Networking

Much of our networking is done using Linux devices, ranging from small embedded devices. Linux can for the most part do everything an expensive proprietary solution can do; the only costs are some basic hardware and our time. We are at home with writing custom iptables scripts, ISC dhcpd.conf files, BIND DNS zone files, bridging, policy routing, and so forth.

Everyone on our engineering team has Cisco training. Dynamic routing such as BGP v4 with full routing tables, OSPF, route aggregation & summarization, RIP, EIGRP, and so on is no problem. Proper planning and configuration of switching technologies such as STP, LACP, and VLANs is also critical in enterprise networks.

Many network problems arise from incorrect DNS configuration at either the recursor or authoritative level. We are comfortable with BIND and Microsoft DNS as well as smaller DNS servers such as dnsmasq. We use command line tools as well as comprehensive health checks like www.DNSStuff.com to ensure DNS, Mail, and SPF are all happy.

DHCP needs more attention these days, especially for automatic provisioning of VoIP phones and PXE network boot deployments.

And not to forget Virtual Private Networking. We support IPSec with a variety of implementations, including Linux's Openswan, Cisco, Juniper, and the myriad of SOHO routers on the market. In a pure Linux/Windows/OSX environment, our preferred course is to use OpenVPN's OpenSSL-based VPNs. OpenVPN can provide both routed (layer 3) and bridged (layer 2) tunnels over either TCP or UDP transport mechanisms, making it very NAT friendly.