Networking With Ehsan

Podcast

30Nov

Cisco Nexus One

n this episode, we dive into one of Cisco’s newest and most important announcements in the world of data centers: Cisco Nexus One — the next-generation switching platform designed to make the integration between ACI, EVPN, and VXLAN simpler, more flexible, and more intelligent.
In this video, we explore five key topics:
🔹 1. A look at the evolution of SDN in Cisco data centers How did we move from traditional architectures to ACI, and now to Nexus One?
🔹 2. Introducing a new role in ACI: the ACI Border Gateway What does this new component do, and which challenges does it solve?
🔹 3. Deep dive into the architecture of Cisco Nexus One A breakdown of the ASIC, fabric, pipeline, and Nexus One’s position in future data center networks.
🔹 4. Understanding VXLAN connectivity between EVPN and ACI How do these two technologies interact and integrate?
🔹 5. Examining Policy models between ACI and EVPN What’s the difference between Policy-Unaware and Policy-Aware, and when is each used?
If you work with Cisco ACI, EVPN, VXLAN, or data center design, this episode is for you.

23Nov

Microsegmentation with GPO

In this episode, we dive into one of the most important innovations shaping modern data center architectures: Micro-Segmentation using GPO (Group Policy Option) in VXLAN-EVPN and NX-OS environments.
In this episode, we explain:
- The role of Group Policy Option (GPO) in enabling true micro-segmentation
- ESG, SGACL, and how policies are carried along with the traffic
- GPO architecture on NX-OS and the difference between Ingress vs. Egress enforcement
- Service Chaining, traffic redirection, and distributed security at the Leaf
- Capabilities, limitations, and the technical improvements in recent NX-OS releases
- The future of GPO and why it is becoming one of the key pillars of security in modern fabrics

16Nov

What is ZTNA? (Agentless)

In this episode, we dive into one of the most important concepts in the world of network security:
ZTNA – Zero Trust Network Access
1️⃣ Introduction to ZTNA
Why “no one is trusted by default”
The role of identity and device posture in modern security
2️⃣ Comparing ZTNA with VPN
Why VPN is no longer enough
Application-based security vs. full network access
Advantages, weaknesses, and real-world scenarios
3️⃣ Agentless ZTNA Architecture
Secure access without installing software on the user device

9Nov

Network That Never Sleeps - OOB

In this episode of Ehsan’s Tech Lounge, titled “Network That Never Sleeps,” we explored one of the most critical components of network infrastructure: Out-of-Band Management (OOB).

In this discussion, we explained what OOB is, why it plays a key role in network security and resilience, and how, during a crisis, it often becomes the only active path to regain control of the network.

We then took a brief look at ZTNA – Zero Trust Network Access, and finally analyzed Meta’s data center–scale OOB solution — an architecture based on Passive Optical Network (PON) technology that redefines resilience in the modern data center world.

2Nov

Business Logic Attacks

In this episode of Ehsan’s Tech Lounge, we dive into a silent but very serious threat: Business Logic Attacks — attacks that do not rely on code injection, but instead exploit the order of requests (user journey) and the logic of the application. These attacks often stay invisible to traditional firewalls and security tools.

What you’ll learn in this video:
• The difference between a traditional WAF and the need for modern API Security solutions
• Three real, relatable scenarios: coupon abuse, ATO (Account Takeover), and race conditions in fintech
• How API inventory, distributed tracing, and behavior baselining help uncover logic-based attacks
• A practical playbook for detection, rapid response, and remediation — actionable steps that DevOps and SecOps teams should start implementing today

If you found this video useful, hit the Like button and share it with your technical friends — especially DevOps teams, SecOps teams, and system architects.

26Oct

Cisco Secure Analytics (Stealthwatch) Explained: NDR for Modern Enterprise Networks

In this episode of the Tech Lounge series, we explored one of the most important network security solutions: NDR – Network Detection & Response.
We reviewed the architecture of Cisco Secure Analytics (SNA) — formerly known as Stealthwatch — analyzed common customer challenges, and explained how network traffic analytics can detect malicious behavior even without signatures.

🔍 Topics we covered:
• What is NDR and why is it critical today?
• SNA architecture and components (Flow Collector, Flow Sensor, UDP Director, etc.)
• The role of telemetry and NetFlow in security visibility
• A brief demo of the SNA environment

19Oct

Inside Cisco SD-WAN: How Modern WAN Automation Works

In this episode, we explore Cisco SD-WAN — one of the most modern and widely used enterprise networking solutions in the world.
We’ll explain how SD-WAN separates the control and data planes, how it simplifies and secures connectivity between branch locations, and how, using vManage, vBond, and vSmart, it automates policy and routing management.
If you’re looking for a real understanding of an automated, policy-driven, and secure WAN, this episode is for you!

12Oct

Inside SD-Routing: Cisco’s Next-Gen Approach to Smarter Networks

What exactly is SD-Routing, and why is Cisco betting big on it?
In this episode, we unpack how SD-Routing merges traditional routing with cloud-age intelligence, and what makes Cisco’s Gen 2 Routers the perfect platform for it.

05Oct

QUIC: Performance Revolution or Security Blind Spot?

In the fourth episode of Ehsan’s Tech Lounge Podcast, we explore how HTTP/3 powered by QUIC promises blazing-fast connections and a better user experience — but also introduces new visibility and inspection challenges for security vendors. We trace the evolution of HTTP protocols, unpack the architectural benefits of QUIC, and ask the critical question: Can our firewalls keep up? Join us as we analyze how vendors are tackling decryption, telemetry, and detection inside encrypted QUIC traffic.

28Sep

Why Firewall Sizing & Decryption Matter | Data-Center Security with MACsec

In this technical episode S1E3 we cover two tightly related topics: why firewall sizing — especially CPU capacity for TLS/SSL decryption — matters for detection and prevention, and how enabling MACsec on data-center links stops many MITRE ATT&CK techniques based on sniffing and frame injection.

21Sep

From Firewalls to Smart Switches: How DPUs Are Changing Security

In this episode, we dive into the next generation of networking and security — exploring Data Processing Units (DPUs), Cisco Hypershield, and Nexus 9300 Smart Switches.

15Sep

Cisco HyperFabric AI

We introduce Cisco HyperFabric AI—covering architecture, benefits, and learning paths for engineers entering AI infrastructure.

Networking With Ehsan – Podcast