NX-OS Spine/Leaf Operations: vPC, Port-Channels, and Pre-Production Checks
Operate Nexus spine/leaf fabrics without surprises. Covers vPC operational checks, port-channel hygiene, OSPF/BGP underlay verification, and failure drills before go-live.
Popular Series
All Posts
Cisco IOS-XE Edge Baseline: AAA, SSH, ACL, Logging, and IP SLA
Build a production-ready IOS-XE edge router. Covers secure management, IP SLA tracking for real failover, logging configuration, and common mistakes that break production.
Junos Routing Policy That Scales: Policy-Statement Patterns and Safe Defaults
Design maintainable Junos routing policies. Covers policy-statement structure, community naming, prefix-lists, and safe defaults that prevent routing disasters.
Junos SRX Security Policies in Real Life: Why Traffic Doesn't Match
Debug SRX policy issues when traffic flows wrong or NAT fails. Covers zone chain, policy hit counters, flow trace, and the top 5 reasons policies never match.
NAT Logging: Session Tracking for CGNAT and Compliance
Implement NAT session logging on VyOS. Covers connection tracking logs, log analysis, compliance requirements, and why NAT logs are essential for troubleshooting and legal requirements.
FlowSpec: Programmable Filters via BGP
Understand BGP FlowSpec for traffic filtering. Covers FlowSpec rules, BGP distribution, rate limiting, and why FlowSpec enables network-wide filtering from a single point.
RTBH: Remote Triggered Blackhole Routing
Implement RTBH on VyOS for DDoS mitigation. Covers blackhole routing, BGP communities, triggering procedures, and why RTBH sacrifices the target to save the network.
DDoS Mitigation at the Edge: Rate Limiting and Traffic Scrubbing
Implement basic DDoS protection on VyOS edge routers. Covers rate limiting, connection limits, SYN flood protection, and why edge mitigation buys time for upstream solutions.
Dynamic Routing Over Tunnels: BGP and OSPF Through Encrypted Links
Run routing protocols over VPN tunnels on VyOS. Covers OSPF over GRE/IPsec, BGP over WireGuard, tunnel interface selection, and why routing over tunnels requires careful planning.
VXLAN: Scalable L2 Over L3 Overlay
Configure VXLAN on VyOS for datacenter overlays. Covers VXLAN concepts, static and multicast modes, head-end replication, MTU, and why VXLAN enables scalable Layer 2 networks.
GRE, IPIP, and SIT Tunnels: Simple Point-to-Point Encapsulation
Configure GRE, IPIP, and SIT tunnels on VyOS. Covers tunnel types, MTU considerations, keepalives, GRE keys, and why simple tunnels solve simple problems.
EVPN: Modern Control Plane for L2 and L3 Services
Understand EVPN architecture and concepts. Covers EVPN route types, MAC/IP learning via BGP, multi-homing, VXLAN integration, and why EVPN is the future of overlay networking.
VPLS: Layer 2 VPN Over MPLS
Understand VPLS concepts and configuration. Covers virtual switch model, BGP signaling, pseudowires, MAC learning, and why VPLS provides multipoint L2 connectivity.
L3VPN: MPLS VPN for Multi-Site Connectivity
Configure MPLS L3VPN on VyOS. Covers VPNv4 address family, route distinguishers, route targets, PE-CE routing, and why L3VPN provides scalable multi-tenant connectivity.
BGP-LU: Labeled Unicast for Scalable MPLS Networks
Configure BGP Labeled Unicast on VyOS. Covers label distribution via BGP, inter-AS MPLS, seamless MPLS concepts, and why BGP-LU replaces LDP in modern designs.
MPLS Introduction: Labels, LDP, and Packet Forwarding
Understand MPLS fundamentals on VyOS. Covers label switching, LDP configuration, penultimate hop popping, MPLS forwarding, and why MPLS is still relevant for service provider networks.
BGP Dampening: Suppressing Route Flapping
Configure BGP route dampening on VyOS. Covers dampening parameters, penalty calculation, route suppression, reuse thresholds, and why dampening prevents unstable routes from destabilizing your network.
ECMP and Multipath: Load Balancing at the Routing Layer
Configure ECMP on VyOS for route-level load balancing. Covers equal-cost paths, multipath BGP, hash algorithms, troubleshooting uneven distribution, and why ECMP is simple but requires understanding.
Route Leaking Between VRFs: Controlled Connectivity
Configure route leaking between VRFs on VyOS. Covers import/export policies, selective leaking, shared services, and why route leaking provides controlled cross-VRF connectivity.
BGP Communities: Signaling Intent Across Networks
Master BGP communities on VyOS. Covers standard, extended, and large communities, common use cases, community-based filtering, and why communities are the language networks speak.
Network Automation with Ansible: From Manual CLI to Infrastructure as Code
A practical guide to automating network infrastructure using Ansible. Real examples from production environments including device configuration, backup strategies, and compliance checking.
Building Reliable Infrastructure: Lessons from 15 Years in Operations
Key principles for building infrastructure that survives failures, scales gracefully, and lets you sleep at night. Real lessons from production environments.
Graceful Restart: Maintaining Forwarding During Protocol Restarts
Configure OSPF and BGP graceful restart on VyOS. Covers GR mechanics, helper mode, restart timers, and why graceful restart prevents traffic loss during maintenance.
BFD: Fast Failover Detection for Routing Protocols
Implement BFD on VyOS for sub-second failure detection. Covers BFD timers, integration with BGP and OSPF, multihop BFD, and why routing protocol keepalives are too slow.
Policy Routing Debug: Why Traffic Takes the Wrong Path
Debug policy-based routing on VyOS. Covers rule evaluation order, mark verification, table inspection, common misconfigurations, and why PBR debugging needs systematic verification.
ARP and Neighbor Discovery: Troubleshooting Layer 2 Problems
Debug ARP and IPv6 ND issues on VyOS. Covers ARP table analysis, stale entries, duplicate IP detection, proxy ARP, neighbor discovery, and why Layer 2 problems look like Layer 3 failures.
Packet Capture on VyOS: tcpdump Techniques for Real Debugging
Master packet capture on VyOS for troubleshooting. Covers tcpdump filters, capture strategies, decoding protocols, saving and analyzing captures, and why packets never lie.
Conntrack Deep Dive: Connection Tables, Limits, and Debugging
Master VyOS connection tracking internals. Covers conntrack tables, tuning limits, timeout configuration, debugging full tables, and why conntrack is the invisible stateful firewall engine.
TCP MSS Clamping: When and Why to Adjust Segment Size
Master TCP MSS clamping on VyOS for tunnels and PPPoE. Covers MSS vs MTU, clamping configuration, troubleshooting fragmentation, and why MSS clamping fixes problems MTU changes cannot.
MTR, Tracepath, and PMTUD: Diagnosing Path Problems
Master network path diagnostics on VyOS. Covers MTR interpretation, traceroute variants, PMTUD troubleshooting, detecting packet loss patterns, and why ping alone is never enough.
RADIUS and TACACS+: Centralized Authentication for Network Devices
Configure VyOS with RADIUS and TACACS+ for centralized AAA. Covers server setup, failover configuration, command authorization, accounting, and why central auth is non-negotiable at scale.
User Management: Local Users, SSH Keys, and Access Control
Configure VyOS user management properly. Covers local user creation, SSH key authentication, privilege levels, password policies, and why root password should be disabled.
Upgrade Playbook: Safe Upgrades, Rollback, and Migration Testing
Master VyOS upgrades without downtime or disasters. Covers image management, rollback procedures, pre-upgrade testing, migration paths, and why upgrades need a playbook, not improvisation.
Configuration Standards: Naming, Comments, Structure That Scales
Build maintainable VyOS configurations with consistent naming, strategic comments, firewall groups, and policy structure. Learn standards that make configs readable years later.
Configuration Sessions: Parallel Work Without Conflicts
Master VyOS configuration sessions for team environments. Covers session isolation, concurrent editing, merge strategies, and why sessions prevent "who changed what" mysteries.
Commit-Confirm: Your Safety Net Against Self-Lockout
Master VyOS commit-confirm to prevent remote lockouts. Covers automatic rollback, confirmation workflow, timeout tuning, and why every remote change should use confirm.
Automation & GitOps for VyOS: Templates, Backups, Safe Deploy
Practical VyOS automation with Git, templates, and safe deployment practices. Covers config backup strategies, Jinja2 templates, Ansible integration, rollback procedures, and why automation reduces errors only if you have rules of the game.
High Availability: VRRP + State Sync (What You Can and Can't Do)
Honest guide to VyOS high availability using VRRP and conntrack sync. Covers failover configuration, state synchronization, what actually fails over and what doesn't, testing procedures, and why HA is a set of failure scenarios, not a checkbox.
VRF & Segmentation: When VLANs Aren't Enough
Using VRF on VyOS for network isolation that goes beyond VLANs. Covers VRF creation, inter-VRF routing, route leaking, firewalling between VRFs, and maintaining a clear mental model of your segmentation.
RPKI/IRR Filtering Strategy: Practical, Not Academic
Real-world BGP route validation using RPKI and IRR on VyOS. Covers validator setup, policy storage, prefix validation workflow, and why filtering is a process, not a single configuration.
BGP on VyOS: Filters Are Not Optional
BGP fundamentals on VyOS using FRR. Covers eBGP/iBGP setup, prefix-lists, route-maps, communities, max-prefix protection, and why BGP without filtering is an incident waiting to happen.
OSPF on VyOS: When Details Break Everything
Practical OSPF configuration on VyOS. Covers areas, passive interfaces, authentication, MTU issues, and the small details that cause OSPF adjacencies to fail silently.
Observability on VyOS: Logs, Metrics, and Backups That Matter
Setting up proper logging, monitoring, and backup strategies for VyOS. What to log, where to send it, how to back up configurations, and why a router without logs is like production without monitoring.
QoS on VyOS: Making Latency Feel Better
Practical traffic shaping and QoS configuration on VyOS. Covers queue disciplines, traffic prioritization, fighting bufferbloat, and understanding where the actual bottleneck is.
Multi-WAN on VyOS: Failover That Actually Works
Configuring reliable multi-WAN failover on VyOS with proper health checking. Covers dual ISP setup, weighted load balancing, SLA monitoring, and why failover without tracking is false confidence.
IPsec on VyOS: Site-to-Site Tunnels That Survive Reality
Configuring reliable IPsec site-to-site VPNs on VyOS. Covers IKEv2 setup, NAT traversal, dead peer detection, rekeying, and systematic debugging when things go wrong.
WireGuard on VyOS: Production Configuration for Site-to-Site and Road Warriors
Complete WireGuard setup on VyOS covering site-to-site tunnels, mobile clients, kill switches, split vs full tunnel, and the two things that make WireGuard stable: MTU and routing policy.
Policy-Based Routing on VyOS: Practical Patterns for Split Routing
How to route specific traffic through different gateways on VyOS. Covers routing by source, destination, domain, and application with real-world examples like split-tunnel VPN.
IPv6 at Home: RA, DHCPv6, and Why Your Firewall Keeps Breaking It
Practical IPv6 configuration on VyOS for home networks. Covers Router Advertisements, DHCPv6, stateless vs stateful addressing, firewall rules, and debugging ND/RA issues.
VyOS Isn't Scary: Building Your First Production-Ready Router
A practical guide to setting up VyOS from scratch. Covers WAN/LAN configuration, NAT, DHCP, DNS forwarding, and basic firewall rules with validation at every step.
GPU / PCI Passthrough: The Path That Works (and What Breaks It)
Complete guide to GPU and PCI passthrough on Proxmox. Covers IOMMU setup, ACS override, VFIO configuration, driver binding, common issues, and why passthrough is hardware compatibility plus attention to detail.
Performance Clinic: CPU Pinning, Hugepages, VirtIO, and Storage Tuning
Proxmox performance optimization guide. Covers VirtIO drivers, cache modes, IO threads, NUMA awareness, hugepages, and why optimization starts with measurement, not tweaking.
Observability: Metrics, Logs, Alerts — What I Monitor on Proxmox
Complete Proxmox monitoring setup. Covers node metrics, storage health, ZFS/Ceph monitoring, log aggregation, alerting rules, and why you cannot manage what you cannot see.
IP Management: Getting VM IPs Reliably (DHCP, MAC Mapping, Integrations)
Reliable IP address management for Proxmox VMs. Covers DHCP strategies, MAC-to-IP mapping, router integrations, inventory collection, and why IP addresses are data that must be collected automatically.
Golden Images Pipeline: Building Templates Like a Factory
Automated VM template creation for Proxmox. Covers Packer integration, cloud-init pipelines, image versioning, testing, and why images must be reproducible or they become unique snowflakes.
Infrastructure as Code: Terraform Proxmox Provider — Patterns That Won't Rot
Terraform with Proxmox done right. Covers provider configuration, module structure, state management, safe changes, and why IaC is about predictability, not faster clicking.
Security & Multi-Tenancy: Roles, Pools, API Tokens, and Isolation
Building secure multi-tenant Proxmox environments. Covers RBAC configuration, resource pools, API token management, audit logging, and why access control is a product that requires design.
Ceph on Proxmox: Honest Guide (When It's Worth It, When It's Pain)
Real talk about Ceph on Proxmox. Covers minimum requirements, network design, OSD configuration, recovery behavior, performance expectations, and why Ceph is great when you accept its costs.
High Availability: HA Groups, Fencing Mindset, and Failure Testing
Proxmox HA done right. Covers HA manager configuration, fencing requirements, groups and priorities, maintenance procedures, failure testing, and why HA without tests is just a checkbox.
Snapshots vs Backups vs Replication: What Saved Me and What Didn't
Understanding data protection layers in Proxmox. Covers snapshots, backups, and replication with real failure scenarios, RPO/RTO planning, and why replication is not a replacement for backups.
Backups Done Right: Proxmox Backup Server, Schedules, Retention, and Restore Drills
Complete guide to Proxmox Backup Server. Covers installation, incremental backups, deduplication, retention policies, verification, and why a backup only exists after a successful restore test.
Cluster Setup: Joining Nodes, Quorum, and Corosync Realities
Building a Proxmox cluster correctly. Covers node joining, quorum mechanics, split-brain prevention, Corosync networking, and why clustering is network discipline, not just a button.
LXC vs VM: When Containers Are a Gift (and When They Bite)
Practical guide to choosing between LXC containers and VMs on Proxmox. Covers performance differences, security boundaries, use cases, and why containers offer speed but not always isolation.
Templates & Cloud-Init: Faster VMs Without Chaos
Creating and using VM templates with cloud-init on Proxmox. Covers template creation workflow, cloud-init configuration, customization, and why a template is a contract that must stay stable.
Networking Baseline: Bridges, VLANs, Bonding — and the Mistakes I Made
Proxmox networking fundamentals and common pitfalls. Covers Linux bridges, VLAN configuration, bonding modes, network isolation, and why 99% of virtualization network problems are inconsistent Layer 2.
Storage 101: Local, ZFS, LVM-thin — What I Actually Use and Why
Practical guide to Proxmox storage options. Covers local directory, LVM-thin, ZFS pools, when to use each, snapshot limitations, and why fast storage is often fragile storage.
Post-Install Baseline: Users, SSH, Firewall, Updates, and Hardening
Essential Proxmox security hardening after installation. Covers user management, SSH key-only access, host firewall configuration, automatic updates, and why security is easier to implement now than later.
Why I Chose Proxmox (and How to Install It the Boring, Correct Way)
Proxmox VE installation done right. Covers disk layout decisions, ZFS vs LVM vs ext4, network configuration, repository setup, and why the boring install is the one that survives upgrades.