Let’s talk MPLS-VPLS, part 1 – use cases

Hey guys, today we’ll be taking a look at what are the main reasons that MPLS – and in particular VPLS – is a useful technology tool to get traffic from point A to point Z. There’s really 2 major use cases that I deal with regularly: IPv4 conservation and L2VPN.

Why am I talking about VPLS specifically? Well, mostly because many times I end up working with Mikrotik routers, which only support VPLS. What is VPLS? It stands for Virtual Private Line Service, and it’s a way to deliver layer 2 services over a layer 3 network. Said another way, it connects a single broadcast domain to multiple endpoints across a routed network. I’ll discuss why MPLS is better for you and your network than switching/bridging in part 2 of this series – for now just know that MPLS/VPLS will allow you to offer enhanced services without the risks of extending layer 2 (I’ll talk more about that below, and why that’s bad in part 2, also).

Use case 1: IPv4 Conservation

OK, so let’s visualize the problem with IP conservation on a small /24 allocation.

Subnetted /24 network

If you’re like most other service providers, you have a Continue reading

Controversial Reads 071021


According to the company’s market research, just about every demographic wants more data privacy: young, old, male, female, urban, rural. Public polling backs that up, though the results vary based on how the question is asked. One recent survey found that “93 percent of Americans would switch to a company that prioritizes data privacy if given the option.”


Once upon a very different internet era, law professor Tim Wu rose to intellectual prominence warning of the doom to come without “net neutrality,” a term he coined.


In a blog post on March 3, Google announced that it would be removing third-party cookies from its Chrome browser—a decision that would effectively end use of third-party cookies. Google also pledged to avoid any other technology for tracking individuals as they browse the web.


The $35 million contract given to SKDKnickerbocker was controversial. The state controller refused to pay it, pointing to the fact that there was no authorization in the budget for that spending.


The Judiciary Committee of the U.S. House of Representatives recently released a comprehensive series of bills designed to curb the excesses of Big Tech. One of them, the Platform Competition and Opportunity Act, addresses one of Continue reading

  • Russ
  • July 10, 2021

How Working ‘The Internet Way’ Helped the Middle East and North Africa Score Social and Economic Benefits

In the Middle East and North Africa (MENA), some countries have responded to the challenges of the global pandemic by enacting policy changes, like temporarily lifting VoIP bans so citizens can communicate more easily. It’s giving the region a glimpse of the instant social and economic benefits of a thriving Internet. But are there other […]

The post How Working ‘The Internet Way’ Helped the Middle East and North Africa Score Social and Economic Benefits appeared first on Internet Society.

VARs See You As Technical Debt

I’ve worked for a Value Added Reseller (VAR) in the past and it was a good run of my career before I started working at Tech Field Day. The market was already changing eight years ago when I got out of the game. With the advent of the pandemic that’s especially true today. Quite a few of my friends say they’re feeling the pressure from their VAR employer to stretch beyond what they’re accustomed to doing or outright being treated in such a way as to be forced out or leaving on their own. They tell me they can’t quite understand why that’s happening. After some thought on the matter I think I know. Because you represent debt they need to retire.

Skill Up

We don’t start our careers knowing everything we need to know to make it. The industry spends a lot of time talking about careers and skill paths and getting your legs under you. Networking people need to learn Cisco or Juniper or whatever configuration language makes the most sense for them. Wireless people need to learn how to do site surveys and configure access points. Server people need to learn operating systems and hypervisors. We start Continue reading

Weekend Reads 070921


A long-standing, generally accepted norm in the computing field distinguishes between software interfaces and implementations: Programmers should have to write their own implementing code, but they should be free to reimplement other developers’ program interfaces.


The traditional approach to statistical disclosure control (SDC) for privacy protection is utility-first. Since the 1970s, national statistical institutes have been using anonymization methods with heuristic parameter choice and suitable utility preservation properties to protect data before release.


Shared libraries encourage code reuse, promote consistency across teams, and ultimately improve product velocity and quality. But application developers are still left to choose the right libraries, figure out how to correctly configure them, and wire everything together.


When October 5 came, there was no vulnerability advisory being published and I still had not heard a CVSS or CVE for the issue, so I reached out again to their PSIRT who this time replied that the release had been postponed until October 14th now due to a delay in QA.


Organizations relying on traditional signature-based tools to detect security threats would likely have missed roughly three-quarters of malware samples that hit their networks and systems last quarter, a new analysis shows.


But as attacks have increased in Continue reading

Heavy Networking 587: When Your Side Project Gets Billions Of Hits – The ICanHazIP Saga

Today on Heavy Networking, the icanhazip story. On the surface, icanhazip.com is simple enough: You hit the URL, and get back your external, public IP address. There are no ads, no blinky lights, just an IP. This free, simple utility has become widely popular, with billions of requests per day. We talk with creator Major Hayden about why and how he built icanhazip, the time and money he's invested, and the insane amount of personal effort it's taken to keep it going.

The post Heavy Networking 587: When Your Side Project Gets Billions Of Hits – The ICanHazIP Saga appeared first on Packet Pushers.

From Zero Visibility to Zero Trust in the Data Center

Imagine someone breaking into your home. If you catch them in the act, they’re most likely leaving right away, and you’re upping your security system. Now imagine someone breaking into your home, and staying for nine months – now what? They’ve prolonged their stay completely unnoticed and destroyed the security system you once trusted and relied upon. Your next move? Trying to reinstate the faith you once had in security and completely reconfigure your security blueprint.  

Let’s break down why data center security has taken center stage as of late with the increasing challenges of securing east-west traffic and the journey from zero visibility to Zero Trust thanks to Forrester and VMware’s collaborative webinar session. (Or, feel free to get straight to all the juicy details, and watch the webinar now.) 

The Catapult for Enhanced Data Center Security 

We’re on the heels of the global COVID-19 pandemic, and wow, have things changed. As a global community, we were trying to juggle the unknown and potential threats that COVID-19 had posed. From an industry perspective, we had to engage in an overhaul that changed the way we worked – forever. For organizations everywhere, remote work is now a part of the new normal routine. So, with these massive changes, Continue reading

The Packets Never Lie

In this episode, Phil and Brandon interview Kary Rogers, AKA PacketBomb, and discuss the need to drill down into packets when troubleshooting. The group shares a few stories from the trenches on how packets helped them solve issues and Kary explains how he got started looking at Packets for deeper information.

Reference Links:

Kary Rogers
Guest
Phil Gervasi
Host
Brandon Carroll
Host

The post The Packets Never Lie appeared first on Network Collective.

MikroTik RouterOS – v7.0.3 stable (chateau) and status of general release

If you don’t already use it, the MIkroTik v7 BETA forum (forum.mikrotik.com) is a fantastic source of information


When will stable be released?

This is the million dollar question. Technically, it already has been for one hardware platform…

!! Spoiler Alert – There is *already* a stable release of ROSv7 – v7.0.3!!

The Chateau 5G router originally shipped with a beta version of ROSv7 but was quietly moved to a stable version that’s developed specifically for that platform.

https://forum.mikrotik.com/viewtopic.php?t=175201#p865329

Because of the way MikroTik’s code repo works, this version can’t easily be added to the main download page and support provides the software:

ROSv7.0.3 Stable Download (!!! Chateau Only – will brick other hardware !!!)

https://box.mikrotik.com/f/7e3cad5779804d0b878d/?dl=1

It’s worth repeating MikroTik’s warning about using this on any platform other than the Chateau

v7 launch date – MikroTikhttps://forum.mikrotik.com/viewtopic.php?f=1&t=175201#p865452


https://iparchitechs.com/contact



What’s holding up v7 from being released?

If you’ve been around MikroTik for a while, then you know that version 7 has been in the works for a long time to add new functionality and address limitations of the older Linux kernel in ROSv6.

MikroTik recently Continue reading

Video Game Security Should Be Simple for Developers

Video games continue to Bharat Bhat (Okta marketing lead for developer relations) cover why and how video game platforms and connections should be more secure, with guest Okta senior developer advocate Video Game Security Should Be Simple for Developers Also available on Google Podcasts, PlayerFM, Spotify, TuneIn The gaming industry has often served as a showcase for some of the industry’s greatest programming talents. As a case in point,

The TPM chip controversy for Windows 11 is a non-issue for Windows Server

By now you’ve heard about the kerfuffle surrounding Windows 11 and its requirement for a Trusted Platform Module (TPM) chip, which is not standard on the majority of PCs and threatens to leave many newer Windows 10 PCs blocked from being upgraded.Normally the issues around a new version of Windows are system requirements, but here, the issue is the TPM chip. TPM is a specially designed chip that assists with security surrounding credentials. It ensures that boot code that’s loaded, such as firmware and OS components, haven’t been tampered with. It can also encrypt the drive contents to protect against theft. Microsoft is mandating that systems have TPM based on 2.0 specifications but few PCs do. Those that do ship with it have it turned off by default but it is easily activated.To read this article in full, please click here

The TPM chip controversy for Windows 11 is a non-issue for Windows Server

By now you’ve heard about the kerfuffle surrounding Windows 11 and its requirement for a Trusted Platform Module (TPM) chip, which is not standard on the majority of PCs and threatens to leave many newer Windows 10 PCs blocked from being upgraded.Normally the issues around a new version of Windows are system requirements, but here, the issue is the TPM chip. TPM is a specially designed chip that assists with security surrounding credentials. It ensures that boot code that’s loaded, such as firmware and OS components, haven’t been tampered with. It can also encrypt the drive contents to protect against theft. Microsoft is mandating that systems have TPM based on 2.0 specifications but few PCs do. Those that do ship with it have it turned off by default but it is easily activated.To read this article in full, please click here

What’s new in Calico Enterprise 3.7: eBPF data plane, high availability, and more!

As our enterprise customers build out large, multi-cluster Kubernetes environments, they are encountering an entirely new set of complex security, observability, and networking challenges, requiring solutions that operate at scale and can be deployed both on-premises and across multiple clouds. New features in our latest release add to the already formidable capabilities of Calico Enterprise.

New feature: High-availability connectivity for Kubernetes with dual ToR

 

Many platform operators who run Kubernetes on-premises want to leverage Border Gateway Protocol (BGP) to peer with other infrastructure. Calico uses BGP to peer with infrastructure within the cluster as well as outside of the cluster, and integrates with top-of-rack (ToR) switches to provide that connectivity.

Calico ToR connectivity has existed for some time now. However, for cluster operators using BGP who need reliable, consistent connectivity to resources outside of the cluster as well as cluster nodes on different racks, Calico Enterprise dual ToR connectivity ensures high availability with active-active redundant connectivity planes between cluster nodes and ToR switches. A cluster that is peered to two ToR switches will still have an active link, even if one switch becomes unavailable, thus ensuring the cluster always has a network connection. Kubernetes cannot do this on its Continue reading

The Future IBM We Will Probably Never See

Let’s get one thing straight right off the bat. If someone has been named president of International Business Machines Corporation, it means they are the heir apparent and future chief executive officer of what used to be the world’s largest IT supplier and, with prior presidents, actually was the world’s largest IT supplier.

The Future IBM We Will Probably Never See was written by Timothy Prickett Morgan at The Next Platform.

Mapping SAML attributes to Red Hat Ansible Automation Platform organizations and teams

Two-Factor Authentication (2FA) is an additional layer of security that can be used to help protect enterprise applications from unauthorized access. While OAuth, and even some LDAP configs are viable options to enable 2FA in Ansible Automation Platform, users prefer to leverage Security Assertion Markup Language (SAML) for this purpose, as described in Using two-factor SAML with Red Hat Ansible Tower. On the other hand, 2FA to managed machines is discouraged.

SAML Blog 1https://pixabay.com/illustrations/eye-iris-biometrics-2771174/

SAML is an open standard that allows Identity Providers (IdP) exchange authorization credentials with a Service Provider (SP). The IdP supplies an XML document—known as assertion—to the SP to deliver a series of attributes that identify the login user. 

These attributes can be used in Ansible Automation Platform to determine the team and organization of a user. Let’s explore an example, with Microsoft Azure’s Active Directory as the IdP (and, of course, Ansible Automation Platform as the SP).

 

Attribute mapping

The goal of this example is to map users from four different groups (Alpha, Beta, Gamma and Delta) to either the Cloud or Network Organization in Ansible Tower, and make them part of a specific team (Engineering or Operations). Continue reading

1 2 3 3,087