Skip to main content

Posts

Migrating Azure API Management to STv2: A Practical Guide

If you're using Azure API Management (APIM) services, you've likely seen this message: "Support for the single-tenant v1 (STv1) platform ends on 8/31/24. Migrate instances before that date to the new platform version (STv2) for continued support and access to new features." This announcement highlights the urgency of migrating to STv2. To ensure a smooth transition, it's crucial to analyze our architecture, understand technical constraints, explore possible approaches, and assess risks. Here’s a summarized guide on how I managed the migration using the VNET-injection method. My Case: APIM with Dedicated Public IP and Subnet Configuration: APIM with a dedicated public IP and a dedicated subnet. Assigned private IP with NAT in a controlled VNET. Need to maintain IP addresses and DNS. Issues: APIM migration requires a new public IP, new subnet with private IP, new DNS, and new NSG. APIM instances acquire IP addresses randomly, complicating existing firewall rules, NS...
Recent posts

Unable to access Ingress Controller in Azure AKS issue

I've upgraded my AKS nodes in Cluster last night. After upgraded both nodes, all my apps went down and all my internal load balancers was not able to access. Spending many hours in troubleshooting and ends up with the miserable findings of root caused. That's it.... The Resource Tagging used in my Cluster and it's resource has exceed more than 50 tags. Microsoft recommendation is to maintain the tags less than 20. After I've removed over 30 tags and refresh the nodes then only all my resources are back up online as well as the applications. Currently, the resource sync the tags with cluster are below, AKS Cluster itself Router Table Pubic IP Load Balancer Network Security Group Virtual Network AKS managed kubelet msi AKS managed addon msi Private DNS zone Private endpoint So, beware this when you have more than 50 tags on your AKS Cluster. Cheer!  Have a good day. (Be knowledgeable, pass it on then)

Staying Home? Get paid for surfing the web!

Staying Home? Get paid for surfing the web! You can earn some passive money by using below browser on your mobile phone, table and computer. Just try it during this globally impacted COVID-19 situation. https://cryptotabbrowser.com/landing/57/25117657 What you need to do is download the CryptoTab Browser in above link and use it as default browser on your gadegets then get paid. That's all. Thanks. Have fun!

How to copy file from TFTP server via vrf enabled interface in Cisco Devices?

TFTP server is sitting in subnet which can reach via global routing table and your network devices is configured OOB with vrf routing. You have no other ways to copy your files to your device except from TFTP server. What will you do then? 😊 Leaking vrf to global routing or vice versa?  The answer is ... configure terminal ip tftp source-interface (Your OOB interface IP) You’re done. Cheer!  Have a good day. (Be knowledgeable, pass it on then)

PAN OS API Key problem after upgrade from 7 to 8

When you use External Block List for Malicious IP with your PaloAlto, you need API Key for your server to refresh the list whenever you update the content. The API key syntax for PAN OS 7 and 8 is different and it will take your time after you upgrade PAN OS. So here is the solution what I've tested. Syntax for 7 is https://<firewall IP>/api/?type=op&cmd=<request><system><external-list><refresh><name>Type your EBL Name Here</name></refresh></external-list></system></request>&key="API Key" Syntax for 8 is https://<firewall ip>/api/?type=op&cmd=<request><system><external-list><refresh><type><ip> <name>Type your EBL Name Here</name></ip> </type></refresh></external-list></system></request>&key="API Key" Have fun with PAN OS. Thanks. Have a good da...

Why is this ransomware attack different?

Unlike other ransomware families, the WannaCry strain does not spread via infected e-mails or infected links. Instead, it takes advantage of a security hole in most Windows versions to automatically execute itself on the victim PC. According to various reports, this attack avenue has been developed by the National Security Agency (NSA) in the US as a cyber-weapon and it was leaked to the public earlier  in April along with other classified data allegedly stolen from the agency. Until now, a number of hospitals, telecom companies or gas and utilities plants have suffered massive disruptions caused by data being held at ransom. As this ongoing outbreak is affecting countless computer users around the world, we are actively working on a free decryption tool to help victims recover their information without paying the ransom. Make sure to follow us on Twitter and Facebook to be notified when it becomes available. Source : Bitdefender Thanks. Have a good day! (Be knowl...

MPLS Troubleshooting Tips

Anyone of you having difficulty in troubleshooting MPLS as a beginner? I did some research and take notes for myself and now it is for you to do reference as well. MPLS troubleshooting can be divided into two main steps: 1) Verify routing information flow 2) Verify proper data flow - Routing information flow troubleshooting requires verification of end-to-end routing information propagation between CE routers. - Verification of the routing information flow should be done systematically, starting at the routing ingress CE and moving to the egress CE. - Verification of the data flow should be done systematically, starting at the data flow ingress CE and moving to the egress CE. There are three things to perform basic MPLS troubleshooting. They are, 1) Preliminary steps in MPLS VPN Troubleshooting: - Is CEF enabled? - Are labels for IGP routes generated and propagated? - Are large labeled packets propagated across the MPLS backbone (maximum transmission unit issues)? 2) Verify the routi...