proxy Sidecar managed by Traffic management rules</li> </ul> <h3> Traffic Management </h3> <ul> <li>Virtual Services - Configure how requests are routed to service in mesh. Timeout, retry, and fault injection</li> <li>Destination Rules - Policies on routing, load balancing, TLS, circuit breaker, etc </li> <li>Gateways - Handle Ingress/Egress traffic to/from mesh</li> <li>Service entries - Register services to be added and discovered in Mesh</li> <li>Sidecars - Add additional proxy rules on in/e-gress</li> </ul> <h3> Security </h3> <ul> <li>Peer Authentication (Mutual TLS) - Client and Server Envoy sidecar establish two TLS tunnel</li> <li>Request Authentication (JWT) - Envoy validate JWT with Public JSON Web Key Set (JWKS)</li> <li>Authorization Policies - Envoy engine handle Custom, Deny, Allow policies on traffic rules</li> </ul> <h3> Observability </h3> <ul> <li>Metrics <ul> <li>Proxy - In/E-gress Traffic: volume, errors, response times</li> <li>Service - Latency, errors, saturation</li> <li>Control plane - Service regulations, Certs</li> </ul> </li> <li>Distributed Traces - Sample traffic for monitoring/debugging</li> <li>Access Logs - Envoy access logs</li> </ul> kubernetes terraform systemdesign devops aakhtar3 Sun, 02 Jul 2023 05:12:58 +0000 https://forem.com/aakhtar3/earn-max-leetcode-coins-2jdf https://forem.com/aakhtar3/earn-max-leetcode-coins-2jdf <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Goal</th> <th>Tasks</th> <th>Tips</th> </tr> </thead> <tbody> <tr> <td>T-shirt</td> <td>13</td> <td>8,435 coins</td> </tr> </tbody> </table></div> <p>Hate it or love it, but <a href="https://leetcode.com">leetcode.com</a> has become the de facto learning tool to prepare for software engineering coding interviews. Other skills are required to do the job, but this interview standard has its benefits by providing candidates a fair chance at solving a timed problem in a stressful environment.</p> <p>Investing time to master and retain data structures and algorithms will net you a great ROI by helping you become a top earner. In addition, having a deep understanding of the material will make you a subject matter expert and a top performer.</p> <h2> Goal </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--GxaLJrlM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/86zghdkkh0hja4soyza0.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--GxaLJrlM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/86zghdkkh0hja4soyza0.png" alt="Leetcode Kit" width="800" height="741"></a></p> <p>Leetcode has gamified this egregious grind by providing a <a href="https://leetcode.com/store">store</a>, where you can redeem your earned coins for prizes. The prizes are nothing spectacular, but earning the t-shirt is an exciting challenge since <code>6,000</code> (t-shirt) or <code>7,800</code> (t-shirt, keychain, and coaster) coins will require a lot of time, discipline, and commitment.</p> <h2> Tasks </h2> <p>Below is a breakdown to earn the maximum amount of coins to get the t-shirt in less than a year.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Type</th> <th>Tasks</th> <th>Per Year</th> </tr> </thead> <tbody> <tr> <td>Social Media</td> <td>4</td> <td>40 (One time)</td> </tr> <tr> <td>Daily</td> <td>2</td> <td>4,015</td> </tr> <tr> <td>Weekly</td> <td>2</td> <td>2,080</td> </tr> <tr> <td>Bi-Weekly</td> <td>2</td> <td>1,040</td> </tr> <tr> <td>Monthly</td> <td>3</td> <td>1,260</td> </tr> <tr> <td>Total</td> <td>13</td> <td>8,435</td> </tr> </tbody> </table></div> <ul> <li> <code>8,435</code> coins from doing all 13 tasks.</li> </ul> <h3> Social Media </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ss4oFHCI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qkknq8et8gouthmmivsa.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ss4oFHCI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qkknq8et8gouthmmivsa.png" alt="Social Media" width="571" height="1024"></a></p> <ul> <li>Easy coins if you want to share your social media on your profile. </li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Task</th> <th>Coins</th> <th>Per Year</th> </tr> </thead> <tbody> <tr> <td>Linkedin</td> <td>10</td> <td>10 (One time)</td> </tr> <tr> <td>Google</td> <td>10</td> <td>10 (One time)</td> </tr> <tr> <td>Github</td> <td>10</td> <td>10 (One time)</td> </tr> <tr> <td>Facebook</td> <td>10</td> <td>10 (One time)</td> </tr> </tbody> </table></div> <ul> <li> <code>40</code> coins from connecting social media accounts.</li> </ul> <h3> Daily </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vNdNFbqX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0plk4rnlpxkaufve8jpn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vNdNFbqX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0plk4rnlpxkaufve8jpn.png" alt="Daily" width="539" height="532"></a></p> <ul> <li>View the daily <a href="https://leetcode.com/problemset/all">challenges</a> from the problem page.</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Task</th> <th>Coins</th> <th>Per Year</th> </tr> </thead> <tbody> <tr> <td>Daily Check-in</td> <td>1</td> <td>365</td> </tr> <tr> <td>Daily Challenge</td> <td>10</td> <td>3,650</td> </tr> </tbody> </table></div> <ul> <li> <code>4,015</code> coins from daily check-in and solving daily challenge.</li> </ul> <h3> Weekly </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fg4mbvgV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/na9u0ifxew2xk7tk4wp3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fg4mbvgV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/na9u0ifxew2xk7tk4wp3.png" alt="Weekly" width="533" height="167"></a></p> <ul> <li>View the weekly <a href="https://leetcode.com/problemset/all">challenges</a> from the problem page.</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Task</th> <th>Coins</th> <th>Per Year</th> </tr> </thead> <tbody> <tr> <td>Weekly Challenge</td> <td>35</td> <td>1,820</td> </tr> <tr> <td>Weekly Contest</td> <td>5</td> <td>260</td> </tr> </tbody> </table></div> <ul> <li> <code>2,080</code> coins from solving the weekly challenge and attending the weekly contests.</li> </ul> <h3> Bi Weekly </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vAxQzCx1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0z2rfg7fm7uclrfowprk.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vAxQzCx1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0z2rfg7fm7uclrfowprk.png" alt="Bi Weekly" width="800" height="280"></a></p> <ul> <li>Register to participate in the bi/weekly <a href="https://leetcode.com/contest">contest(s)</a>.</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Task</th> <th>Coins</th> <th>Per Year</th> </tr> </thead> <tbody> <tr> <td>Bi-Weekly Contest</td> <td>5</td> <td>130</td> </tr> <tr> <td>Attend Bi/Weekly Contests</td> <td>35</td> <td>910</td> </tr> </tbody> </table></div> <ul> <li> <code>1,040</code> coins from attending bi-weekly contests and attending both contests.</li> </ul> <h3> Monthly </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dGpH_MCB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vh442koyn0sqyz6pjukp.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dGpH_MCB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vh442koyn0sqyz6pjukp.png" alt="Monthly" width="800" height="198"></a></p> <ul> <li>Earn badges for keeping your streak.</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Task</th> <th>Coins</th> <th>Per Year</th> </tr> </thead> <tbody> <tr> <td>30 Day Check-in Streak</td> <td>30</td> <td>360</td> </tr> <tr> <td>25 Challenges Streak</td> <td>25</td> <td>300</td> </tr> <tr> <td>Entire Month of Daily Challenges</td> <td>50</td> <td>600</td> </tr> </tbody> </table></div> <ul> <li> <code>1,260</code> coins from solving all daily challenges and keeping up your monthly streak.</li> </ul> <h2> Tips </h2> <p>Here are some tips to stay consistent and retain:</p> <ul> <li>Set up re-occurring calendar blocked time slot (one hour) for daily/weekly challenges and bi/weekly contests.</li> <li>Refactor the solution with cleaner and descriptive code.</li> <li>Add <code>Time O(…) | Space O(…)</code> complexities in your solution.</li> <li>Share your solutions on Leetcode and GitHub.</li> <li>Buy and use a <code>Time Travel Ticket</code> from the store if you miss a day (Long flights 😡).</li> </ul> leetcode algorithms computerscience programming aakhtar3 Thu, 15 Jun 2023 04:24:21 +0000 https://forem.com/aakhtar3/multi-thread-with-nodejs-1b7b https://forem.com/aakhtar3/multi-thread-with-nodejs-1b7b <p>Node.js is a very powerful server-side javascript framework that excels in single-thread asynchronous I/O and is constantly updating with new features.</p> <p>This guide is meant to be a resource to understand the multi-threading APIs and provide:</p> <ul> <li>High-level computer science concepts <ul> <li>Synchronous vs Asynchronous</li> <li>Concurrency</li> <li>Sequential vs Parallel</li> <li>Distributed</li> <li>Process vs Thread</li> <li>Javascript Engine</li> </ul> </li> <li>Code examples of node.js API and performance metrics <ul> <li>Thread blocking operation</li> <li>Split operation into async tasks</li> <li>Invoke multi thread operations</li> </ul> </li> </ul> <h2> Synchronous vs Asynchronous </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xdj9GlIP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bas575itbqp4cpyse6g3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xdj9GlIP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bas575itbqp4cpyse6g3.png" alt="Synchronous vs Asynchronous" width="397" height="363"></a></p> <ul> <li> <a href="https://en.wikipedia.org/wiki/Synchronous_programming_language">Synchronous</a> - Operations are expected to start and finish in a time span.</li> <li> <a href="https://en.wikipedia.org/wiki/Asynchrony_(computer_programming)">Asynchronous</a> - Operations can be deferred till a later time.</li> </ul> <h2> Concurrency </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--8j-mN612--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/01lkc8z92dsoe2gssdo1.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--8j-mN612--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/01lkc8z92dsoe2gssdo1.png" alt="Concurrency" width="375" height="157"></a></p> <ul> <li> <a href="https://en.wikipedia.org/wiki/Concurrent_computing">Concurrency</a> - Multiple operations are handled at the same time.</li> </ul> <h2> Sequential vs Parallel </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--2OW0e24t--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zyn39jr1wii1ndcck5tm.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--2OW0e24t--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zyn39jr1wii1ndcck5tm.png" alt="Sequential vs Parallel" width="584" height="397"></a></p> <ul> <li> <a href="https://google.com">Sequential</a> - Multiple operations are done in a linear fashion.</li> <li> <a href="https://en.wikipedia.org/wiki/Parallel_computing">Parallel</a> - Multiple operations are done at the same time.</li> </ul> <h2> Distributed </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--cJdp3olu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vv4cf94aodcwslikkwd3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--cJdp3olu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vv4cf94aodcwslikkwd3.png" alt="Distributed" width="638" height="206"></a></p> <ul> <li> <a href="https://en.wikipedia.org/wiki/Distributed_computing">Distributed</a> - Multiple operations are done independently on segmented resources.</li> </ul> <h2> Process vs Thread </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--v7uCfpBO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qbsiy8pxtam880qeea7p.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--v7uCfpBO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qbsiy8pxtam880qeea7p.png" alt="Process vs Thread" width="375" height="258"></a></p> <ul> <li> <a href="https://en.wikipedia.org/wiki/Process_(computing)">Process</a> - A program can use single or multiple threads.</li> <li> <a href="https://en.wikipedia.org/wiki/Thread_(computing)">Thread</a> - Code execution is invoked and uses less resources than a process.</li> </ul> <h2> Javascript Engine </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--pLAUe_zP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/up2in98mgpg80788gw4s.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--pLAUe_zP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/up2in98mgpg80788gw4s.png" alt="Javascript-Engine" width="773" height="429"></a></p> <ul> <li> <a href="https://en.wikipedia.org/wiki/V8_(JavaScript_engine)">Javascript Engine</a> - Node.js process runs on top of the google chrome v8 engine. <ul> <li>Heap - Memory management of variables. </li> <li>Call Stack - Code running on main thread.</li> <li>Thread Pool - Async code pending to be executed.</li> <li>Callback Queue - Async code ready to be executed.</li> <li>Event Loop - Async code is pushed on to empty call stack.</li> </ul> </li> </ul> <h2> Thread Blocking Operation </h2> <p>Here is an example of a long running operation that will increment a counter variable from <code>zero</code> to <code>ten billion</code>.</p> <p>The snippet of code will block all other operations on the thread since it is a <code>synchronous</code> operation.</p> <ul> <li>ex: web browser freezes after clicking a button.</li> <li>ex: locking a database record when making an update.</li> </ul> <h3> Prerequisite </h3> <ul> <li>node -v <a class="mentioned-user" href="https://dev.to/12">@12</a>+</li> <li>echo '{ "type": "module" }' &gt; package.json </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">blockingOperation</span> <span class="o">=</span> <span class="p">(</span><span class="nx">operations</span> <span class="o">=</span> <span class="mi">10</span><span class="nx">_000_000_000</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">counter</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">while</span> <span class="p">(</span><span class="nx">counter</span> <span class="o">&lt;</span> <span class="nx">operations</span><span class="p">)</span> <span class="nx">counter</span> <span class="o">+=</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">({</span> <span class="nx">counter</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">counter</span><span class="p">;</span> <span class="p">};</span> <span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">blockingOperation</span><span class="p">())();</span> </code></pre> </div> <blockquote> <p>time node index.js<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span> counter: 10000000000 <span class="o">}</span> node index.js 7.80s user 0.04s system 99% cpu 7.849 total </code></pre> </div> <ul> <li>Executing this program takes around <code>~8</code> seconds. <ul> <li>Running on a single CPU core (<code>single-thread</code>).</li> <li> <code>Sync</code> tasks are blocking the thread.</li> </ul> </li> </ul> <h2> Split Operation into Async Tasks </h2> <p>Building on the example, we introduce <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise">Promises</a> to invoke asynchronous operations.</p> <p>In addition, the large operation will be split based on the number of CPU cores on the machine.</p> <ul> <li>This chunking strategy will shorten the task's size of operations.</li> <li><code>tasks = (operations / threads)</code></li> </ul> <p>Async will allow the program to handle <code>concurrent</code> operations.</p> <ul> <li>ex: web server accepting multiple API requests.</li> <li>ex: video game accepting multiple clicks on a keyboard.</li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">cpus</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">os</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">getUTCSeconds</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nb">Date</span><span class="p">().</span><span class="nx">getUTCSeconds</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">blockingOperation</span> <span class="o">=</span> <span class="p">(</span><span class="nx">operations</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nb">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">counter</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">while</span> <span class="p">(</span><span class="nx">counter</span> <span class="o">&lt;</span> <span class="nx">operations</span><span class="p">)</span> <span class="nx">counter</span> <span class="o">+=</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">({</span> <span class="nx">counter</span><span class="p">,</span> <span class="na">utcSecond</span><span class="p">:</span> <span class="nx">getUTCSeconds</span><span class="p">()</span> <span class="p">});</span> <span class="nx">resolve</span><span class="p">(</span><span class="nx">counter</span><span class="p">);</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">splitOperationIntoAsyncTasks</span> <span class="o">=</span> <span class="k">async</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">operations</span> <span class="o">=</span> <span class="mi">10</span><span class="nx">_000_000_000</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">threads</span> <span class="o">=</span> <span class="nx">cpus</span><span class="p">().</span><span class="nx">length</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">tasks</span> <span class="o">=</span> <span class="p">(</span><span class="nx">operations</span> <span class="o">/</span> <span class="nx">threads</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">blockingOperations</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Array</span><span class="p">(</span><span class="nx">threads</span><span class="p">).</span><span class="nx">fill</span><span class="p">()</span> <span class="p">.</span><span class="nx">map</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">blockingOperation</span><span class="p">(</span><span class="nx">tasks</span><span class="p">))</span> <span class="kd">const</span> <span class="nx">countOperations</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">Promise</span> <span class="p">.</span><span class="nx">all</span><span class="p">(</span><span class="nx">blockingOperations</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">totalCount</span> <span class="o">=</span> <span class="nx">countOperations</span> <span class="p">.</span><span class="nx">reduce</span><span class="p">((</span><span class="nx">sum</span><span class="p">,</span> <span class="nx">counter</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="nx">sum</span> <span class="o">+</span> <span class="nx">counter</span><span class="p">),</span> <span class="mi">0</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">({</span> <span class="nx">operations</span><span class="p">,</span> <span class="nx">threads</span><span class="p">,</span> <span class="nx">tasks</span><span class="p">,</span> <span class="nx">totalCount</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">totalCount</span><span class="p">;</span> <span class="p">};</span> <span class="p">(</span><span class="k">async</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">splitOperationIntoAsyncTasks</span><span class="p">())();</span> </code></pre> </div> <blockquote> <p>time node index.js<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span> counter: 1250000000, utcSecond: 21 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 22 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 22 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 23 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 23 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 24 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 24 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 25 <span class="o">}</span> <span class="o">{</span> operations: 10000000000, threads: 8, tasks: 1250000000, totalCount: 10000000000 <span class="o">}</span> node index.js 4.35s user 0.02s system 99% cpu 4.372 total </code></pre> </div> <ul> <li>Executing this program takes around <code>~4</code> seconds.</li> <li>We see a <code>50%</code> performance improvement. <ul> <li>Running on a single CPU core (<code>single-thread</code>).</li> <li> <code>Async</code> tasks are processed in <code>sequential</code>.</li> </ul> </li> </ul> <h2> Invoke Multi Thread Operations </h2> <p>The final step is to introduce the multi-thread API <a href="https://nodejs.org/api/worker_threads.html">worker threads</a>.</p> <p>There are two concepts that are at play:</p> <ul> <li>Parent (main thread) <ul> <li><code>if (isMainThread) return new Worker(__filename)</code></li> </ul> </li> <li>Child (worker thread) <ul> <li><code>parentPort.postMessage(await blockingOperation())</code></li> </ul> </li> </ul> <p>The parent will create multiple children and wait for the messages to be returned.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">cpus</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">os</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">dirname</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">fileURLToPath</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">url</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">isMainThread</span><span class="p">,</span> <span class="nx">Worker</span><span class="p">,</span> <span class="nx">parentPort</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">node:worker_threads</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">__filename</span> <span class="o">=</span> <span class="nx">dirname</span><span class="p">(</span><span class="nx">fileURLToPath</span><span class="p">(</span><span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">createWorker</span> <span class="o">=</span> <span class="k">async</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nb">Promise</span> <span class="p">((</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nx">Worker</span><span class="p">(</span><span class="nx">__filename</span><span class="p">)</span> <span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">resolve</span><span class="p">(</span><span class="nx">data</span><span class="p">))</span> <span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">reject</span><span class="p">(</span><span class="nx">error</span><span class="p">))</span> <span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">exit</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">code</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">code</span> <span class="o">!==</span> <span class="mi">0</span><span class="p">)</span> <span class="nx">reject</span><span class="p">(</span><span class="k">new</span> <span class="nb">Error</span><span class="p">(</span><span class="s2">`Thread exit code: </span><span class="p">${</span><span class="nx">code</span><span class="p">}</span><span class="s2">`</span><span class="p">));</span> <span class="p">}));</span> <span class="kd">const</span> <span class="nx">getUTCSeconds</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nb">Date</span><span class="p">().</span><span class="nx">getUTCSeconds</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">blockingOperation</span> <span class="o">=</span> <span class="p">(</span><span class="nx">operations</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nb">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">counter</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">while</span> <span class="p">(</span><span class="nx">counter</span> <span class="o">&lt;</span> <span class="nx">operations</span><span class="p">)</span> <span class="nx">counter</span> <span class="o">+=</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">({</span> <span class="nx">counter</span><span class="p">,</span> <span class="na">utcSecond</span><span class="p">:</span> <span class="nx">getUTCSeconds</span><span class="p">()</span> <span class="p">});</span> <span class="nx">resolve</span><span class="p">(</span><span class="nx">counter</span><span class="p">);</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">runTaskInParallel</span> <span class="o">=</span> <span class="k">async</span> <span class="p">(</span><span class="nx">operations</span><span class="p">,</span> <span class="nx">threads</span><span class="p">,</span> <span class="nx">tasks</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">blockingOperations</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Array</span><span class="p">(</span><span class="nx">threads</span><span class="p">).</span><span class="nx">fill</span><span class="p">()</span> <span class="p">.</span><span class="nx">map</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">createWorker</span><span class="p">(</span><span class="nx">tasks</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">countOperations</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">Promise</span> <span class="p">.</span><span class="nx">all</span><span class="p">(</span><span class="nx">blockingOperations</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">totalCount</span> <span class="o">=</span> <span class="nx">countOperations</span> <span class="p">.</span><span class="nx">reduce</span><span class="p">((</span><span class="nx">sum</span><span class="p">,</span> <span class="nx">counter</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="nx">sum</span> <span class="o">+</span> <span class="nx">counter</span><span class="p">),</span> <span class="mi">0</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">({</span> <span class="nx">operations</span><span class="p">,</span> <span class="nx">threads</span><span class="p">,</span> <span class="nx">tasks</span><span class="p">,</span> <span class="nx">totalCount</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">totalCount</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">invokeMultiThreadOperations</span> <span class="o">=</span> <span class="k">async</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">operations</span> <span class="o">=</span> <span class="mi">10</span><span class="nx">_000_000_000</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">threads</span> <span class="o">=</span> <span class="nx">cpus</span><span class="p">().</span><span class="nx">length</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">tasks</span> <span class="o">=</span> <span class="p">(</span><span class="nx">operations</span> <span class="o">/</span> <span class="nx">threads</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">isMainThread</span><span class="p">)</span> <span class="k">return</span> <span class="nx">runTaskInParallel</span><span class="p">(</span><span class="nx">operations</span><span class="p">,</span> <span class="nx">threads</span><span class="p">,</span> <span class="nx">tasks</span><span class="p">);</span> <span class="nx">parentPort</span><span class="p">.</span><span class="nx">postMessage</span><span class="p">(</span><span class="k">await</span> <span class="nx">blockingOperation</span><span class="p">(</span><span class="nx">tasks</span><span class="p">));</span> <span class="p">};</span> <span class="p">(</span><span class="k">async</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">invokeMultiThreadOperations</span><span class="p">())();</span> </code></pre> </div> <blockquote> <p>time node index.js<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> counter: 1250000000, utcSecond: 59 <span class="o">}</span> <span class="o">{</span> operations: 10000000000, threads: 8, tasks: 1250000000, totalCount: 10000000000 <span class="o">}</span> node index.js 6.38s user 0.05s system 711% cpu 0.903 total </code></pre> </div> <ul> <li>Executing this program takes around <code>~1</code> second.</li> <li>We see a <code>87%</code> performance improvement. <ul> <li>Running on a multi CPU core (<code>multi-thread</code>).</li> <li> <code>Async</code> tasks are processed in <code>parallel</code>.</li> </ul> </li> </ul> howto computerscience node programming aakhtar3 Mon, 22 May 2023 23:36:01 +0000 https://forem.com/aakhtar3/build-multi-cloud-hybrid-networks-45jj https://forem.com/aakhtar3/build-multi-cloud-hybrid-networks-45jj <h2> Goals </h2> <p>The purpose of this guide is to create four distributed networks and combine them into one highly available logically connected network.</p> <ul> <li>Build with the top three cloud vendors (<a href="https://aws.amazon.com">aws.amazon.com</a>, <a href="https://azure.microsoft.com">azure.microsoft.com</a>, <a href="https://cloud.google.com">cloud.google.com</a>) and one On-Premise (<a href="https://pfsense.org">pfsense.org</a>) network</li> <li>Scale <a href="https://www.computerhope.com/jargon/m/mesh.htm">Mesh</a> network topology to allow additional point-to-point connections</li> <li>Dynamic routing between Autonomous Systems (<a href="https://en.wikipedia.org/wiki/Autonomous_system_(Internet)#:~:text=An%20autonomous%20system%20(AS)%20is,routing%20policy%20to%20the%20Internet.">AS</a>) using Border Gateway Protocol (<a href="https://www.cloudflare.com/learning/security/glossary/what-is-bgp/">BGP</a>)</li> <li>Encrypt network traversal over Virtual Private Network (VPN) tunnels using Internet Protocol Security (<a href="https://www.geeksforgeeks.org/ip-security-ipsec/">IPSec</a>)</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>AWS</th> <th>Azure</th> <th>CGP</th> <th>PFSense</th> </tr> </thead> <tbody> <tr> <td>Network</td> <td>VNET</td> <td>VPC</td> <td>VLAN</td> </tr> <tr> <td>Gateway</td> <td>VWAN</td> <td>NCC</td> <td>ISP</td> </tr> <tr> <td>DNS</td> <td>Private Resolver</td> <td>Cloud DNS</td> <td>Pihole</td> </tr> <tr> <td>S2S</td> <td>Connection</td> <td>Peer VPN</td> <td>IPSec</td> </tr> <tr> <td>SSM</td> <td>Azure vm</td> <td>GCP vm</td> <td>Mac</td> </tr> </tbody> </table></div> <h2> Network </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--u4Uf4jHE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/q7wp1jzytvr8btja9yul.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--u4Uf4jHE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/q7wp1jzytvr8btja9yul.png" alt="4 Network" width="800" height="978"></a></p> <ul> <li>Final mesh network topology architecture</li> </ul> <h2> AWS </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--90RAgl8i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/697l12huib89i2ofgeth.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--90RAgl8i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/697l12huib89i2ofgeth.png" alt="AWS" width="467" height="563"></a></p> <h3> Network </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--0JXfxQMQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zmju7bcyhseef1la2217.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--0JXfxQMQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zmju7bcyhseef1la2217.png" alt="VPC" width="241" height="281"></a></p> <ul> <li>Create a Virtual Private Cloud Network in AWS</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vw7FsuxK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bouldzfosi9m03ptyerh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vw7FsuxK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bouldzfosi9m03ptyerh.png" alt="VPC config-a" width="501" height="659"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--G1VmfvdX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/falc4m92wrcynjzz9nrb.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--G1VmfvdX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/falc4m92wrcynjzz9nrb.png" alt="VPC config-b" width="492" height="851"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Resource to Create</td> <td>VPC and more</td> </tr> <tr> <td>Name</td> <td>vpc-aws</td> </tr> <tr> <td>IPv4 CIDR block</td> <td>172.16.11.0/24</td> </tr> <tr> <td>Num of AZs</td> <td>2</td> </tr> <tr> <td>Public</td> <td>0</td> </tr> <tr> <td>Private</td> <td>2</td> </tr> <tr> <td>NAT</td> <td>None</td> </tr> <tr> <td>Endpoint</td> <td>None</td> </tr> </tbody> </table></div> <h3> Gateway </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--R9AroqxX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zj86i09i940cj3c316i8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--R9AroqxX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zj86i09i940cj3c316i8.png" alt="Gateway" width="370" height="351"></a></p> <ul> <li>Identify the IP address of the ISP</li> <li>Point to Point Identification and traffic passthrough</li> </ul> <h4> Customer Gateway </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Ufeed6NL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7tkbbt0ee03g7nscicn3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Ufeed6NL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7tkbbt0ee03g7nscicn3.png" alt="Customer Gateway" width="800" height="726"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>pfsense</td> </tr> <tr> <td>BGP ASN</td> <td>65000</td> </tr> <tr> <td>IP address</td> <td>4.4.4.4</td> </tr> </tbody> </table></div> <h4> Transit Gateway </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--cseYFPaO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/w6d76bu8jt1t382hunjl.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--cseYFPaO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/w6d76bu8jt1t382hunjl.png" alt="Transit Gateway config-a" width="800" height="815"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--mVFIC0gU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hf6wo5k1kqu0zjqyot8d.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--mVFIC0gU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hf6wo5k1kqu0zjqyot8d.png" alt="Transit Gateway config-b" width="800" height="314"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>tg-aws</td> </tr> <tr> <td>Description</td> <td>tg-aws</td> </tr> <tr> <td>ASN</td> <td>64512</td> </tr> </tbody> </table></div> <h4> Route Table </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--wG1N-kCD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9fd5549wyk1ktmyjuuxb.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--wG1N-kCD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9fd5549wyk1ktmyjuuxb.png" alt="Update Route Table" width="800" height="242"></a></p> <ul> <li>Update routes to TGW</li> </ul> <h3> DNS </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--g1rEUZid--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8bpgftevhb2v9zpwsy0d.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--g1rEUZid--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8bpgftevhb2v9zpwsy0d.png" alt="DNS" width="326" height="352"></a></p> <ul> <li>AWS will dedicate a reserved IP address x.x.x.2 for a VPC resolver</li> <li>Outbound Endpoints will allow you to forward DNS requests for resolvers on other networks</li> <li>Inbound Endpoints will allow resolvers on other networks to forward requests to AWS</li> </ul> <h4> Outbound Endpoint </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--i9M85pCa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/g3k1lc38zpglx389culp.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--i9M85pCa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/g3k1lc38zpglx389culp.png" alt="Outbound Endpoint config-a" width="618" height="957"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fh7E6lnx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0mhog1yl8k4hq9n6mbe0.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fh7E6lnx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0mhog1yl8k4hq9n6mbe0.png" alt="Outbound Endpoint config-b" width="776" height="960"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--v0U_ZYyk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h6kui5ocwmrkraravdld.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--v0U_ZYyk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h6kui5ocwmrkraravdld.png" alt="Outbound Endpoint config-c" width="782" height="951"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Zi7u-QPn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ozz91frj9shmpaqqxxcd.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Zi7u-QPn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ozz91frj9shmpaqqxxcd.png" alt="Outbound Endpoint config-d" width="770" height="309"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Endpoint Name</td> <td>oe-aws</td> </tr> <tr> <td>VPC</td> <td>vpc-aws-vpc</td> </tr> <tr> <td>Security Group</td> <td>Default</td> </tr> <tr> <td>Endpoint Type</td> <td>IPv4</td> </tr> <tr> <td>IP Address #1</td> <td>AZ us-east-1, subnet 1, IPv4</td> </tr> <tr> <td>IP Address #2</td> <td>AZ us-east-2, subnet 2, IPv4</td> </tr> <tr> <td>Rule Name</td> <td>onpremise</td> </tr> <tr> <td>Rule Rule Type</td> <td>Forward</td> </tr> <tr> <td>Domain Name</td> <td>firewall.lan</td> </tr> <tr> <td>VPC Rule</td> <td>vpc-aws-vpc</td> </tr> <tr> <td>Target IP #1</td> <td>10.0.1.2:53</td> </tr> <tr> <td>Target IP #2</td> <td>10.0.4.2:53</td> </tr> </tbody> </table></div> <h4> Inbound Endpoint </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--2mGcKHVd--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8uwh29flgy2i2sdim49o.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--2mGcKHVd--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8uwh29flgy2i2sdim49o.png" alt="Inbound Endpoint config-a" width="616" height="634"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XE5hBLPC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/326yx45whx12fnlhh2mp.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XE5hBLPC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/326yx45whx12fnlhh2mp.png" alt="Inbound Endpoint config-b" width="620" height="959"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Endpoint Name</td> <td>ie-aws</td> </tr> <tr> <td>VPC</td> <td>vpc-aws-vpc</td> </tr> <tr> <td>Security Group</td> <td>Default</td> </tr> <tr> <td>Endpoint Type</td> <td>IPv4</td> </tr> <tr> <td>IP Address #1</td> <td>AZ us-east-1, subnet 1, IPv4</td> </tr> <tr> <td>IP Address #2</td> <td>AZ us-east-2, subnet 2, IPv4</td> </tr> </tbody> </table></div> <h3> Site to Site </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hVJrpeGB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zvt915qdj5p5i0ugt6fa.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hVJrpeGB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zvt915qdj5p5i0ugt6fa.png" alt="Site to Site" width="549" height="351"></a></p> <ul> <li>Use IPsec tunnels to connect AWS to another datacenter</li> <li>Have a failover connection for High availability</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--N_TpR89e--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h8tncl9iyayrf9jkrtmo.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--N_TpR89e--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h8tncl9iyayrf9jkrtmo.png" alt="Site to Site config-a" width="800" height="862"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--UZkxaojh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vhe52yfhn1yh3c11uyox.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--UZkxaojh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vhe52yfhn1yh3c11uyox.png" alt="Site to Site config-b" width="800" height="398"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--2pMwaU5e--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/weqymsoyfd85gc6m4mrj.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--2pMwaU5e--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/weqymsoyfd85gc6m4mrj.png" alt="Site to Site config-c" width="800" height="639"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Tgg7RCxn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gxlsfa7g6wfbuxba512e.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Tgg7RCxn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gxlsfa7g6wfbuxba512e.png" alt="Site to Site config-d" width="794" height="635"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>AWS</td> <td>s2s-aws-pfsense</td> </tr> <tr> <td>Target gateway type</td> <td>Transit Gateway</td> </tr> <tr> <td>Transit Gateway</td> <td>TGW</td> </tr> <tr> <td>Customer Gateway</td> <td>CGW</td> </tr> <tr> <td>Routing Options</td> <td>Dynamic</td> </tr> <tr> <td>Tunnel inside IP</td> <td>IPv4</td> </tr> <tr> <td>Inside IPv4 CIDR for tunnel 1</td> <td>169.254.11.0/30</td> </tr> <tr> <td>Pre-shared key for tunnel 1</td> <td>strong password</td> </tr> <tr> <td>Inside IPv4 CIDR for tunnel 2</td> <td>169.254.12.0/30</td> </tr> <tr> <td>Pre-shared key for tunnel 2</td> <td>strong password</td> </tr> </tbody> </table></div> <h4> Status </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vwT7GEnX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/55xwocp466bo0mengyqo.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vwT7GEnX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/55xwocp466bo0mengyqo.png" alt="Status" width="800" height="158"></a></p> <ul> <li>When BGP session is established, the status will go from down to up</li> </ul> <h3> SSM </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XE_i4Lpp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xzleognbsktx6j3q9b80.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XE_i4Lpp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xzleognbsktx6j3q9b80.png" alt="SSM" width="322" height="351"></a></p> <ul> <li>Using <a href="https://dev.toSSM">AWS System Manager</a> will allow remote access without opening any ssh ports</li> <li>Use to keep your network private</li> <li>Use to debug any connectivity issues</li> </ul> <h4> IAM Role Policy </h4> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ssm:DescribeAssociation"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:GetDeployablePatchSnapshotForInstance"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:GetDocument"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:DescribeDocument"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:GetManifest"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:GetParameter"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:GetParameters"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:ListAssociations"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:ListInstanceAssociations"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:PutInventory"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:PutComplianceItems"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:PutConfigurePackageResult"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:UpdateAssociationStatus"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:UpdateInstanceAssociationStatus"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssm:UpdateInstanceInformation"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ssmmessages:CreateControlChannel"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssmmessages:CreateDataChannel"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssmmessages:OpenControlChannel"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ssmmessages:OpenDataChannel"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ec2messages:AcknowledgeMessage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2messages:DeleteMessage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2messages:FailMessage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2messages:GetEndpoint"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2messages:GetMessages"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2messages:SendReply"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> Endpoint </h4> <h5> SSM Endpoint </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--t4_geFgh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wkh0q1ahdiblg87z9c6m.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--t4_geFgh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wkh0q1ahdiblg87z9c6m.png" alt="ssm Endpoint config-a" width="800" height="530"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--k0yo4AlR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/2k2n9q45rahm3pskg0s3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--k0yo4AlR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/2k2n9q45rahm3pskg0s3.png" alt="ssm Endpoint config-b" width="800" height="923"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--relkPZns--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vbfwis5nqdi68l21tm1m.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--relkPZns--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vbfwis5nqdi68l21tm1m.png" alt="ssm Endpoint config-c" width="800" height="875"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>ssm-endpoint</td> </tr> <tr> <td>Service Category</td> <td>AWS Service</td> </tr> <tr> <td>Service</td> <td>SSM</td> </tr> <tr> <td>VPC</td> <td>vpc-aws-vpc</td> </tr> <tr> <td>Subnets</td> <td>us-east-1, us-east-2</td> </tr> <tr> <td>Security Group</td> <td>Default</td> </tr> <tr> <td>Policy</td> <td>Full Access</td> </tr> </tbody> </table></div> <h5> SSMMessage Endpoint </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--HK29vFkH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3kzvt0k6sj86w03rqnbj.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--HK29vFkH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3kzvt0k6sj86w03rqnbj.png" alt="Image description" width="800" height="188"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>ssmmessage-endpoint</td> </tr> <tr> <td>Service Category</td> <td>AWS Service</td> </tr> <tr> <td>Service</td> <td>SSMmessages</td> </tr> <tr> <td>VPC</td> <td>vpc-aws-vpc</td> </tr> <tr> <td>Subnets</td> <td>us-east-1, us-east-2</td> </tr> <tr> <td>Security Group</td> <td>Default</td> </tr> <tr> <td>Policy</td> <td>Full Access</td> </tr> </tbody> </table></div> <h5> EC2Message Endpoint </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--MKeTSrBK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pqia31zmsm1pd2za934o.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--MKeTSrBK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pqia31zmsm1pd2za934o.png" alt="Image description" width="791" height="190"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>ec2message-endpoint</td> </tr> <tr> <td>Service Category</td> <td>AWS Service</td> </tr> <tr> <td>Service</td> <td>ec2messages</td> </tr> <tr> <td>VPC</td> <td>vpc-aws-vpc</td> </tr> <tr> <td>Subnets</td> <td>us-east-1, us-east-2</td> </tr> <tr> <td>Security Group</td> <td>Default</td> </tr> <tr> <td>Policy</td> <td>Full Access</td> </tr> </tbody> </table></div> <h2> Azure </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--eXZCS3kt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vbr5nl499mtvwx1djmkq.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--eXZCS3kt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vbr5nl499mtvwx1djmkq.png" alt="Azure" width="480" height="558"></a></p> <h3> VNET </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--v4nxKdvb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c65xu4a3pd1pqgdy6uac.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--v4nxKdvb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c65xu4a3pd1pqgdy6uac.png" alt="VNET" width="241" height="281"></a></p> <ul> <li>Create a Virtual Network on Azure</li> </ul> <h4> Resource Group </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hk8Xi9x9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/myk351gqo2ldxuhfcvk8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hk8Xi9x9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/myk351gqo2ldxuhfcvk8.png" alt="RG Review" width="393" height="376"></a></p> <ul> <li>Resource Group provides a single detailed view of all resources in a groups stack</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Resource group</td> <td>rg-aws-azure</td> </tr> <tr> <td>Region</td> <td>East US</td> </tr> </tbody> </table></div> <h4> Virtual Network </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--s5qr71AU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dq967ke7q4ku0fp9v02t.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--s5qr71AU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dq967ke7q4ku0fp9v02t.png" alt="Vnet Review" width="526" height="563"></a></p> <ul> <li>This Iaas will build a virtual network similar to a VPC</li> <li>Create 1 network /24 CIDR to create 4 subnets with /26 CIDR</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Resource group</td> <td>rg-aws-azure</td> </tr> <tr> <td>Name</td> <td>vnet-aws-azure</td> </tr> <tr> <td>Region</td> <td>East US</td> </tr> <tr> <td>Bastion</td> <td>Disabled</td> </tr> <tr> <td>Firewall</td> <td>Disabled</td> </tr> <tr> <td>DDoS</td> <td>Disabled</td> </tr> <tr> <td>Adress Space</td> <td>172.16.12.0/24</td> </tr> <tr> <td>Subnet</td> <td>172.16.12.0/26</td> </tr> </tbody> </table></div> <h3> VWAN </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--rmCYzTNX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nnu1z9efs3leu9g49v7q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--rmCYzTNX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nnu1z9efs3leu9g49v7q.png" alt="VWAN" width="364" height="352"></a></p> <ul> <li>TODO: <a href="https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about">Azure VWAN</a> </li> <li>Have a AWS site-to-site connection config to populate data</li> </ul> <h4> Local Network Gateway </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--csS57XBB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/90r6o6889ts0akg90hct.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--csS57XBB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/90r6o6889ts0akg90hct.png" alt="LNG Review" width="595" height="381"></a></p> <ul> <li>IP of the customer/data center Gateway</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Resource group</td> <td>rg-aws-azure</td> </tr> <tr> <td>Region</td> <td>East US</td> </tr> <tr> <td>Endpoint</td> <td>IP Address</td> </tr> <tr> <td>IP Address</td> <td>1.1.1.1</td> </tr> <tr> <td>Address Space(s)</td> <td>None</td> </tr> <tr> <td>ASN</td> <td>64512</td> </tr> <tr> <td>BGP</td> <td>169.254.21.1</td> </tr> </tbody> </table></div> <h5> Reserved APIPA </h5> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>AWS</td> <td>169.254.0.0/16</td> </tr> <tr> <td>Azure</td> <td>169.254.21.0/24 - 169.254.22.0/24</td> </tr> </tbody> </table></div> <h4> Virtual Network Gateway </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--9Bivo3oo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/k6n8mn3h5lnvqsvnc8sv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--9Bivo3oo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/k6n8mn3h5lnvqsvnc8sv.png" alt="VNG Review" width="468" height="660"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Resource group</td> <td>rg-aws-azure</td> </tr> <tr> <td>Region</td> <td>East US</td> </tr> <tr> <td>SKU</td> <td>VPNGw2AZ</td> </tr> <tr> <td>Generation</td> <td>2</td> </tr> <tr> <td>VNET</td> <td>vnet-aws-azure</td> </tr> <tr> <td>Subnet</td> <td>172.16.12.64/27</td> </tr> <tr> <td>Gateway Type</td> <td>VPN</td> </tr> <tr> <td>VPN Type</td> <td>Route Based</td> </tr> <tr> <td>Active-active</td> <td>Disabled</td> </tr> <tr> <td>BGB</td> <td>Enabled</td> </tr> <tr> <td>ASN</td> <td>65000</td> </tr> <tr> <td>Custom APIPA</td> <td>169.254.21.2, 169.254.22.2</td> </tr> <tr> <td>Public IP adress</td> <td>vng-aws-azure-pip</td> </tr> </tbody> </table></div> <h3> Private Resolver </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--RI6zKFRX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/m40y49nvzpjznb6q1buw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--RI6zKFRX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/m40y49nvzpjznb6q1buw.png" alt="Private Resolver" width="389" height="352"></a></p> <ul> <li>TODO: <a href="https://learn.microsoft.com/en-us/azure/dns/dns-overview">Azure DNS</a> </li> </ul> <h3> Connection </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--06Y_Xdc7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4ga0o6s6zc7nfxw26z0y.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--06Y_Xdc7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4ga0o6s6zc7nfxw26z0y.png" alt="Connection" width="539" height="351"></a></p> <ul> <li>Use to create an IPsec connection using BGP</li> <li>Create a second connection for failover</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Je5hXauq--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/um859zokwejxyggfeyxx.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Je5hXauq--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/um859zokwejxyggfeyxx.png" alt="Conn Review" width="407" height="693"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Resource group</td> <td>rg-aws-azure</td> </tr> <tr> <td>Region</td> <td>East US</td> </tr> <tr> <td>Connection type</td> <td>Site-to-site(IPsec)</td> </tr> <tr> <td>Connection name</td> <td>conn-1-aws-azure</td> </tr> <tr> <td>Virtual Network Gateway</td> <td>vng-aws-azure</td> </tr> <tr> <td>Local Network Gateway</td> <td>lng-aws-azure</td> </tr> <tr> <td>IKE Protocol</td> <td>IKEv2</td> </tr> <tr> <td>IpSec / IKE policy</td> <td>Default</td> </tr> <tr> <td>Use Policy based traffic selector</td> <td>Disable</td> </tr> <tr> <td>DPD timeout</td> <td>45</td> </tr> <tr> <td>Connection Mode</td> <td>Default</td> </tr> <tr> <td>BGP</td> <td>169.254.21.2</td> </tr> </tbody> </table></div> <h3> BGP </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--KNRuKZMk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xlp7bpkhygtb32pqplph.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--KNRuKZMk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xlp7bpkhygtb32pqplph.png" alt="VNG Sidebar" width="219" height="688"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--iA8NLJU0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1962g1nxxsqjpjrq207t.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iA8NLJU0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1962g1nxxsqjpjrq207t.png" alt="Connection Status" width="800" height="142"></a></p> <ul> <li>Verify Connection is enabled</li> <li>Create second connection for failover</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aoPwxkiz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/iv6lwo3oj9dwck4um70a.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aoPwxkiz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/iv6lwo3oj9dwck4um70a.png" alt="BGB Status" width="800" height="265"></a></p> <ul> <li>Verify Route propagation from BGP</li> </ul> <h3> Azure VM </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dhKCbWJE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/kix89c8b312ibq558rbh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dhKCbWJE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/kix89c8b312ibq558rbh.png" alt="Ping" width="422" height="122"></a></p> <ul> <li>Azure -&gt; AWS</li> </ul> <h2> GCP </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--2opo6Fr9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zpi9kof5vwdq6k6btuo1.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--2opo6Fr9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zpi9kof5vwdq6k6btuo1.png" alt="GCP" width="473" height="559"></a></p> <h3> VPC </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--DftC8ds2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gnokqgvsdu0aue2phtch.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--DftC8ds2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gnokqgvsdu0aue2phtch.png" alt="VPC" width="242" height="281"></a></p> <ul> <li>Create a Virtual Private Cloud on Google</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--u8MvH2km--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/smmge708i9ddbr1idf2m.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--u8MvH2km--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/smmge708i9ddbr1idf2m.png" alt="VPC config-a" width="560" height="309"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Zu5kegD9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/kgx7g46bq6isnepxjhkb.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Zu5kegD9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/kgx7g46bq6isnepxjhkb.png" alt="VPC config-b" width="572" height="923"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--CLDXwtwv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/w1x49do350vi86kupynx.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--CLDXwtwv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/w1x49do350vi86kupynx.png" alt="VPC config-c" width="800" height="585"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>vpc-gcp-aws</td> </tr> <tr> <td>Description</td> <td>VPC</td> </tr> <tr> <td>IPv6</td> <td>Disabled</td> </tr> <tr> <td>Subnet</td> <td>Custom</td> </tr> <tr> <td>Subnet Name</td> <td>Private</td> </tr> <tr> <td>Subnet Region</td> <td>us-east-1</td> </tr> <tr> <td>IP stack</td> <td>IPv4</td> </tr> <tr> <td>IP range</td> <td>172.16.13.0/24</td> </tr> <tr> <td>Private Google Access</td> <td>off</td> </tr> <tr> <td>Flow Logs</td> <td>off</td> </tr> <tr> <td>IPv4 Firewall Rule</td> <td>Ingress Apply to all 0.0.0.0/0 ICMP Allow</td> </tr> <tr> <td>Dynamic Routing</td> <td>Regional</td> </tr> </tbody> </table></div> <h3> Network Connectivity Center </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jTkjYW5U--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c7ci2tfg9kbnjveh9t8c.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jTkjYW5U--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c7ci2tfg9kbnjveh9t8c.png" alt="Network Connectivity" width="362" height="352"></a></p> <ul> <li>TODO: <a href="https://cloud.google.com/network-connectivity/docs/concepts">GCP Network Connectivity</a> </li> <li>Have a AWS site-to-site connection config to populate data</li> </ul> <h4> Cloud Router </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fKyWc74---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/mxv950kiznd814sbgm8j.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fKyWc74---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/mxv950kiznd814sbgm8j.png" alt="Cloud Router" width="551" height="651"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>cr-gcp</td> </tr> <tr> <td>Description</td> <td>route</td> </tr> <tr> <td>Network</td> <td>vpc-gcp-aws</td> </tr> <tr> <td>Region</td> <td>us-east-1</td> </tr> <tr> <td>ASN</td> <td>65000</td> </tr> <tr> <td>Interval</td> <td>20</td> </tr> <tr> <td>Routes</td> <td>Advertise all subnets to CR</td> </tr> </tbody> </table></div> <h4> VPN Gateway </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ie2EU0h0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jyniv99nbqpcidavx7ku.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ie2EU0h0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jyniv99nbqpcidavx7ku.png" alt="VPN Gateway" width="527" height="507"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>vpn-gcp-aws</td> </tr> <tr> <td>Network</td> <td>vpc-gcp-aws</td> </tr> <tr> <td>Region</td> <td>us-east-1</td> </tr> <tr> <td>IP stack</td> <td>IPv4</td> </tr> </tbody> </table></div> <h3> Cloud DNS </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--uiQSg7aa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nju39yq0sf2xh7uoyulz.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--uiQSg7aa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nju39yq0sf2xh7uoyulz.png" alt="Cloud DNS" width="333" height="352"></a></p> <ul> <li>TODO: <a href="https://cloud.google.com/dns">GCP DNS</a> </li> </ul> <h3> Peer VPN </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--gayda0Ez--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/590dnq3l3u5w7bep8qhp.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--gayda0Ez--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/590dnq3l3u5w7bep8qhp.png" alt="Peer VPN" width="524" height="352"></a></p> <ul> <li>Set up the infrastructure for GCP VPN</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ePhMSw5t--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ishpqglp42j4w0f9zed6.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ePhMSw5t--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ishpqglp42j4w0f9zed6.png" alt="Peer VPN config-a" width="494" height="553"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--BO5mu8F7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sgiui3fpk8hehn9bvl3k.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--BO5mu8F7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sgiui3fpk8hehn9bvl3k.png" alt="Peer VPN config-b" width="546" height="710"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--PrMAh9iN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/njlat3b92ucc2m3f48sf.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PrMAh9iN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/njlat3b92ucc2m3f48sf.png" alt="Peer VPN config-c" width="497" height="450"></a></p> <ul> <li>Repeats these steps on interface 1 (failover)</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>vpng-gcp-aws</td> </tr> <tr> <td>Interfaces</td> <td>two interfaces</td> </tr> <tr> <td>Interface 0</td> <td>3.3.3.3</td> </tr> <tr> <td>Interface 1</td> <td>3.3.3.2</td> </tr> <tr> <td>Peer VPN Gateway</td> <td>On-Prem or Non Google</td> </tr> <tr> <td>Peer VPNG Name</td> <td>vpng-gcp-aws</td> </tr> <tr> <td>High Availability</td> <td>Create a pair of VPN tunnles</td> </tr> <tr> <td>Cloud Router</td> <td>cr-gcp</td> </tr> <tr> <td>Associated Peer VPNG interface</td> <td>0: 1.1.1.1</td> </tr> <tr> <td>Name</td> <td>conn1-gcp-aws</td> </tr> <tr> <td>pre-shared key</td> <td>strong password</td> </tr> <tr> <td>Peer ASN</td> <td>64512</td> </tr> </tbody> </table></div> <h4> BGP </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--j3vaGDw1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/26zci26bkwbirpqzs78q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--j3vaGDw1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/26zci26bkwbirpqzs78q.png" alt="BGP" width="531" height="962"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>conn1</td> </tr> <tr> <td>Peer ASN</td> <td>64512</td> </tr> <tr> <td>BGB IPv4 address</td> <td>Manually</td> </tr> <tr> <td>Cloud Router BGP</td> <td>169.254.250.138</td> </tr> <tr> <td>BGP Peer Address</td> <td>169.254.250.137</td> </tr> </tbody> </table></div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tpXToEYx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4o9vcsc2o1alwqyjyn4a.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tpXToEYx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4o9vcsc2o1alwqyjyn4a.png" alt="BGP Status" width="800" height="53"></a></p> <ul> <li>Verify Dynamic Route update</li> </ul> <h3> GCP vm </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--rE-a8PvT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/uz6ag27wptmzhqurw9ug.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--rE-a8PvT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/uz6ag27wptmzhqurw9ug.png" alt="Image description" width="422" height="126"></a></p> <ul> <li>GCP -&gt; AWS</li> </ul> <h2> PFSense </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--PfRKtlXv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1xdc2bhflycjdd7lq793.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PfRKtlXv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1xdc2bhflycjdd7lq793.png" alt="Pfsense" width="521" height="693"></a></p> <h3> VLAN </h3> <p>Check out this write-up on how to configure <a href="https://dev.to/aakhtar3/build-networks-with-vlans-1ldd">VLANs</a> with pfsense</p> <h3> ISP </h3> <p>TODO: Check out this write-up on how to configure a VPN Server with pfsense</p> <h3> PiHole </h3> <p>TODO: Check out this write-up on how to configure a DNS server with PiHole</p> <h3> IPSec </h3> <h4> Phase 1 </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--q6bUAaAx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/mzbj3nzbgg83ti4o148e.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--q6bUAaAx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/mzbj3nzbgg83ti4o148e.png" alt="Edit Tunnel 1" width="555" height="145"></a></p> <ul> <li>Start by creating a primary tunnel and repeat the below steps for the failover connection tunnel 2</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--I3Y4mLYe--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3lthkei3omh9raqpyek2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--I3Y4mLYe--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3lthkei3omh9raqpyek2.png" alt="Tunnel1 Config-a" width="800" height="708"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--SGnzzpbD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bjxsc74njx61x91isf73.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--SGnzzpbD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bjxsc74njx61x91isf73.png" alt="Tunnel1 Config-b" width="800" height="596"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Description</td> <td>conn1-aws-pfsense</td> </tr> <tr> <td>Key Exchange version</td> <td>IKEv2</td> </tr> <tr> <td>Remote Gateway</td> <td>1.1.1.1</td> </tr> <tr> <td>Pre-Shared Key</td> <td>strong password key token</td> </tr> <tr> <td>Algorithm</td> <td>AES</td> </tr> <tr> <td>Key Length</td> <td>128 bits</td> </tr> <tr> <td>Hash</td> <td>SHA256</td> </tr> <tr> <td>DH Group</td> <td>14 (2048 bit)</td> </tr> <tr> <td>Max failures</td> <td>3</td> </tr> </tbody> </table></div> <h4> Phase 2 </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--rM3N8DvN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jiq9viiyz10cavsjeoi8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--rM3N8DvN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jiq9viiyz10cavsjeoi8.png" alt="Edit Tunnel 2" width="523" height="124"></a></p> <ul> <li>Start by creating a primary tunnel and repeat the below steps for the failover connection tunnel 2</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_MG_mtDQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8ow5oi43p05y5kjair4c.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_MG_mtDQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8ow5oi43p05y5kjair4c.png" alt="Tunnel1 Config-a" width="800" height="353"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hoWduCns--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/852jnz1ksdhy07jvkvuq.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hoWduCns--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/852jnz1ksdhy07jvkvuq.png" alt="Tunnel1 Config-b" width="800" height="646"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--I7djLAKw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/d3nxfb99zm3shdedjv9i.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--I7djLAKw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/d3nxfb99zm3shdedjv9i.png" alt="Tunnel1 Config-b" width="800" height="148"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Description</td> <td>conn1-aws-pfsense</td> </tr> <tr> <td>Mode</td> <td>Routed (VTI)</td> </tr> <tr> <td>Local Network</td> <td>address: 169.254.11.12</td> </tr> <tr> <td>Remote Network</td> <td>address: 169.254.11.11</td> </tr> <tr> <td>Encryption Algorithm</td> <td>AES256-CGM 128bits</td> </tr> <tr> <td>Ping Host</td> <td>172.16.11.11</td> </tr> <tr> <td>Keep Alive</td> <td>Enabled</td> </tr> </tbody> </table></div> <h4> Status </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_YNCnuK9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pe5xkwki6eob6vzkgur3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_YNCnuK9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pe5xkwki6eob6vzkgur3.png" alt="Image description" width="800" height="494"></a></p> <ul> <li>Both primary and failover tunnels connected with IPSec</li> </ul> <h4> BGP </h4> <h5> FRR Global Settings </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Gmsk-A7K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i1mkyb4se39xify2uxes.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Gmsk-A7K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i1mkyb4se39xify2uxes.png" alt="Global Settings" width="800" height="397"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Enabled</td> <td>true</td> </tr> <tr> <td>Master Password</td> <td>strong password</td> </tr> </tbody> </table></div> <h5> FRR Route Maps </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--1SEIb5Ef--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/z809hxlbakdtfj134v3b.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--1SEIb5Ef--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/z809hxlbakdtfj134v3b.png" alt="Route Maps" width="800" height="85"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ePI_XrOG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/40osc3et5u4ab2rtwv7k.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ePI_XrOG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/40osc3et5u4ab2rtwv7k.png" alt="Route Maps config" width="800" height="229"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>Allow-all</td> </tr> <tr> <td>Action</td> <td>Permit</td> </tr> <tr> <td>Sequence</td> <td>100</td> </tr> </tbody> </table></div> <h5> FRR BGB </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dYd7JJrv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/02esh1j6lv7i6ad90z0x.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dYd7JJrv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/02esh1j6lv7i6ad90z0x.png" alt="FRR BGB" width="800" height="120"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--kEVVbQHh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5swktgpids18yiq6y331.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--kEVVbQHh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5swktgpids18yiq6y331.png" alt="BGB-config-a" width="800" height="285"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--J2s0c5HF--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1vvt8x3nvfstv8o7iczp.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--J2s0c5HF--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1vvt8x3nvfstv8o7iczp.png" alt="BGB-config-a" width="800" height="341"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Enabled</td> <td>true</td> </tr> <tr> <td>Local AS</td> <td>65000</td> </tr> <tr> <td>Router ID</td> <td>10.0.1.1</td> </tr> <tr> <td>Networks to distrbute</td> <td>10.0.1.0/28, 10.0.2.0/29, 10.0.4.0/28</td> </tr> </tbody> </table></div> <h5> FRR Neighbors </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--PufAbJ-3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5it5y8pn3jp6jpdg8zbm.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PufAbJ-3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5it5y8pn3jp6jpdg8zbm.png" alt="FRR Neighbors" width="800" height="126"></a></p> <ul> <li>Start with the primary tunnel and repeat the steps for the failover tunnel</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--y83cP1Ol--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vhuo4jyfnc4d1n3n9qbn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--y83cP1Ol--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vhuo4jyfnc4d1n3n9qbn.png" alt="FRR Neighbors config-a" width="800" height="209"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--uC1NRqeJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zoibrsqcr8mqkyl35ysy.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--uC1NRqeJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zoibrsqcr8mqkyl35ysy.png" alt="FRR Neighbors config-b" width="800" height="402"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--zLSallst--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i6esdduluf9k4cwevyv6.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--zLSallst--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i6esdduluf9k4cwevyv6.png" alt="FRR Neighbors config-c" width="800" height="244"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Name/Address</td> <td>169.254.11.12</td> </tr> <tr> <td>Description</td> <td>conn1-aws-pfsense</td> </tr> <tr> <td>Remote AS</td> <td>64512</td> </tr> <tr> <td>Inbound Route Map Filters</td> <td>Allow-all</td> </tr> <tr> <td>Outbound Route Map Filters</td> <td>Allow-all</td> </tr> </tbody> </table></div> <h5> FRR Status </h5> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--60b_k3tG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/tksb3luy5w102vvn17cl.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--60b_k3tG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/tksb3luy5w102vvn17cl.png" alt="Status Routes" width="664" height="372"></a></p> <ul> <li>Verify Dynamic Routes have been updated</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tc6wyiO2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/w1ur8ijpyexg0c2r4cqt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tc6wyiO2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/w1ur8ijpyexg0c2r4cqt.png" alt="Status Summary" width="800" height="288"></a></p> <ul> <li>View the BGP Summary</li> </ul> <h3> Mac </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--GOHfsVQY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h40us3nz4j47c9bb32eg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--GOHfsVQY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h40us3nz4j47c9bb32eg.png" alt="Mac" width="444" height="125"></a></p> <ul> <li>Mac -&gt; AWS</li> </ul> networking cloud security tutorial aakhtar3 Thu, 20 Apr 2023 22:15:41 +0000 https://forem.com/aakhtar3/stack-cloudnetworksecurity-certifications-2pa6 https://forem.com/aakhtar3/stack-cloudnetworksecurity-certifications-2pa6 <p>I recently went on a certification binge to get 12 certs in 5 months (Nov/4/23 - Apr/20/22). Below are some strategies to stack multiple certifications to stack your resume and LinkedIn profile.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scrum</th> <th>AWS</th> <th>CompTIA</th> </tr> </thead> <tbody> <tr> <td>resources</td> <td>resources</td> <td>resources</td> </tr> </tbody> </table></div> <h2> Scrum </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--htWAvTo1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i6a7f9z33hw23m8skw1f.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--htWAvTo1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i6a7f9z33hw23m8skw1f.png" alt="Scrum Path" width="800" height="460"></a></p> <h3> ScrumMaster </h3> <blockquote> <p>Foundation -&gt; Advanced -&gt; Professional -&gt; Elevated</p> </blockquote> <h3> Developer </h3> <blockquote> <p>Foundation -&gt; Advanced -&gt; Professional</p> </blockquote> <h3> Product Owner </h3> <blockquote> <p>Foundation -&gt; Advanced -&gt; Professional</p> </blockquote> <p>My journey started back in 2016 when I first got my <code>Certified ScrumMaster</code> certification through <a href="https://www.scrumalliance.org/">scrumalliance.org</a>. The certification needs to be renewed before the two-year renewal date. Typically, I would obtain the scrum education units (<a href="https://www.scrumalliance.org/get-certified/scrum-education-units">SEU</a>) and pay the renewal fee. However, in late 2020, I wanted to pick up a new <code>Scrum Developer</code> certification. I plan on getting <code>Product Owner</code> and then moving onto the <code>Advanced</code> level where the certs start to stack on renewal.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--NN47GDz9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/rmpbq02w5wyhlkzi7kze.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--NN47GDz9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/rmpbq02w5wyhlkzi7kze.png" alt="Scrum Pass" width="800" height="179"></a></p> <h3> Scrum Resources </h3> <ul> <li><a href="https://www.scrumalliance.org/">scrumalliance.org</a></li> <li><a href="https://www.scrumalliance.org/get-certified/scrum-education-units">SEU</a></li> </ul> <h2> AWS </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--yraETc2j--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4j6879gvdp75sull5250.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yraETc2j--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4j6879gvdp75sull5250.png" alt="AWS Path" width="800" height="444"></a></p> <h3> DevOps </h3> <blockquote> <p>Cloud Practitioner -&gt; Developer Associate -&gt; DevOps Engineer Professional</p> <p>Cloud Practitioner -&gt; SysOps Administrator Associate -&gt; DevOps Engineer Professional</p> </blockquote> <h3> Solution Architect </h3> <blockquote> <p>Cloud Practitioner -&gt; Solutions Architect Associate -&gt; Solutions Architect Professional</p> </blockquote> <h3> Speciality </h3> <blockquote> <p>Speciality</p> </blockquote> <p>I skipped the <code>Cloud Practitioner</code> and plan on taking the <code>Speciality</code> certs at some point. I had already taken the three <code>Associate</code> and two <code>Professional</code> certifications through <a href="https://aws.amazon.com/certification/">aws.amazon.com</a> in early 2020, but they needed to be renewed before the three-year renewal date. Luckily, these certifications stack, so I only needed to take two <code>Professional</code> exams to receive all five certifications in late 2022.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LLU6sQvU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/y1eyl99wi8obrlcbuzxb.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LLU6sQvU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/y1eyl99wi8obrlcbuzxb.jpeg" alt="AWS Pass" width="800" height="139"></a></p> <h3> AWS Resources </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Course</th> <th>Time</th> <th>Practice Exam</th> </tr> </thead> <tbody> <tr> <td><a href="https://www.udemy.com/course/aws-certified-developer-associate-dva-c01/">Developer Associate</a></td> <td>33.5 Hours</td> <td><a href="https://portal.tutorialsdojo.com/courses/aws-certified-developer-associate-practice-exams/">DVA</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/ultimate-aws-certified-sysops-administrator-associate/">Sysops Administrator Associate</a></td> <td>26.5 Hours</td> <td><a href="https://portal.tutorialsdojo.com/courses/aws-certified-sysops-administrator-associate-practice-exams/">SOA</a></td> </tr> <tr> <td><a href="https://learn.cantrill.io/p/aws-certified-devops-engineer-professional">Devops Engineer Professional</a></td> <td>41 Hours</td> <td><a href="https://portal.tutorialsdojo.com/courses/aws-certified-devops-engineer-professional-practice-exams/">DOP</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/aws-certified-solutions-architect-associate-saa-c03/">Solutions Architect Associate</a></td> <td>26.5 Hours</td> <td><a href="https://portal.tutorialsdojo.com/courses/aws-certified-solutions-architect-associate-practice-exams/">SAA</a></td> </tr> <tr> <td><a href="https://learn.cantrill.io/p/aws-certified-solutions-architect-professional">Solutions Architect Professional</a></td> <td>70 Hours</td> <td><a href="https://portal.tutorialsdojo.com/courses/aws-certified-solutions-architect-professional-practice-exams/">SAP</a></td> </tr> </tbody> </table></div> <h2> CompTIA </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aQOwKOtl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4w7xlsvulocijtj41app.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aQOwKOtl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4w7xlsvulocijtj41app.png" alt="CompTIA Path" width="800" height="387"></a></p> <p><a href="https://www.comptia.org/">Comptia.org</a> was new to me but they offer a few tracks to allow stackable certifications. I skipped <code>A+</code> and <code>Server+</code> but instead went straight for Infrastructure and Cyber Security certifications.</p> <h3> Infrastructure </h3> <blockquote> <p>A+ -&gt; Server+</p> <p>A+ -&gt; Network+ -&gt; Security + -&gt; Linux+ -&gt; Cloud+</p> </blockquote> <p>Cloud+ can be renewed by either retaking the test before the three years renewal date or obtaining 50 Continued Education Units (<a href="https://www.comptia.org/continuing-education/learn/earn-continuing-education-units">CEU</a>). The <a href="https://www.comptia.org/continuing-education/renewothers/renewing-cloud">cloud renew list</a> has the AWS certifications that I already obtained. Going forward I will only need to take an AWS exam to recertify the CompTIA infrastructure certifications.</p> <h3> Cyber Security </h3> <blockquote> <p>A+ -&gt; Network+ -&gt; Security+ -&gt; CySa+ -&gt; CASP+</p> <p>A+ -&gt; Network+ -&gt; Security+ -&gt; PenTest+ -&gt; CASP+</p> </blockquote> <p>CASP+ can be renewed by either retaking the test before the three years renewal date or obtaining 75 Continued Education Units (<a href="https://www.comptia.org/continuing-education/learn/earn-continuing-education-units">CEU</a>). I plan on taking college courses, working, and writing blogs to renew this certification. Down the road, I will start taking other non-CompTIA certs on the <a href="https://www.comptia.org/continuing-education/renewothers/renewing-casp">CASP renew list</a>.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--5PNrbYKL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/67gupkhzvbiug3q5d4cv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5PNrbYKL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/67gupkhzvbiug3q5d4cv.png" alt="CompTIA Pass" width="800" height="397"></a></p> <h3> CompTIA Resources </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Course</th> <th>Time</th> <th>Practice Exam</th> </tr> </thead> <tbody> <tr> <td><a href="https://www.udemy.com/course/comptia-network-n10-008/">Network+</a></td> <td>26 Hours</td> <td><a href="https://www.udemy.com/course/comptia-network-008-exams/">n10</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/comptia-linux/">Linux+</a></td> <td>21 Hours</td> <td><a href="https://www.udemy.com/course/comptia-linux-exams/">xk0</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/total-cloud-computing-comptia-cloud-cert-cv0-002/">Cloud+</a></td> <td>10.5 Hours</td> <td><a href="https://www.udemy.com/course/total-comptia-cloud-cv0-003-4-practice-tests/">cv0</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/securityplus/">Security+</a></td> <td>21.5 Hours</td> <td><a href="https://www.udemy.com/course/security-601-exams/">sy0</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/comptiacsaplus/">CySa+</a></td> <td>32.5 Hours</td> <td><a href="https://www.udemy.com/course/comptiacysaexam/">cy0</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/pentestplus/">PentTest+</a></td> <td>32.5 Hours</td> <td><a href="https://www.udemy.com/course/comptia-pentest-exams-002/">pt0</a></td> </tr> <tr> <td><a href="https://www.udemy.com/course/casp-plus/">CASP+</a></td> <td>31.5 Hours</td> <td><a href="https://www.udemy.com/course/casp-exams-004/">cas</a></td> </tr> </tbody> </table></div> cloud security network certification aakhtar3 Sun, 26 Mar 2023 02:50:04 +0000 https://forem.com/aakhtar3/system-design-26dl https://forem.com/aakhtar3/system-design-26dl <p>A high level break down of key components when doing a system design problem.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Requirements</th> <th>Estimations</th> <th>Network</th> <th>Application</th> <th>Database</th> </tr> </thead> <tbody> <tr> <td>Functional</td> <td>Calculations</td> <td>WAN</td> <td>Load Balancer</td> <td>SQL</td> </tr> <tr> <td>Non-Functional</td> <td>QPS</td> <td>Payload</td> <td>Service Discovery</td> <td>NoSQL</td> </tr> <tr> <td>Architecture</td> <td>Max QPS</td> <td>Gateway</td> <td>Consensus</td> <td>CAP PACELC</td> </tr> <tr> <td>Key Performance Indicators</td> <td>Storage Bytes</td> <td>VPC</td> <td>Compute</td> <td>Partition</td> </tr> <tr> <td>-</td> <td>Retention Bytes</td> <td>-</td> <td>Message Queue</td> <td>Index</td> </tr> <tr> <td>-</td> <td>In E Gress Bytes</td> <td>-</td> <td>Cache</td> <td>ACID</td> </tr> </tbody> </table></div> <h2> Requirements </h2> <p>Get requirements and estimations to scope your system design.</p> <h3> Functional </h3> <p>Identity what you are trying to build.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Features</th> <th>System</th> </tr> </thead> <tbody> <tr> <td>1 on 1 chat</td> <td>Mobile/Web</td> </tr> <tr> <td>News feed</td> <td>Notifications</td> </tr> </tbody> </table></div> <h3> Non Functional </h3> <p>Identify how your system will behave.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>User Experience</th> <th>System</th> </tr> </thead> <tbody> <tr> <td>Full end to end encryption</td> <td>High Availability</td> </tr> <tr> <td>See new post fast</td> <td>Reliability</td> </tr> </tbody> </table></div> <h3> Architecture </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2u612jtqk4pe4mdtujmv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2u612jtqk4pe4mdtujmv.png" alt="High Availability" width="591" height="239"></a></p> <ul> <li>High Availability</li> <li>Failover</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff9yy7yrkbiih79wouwh7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff9yy7yrkbiih79wouwh7.png" alt="Reliability" width="688" height="253"></a></p> <ul> <li>Reliability</li> <li>RPO/RTO</li> </ul> <h3> Key Performance Indicators </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzs4ad6f7z2976vawivj5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzs4ad6f7z2976vawivj5.png" alt="Performance" width="690" height="314"></a></p> <ul> <li>Observability</li> <li>Metrics</li> </ul> <h2> Estimations </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Value</th> <th>Number</th> <th>Byte</th> </tr> </thead> <tbody> <tr> <td>Hundred</td> <td>-</td> <td>B</td> </tr> <tr> <td>Thousand</td> <td>K</td> <td>KB</td> </tr> <tr> <td>Million</td> <td>M</td> <td>MB</td> </tr> <tr> <td>Billion</td> <td>B</td> <td>GB</td> </tr> <tr> <td>Trillion</td> <td>T</td> <td>TB</td> </tr> <tr> <td>Quadrillion</td> <td>Q</td> <td>PB</td> </tr> <tr> <td>Quintillion</td> <td>Qu</td> <td>EB</td> </tr> <tr> <td>Sextillion</td> <td>S</td> <td>ZB</td> </tr> <tr> <td>Septillion</td> <td>Se</td> <td>YB</td> </tr> </tbody> </table></div> <p>Estimate the scope of your users and data points.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Users (DAU)</th> <th>File Type (File Bytes)</th> <th>Storage (Retention Time)</th> </tr> </thead> <tbody> <tr> <td>100 B Message/day</td> <td>1 KB (avg)</td> <td>10 years</td> </tr> <tr> <td>10 B Post/day</td> <td>10 KB (max)</td> <td>10% new data per year</td> </tr> </tbody> </table></div> <h3> Calculations </h3> <p>Using your estimations do some back of envelope.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>QPS</th> <th>Max QPS</th> <th>Storage-Bytes</th> <th>Retention Bytes</th> <th>In/E Gress Bytes</th> </tr> </thead> <tbody> <tr> <td>DAU / ~100K</td> <td>2 * QPS</td> <td>DAU * FileBytes</td> <td>StorageBytes * Retention Time</td> <td>(QPS * FileBytes) / 8 Bit</td> </tr> </tbody> </table></div> <h4> QPS </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe43p1umloizfnfvnqaeq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe43p1umloizfnfvnqaeq.png" alt="QPS" width="582" height="183"></a></p> <ul> <li>Queries Per Second</li> <li>Daily Active Users</li> <li>Time = Round up (86,400 seconds in day)</li> </ul> <h4> Max QPS </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd8ddm4xz1craxozw1soa.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd8ddm4xz1craxozw1soa.png" alt="Max QPS" width="457" height="182"></a></p> <ul> <li>Double Queries Per Second</li> <li>Calculate (Read % : Write %) Ratio <ul> <li>1 Read : 10 Write</li> <li>Read % = 1 * Queries Per Second</li> <li>Write % = 10 * Queries Per Second</li> </ul> </li> </ul> <h4> Storage Bytes </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy6c30qmhnhqtpnz10297.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy6c30qmhnhqtpnz10297.png" alt="Storage Bytes" width="660" height="457"></a></p> <ul> <li>Storage Bytes</li> <li>Daily Active Users</li> <li>File Bytes</li> </ul> <h4> Retention Bytes </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvkjtt3cqqerya9q9tc34.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvkjtt3cqqerya9q9tc34.png" alt="Retention Bytes" width="658" height="523"></a></p> <ul> <li>Retention Bytes</li> <li>Storage Bytes</li> <li>Retention Time <ul> <li>365 days in year</li> </ul> </li> </ul> <h4> In E Gress Bytes </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj441wkjmvg8n61xgenbm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj441wkjmvg8n61xgenbm.png" alt="In/E-Gress Bytes" width="696" height="534"></a></p> <ul> <li>In-gress</li> <li>E-gress</li> <li>1 Byte / 8 Bits</li> <li>Queries Per Second</li> <li>File Bytes</li> </ul> <h2> Network </h2> <h3> Wide Area Network </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frl24ty28zxcpbg345rls.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frl24ty28zxcpbg345rls.png" alt="Wide Area Network" width="694" height="266"></a></p> <ul> <li>Clients <ul> <li>Mobile</li> <li>Browser</li> <li>CLI</li> </ul> </li> <li>DNS <ul> <li>DNSSec (Signed Registries)</li> <li>DNS over HTTPS (Privacy)</li> </ul> </li> <li>CDN</li> <li>APN</li> </ul> <h3> Payload </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59gz3wfs07cuy8kmaiap.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59gz3wfs07cuy8kmaiap.png" alt="Payload" width="702" height="139"></a></p> <ul> <li>API</li> <li>Request Lines</li> <li>Authentication/Authorization</li> <li>Protocols</li> </ul> <h3> Public Gateway </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F342ua3gptnfmkfs52wty.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F342ua3gptnfmkfs52wty.png" alt="Public Gateway" width="706" height="284"></a></p> <ul> <li>Firewall</li> <li>Rate Limiter</li> <li>Authentication/Authorization</li> <li>Reverse Proxy</li> <li>Forward Proxy</li> </ul> <h3> Virtual Private Cloud </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqdim8qe9170g4yr6asn5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqdim8qe9170g4yr6asn5.png" alt="Virtual Private Cloud" width="722" height="372"></a></p> <ul> <li>Access Control List</li> <li>Security Group</li> <li>Route Table</li> <li>Classless Inter-Domain Routing</li> <li>Gateway <ul> <li>Internet</li> <li>Network Adress Translation</li> <li>VPC Peering</li> </ul> </li> </ul> <h2> Application </h2> <h3> Load Balancer </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffbh09c9k819bzlcoa5hs.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffbh09c9k819bzlcoa5hs.png" alt="Load Balancer" width="701" height="250"></a></p> <ul> <li>Layer 3/4/7 OSI</li> <li>Strategy</li> <li>Use cases</li> </ul> <h3> Service Discovery </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyrptpsgok3ordm1qguaa.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyrptpsgok3ordm1qguaa.png" alt="Service Discovery" width="705" height="344"></a></p> <ul> <li>Auto Scale <ul> <li>DevOps</li> </ul> </li> <li>Protocols</li> <li>Zeekeeper/etcd</li> </ul> <h3> Consensus </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6rg0s8bp50onllzbolet.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6rg0s8bp50onllzbolet.png" alt="Consensus" width="551" height="246"></a></p> <ul> <li>Raft Consensus</li> <li>Replicated State Machine</li> </ul> <h3> Compute </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkl7anmanpofht9hhcgiq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkl7anmanpofht9hhcgiq.png" alt="Compute" width="547" height="230"></a></p> <ul> <li>Session(less)</li> <li>State(full)/(less)</li> <li>Server(less)</li> </ul> <h3> Message Queue </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxcsxujos0zrera1ct0ue.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxcsxujos0zrera1ct0ue.png" alt="Message Queue" width="535" height="552"></a></p> <ul> <li>Producer</li> <li>Consumer</li> </ul> <h3> Cache </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ohynydr2eltygrewues.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ohynydr2eltygrewues.png" alt="Cache" width="692" height="205"></a></p> <ul> <li>Eviction Strategy</li> </ul> <h2> Database </h2> <h3> SQL </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuet7cdj1o8252zgt03nk.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuet7cdj1o8252zgt03nk.png" alt="SQL" width="390" height="217"></a></p> <ul> <li>Relational Data</li> <li>Transactions</li> </ul> <h3> NoSQL </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fptmx7z4epnptmpi7cq3f.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fptmx7z4epnptmpi7cq3f.png" alt="NoSQL" width="714" height="226"></a></p> <ul> <li>Key Value</li> <li>Document</li> <li>Wide Column</li> <li>Graph</li> <li>TimeSeries</li> <li>Spatial</li> </ul> <h3> CAP PACELC </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futj407jznb4qt0cb56ny.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futj407jznb4qt0cb56ny.png" alt="CAP" width="445" height="235"></a></p> <ul> <li>CAP <ul> <li>Consistency</li> <li>Availability</li> <li>Partition</li> </ul> </li> <li>PACELC <ul> <li>Partition == true <ul> <li>IF</li> </ul> </li> <li>Availability <ul> <li>or</li> </ul> </li> <li>Consistency <ul> <li>ELSE</li> </ul> </li> <li>Latency <ul> <li>or</li> </ul> </li> <li>Consistency</li> </ul> </li> </ul> <h3> Partition </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq55pywi48nzr267n71mr.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq55pywi48nzr267n71mr.png" alt="Partition" width="709" height="343"></a></p> <ul> <li>Consistent Hashing</li> <li>Range Partition</li> <li>Vertical Partition</li> </ul> <h3> Index </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F95xy383preljy7njqj69.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F95xy383preljy7njqj69.png" alt="Index" width="766" height="199"></a></p> <ul> <li>B Tree</li> <li>Skip List</li> <li>Hash</li> <li>Inverted</li> </ul> <h3> ACID </h3> <h4> Atomicity </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F12fvaddtvqxirlqph2q5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F12fvaddtvqxirlqph2q5.png" alt="Atomicity" width="705" height="334"></a></p> <ul> <li>Transactions</li> <li>Rollbacks</li> </ul> <h4> Consistency </h4> <h5> SQL Consistency </h5> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fragocvaxsykmxifqry3y.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fragocvaxsykmxifqry3y.png" alt="SQL Consistency" width="514" height="311"></a></p> <ul> <li>Schema</li> <li>Constraint</li> <li>Fan Trap</li> </ul> <h5> NoSQL Consistency </h5> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbtog6mwmbcmqiftksc3u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbtog6mwmbcmqiftksc3u.png" alt="NoSQL Consistency" width="722" height="353"></a></p> <ul> <li>Eventual Consistency</li> <li>Sequential Consistency</li> <li>Strong Consistency</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzdhmt9m671mjd8gqd29m.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzdhmt9m671mjd8gqd29m.png" alt="Strong Eventual Consistency" width="717" height="340"></a></p> <ul> <li>Strong Eventual Consistency</li> <li>Quorum Replication</li> <li>(Dotted) Vector Clocks</li> <li>Chain Replication</li> </ul> <h4> Isolation </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsy3kkm99dx4x67efl5r4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsy3kkm99dx4x67efl5r4.png" alt="Isolation" width="728" height="347"></a></p> <ul> <li>Race Conditions</li> <li>Lock</li> <li>Concurrency</li> </ul> <h4> Durability </h4> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg9i34wwhnhsl1y6yqkhp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg9i34wwhnhsl1y6yqkhp.png" alt="Durability" width="800" height="278"></a></p> <ul> <li>High Watermark</li> <li>Checkpoint</li> <li>Write Ahead Log</li> </ul> architecture computerscience systems tutorial aakhtar3 Mon, 30 Jan 2023 02:21:31 +0000 https://forem.com/aakhtar3/build-networks-with-vlans-1ldd https://forem.com/aakhtar3/build-networks-with-vlans-1ldd <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Why</th> <th>What</th> <th>How</th> </tr> </thead> <tbody> <tr> <td>1. Infrastructure </td> <td>2. Administrator </td> <td>3. Game </td> </tr> <tr> <td>4. Laboratory </td> <td>5. Internet of Things </td> <td>6. Network Attachment Storage </td> </tr> <tr> <td>7. Dematerialized Zone </td> <td>8. Work </td> <td>9. Guest </td> </tr> </tbody> </table></div> <h2> Why </h2> <p>Having all devices on the same network introduces risk and network congestion. Physically separating devices onto subnets and then bridging them together is complex. Virtual Local Area Networks (VLANs) provide a way to keep all devices on the same physical network, but will logically isolate traffic.</p> <p>You wouldn’t let strangers take a squat in your home so why should you let rouge devices on your network? Properly identifying which device is who and what are they doing is important to reduce risks. Each device can be identified by it’s Media Access Control (MAC) address and be assigned a static Internet Protocol (IP) address and hostname. You can easily spoof these, but this is a layer in the defense in depth strategy. </p> <p>Your firewall will identify VLANs through interfaces and can be used to quickly filter and debug network issues. Grouping devices together into an interface will reduce broadcasts and improve network traffic by splitting into separate lanes <a href="https://en.wikipedia.org/wiki/IEEE_P802.1p" rel="noopener noreferrer">802.1P</a>. Each interface will have its own firewall rules on ingress and egress traffic. </p> <p>There are many risks introduced when using a single Local Area Network (LAN), but here are a few examples.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Attack</th> <th>Risk</th> </tr> </thead> <tbody> <tr> <td>Traffic Sniffing</td> <td>Unencrypted traffic can be read</td> </tr> <tr> <td>On Path</td> <td>Man in the middle can be passive or malicious</td> </tr> <tr> <td>DNS/ARP Poisoning</td> <td>Corrupted data on important network protocols</td> </tr> <tr> <td>Internet of Things (IOT)</td> <td>Devices that have weak security or rouge services</td> </tr> </tbody> </table></div> <h2> What </h2> <p><a href="https://en.wikipedia.org/wiki/IEEE_802.1Q" rel="noopener noreferrer">802.1Q</a> is known as VLAN tagging. Which adds a VLAN ID tag on the data frame. When moving across the network, this frame is tagged and untagged.</p> <p>Be aware of VLAN hopping attacks, this can be achieved by misconfigured VLAN tables and adding additional VLAN tags on the data frame, but the data can not return in this situation.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqjdoh5so46irj0hnil9y.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqjdoh5so46irj0hnil9y.gif" alt="Tagging" width="1083" height="764"></a></p> <ul> <li><a href="https://www.networkacademy.io/ccna/ethernet/trunk-native-vlan" rel="noopener noreferrer">networkacademy.io</a></li> </ul> <h2> How </h2> <p>The goal of this guide is to learn about different types of networks by building the example network architecture using open source software.</p> <p>When following this guide, you should work on ONE network at a time. Be patient, patch to latest version of software/firmware, use different web browsers, use commands (ping, ssh, netstat, route), read logs, and restart devices as a last resort.</p> <h3> Physical and Logical Network Diagram </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F64fi792kdaczuln8hmt3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F64fi792kdaczuln8hmt3.png" alt="Network Diagram" width="800" height="482"></a></p> <ul> <li>14 Networks <ul> <li>1 WAN</li> <li>1 LAN</li> <li>8 VLANs</li> <li>4 PANs</li> </ul> </li> <li>4.5 Wireless Frequencies <ul> <li>5.0 GHz Wifi</li> <li>2.4 GHz Wifi + ZigBee Channel</li> <li>2.45 GHz Bluetooth</li> <li>300 GHz Infrared</li> </ul> </li> </ul> <h3> INFRA </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6hopqts6nakftdc0vmsx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6hopqts6nakftdc0vmsx.png" alt="Infra" width="800" height="1014"></a></p> <p>This is your most critical network because it will logically separate your network. You should put physical safeguards on these devices. You can achieve this by storing in a secure location, disabling unused port, and applying MAC address allow lists.</p> <h3> ADMIN </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flonj6hfh4h9slpgs7xy6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flonj6hfh4h9slpgs7xy6.png" alt="Admin" width="800" height="406"></a></p> <p>This network should be limited to an administrator who will build, monitor, debug, test, and fix the network.</p> <p>The admin's access should still be limited to a few ports. You can do most task over Ping, HTTP(S), and SSH (SSH Tunneling).</p> <p>Bluetooth devices such as wireless headphones will create a Personal Area Network (PAN).</p> <h3> GAME </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdhgd2gghhdw5f4b2w918.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdhgd2gghhdw5f4b2w918.png" alt="Game" width="800" height="341"></a></p> <p>You want to take advantage of prioritizing networks by moving this network to a lower priority using quality of service <a href="https://en.wikipedia.org/wiki/IEEE_P802.1p" rel="noopener noreferrer">802.1P</a>.</p> <p>Bluetooth controllers are on PAN with the consoles. Infrared remotes also create a PAN with the receiver. </p> <h3> LAB </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F495y6myl937x5pvv6ju2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F495y6myl937x5pvv6ju2.png" alt="Lab" width="800" height="333"></a></p> <p>This network is physically separated over a distance between four switches. You should have a laboratory (dev) network to test on before making changes on other networks.</p> <h3> IOT </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbs68hnk2haapxygwmkdi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbs68hnk2haapxygwmkdi.png" alt="IOT" width="800" height="451"></a></p> <p>IOT devices should be on 2.4 GHz, since they do not need high data caps and to lower broadcast interference. In addition, these devices can have poor security and can be exploited.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fslhqjjjmsc6boty0d53j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fslhqjjjmsc6boty0d53j.png" alt="2.4 GHz" width="693" height="99"></a></p> <ul> <li>2.4 GHz</li> <li><a href="https://www.metageek.com/training/resources/zigbee-wifi-coexistence/" rel="noopener noreferrer">metageek.com</a></li> </ul> <p><a href="https://en.wikipedia.org/wiki/Zigbee" rel="noopener noreferrer">ZigBee</a> is using the 2.4 GHz frequency, but has multiple channels that overlap Wifi channels. This frequency should be placed on a channel that won't get overpowered from wifi devices.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8c793mg8fbqe7pdqzhv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8c793mg8fbqe7pdqzhv.png" alt="ZigBee" width="693" height="123"></a></p> <ul> <li>ZigBee</li> <li><a href="https://www.metageek.com/training/resources/zigbee-wifi-coexistence/" rel="noopener noreferrer">metageek.com</a></li> </ul> <h3> NAS </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8cx1uepo6ii6exekmub.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8cx1uepo6ii6exekmub.png" alt="NAS" width="800" height="185"></a></p> <p>Data is your Gold (Network Attached Storage (NAS)), so it need to be protected. This is a private network, meaning it has no access to any network, including the internet. Only a few devices should have access to the data ports. To perform updates on the system and software, you can forward proxy the requests through a NAT using filtered allow list of endpoints.</p> <h3> DMZ </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fijpn1qhdfo9yloapafsc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fijpn1qhdfo9yloapafsc.png" alt="DMZ" width="800" height="201"></a></p> <p>There are many ways to connect to a dematerialized zone (DMZ) a.k.a screened subnet and one wrong misconfiguration can be disastrous.</p> <p>This type of network is open to the WAN (Internet). This can be used when you want to host a website, file server, or VPN concentrator.</p> <h3> WORK </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzkw6c6q1soke94a73s5x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzkw6c6q1soke94a73s5x.png" alt="Work" width="800" height="120"></a></p> <p>Sometimes you need to work from home and you should avoid mixing network traffic with your personal network. Your work network should be connected to your works network through a VPN.</p> <h3> GUEST </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3uxw2ecubmg2wckkd68g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3uxw2ecubmg2wckkd68g.png" alt="Guest" width="800" height="326"></a></p> <p>Guests will need access to your internet, so having a wifi only connection will serve this purpose.</p> <p>You can send all egress WAN (Internet) traffic through a VPN. So that you can provide them privacy and prevent your IP address from being associated with their network activity.</p> <h2> Installation </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>firewall</th> <th>dns</th> <th>siem</th> <th>wap</th> <th>TL-1</th> <th>TL-2</th> <th>TL-3</th> </tr> </thead> <tbody> <tr> <td>10.0.1.1</td> <td>10.0.1.2</td> <td>10.0.1.3</td> <td>10.0.1.4</td> <td>10.0.1.11</td> <td>10.0.1.12</td> <td>10.0.1.13</td> </tr> </tbody> </table></div> <h3> firewall </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>10.0.1.1</th> <th></th> </tr> </thead> <tbody> <tr> <td>1. Specs </td> <td>2. Config </td> <td>3. VLANs </td> </tr> <tr> <td>4. Interfaces </td> <td>5. DHCP </td> <td>6. Aliases </td> </tr> <tr> <td>7. Rules </td> <td>8. Log </td> <td>9. Diagnostics </td> </tr> </tbody> </table></div> <h4> firewall Specs </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Software: <a href="https://www.pfsense.org/download/" rel="noopener noreferrer">pfSense</a> </th> <th></th> <th></th> <th></th> <th>Hardware: <a href="https://a.co/d/3Cb1V0C" rel="noopener noreferrer">Protectli Vault</a> </th> </tr> </thead> <tbody> <tr> <td>Quad Core</td> <td>2 Switch Port</td> <td>AES-NI</td> <td>8GB RAM</td> <td>120GB mSATA SSD</td> </tr> </tbody> </table></div> <ul> <li>There are many hardware alternatives</li> <li>You can also run pfSense on a virtual environment</li> </ul> <h4> General Config </h4> <p>You should already have pfSense installed and configured on your Local Area Network (LAN) and connected to a Wide Area Network (WAN).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupgr9otwqy8lj1cg7v7m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupgr9otwqy8lj1cg7v7m.png" alt="Setup" width="151" height="387"></a></p> <ul> <li>Click General Setup</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdl5a77o6ln1g1sou5tmw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdl5a77o6ln1g1sou5tmw.png" alt="Add DNS" width="800" height="491"></a></p> <ul> <li>Add your local DNS</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1r0xfppa8e5pxxnmbmee.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1r0xfppa8e5pxxnmbmee.png" alt="Save" width="800" height="665"></a></p> <ul> <li>Save</li> </ul> <h4> VLANs </h4> <p>Add your VLANs with a priority and ID.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fki6hz77dpihuk9wqd78s.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fki6hz77dpihuk9wqd78s.png" alt="Interface" width="170" height="433"></a></p> <ul> <li>Click Interfaces/Assignments</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxyj95pi9xrsj2puvlu05.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxyj95pi9xrsj2puvlu05.png" alt="Add VLANs" width="800" height="279"></a></p> <ul> <li>Add VLANs</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2cus8t7htuxwzomtnsv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2cus8t7htuxwzomtnsv.png" alt="Add Interfaces" width="800" height="425"></a></p> <ul> <li>Add Interfaces</li> </ul> <h4> Interfaces </h4> <p>You will do this for each interface.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyxe5a9biwtcchf1j5jjq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyxe5a9biwtcchf1j5jjq.png" alt="Edit Interface" width="800" height="604"></a></p> <ul> <li>Edit Interface</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ln1sztta86ib114ao1l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ln1sztta86ib114ao1l.png" alt="Save" width="800" height="220"></a></p> <ul> <li>Save</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy1mxui0sag62hj54qpam.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy1mxui0sag62hj54qpam.png" alt="Apply" width="800" height="66"></a></p> <ul> <li>Apply</li> </ul> <h4> Dynamic Host Configuration Protocol </h4> <p>You will need to do this for each interface. This protocol will assign IP address for each VLAN.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjdjtpf0rre551ignkkln.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjdjtpf0rre551ignkkln.png" alt="Image description" width="173" height="573"></a></p> <ul> <li>Click Services/DHCP Server</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnm9x7rdt5z7arqczcdi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnm9x7rdt5z7arqczcdi.png" alt="Enable DHCP" width="800" height="443"></a></p> <ul> <li>Enable Dynamic Host Configuration Protocol (DHCP)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fud0dfg7ff7knrca7p73n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fud0dfg7ff7knrca7p73n.png" alt="Add DNS" width="800" height="257"></a></p> <ul> <li>Add DNS</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwgj1781pjnkl224ay6ul.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwgj1781pjnkl224ay6ul.png" alt="Use MAC" width="800" height="228"></a></p> <ul> <li>Use MAC address to assign static IP and hostname</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd0g6x8q5v17bz9flkkfn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd0g6x8q5v17bz9flkkfn.png" alt="Save" width="800" height="37"></a></p> <ul> <li>Save</li> </ul> <h4> Aliases </h4> <p>These are used to point to more one or more devices on the the network. These can be edited and applied across all firewall rules.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fakymx5ufom19vhtdy2fp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fakymx5ufom19vhtdy2fp.png" alt="Image description" width="174" height="242"></a></p> <ul> <li>Click Firewall/Aliases</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F29ijdkvt9fgtpqqpncnk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F29ijdkvt9fgtpqqpncnk.png" alt="Add IPs" width="800" height="213"></a></p> <ul> <li>Add IPs</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo8mbbno59j8t5mw2n192.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo8mbbno59j8t5mw2n192.png" alt="Add Ports" width="800" height="155"></a></p> <ul> <li>Add Ports</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzi9444kbq3j3nsl6c246.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzi9444kbq3j3nsl6c246.png" alt="Save" width="800" height="50"></a></p> <ul> <li>Save</li> </ul> <h4> Firewall Rules </h4> <p>Rules are stateful (Ingress traffic will be able to return egress traffic with out any rules), read from top to bottom, and have a implicit deny.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F63w4fwfg1qxh2yazvmc7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F63w4fwfg1qxh2yazvmc7.png" alt="Click Firewall/Rules" width="165" height="238"></a></p> <ul> <li>Click Firewall/Rules</li> </ul> <h5> WAN Rules </h5> <p>Wide Area Network (WAN) is used to connect to remote networks over your ISP or VPN connection.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F836bnbwfbe4fe8l68hgp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F836bnbwfbe4fe8l68hgp.png" alt="Image description" width="800" height="204"></a></p> <ul> <li>Block Everything by using the implicit deny </li> </ul> <h5> Floating Rules </h5> <p>These can be applied across multiple interfaces that share the same logic. The alternative is to add ingress and egress rules for all VLANs, which is prone to errors.</p> <p>The LAN internal traffic will allow the ADMIN_HOSTS to perform debugging tasks on the LAN by using these protocols (PING, SSH, HTTP, HTTPS). In addition, all LANS on the network will have access to these protocols (DNS, NTP, SYSLOG), which are on the INFRA LAN.</p> <p>The LAN Egress traffic is set to WAN only. The NAS interface does not have this rule because the data on this network needs to be tightly locked down.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn5ci0kxusjzeymftd3ra.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn5ci0kxusjzeymftd3ra.png" alt="Add Floating Rules" width="800" height="453"></a></p> <ul> <li>Add Floating Rules</li> </ul> <h5> Infra Rules </h5> <p>Anti-Lock is added by default to prevent from being locked out. The SIEM (Security Information Event Management) host will be the only host on the entire network to connect to the NAS network Data Ports.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy8svddq1wenn4k83jjyl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy8svddq1wenn4k83jjyl.png" alt="Add Rules" width="800" height="189"></a></p> <ul> <li>Add rule with aliases</li> </ul> <h5> NAS Rules </h5> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm38k2jp2k9j962uyzpo0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm38k2jp2k9j962uyzpo0.png" alt="Add Rules" width="800" height="138"></a></p> <ul> <li>Add Rules</li> </ul> <h5> Route Table </h5> <p>You can run this command on the firewall <code>netstat -nWr</code> to see the route table on the firewall.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdmh5p2sg1v8m2wkgedr0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdmh5p2sg1v8m2wkgedr0.png" alt="Save" width="800" height="51"></a></p> <ul> <li>Save</li> </ul> <h4> Firewall Logs </h4> <p>For short term log viewing, you can view from status</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1k15j2267jlf517ue206.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1k15j2267jlf517ue206.png" alt="Click Status" width="156" height="627"></a></p> <ul> <li>Click Status/System Logs</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgqbcdwoq8lsd6wdfl2uh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgqbcdwoq8lsd6wdfl2uh.png" alt="Add Filter" width="800" height="457"></a></p> <ul> <li>Add Filter</li> </ul> <p>For long term log viewing, you can send to a SIEM.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhvkjlf5ngsz4f9coy49h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhvkjlf5ngsz4f9coy49h.png" alt="Click Status/System Logs" width="159" height="634"></a></p> <ul> <li>Click Status/System Logs</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzdqcwiqg7ksb9d9ld5cl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzdqcwiqg7ksb9d9ld5cl.png" alt="Enable" width="800" height="695"></a></p> <ul> <li>Enable</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx50vnejfppejfb4b9bqj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx50vnejfppejfb4b9bqj.png" alt="Add SIEM" width="" height=""></a></p> <ul> <li>Add SIEM</li> <li>Save</li> </ul> <h4> Diagnostics </h4> <p>Use these services to help troubleshoot.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkc6vsix4wxlaku87y75j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkc6vsix4wxlaku87y75j.png" alt="Click Diagnostics" width="152" height="804"></a></p> <ul> <li>Click Diagnostics</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp38xlnuqaoslr40ntm9r.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp38xlnuqaoslr40ntm9r.png" alt="Pftop" width="800" height="533"></a></p> <ul> <li>Type Host IP to see active connections</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvypug1i0rrrmbgdiia9a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvypug1i0rrrmbgdiia9a.png" alt="States" width="800" height="445"></a></p> <ul> <li>Filter on interface</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo49r9xtko94arv0r3tfy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo49r9xtko94arv0r3tfy.png" alt="Rebooot" width="800" height="113"></a></p> <ul> <li>Restart if all else fails</li> </ul> <h3> dns </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>10.0.1.2</th> </tr> </thead> <tbody> <tr> <td>1. Specs </td> </tr> <tr> <td>2. Software </td> </tr> </tbody> </table></div> <h4> DNS Specs </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Software: <a href="https://dietpi.com/#download" rel="noopener noreferrer">dietpi</a> </th> <th></th> <th></th> <th></th> <th>Hardware: <a href="https://a.co/d/cl3msmi" rel="noopener noreferrer">raspberry Pi 3B+</a> </th> </tr> </thead> <tbody> <tr> <td>Quad Core</td> <td>1 ETH Port</td> <td>4 USB</td> <td>1GB RAM</td> <td>32GB Micro SD</td> </tr> </tbody> </table></div> <h4> DNS Software </h4> <p>You can either use a remote DNS servers, but your network will need to make a round trip through the WAN. Local DNS can cache, provide insights on your requests, and filter out request with DNS sink.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbpurtkjcks9wgddstal8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbpurtkjcks9wgddstal8.png" alt="PiHole" width="800" height="636"></a></p> <ul> <li><a href="https://pi-hole.net" rel="noopener noreferrer">pi-hole</a></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsv4gd5occub5g8vmzj6y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsv4gd5occub5g8vmzj6y.png" alt="Image description" width="800" height="492"></a></p> <ul> <li><a href="https://ubuntu.com/appliance/adguard/raspberry-pi" rel="noopener noreferrer">Adguard</a></li> </ul> <h3> siem </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>10.0.1.3</th> </tr> </thead> <tbody> <tr> <td>1. Specs </td> </tr> <tr> <td>2. Software </td> </tr> </tbody> </table></div> <h4> SIEM Specs </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Software: <a href="https://www.apple.com/macos/ventura/" rel="noopener noreferrer">macOS</a> </th> <th></th> <th></th> <th></th> <th>Hardware: <a href="https://a.co/d/608Y3Zu" rel="noopener noreferrer">Mac Mini M1</a> </th> </tr> </thead> <tbody> <tr> <td>8 Core</td> <td>1 ETH Port</td> <td>4 USB</td> <td>16 GB RAM</td> <td>256 SSD</td> </tr> </tbody> </table></div> <h4> Siem Software </h4> <p>This device will collect logs and metrics from the network and use this data to trigger events. There's a lot on this topic, so I do a separate write up and update at a later point.</p> <h5> <a href="https://go2docs.graylog.org/5-0/downloading_and_installing_graylog/docker_installation.htm" rel="noopener noreferrer">GrayLog</a> </h5> <p>Using docker compose you can run a local installation of the application.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3'</span> <span class="na">services</span><span class="pi">:</span> <span class="c1"># MongoDB: https://hub.docker.com/_/mongo/</span> <span class="na">mongo</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mongo:5.0.13</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">graylog</span> <span class="c1"># Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html</span> <span class="na">elasticsearch</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">http.host=0.0.0.0</span> <span class="pi">-</span> <span class="s">transport.host=localhost</span> <span class="pi">-</span> <span class="s">network.host=0.0.0.0</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true</span><span class="nv"> </span><span class="s">-Xms512m</span><span class="nv"> </span><span class="s">-Xmx512m"</span> <span class="na">ulimits</span><span class="pi">:</span> <span class="na">memlock</span><span class="pi">:</span> <span class="na">soft</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">hard</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">1g</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">graylog</span> <span class="c1"># Graylog: https://hub.docker.com/r/graylog/graylog/</span> <span class="na">graylog</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">graylog/graylog:5.0</span> <span class="na">environment</span><span class="pi">:</span> <span class="c1"># CHANGE ME (must be at least 16 characters)!</span> <span class="pi">-</span> <span class="s">GRAYLOG_PASSWORD_SECRET=somepasswordpepper</span> <span class="c1"># Password: admin</span> <span class="pi">-</span> <span class="s">GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918</span> <span class="pi">-</span> <span class="s">GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/</span> <span class="na">entrypoint</span><span class="pi">:</span> <span class="s">/usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">graylog</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mongo</span> <span class="pi">-</span> <span class="s">elasticsearch</span> <span class="na">ports</span><span class="pi">:</span> <span class="c1"># Graylog web interface and REST API</span> <span class="pi">-</span> <span class="s">9000:9000</span> <span class="c1"># Syslog TCP</span> <span class="pi">-</span> <span class="s">514:514</span> <span class="c1"># Syslog UDP</span> <span class="pi">-</span> <span class="s">514:514/udp</span> <span class="c1"># GELF TCP</span> <span class="pi">-</span> <span class="s">12201:12201</span> <span class="c1"># GELF UDP</span> <span class="pi">-</span> <span class="s">12201:12201/udp</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">graylog</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">bridge</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qhqdocc6uq95m8hyocb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qhqdocc6uq95m8hyocb.png" alt="Add Input" width="208" height="760"></a></p> <ul> <li>Add input</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq7pmdzlaa1y6q1igmi18.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq7pmdzlaa1y6q1igmi18.png" alt="Syslog" width="292" height="332"></a></p> <ul> <li>Syslog</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3wbh8iv3bnmwtd9j8q4n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3wbh8iv3bnmwtd9j8q4n.png" alt="Port 514" width="472" height="930"></a></p> <ul> <li>Port 514</li> </ul> <h5> <a href="https://grafana.com/grafana/dashboards/5420-pfsense-graylog/" rel="noopener noreferrer">Grafana</a> </h5> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fax9agezz1o5jgptc5ql7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fax9agezz1o5jgptc5ql7.png" alt="Dashboard" width="800" height="844"></a></p> <ul> <li>Use Graylog data to visualize on dashboard</li> </ul> <h5> <a href="https://www.wireshark.org/#download" rel="noopener noreferrer">Wireshark</a> </h5> <p>Use this for packet capturing on a particular interface.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9wjgtmomdtufulwrwvpj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9wjgtmomdtufulwrwvpj.png" alt="Wireshark" width="800" height="594"></a></p> <h3> wap </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>10.0.1.4</th> <th></th> </tr> </thead> <tbody> <tr> <td>1. Specs </td> <td>2. Administration </td> <td>3. Config </td> </tr> <tr> <td>4. Services </td> <td>5. Wireless </td> <td>6. Security </td> </tr> <tr> <td>7. VLAN </td> <td>8. Networking </td> <td>9. Debug </td> </tr> </tbody> </table></div> <p>Make sure you are on the latest firmware to enable this feature. Use Firefox or chrome.</p> <p>There are 2 different frequencies to understand.</p> <h5> 5.0 GHZ </h5> <p>Provide higher speeds, has multiple channels to use, and radio waves dissipate in shorter distances. </p> <h5> 2.4 GHZ </h5> <p>Can provide reasonable speeds for IOT devices, has 3 usable channels in the USA, and radio waves can travel further distances.</p> <h4> wap Specs </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Software: <a href="https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/" rel="noopener noreferrer">dd-wrt</a> </th> <th></th> <th></th> <th></th> <th>Hardware: <a href="https://a.co/d/9bAPfvt" rel="noopener noreferrer">linksys wrt3200acm</a> </th> </tr> </thead> <tbody> <tr> <td>Dual Core</td> <td>4 Switch Port</td> <td>2 USB</td> <td>802.11a/b/g/n/ac</td> <td>4 Dual-Band Antennas</td> </tr> </tbody> </table></div> <ul> <li>There are many hardware alternatives</li> <li>The WAN port will be untagging the INFRA network to access admin console</li> <li>The LAN port will be carrying the tagged traffic</li> <li>Once VLANS are set up, you can remove WAN port and plug into LAN</li> </ul> <h4> Administration </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2s9n41h1mfurgykwscp6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2s9n41h1mfurgykwscp6.png" alt="Management" width="757" height="65"></a></p> <ul> <li>Click Administration/Management</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg6lqm347qv7qstp9y9l6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg6lqm347qv7qstp9y9l6.png" alt="Protocols" width="790" height="632"></a></p> <ul> <li>Enable Protocols</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" alt="Save" width="788" height="48"></a></p> <ul> <li>Save</li> </ul> <h4> Basic Config </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5p2znqiz0p3u66g65hxf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5p2znqiz0p3u66g65hxf.png" alt="Image description" width="786" height="62"></a></p> <ul> <li>Click Setup/Basic Setup</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F52hfrew10b6brjueh7xe.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F52hfrew10b6brjueh7xe.png" alt="Disable WAN" width="788" height="343"></a></p> <ul> <li>Disable WAN</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhiafvt5dwqb0td12idwk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhiafvt5dwqb0td12idwk.png" alt="Image description" width="788" height="835"></a></p> <ul> <li>Assign IP information</li> <li>Disable DHCP</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" alt="Save" width="788" height="48"></a></p> <ul> <li>Save</li> </ul> <h4> wap Services </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkn09hmfv20hqsvk2ug8v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkn09hmfv20hqsvk2ug8v.png" alt="Click Services/Services" width="743" height="66"></a></p> <ul> <li>Click Services/Services</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F70vn99k32wspifanlpsw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F70vn99k32wspifanlpsw.png" alt="Disable Services" width="522" height="245"></a></p> <ul> <li>Disable Services</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8r68zl12nd0s6pul77xv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8r68zl12nd0s6pul77xv.png" alt="SSH" width="789" height="375"></a></p> <ul> <li>Enable SSH</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpw7ma462optpk7qwljbt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpw7ma462optpk7qwljbt.png" alt="Syslog" width="787" height="159"></a></p> <ul> <li>Enable Syslog</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" alt="Save" width="788" height="48"></a></p> <ul> <li>Save</li> </ul> <h4> wap Wireless </h4> <p>Your wireless connection might be different.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fybngcerv88rikqnhzqyz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fybngcerv88rikqnhzqyz.png" alt="Image description" width="724" height="69"></a></p> <ul> <li>Click Wireless/Basic Setting</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhsf9i26pv90zw7v05jja.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhsf9i26pv90zw7v05jja.png" alt="Add 5.0 GHZ Virtual Access Points" width="790" height="904"></a></p> <ul> <li>Add 5.0 GHZ Virtual Access Points</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F51lgl7wxtjvxsxp3t1n4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F51lgl7wxtjvxsxp3t1n4.png" alt="Add 2.4 GHZ Virtual Access Points" width="790" height="673"></a></p> <ul> <li>Add 2.4 GHZ Virtual Access Points</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgcswjpczftyt9kkuim9y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgcswjpczftyt9kkuim9y.png" alt="Disable Mixed Connection" width="790" height="442"></a></p> <ul> <li>Disable Mixed Connection</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" alt="Save" width="788" height="48"></a></p> <ul> <li>Save</li> </ul> <h4> wap Security </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5mnecx53rt6aqrutymi5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5mnecx53rt6aqrutymi5.png" alt="Click Wireless/Wireless Security" width="724" height="61"></a></p> <ul> <li>Click Wireless/Wireless Security</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fja406gnpyt9d3ovsujdp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fja406gnpyt9d3ovsujdp.png" alt="Set Mode" width="762" height="629"></a></p> <ul> <li>Set Mode</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" alt="Save" width="788" height="48"></a></p> <ul> <li>Save</li> </ul> <h4> wap VLAN </h4> <p>You will need to use 2 ports on wap (WAN and LAN) when configuring your VLANs. You can use one, but you will be unplug and plug between these interfaces. Once configuration is complete you will only need to connect LAN port, but you will lose access to the router console.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6tgc8xu9yc06qsjvdq07.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6tgc8xu9yc06qsjvdq07.png" alt="Click Setup/Switch Config" width="793" height="67"></a></p> <ul> <li>Click Setup/Switch Config</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyj6rhb3cv9qtihhpwcpf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyj6rhb3cv9qtihhpwcpf.png" alt="Table" width="789" height="642"></a></p> <ul> <li>Configure your VLAN Table</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" alt="Save" width="788" height="48"></a></p> <ul> <li>Save</li> </ul> <h4> wap Networking </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F36xgfl764cfhyr6jlhi4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F36xgfl764cfhyr6jlhi4.png" alt="Click Setup/Networking" width="790" height="67"></a></p> <ul> <li>Click Setup/Networking</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fegjxsz7c2cfsw2obt5vd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fegjxsz7c2cfsw2obt5vd.png" alt="Add Bridges and map to your VLANs" width="789" height="666"></a></p> <ul> <li>Add Bridges and map to your VLANs</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsubiwp3weh6u3p92v7bl.png" alt="Save" width="788" height="48"></a></p> <ul> <li>Save</li> </ul> <h4> wap Debug </h4> <p>Use the SIEM to read SYSlogs and Wireshark to analyze traffic</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqkjh07hgho24wl0l1r35.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqkjh07hgho24wl0l1r35.png" alt="Reboot" width="786" height="43"></a></p> <ul> <li>Reboot if all fails</li> </ul> <h3> <a href="https://a.co/d/aK6GsXL" rel="noopener noreferrer">TPLink Switch</a> </h3> <p>These switch help expand the network by carrying VLAN IDs. You will enable VLANS and set PVIDs through the admin console.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wpviihyk3k9bzhyyjui.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wpviihyk3k9bzhyyjui.png" alt="802.1Q" width="191" height="379"></a></p> <ul> <li>802.1Q</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvhxikl6jqrvyo5wwfi8s.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvhxikl6jqrvyo5wwfi8s.png" alt="Enable" width="680" height="87"></a></p> <ul> <li>Enable</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvq9astwrvonlxn8p0slc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvq9astwrvonlxn8p0slc.png" alt="PVID" width="189" height="386"></a></p> <ul> <li>Use when a port needs to be untagged and allow DHCP to assign IPs for that VLAN</li> </ul> <h3> TL-1 </h3> <h4> 10.0.1.11 </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqacxhez3vkjpq0z2vbu1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqacxhez3vkjpq0z2vbu1.png" alt="VLAN Table" width="563" height="223"></a></p> <ul> <li>VLAN Table</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6zec5t9f2tcn3s3tl4x7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6zec5t9f2tcn3s3tl4x7.png" alt="PVID" width="227" height="222"></a></p> <ul> <li>PVID</li> </ul> <h3> TL-2 </h3> <h4> 10.0.1.12 </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvkc0151fms6qeltkdloc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvkc0151fms6qeltkdloc.png" alt="VLAN Table" width="566" height="131"></a></p> <ul> <li>VLAN Table</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F274afs6li3rwulcwhveg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F274afs6li3rwulcwhveg.png" alt="PVID" width="222" height="156"></a></p> <ul> <li>PVID</li> </ul> <h3> TL-3 </h3> <h4> 10.0.1.13 </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhm87j9mne1iybo50d2pc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhm87j9mne1iybo50d2pc.png" alt="VLAN Table" width="564" height="90"></a></p> <ul> <li>VLAN Table</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmwt2e3887qntpk4bvx65.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmwt2e3887qntpk4bvx65.png" alt="PVID" width="224" height="156"></a></p> <ul> <li>PVID</li> </ul> gratitude aakhtar3 Fri, 30 Dec 2022 23:10:18 +0000 https://forem.com/aakhtar3/fast-ethernet-gigabit-ethernet-8cc https://forem.com/aakhtar3/fast-ethernet-gigabit-ethernet-8cc <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>1. Identify the Problem</td> <td>2. Develop a Theory</td> <td>3. Test the Theory</td> </tr> <tr> <td>4. Plan of Action</td> <td>5. Implement the Solution</td> <td>6. Verify System Functionality</td> </tr> <tr> <td></td> <td>7. Document the Issue</td> <td></td> </tr> </tbody> </table></div> <p>I wanted to hard wire all of my devices on my Local Area Network using Ethernet. I noticed one of my connections was much slower than expected and wanted to fix it. This write up goes over the 7 steps that a network administrator should use to troubleshoot network issues.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Terms</th> <th>Definition</th> </tr> </thead> <tbody> <tr> <td>Fast Ethernet</td> <td>100 Megabits per second</td> </tr> <tr> <td>Gigabit Ethernet</td> <td>1000 Megabits per second</td> </tr> <tr> <td>Half Duplex</td> <td>Transmit data in one direction at a time</td> </tr> <tr> <td>Full Duplex</td> <td>Transmit data in two directions at the same time</td> </tr> <tr> <td>ISP</td> <td>Internet Service Provider</td> </tr> <tr> <td>VPN</td> <td>Virtual Private Network</td> </tr> <tr> <td>WAN</td> <td>Wide Area Network</td> </tr> <tr> <td>LAN</td> <td>Local Area Network</td> </tr> </tbody> </table></div> <h1> 1. Identify the Problem </h1> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--pNAYN5Ow--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lkctorrbmyjuah9d1afe.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--pNAYN5Ow--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lkctorrbmyjuah9d1afe.png" alt="100/Full" width="565" height="151"></a></p> <ul> <li> <a href="https://a.co/d/ak0LMJt">TP-Link 5 Port Gigabit Switch</a> identifies port as <code>100 Mbps Full duplex</code> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--iIeuzo_H--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9awuasbvnuzzf0r4vd2b.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iIeuzo_H--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9awuasbvnuzzf0r4vd2b.png" alt="92 Mbps" width="665" height="613"></a></p> <ul> <li> <a href="https://fast.com/">fast.com</a> test shows 92 Mbps</li> </ul> <h1> 2. Develop a Theory </h1> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--o24VT9-a--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oh0zyxp4vfd4isdyi7aw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--o24VT9-a--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oh0zyxp4vfd4isdyi7aw.png" alt="Network Diagram" width="880" height="265"></a></p> <ul> <li> <a href="https://a.co/d/271M8AH">Cat5e</a> cable is damaged or misconfigured</li> </ul> <h1> 3. Test the Theory </h1> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--muPUCImC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7m0viskh39n0nfqcg16w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--muPUCImC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7m0viskh39n0nfqcg16w.png" alt="New connection" width="880" height="265"></a></p> <ul> <li>Use another wire and connection</li> </ul> <h1> 4. Plan of Action </h1> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--K5RkdBOW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8jtfhe4rf6otwj7dchhz.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--K5RkdBOW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8jtfhe4rf6otwj7dchhz.jpg" alt="Tools" width="880" height="650"></a></p> <ul> <li>Fix <a href="https://a.co/d/271M8AH">Cat5e</a> Ethernet with a <a href="https://a.co/d/3aFyMJh">Network Tool Kit</a> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--PnY4b0Y5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ju776zsdc383l77ioepo.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PnY4b0Y5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ju776zsdc383l77ioepo.png" alt="Correct" width="679" height="818"></a></p> <ul> <li>Update Male <a href="https://a.co/d/271M8AH">Cat5e</a> Ethernet Jack</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ltdjdFEY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hsb6fbxsup79xpw3hgz6.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ltdjdFEY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hsb6fbxsup79xpw3hgz6.jpg" alt="Keystone Jack" width="880" height="1173"></a></p> <ul> <li>Update Female <a href="https://a.co/d/248yeLW">Ethernet Keystone Jack</a> </li> </ul> <h1> 5. Implement the Solution </h1> <h2> Update <a href="https://a.co/d/271M8AH">Cat5e</a> Ethernet Jack </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--FeO6Jm2k--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8fce6metkq4woqf62pye.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--FeO6Jm2k--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8fce6metkq4woqf62pye.jpeg" alt="Crimping tool" width="880" height="660"></a></p> <ul> <li>Use crimping tool </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Qkc1POc4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gu90v665u6k5kwfm8uug.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Qkc1POc4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gu90v665u6k5kwfm8uug.jpg" alt="Cut Ethernet" width="880" height="1293"></a></p> <ul> <li>Cut Male <a href="https://a.co/d/271M8AH">Cat5e</a> Ethernet jack</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--rmX7hd-8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/t3fgaor4dtprrtcdgnso.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--rmX7hd-8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/t3fgaor4dtprrtcdgnso.jpg" alt="Expose Wires" width="880" height="932"></a></p> <ul> <li>Expose Wires</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fC2NzqcK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ht9slpo9p2bykcbnv920.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fC2NzqcK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ht9slpo9p2bykcbnv920.jpg" alt="Image description" width="880" height="912"></a></p> <ul> <li>Inspect wiring arrangement</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--sN2rjkDm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/mre3pnlabmawe5xq2eaz.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--sN2rjkDm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/mre3pnlabmawe5xq2eaz.jpg" alt="Wire stripping knife" width="880" height="2038"></a></p> <ul> <li>Use wire stripping knife</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Kz0E825N--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7xtkt2xmcyudh6lpyjhg.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Kz0E825N--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7xtkt2xmcyudh6lpyjhg.jpg" alt="Cut covering" width="880" height="772"></a></p> <ul> <li>Cut covering</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--l-xw9BKi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lpi15m39bgtjfr8yu9b5.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--l-xw9BKi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lpi15m39bgtjfr8yu9b5.jpg" alt="Remove covering" width="880" height="1868"></a></p> <ul> <li>Remove covering</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--G5_4xL6d--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/98yief3a9fljgc2zs328.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--G5_4xL6d--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/98yief3a9fljgc2zs328.jpg" alt="Separate Wiring" width="880" height="813"></a></p> <ul> <li>Separate wire pairing</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--r2ovK392--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3c6k00vu3eyzu44e133j.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--r2ovK392--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3c6k00vu3eyzu44e133j.jpg" alt="Insert wires into RJ45" width="880" height="970"></a></p> <ul> <li>Insert wires into RJ45</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--WH_WcxWV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j5rvehhte87rnatraj8u.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--WH_WcxWV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j5rvehhte87rnatraj8u.jpg" alt="Tighten wires" width="880" height="1001"></a></p> <ul> <li>Tighten wires with crimping tool RJ45 slot </li> </ul> <h2> Update <a href="https://a.co/d/248yeLW">Ethernet Keystone Jack</a> </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--sE8-_PvS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zgtr4olsqfi5uzl6phl0.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--sE8-_PvS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zgtr4olsqfi5uzl6phl0.jpeg" alt="Punchdown tool" width="880" height="660"></a></p> <ul> <li>Use Punchdown tool</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--QgDZ1Cm5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6g1yxdw0my4z9egsqe3b.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--QgDZ1Cm5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6g1yxdw0my4z9egsqe3b.jpg" alt="Trim" width="880" height="1020"></a></p> <ul> <li>Push down into Female <a href="https://a.co/d/248yeLW">Ethernet Keystone Jack</a> and trim exposed wires</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--WdVvX4mq--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hqk3lqsfbkju6vae3647.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--WdVvX4mq--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hqk3lqsfbkju6vae3647.png" alt="Right" width="722" height="755"></a></p> <ul> <li>Use B layout</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--DhRSyoo4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4unvd8c02vu4ductjsbv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--DhRSyoo4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4unvd8c02vu4ductjsbv.png" alt="Image description" width="849" height="807"></a></p> <ul> <li>Use B layout</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--kZUZcddV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i51qiov02yt2in6unheh.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--kZUZcddV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i51qiov02yt2in6unheh.jpg" alt="Image description" width="880" height="1073"></a></p> <ul> <li>Install on wall plate</li> </ul> <h1> 6. Verify System Functionality </h1> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--H9_2TK_0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qiro43i01atcmi800bbc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--H9_2TK_0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qiro43i01atcmi800bbc.png" alt="1000/Full" width="572" height="150"></a></p> <ul> <li> <a href="https://a.co/d/ak0LMJt">TP-Link 5 Port Gigabit Switch</a> identifies port as <code>1000 Mbps Full duplex</code> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--b4Lafgec--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wy9wyeysnw2j2bah8r9u.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--b4Lafgec--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wy9wyeysnw2j2bah8r9u.png" alt="220 Mbps" width="842" height="586"></a></p> <ul> <li> <a href="https://fast.com/">fast.com</a> test shows 220 Mbps</li> <li>In theory, I should get higher speed if I purchase more bandwidth from my ISP</li> </ul> <h1> 7. Document the Issue </h1> <p>This write up is the documentation and is intended for sharing on the public internet</p> tutorial performance computerscience productivity aakhtar3 Wed, 21 Oct 2020 04:15:20 +0000 https://forem.com/aakhtar3/kali-linux-on-ipad-54gc https://forem.com/aakhtar3/kali-linux-on-ipad-54gc <p>This guide will go over how to run a virtual instance of Kali Linux on your iPad using a two iPad applications and provisioning a server on <a href="https://m.do.co/c/c4eedf7f7c5c">Digital Ocean</a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>1. Blink </td> <td>2. Digital Ocean </td> <td>3. Mosh </td> </tr> <tr> <td>4. Kali </td> <td>5. VNC </td> <td>6. JumpDesktop </td> </tr> </tbody> </table></div> <h2> Cost </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>SSH</th> <th>VNC</th> <th>Kali</th> </tr> </thead> <tbody> <tr> <td>Port</td> <td>22</td> <td>5900</td> <td>22</td> </tr> <tr> <td>Site</td> <td><a href="https://blink.sh/">Blink</a></td> <td><a href="https://www.jumpdesktop.com/">JumpDesktop</a></td> <td><a href="https://m.do.co/c/c4eedf7f7c5c">Digital Ocean</a></td> </tr> <tr> <td>Cost</td> <td>$19.99</td> <td>$14.99</td> <td>-</td> </tr> <tr> <td>Cost Per Month</td> <td>-</td> <td>-</td> <td>$15.00</td> </tr> </tbody> </table></div> <h3> Blink SSH Key </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Use blink to create a SSH key ssh-keygen -t rsa -b 4096 -C “your@email.com” # Copy public key cat ~/.ssh/id_rsa.pub | pbcopy # Copy private key cat ~/.ssh/id_rsa | pbcopy </code></pre> </div> <h3> <a href="https://m.do.co/c/c4eedf7f7c5c">Digital Ocean</a> Server </h3> <p>Choose <code>Debian 9</code> for the OS</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tPpPElQG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/8aaof339ikop8gcliqq7.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tPpPElQG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/8aaof339ikop8gcliqq7.png" alt="OS"></a></p> <p>Choose Basic plan <code>$15.00/mo</code> so that you can properly install the OS without errors</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xmm9B6uJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/i3o66e59rg41k7rpci1i.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xmm9B6uJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/i3o66e59rg41k7rpci1i.png" alt="Basic Plan"></a></p> <p>Choose Datacenter</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--mf5AQKsl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/ojsyyd9ic3hvntbxor9a.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--mf5AQKsl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/ojsyyd9ic3hvntbxor9a.png" alt="Data Center"></a></p> <p>Add SSH key from the previous blink step</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--bXMsVbOz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/1u2pbzr6ru1i26dokq1d.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--bXMsVbOz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/1u2pbzr6ru1i26dokq1d.png" alt="Alt Text"></a></p> <p>Get IPv4 address</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--MS33Jj6c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/iya800a5qimvv7gzqxhw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--MS33Jj6c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/iya800a5qimvv7gzqxhw.png" alt="Alt Text"></a></p> <h3> Mosh </h3> <p><a href="https://mosh.org">mosh</a> is like ssh, but allows intermittent connections</p> <h4> Host </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--EeJDREs1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/i2spfhceqeotzk1wumdj.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--EeJDREs1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/i2spfhceqeotzk1wumdj.png" alt="config"></a></p> <p>Click on <code>Hosts</code></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--FveyzriZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/cefctim71hejuery50tn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--FveyzriZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/cefctim71hejuery50tn.png" alt="Hosts"></a></p> <p>Enter the hostname values and use the SSH key that you created in the previous steps</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vEwJT42a--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/by50lfj8gpcxx8hmuwl7.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vEwJT42a--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/by50lfj8gpcxx8hmuwl7.jpeg" alt="hostname"></a></p> <h4> Install </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Log into your host with ssh2 ssh2 kali # Update and install mosh apt-get update -y &amp; apt-get install -y mosh # Log out of your host exit # Log into your host with mosh going forward mosh kali </code></pre> </div> <h3> Kali </h3> <h4> Setup Source </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Update source.lists by adding kali reference echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" &gt;&gt; /etc/apt/sources.list # Update apt-get update -y </code></pre> </div> <p>You will get this error if you do not have permission<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>W: GPG error: http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D80BF6 E: The repository 'http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Fix Error apt-get -y --allow-unauthenticated install kali-archive-keyring # Re-run update apt-get update -y # Search for Kali installation apt-cache search kali-linux </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--R6LGaKcy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/1e28r15fdoaso8o9ny2k.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--R6LGaKcy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/1e28r15fdoaso8o9ny2k.png" alt="Distros"></a></p> <h4> Install </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Install everything, which will be larger than 25GB apt-get -y install kali-linux-everything </code></pre> </div> <p>You will be prompted a few questions during the installation</p> <p>Select Language</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--gonxaM8z--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jxw8e6ckvf1wew5zuapc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--gonxaM8z--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jxw8e6ckvf1wew5zuapc.png" alt="Language"></a></p> <p>Install Samba</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--R3FKc-IL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/gd28p1dm5v7qj1o2gcx1.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--R3FKc-IL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/gd28p1dm5v7qj1o2gcx1.png" alt="Samba"></a></p> <p>Enable Packet Capture</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dbEcuLag--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/o8jd1zusb5dhrf30ihet.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dbEcuLag--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/o8jd1zusb5dhrf30ihet.png" alt="Wireshark"></a></p> <p>Enable Mac Changer</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--iRCHqh9F--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/eg2r7utwvpr2ko4odmz5.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iRCHqh9F--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/eg2r7utwvpr2ko4odmz5.png" alt="Macchanger"></a></p> <p>Kismet is a resource hog, but can be turned off with<br> <code>systemctl stop kismet</code></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--znEFlW_C--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/bkboadfybt38zx6zylwa.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--znEFlW_C--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/bkboadfybt38zx6zylwa.png" alt="Kismet"></a></p> <p>Add user</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--YJGgMgTa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/wkvf91tvwwyv4n305fb4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--YJGgMgTa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/wkvf91tvwwyv4n305fb4.png" alt="Kismet common"></a></p> <p>Standalone</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--PuUP9Oif--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/e2y8k13oakx2r13f64nz.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PuUP9Oif--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/e2y8k13oakx2r13f64nz.png" alt="Standalone"></a></p> <p>Restart services after installation</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--C2x9soXj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/3o4m9ie8zvx3ooja2x7b.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--C2x9soXj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/3o4m9ie8zvx3ooja2x7b.png" alt="Restart"></a></p> <p>Restart services</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--qcinrOVO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/6u57hrj4wxbbp5rufvoc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--qcinrOVO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/6u57hrj4wxbbp5rufvoc.png" alt="Cron"></a></p> <p>Use sshd config<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--BY1PXK6r--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/x38jqvaz3o46ghld0dj4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--BY1PXK6r--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/x38jqvaz3o46ghld0dj4.png" alt="Sshd"></a></p> <h4> Validate </h4> <h5> Cleanup </h5> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Finalize/cleanup Linux Kernel apt-get -y update apt-get -y upgrade apt-get -y dist-upgrade apt-get -y autoremove # Restart shutdown now -rf </code></pre> </div> <h5> Check Kernel </h5> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>uname -r </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--q1EmeV1A--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/pymimnsig7rve6pkxujo.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--q1EmeV1A--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/pymimnsig7rve6pkxujo.png" alt="uname"></a></p> <h3> VNC </h3> <h4> Enable <a href="https://www.ssh.com/ssh/tunneling/example">SSH Port Local Forwarding</a> </h4> <ul> <li>VNC is very insecure because the traffic is sent over an insecure connection <ul> <li>Unencrypted connection that can be sniffed</li> </ul> </li> <li>SSH Port Local Forwarding creates an encrypted session over port 22 <ul> <li> <a href="https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/">Reverse proxy</a> the connection to localhost:5901 </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Enable TCP forwarding nano /etc/ssh/sshd_config ############ START OF FILE ############ AllowTcpForwarding yes ############ END OF FILE ############ # Restart SSH systemctl restart sshd # Check status systemctl status sshd </code></pre> </div> <h4> Install </h4> <ul> <li>This startup script will enable a VNC server that listens on localhost for SSH Port Local Forwarding</li> <li>The password will be used to login through VNC </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Install tight vnc server apt-get install -y tightvncserver # Create start up script nano /etc/init.d/tightvncserver ############ START OF FILE ############ #!/bin/sh USER=root HOME=/root export USER HOME case "$1" in start) echo "Starting VNC Server" /usr/bin/vncserver :1 -geometry 1280x1024 -depth 16 -localhost -nolisten tcp ;; stop) echo "Stopping VNC Server" /usr/bin/vncserver -kill :1 ;; *) echo "Usage: /etc/init.d/vncboot {start|stop}" exit 1 ;; esac exit 0 ############ END OF FILE ############ # Update the permission chmod +x /etc/init.d/tightvncserver # Update defaults update-rc.d tightvncserver defaults # Configure password tightvncserver # Restart shutdown now -rf </code></pre> </div> <h4> Validate </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Verify that VNC is listening on localhost or 127.0.0.1 and port 5901 netstat -tupln | grep vnc </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--agGBp2_O--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/qh2ru0sw910p51fgtq2u.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--agGBp2_O--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/qh2ru0sw910p51fgtq2u.png" alt="netstat"></a></p> <h3> JumpDesktop </h3> <p>Set the hostname as <code>localhost</code> or <code>127.0.0.1</code> and the port as <code>5901</code></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--X5-o8y-c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/g1lfdl9t2iipxohv8821.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--X5-o8y-c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/g1lfdl9t2iipxohv8821.png" alt="new"></a></p> <p>Edit</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aIvuvZu7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/2q8ghifdd6t1n7gy71j9.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aIvuvZu7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/2q8ghifdd6t1n7gy71j9.png" alt="edit"></a></p> <p>Add SSH Tunneling</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--oOGhmIcS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/vx32tgjyt8ssikb2yxct.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--oOGhmIcS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/vx32tgjyt8ssikb2yxct.png" alt="ssh"></a></p> <p>Add sever by adding the IPv4 address from <a href="https://m.do.co/c/c4eedf7f7c5c">Digital Ocean</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--RdfzIMd_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/3p34b1c9edl5mihftj8w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--RdfzIMd_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/3p34b1c9edl5mihftj8w.png" alt="Server"></a></p> <p>You will need to either copy and paste or load iTunes and store the key in the jump desktop app</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Mkj36dv9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/94i5q7nn0o4et7ipdcts.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Mkj36dv9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/94i5q7nn0o4et7ipdcts.png" alt="Import from Itunes"></a></p> <p>Add the private key<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xLuFB7-W--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/swpmkzpix69mev6lhgp8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xLuFB7-W--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/swpmkzpix69mev6lhgp8.png" alt="private key"></a></p> <p>Update the icon and title<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--JoavOng1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v9j1ljzcy6hswqqym5bn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--JoavOng1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v9j1ljzcy6hswqqym5bn.png" alt="Update"></a></p> <p>Enable SSH</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--TPTj9Z6d--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/f1gs1muwp1tvdd09iwas.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--TPTj9Z6d--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/f1gs1muwp1tvdd09iwas.png" alt="Enable shh"></a></p> <p>Enter VNC password that you created in the previous step</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fezvu7sI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/f845turege175xi4sk8v.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fezvu7sI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/f845turege175xi4sk8v.png" alt="Password"></a></p> <p>Interact with GUI</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hlH7wo0D--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/epwlqadvuqky4a61u7nt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hlH7wo0D--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/epwlqadvuqky4a61u7nt.png" alt="GUI"></a></p> security linux motivation tutorial aakhtar3 Thu, 01 Oct 2020 00:53:12 +0000 https://forem.com/aakhtar3/dynamic-and-abstract-nginx-497b https://forem.com/aakhtar3/dynamic-and-abstract-nginx-497b <h1> Dynamic and Abstract Nginx </h1> <p>Nginx is a powerful webserver and can built dynamically by injecting environment variables with <a href="https://linux.die.net/man/1/envsubst" rel="noopener noreferrer">envsubst</a> and importing modular configs with the <a href="http://nginx.org/en/docs/ngx_core_module.html#include" rel="noopener noreferrer">include</a> directive.</p> <h2> envsubst </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzi62s911lxxt0yy50dh5.png" class="article-body-image-wrapper"><img alt="input/output" src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzi62s911lxxt0yy50dh5.png"></a></p> <ul> <li>Create <code>/etc/nginx/nginx.conf.template</code> with environment variables <code>${VAR}</code> </li> <li>Use envsubst to dynamically generate a new <code>/etc/nginx/nginx.conf</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Define the environment variables export SERVER='example' LOG='example' # Run command to generate new nginx.conf cd /etc/nginx envsubst '${SERVER},${LOG}' &lt; nginx.conf.template &gt; nginx.conf </code></pre> </div> <h5> brew install </h5> <p>Mac users will need to install <a href="https://www.gnu.org/software/gettext/" rel="noopener noreferrer">gettext</a> which includes envsubst.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>brew install gettext brew link --force gettext </code></pre> </div> <h2> Include </h2> <p>From the example above using the sample http config.</p> <blockquote> <p><code>*</code> is a wildcard and will match on example.<code>com</code>.conf.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http { ... include /etc/nginx/conf.d/example.*.conf; ... } </code></pre> </div> <p>Here is an example folder structure for your Nginx modules.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/etc/nginx/ nginx.conf # HTTP /conf.d # Server(s) example.com.conf # Can contain multiple servers default.conf # Comes with nginx *.conf /sites-enabled # Includes /location # Location Includes assets.inc # /location blocks to static assets *.inc /SSL # SSL Includes example.com.inc # Contains SSL directives for example.com *.inc /* # You can continue to modularize your code base *.inc </code></pre> </div> <p>Check out this repo which has more <code>include</code> examples.</p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/10up" rel="noopener noreferrer"> 10up </a> / <a href="https://github.com/10up/nginx_configs" rel="noopener noreferrer"> nginx_configs </a> </h2> <h3> ARCHIVED: Nginx Configuration Template for WordPress Sites </h3> </div> </div> beginners tutorial microservices todayisearched