Take a Network Break! The US and British governments have accused Russian state actors of compromising routers and other network infrastructure, the United States forbids American companies from selling components to Chinese telecom firm ZTE, and Huawei rethinks its US strategy.

Cisco releases notes on its 9500 switches and UADP silicon, IBM releases a mainframe that takes the same space as a traditional 19-inch server rack, and VMware shares rise on rumors that Dell won’t reverse-merge with it.

Arista’s share price stumbles, and then recovers; Cisco ditches the Spark brand name; a Cisco security exec says we’re all screwed; and the United States is the leading source of botnet attacks in the world.

Find links to all these stories just after our sponsor message.

Sponsor: InterOptic

InterOptic offers high-performance, high-quality optics at a fraction of the cost. Find out more at InterOptic.com, and if you re attending Interop 2018 in Vegas, stop by the InterOptic booth to learn how they can help you spec the right optics for your network.

Show Links:

Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices – US-CERT

Huawei, Failing to Crack U.S. Market, Signals a Change in Tactics – The New York Times

Continue reading

If you were a black hat hacker considering targets of opportunity, a service provider network might seem very interesting. The infrastructure is critical for commerce and governmental operations. The data carried is potentially interesting and valuable. And indeed, we know that carrier networks are highly targeted.

In this sponsored show with Cisco, we discuss how to think deeply about security on mission critical networks and protecting routers and other devices not behind a firewall.

That means making certain that the network operating system is running exactly the code we think it is. That the devices on the network are devices we know and can trust. And then once we ve secured the network, how we can use it as a platform to deliver additional security services.

Our guests are Dan Backman and Kaarthik Sivakumar of Cisco. Dan is a Technical Marketing Engineer on the Service Provider team, and Kaarthik is a Security Architect for IOS XR Engineering.

We discuss the general risks service providers face and why trusted network devices are essential. Then we dive into technical details on how Cisco protects IOS XR, including the Trust Anchor Module, how to audit trusted networks, and how to build Continue reading

Today on the Priority Queue, some practical Python for network engineers.

My guest is Billy Downing, and we walk through an example of how to use Python to deploy BFD, or Bidirectional Forwarding Detection.

We start by describing BFD and how it works, and then explore how to use Python to make it go in your network.

Billy is a data center engineer who works for the Department of Defense. Check out his blog at NetworkTechStudy.com.

Show Links:

NetworkTechStudy.com – Billy Downing’s blog

Learning Python from a Network Engineer’s Perspective – NetworkTechStudy.com

Bidirectional Forwarding Detection (BFD) – IETF

If you work for a Value Added Reseller (VAR) as an engineer, the value being added is YOU.

What is VAR life? Projects, customer meetings, deadlines, bills of materials, RFP responses, and trying to turn the promises of sales unicorns into an actual design you can install for the customer.

We’ve worked for VARs at one time or another, as has our guest Eric Gullickson, who is now Enterprise Architect at Vortex Optics. We thought we d run down the good, the bad, and the ugly of the VAR life on this episode of the Datanauts podcast.

We start the show by distinguishing the different roles a VAR can have. Then we dive into the good, which includes access to new technology, paid certifications, a flexible work schedule, and exposure to a wide variety of businesses and operating environments.

For the bad, the Datanauts and Eric discuss the blunt reality that you have to generate profit, and you may find yourself having to navigate the competing interests of manufacturers, sales, distributors, and customers.

On the ugly side, we swap stories about greasy salespeople, bad project management, and other nightmares.

Show Links:

Eric Gullickson.com

Eric Gullickson on Twitter

Take a Network Break! Cisco puts its Tetration workload protection product into the cloud by announcing a SaaS version, and attackers target Cisco’s Smart Install feature on the IOS and IOS XE operating systems.

Juniper aims to entice service providers by integrating telemetry, AppFormix, and its NorthStar WAN SDN controller for improved remediation, HPE acquires a cloud consultancy, and Riverbed CEO and cofounder Jerry Kennelly retires.

Cradlepoint partners with Webroot for secure SD-WAN, an activist investor target MicroFocus to go private, and cryptomining attacks increasingly target the enterprise.

Last but not least, Gartner predicts explosive cloud growth, and IDC says lines of business will outspend IT departments on technology.

Sponsor: ThousandEyes

ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can smoothly migrate to the cloud, transform your WAN, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt.

Show Links:

Cisco Tetration Now Available As A Cloud Service And Virtual Appliance – Packet Pushers

Cyber-Espionage Groups Are Increasingly Leveraging Routers in Their Attacks – Bleeping Computer

Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Continue reading

In the ten or so years I ve been blogging, Ivan Pepelnjak has been constant figure in the tech industry. His prolific blogging and sharing of knowledge is one of the inspirations for my own entry into blogging. Over the years, we have usually agreed violently on most things and disagreed on others.

His ipSpace website has grown from a blog into a membership and more recently into a consulting service.

On today’s Priority Queue, Ivan and I talk about automation, intent, product quality and what can be done to improve it, the direction private clouds might take, and whatever else catches our fancy.

Sponsor: Paessler AG

Paessler AG is the maker of PRTG Network Monitor. PRTG monitors your whole IT infrastructure 24/7 and alerts you to problems before users even notice. Find out more about the monitoring software that helps system administrators work smarter, faster, better. Visit paessler.com today.

Show Links:

IPSpace.net

Blog.ipspace.net

Ivan Pepelnjak on Twitter

If you d heard of Cisco Tetration when it was first announced, you might have a vague memory of it being this huge rack of hardware at an eye-watering price that did some sort of analytics for massive data centers.

Tetration has evolved into a platform that meets needs for organizations of many sizes. Tetration also has a bunch of genuinely interesting use cases, as Cisco has become increasingly clever about what they can do with all of that data Tetration gathers.

For example, you can auto-implement a whitelist policy for application workloads. You can detect when your apps are deviating from their normal traffic patterns. You can detect software vulnerabilities. And depending on where you run Tetration, you can still get deep network performance insights, what I think of as the original Tetration value proposition.

Today on this sponsored episode, we delve into what Tetration does, explore use cases, and dive into how it fits into compute environments. Our guests from Cisco are Jason Gmitter, Principal Systems Engineer; and Yogesh Kaushik, Senior Director of Product Management for Tetration.

Show Links

Cisco Tetration – Cisco Systems

Cisco Tetration Workload Protection Extended with new Options: SaaS and Virtual Appliance – Cisco Continue reading

Today the Datanauts explore three key concepts to make cloud management and operations more bearable: automation, understanding new services and capabilities, and security.

Our guest is Kenneth Hui, Technical Marketing Engineer at Rubrik. Ken blogs at Cloud Architect Musings. While our conversation focuses primarily on AWS, many of the principles discussed will apply to any cloud platform.

In part one we parse automation, infrastructure-as-code, and DevOps to understand how these concepts are related, how they differ, and why culture and human behavior matter more than labels.

Part two explores the latest offerings in AWS including serverless, container support, and machine learning.

Part three tackles cloud security essentials including encryption, not exposing S3 buckets, and best practices.

Show Links:

Infrastructure as Code: A Reason to Smile – Thoughtworks.com

DevOps Culture (Part 1) – IT Revolution

The AWS Love/Hate Relationship with Data Gravity – Cloud Architect Musings

Data Encryption in the Cloud, Part 1: Why You Should Care – Cloud Architect Musings

Last Week In AWS – Newsletter

Unsecured server exposed thousands of FedEx customer records – ZDNet

Vault Project – Vault.io

AWS Blogs – Amazon

AWS Security – Amazon

AWS Security Best Practices – Amazon

AWS Faragate – Continue reading