About that Easy Button …

We love layers and abstraction. After all, building in layers and it’s corollary, abstraction, are the foundation of large-scale system design. The only way to build large-scale systems is to divide and conquer, which means building many different component parts with clear and defined interaction surfaces (most often expressed as APIs) and combining these many different parts into a complete system. But abstraction, layering, and modularization have negative aspects as well as positive ones. For instance, according to the State/Optimization/Surface triad, any time we remove state in order to control complexity, we either add an interaction surface (which adds complexity) or we reduce optimization.

Another impact of abstraction, though, is the side effect of Conway’s Law: “organizations which design systems … are constrained to produce designs which are copies of the communication structures of these organizations.” The structure of the organization that designs a system is ultimately baked into the modularization, abstraction, and API schemes of the system itself.

To take a networking instance, many networks use one kind of module for data centers and another for campuses. The style of network built in each place, where the lines are between these different topological locations in the network, the Continue reading

Network Design and Validation: IT Matters

With the complexity of our industry, two things should be obviously necessary. These two things are Network Design and Validation Testing. Design requires identifying the requirements of the business and of dependent systems. This could include things like minimum bandwidth, maximum jitter, convergence time, recovery time, minimal redundancy, etc. It is also important to understand that more rigorous requirements often contribute to cost and operational complexity. Operational complexity creates additional challenges that often erode the very parameters that have been identified as requirements. When this is found true, there are some conversations that need to be had about what is and is not achievable, given the operational and capital budgets–as well as the realistic capabilities of the staff managing the environment.

Validation is also critically important. I posted an article a few weeks ago that illustrated an interesting failure with CAPWAP. Avoiding issues like this require us to first design our network then validate the behavior against the design. Allow me to make a bold statement–If you haven’t designed and validated your network, you DON’T know how it works. Without validation–How do you know that your convergence is subsecond? How do you know that your backup routes work with applications? Continue reading

Venerable Cisco Catalyst 6000 switches ousted by new Catalyst 9600

Few events in the tech industry are truly transformative, but Cisco’s replacement of its core Catalyst 6000 family could be one of those actions for customers and the company.Introduced in 1999, iterations of the Catalyst 6000 have nestled into the core of scores of enterprise networks, with the model 6500 becoming the company’s largest selling box ever. Learn about edge networking How edge networking and IoT will reshape data centers Edge computing best practices How edge computing can help secure the IoT It goes without question that migrating these customers alone to the new switch – the Catalyst 9600  which the company introduced today – will be of monumental importance to Cisco as it looks to revamp and continue to dominate large campus-core deployments. The first Catalyst 9000, introduced in June 2017, is already the fastest ramping product line in Cisco’s history.To read this article in full, please click here

gRPC-Web and Istio: A Report from Service Mesh Day

In this post I’ll briefly describe the problem in the gRPC domain and a solution based on gRPC-Web, Envoy proxy and Istio to neatly solve it.

What is gRPC?

gRPC is a universal, high-performance, open-source RPC framework based on HTTP/2. Essentially, it lets you easily define a service using Protocol Buffers (Protobufs), works across multiple languages and platforms, and is simple to set up and scale. All this leads to better network performance and flexible API management.

Benefits of gRPC-Web

gRPC-Web addresses a shortcoming in the core gRPC framework. As developers look to benefit from the advantages it confers beyond backend microservices—the fact that it doesn’t work so well with web applications running on browsers. Although most browsers support HTTP/2 and gRPC is based on HTTP/2, gRPC has its own protocols that web applications must understand in order to work properly with it. Web applications do not have this capability because browsers don’t support gRPC out of the box.

One way to get around this problem is to use the gRPC-Web plugin and run a proxy like Envoy along with it. Envoy serves as the default proxy for Istio, and on configuring its gRPC-Web filter, it can transcode HTTP requests/responses Continue reading

The Economics of Trust: Overcoming Obstacles to Better Consumer IoT Security

In 2018 the Internet Society launched the Trust by Design campaign, to make sure that security and privacy features are built into Internet of Things (IoT) products. We focused our activities on consumer IoT, a segment particularly vulnerable, despite having the biggest share in the IoT market. We believe trust should come as standard, and so we’ve been working with manufacturers and suppliers to make sure privacy and security are included in the initial design phase all the way through the product lifecycle, as outlined in the OTA IoT Trust Framework. Our work does not stop there, as this goal can only be achieved when consumers drive demand for security and privacy capabilities as a market differentiator and policymakers create a policy environment that strengthens trust and enables innovation.

Consumer IoT devices and services without adequate security pose a wide range of risks, from directly threatening the security, privacy, and safety of their owners to the devices themselves turning into botnets that can initiate DDoS attacks against the Internet. As more and more connected devices with weak security are rushed to the market due to competition and cost concerns, missing trust is deeply rooted in economics. To better understand the Continue reading

Network Break 232: Apple Spends Millions On AWS; The G7 Wants Decryption Capabilities For Law Enforcement

Today's Network Break examines Apple's AWS spending; discusses a G7 pronouncement that wants Internet companies to provide access to encrypted data; reviews quarterly financials from Juniper, Amazon, and Microsoft; and more IT news.

The post Network Break 232: Apple Spends Millions On AWS; The G7 Wants Decryption Capabilities For Law Enforcement appeared first on Packet Pushers.

The Week in Internet News: Microsoft Reduces Password Count

What’s my password again? Microsoft has changed its baseline security configuration, which had suggested passwords be changed every 60 days, Ars Technica reports. Requiring users to change passwords so often can be counterproductive by encouraging them to pick easy-to-remember passwords, the article says.

Big money: Facebook has set aside $3 billion to pay a potential fine to the U.S. Federal Trade Commission over its handling of users’ personal data and various data breaches, CNet reports. Some critics say the expected fine, which could reach $5 billion, is a slap on the wrist for a company that clears tens of billions a year in profits, Recode suggests.

Blocking speech: Terrorist attacks in Sri Lanka that killed more than 350 people on April 21 have prompted the government there to block social media in an effort to prevent the spread of fake news, CNN reports. While some groups praised the decision others said that restricting free speech isn’t productive, Wired.com says.

Censorship on the rise: Meanwhile, it’s becoming increasingly common for governments to block Facebook and other social media for a variety of reasons. This social media blocking could lead to wider censorship efforts, The Verge suggests.

Please regulate us: Continue reading

Does your cloud-access security broker support IPv6? It should.

Cloud access security brokers (CASB) insert security between enterprises and their cloud services by providing visibility and access control, but IPv6 could be causing a dangerous blind spot.That’s because CASBs might not support IPv6, which could be in wide corporate use even in enterprises that choose IPv4 as their preferred protocol. [ Related: What is IPv6, and why aren’t we there yet? For example, end users working remotely have a far greater chance of connecting via IPv6 than when they are in the office.  Mobile providers collectively have a high percentage of IPv6-connected subscribers and broadband residential Internet customers often have IPv6 connectivity without realizing it.  Internet service providers and software-as-a-service (SaaS) vendors both widely support IPv6, so a mobile worker accessing, say, DropBox over a Verizon 4G wireless service might very well connect via IPv6.To read this article in full, please click here(Insider Story)

StackStorm Ansible Pack Usage

StackStorm has the ability to run Ansible playbooks. In this post I will install and configure the Ansible pack and create a workflow to test out the functionality. Lab Environment I have StackStorm installed on a Centos7 host. The following software versions will be utilised as part of...

Chef From The Start To The Beginning

Chef is an infrastructure automation tool similar to Puppet and Salt. In this post I will setup a Chef infrastructure consisting of a Chef server, node and workstation to manage the infrastructure. In April 2019 Chef announced that they are open sourcing all of their products under the...

The Serverlist Newsletter: A big week of serverless announcements, serverless Rust with WASM, cloud cost hacking, and more

The Serverlist Newsletter: A big week of serverless announcements, serverless Rust with WASM, cloud cost hacking, and more

Check out our fourth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

1 1,202 1,203 1,204 1,205 1,206 3,794