Questions to ask a NetFlow Vendor Before you Buy

The post Questions to ask a NetFlow Vendor Before you Buy appeared first on Noction.

Network-as-a-Service Part 3 – Authentication and Admission control

In the previous two posts, we’ve seen how to build a custom network API with Kubernetes CRDs and push the resulting configuration to network devices. In this post, we’ll apply the final touches by enabling oAuth2 authentication and enforcing separation between different tenants. All of these things are done while the API server processes incoming requests, so it would make sense to have a closer look at how it does that first.

Kubernetes request admission pipeline

Every incoming request has to go through several stages before it can get accepted and persisted by the API server. Some of these stages are mandatory (e.g. authentication), while some can be added through webhooks. The following diagram comes from another blogpost that covers each one of these stages in detail:

Specifically for NaaS platform, this is how we’ll use the above stages:

1. All users will authenticate with Google and get mapped to individual namespace/tenant based on their google alias.
2. Mutating webhook will be used to inject default values into each request and allow users to define ranges as well as individual ports.
3. Object schema validation will do the syntactic validation of each request.
4. Validating webhook will perform the semantic validation to make Continue reading

The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday

A recap on what happened Monday

On Monday we wrote about a painful Internet wide route leak. We wrote that this should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. That blog entry came out around 19:58 UTC, just over seven hours after the route leak finished (which will we see below was around 12:39 UTC). Today we will dive into the archived routing data and analyze it. The format of the code below is meant to use simple shell commands so that any reader can follow along and, more importantly, do their own investigations on the routing tables.

This was a very public BGP route leak event. It was both reported online via many news outlets and the event’s BGP data was reported via social media as it was happening. Andree Toonk tweeted a quick list of 2,400 ASNs that were affected.

Using RIPE NCC archived data

The RIPE NCC operates a very useful archive of BGP routing. Continue reading

The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday

A recap on what happened Monday

On Monday we wrote about a painful Internet wide route leak. We wrote that this should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. That blog entry came out around 19:58 UTC, just over seven hours after the route leak finished (which will we see below was around 12:39 UTC). Today we will dive into the archived routing data and analyze it. The format of the code below is meant to use simple shell commands so that any reader can follow along and, more importantly, do their own investigations on the routing tables.

This was a very public BGP route leak event. It was both reported online via many news outlets and the event’s BGP data was reported via social media as it was happening. Andree Toonk tweeted a quick list of 2,400 ASNs that were affected.

This blog contains a large number of acronyms and those are explained at the end of Continue reading

Podcast: Expanded Use Cases for Network Virtualization

How updates to MongoDB work to prevent data breaches | TECH(talk)

CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

SK Telecom Forms JV With Deutsche Telekom to Develop 5G Infrastructure

Extreme Touts Cloud Native, SD-WAN in $272M Aerohive Deal

Oracle does-in Dyn, resets DNS services to cloud

Some may call it a normal, even boring course of vendor business operations but others find it a pain the rump or worse.That about sums up the reaction to news this week that Oracle will end its Dyn Domain Name System enterprise services by 2020 and try to get customers to move to DNS services provided through Oracle Cloud. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key Oracle said that since its acquisition of Dyn in 2016 and the ensuing acquisition of Zenedge, its engineering teams have been working to integrate Dyn’s products and services into the Oracle Cloud Infrastructure platform. “Enterprises can now leverage the best-in-class DNS, web application security, and email delivery services within Oracle Cloud Infrastructure and enhance their applications with a comprehensive platform to build, scale, and operate their cloud infrastructure," according to Oracle's FAQ on the move. "As a result, Dyn legacy Enterprise services are targeted to be retired on May 31, 2020 with the exception of Internet Intelligence.”To read this article Continue reading

Oracle does-in Dyn, resets DNS services to cloud

Some may call it a normal, even boring course of vendor business operations but others find it a pain the rump or worse.That about sums up the reaction to news this week that Oracle will end its Dyn Domain Name System enterprise services by 2020 and try to get customers to move to DNS services provided through Oracle Cloud. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key Oracle said that since its acquisition of Dyn in 2016 and the ensuing acquisition of Zenedge, its engineering teams have been working to integrate Dyn’s products and services into the Oracle Cloud Infrastructure platform. “Enterprises can now leverage the best-in-class DNS, web application security, and email delivery services within Oracle Cloud Infrastructure and enhance their applications with a comprehensive platform to build, scale, and operate their cloud infrastructure," according to Oracle's FAQ on the move. "As a result, Dyn legacy Enterprise services are targeted to be retired on May 31, 2020 with the exception of Internet Intelligence.”To read this article Continue reading

Dell, VMware Dominate Hyperconverged Market

Huawei’s 5G RAN Portfolio Wins Top Rating, GlobalData Says

Where are all the IoT experts going to come from?

If the internet of things (IoT) is going to fulfill its enormous promise, it’s going to need legions of smart, skilled, trained workers to make everything happen. And right now, it’s not entirely clear where those people are going to come from.That’s why I was interested in trading emails with Keith Flynn, senior director of product management, R&D at asset-optimization software company AspenTech, who says that when dealing with the slew of new technologies that fall under the IoT umbrella, you need people who can understand how to configure the technology and interpret the data. Flynn sees a growing need for existing educational institutions to house IoT-specific programs, as well as an opportunity for new IoT-focused private colleges, offering a well -ounded curriculumTo read this article in full, please click here

Tracking down library injections on Linux

While not nearly commonly seen on Linux systems, library (shared object files on Linux) injections are still a serious threat. On interviewing Jaime Blasco from AT&T's Alien Labs, I've become more aware of how easily some of these attacks are conducted.In this post, I'll cover one method of attack and some ways that it can be detected. I'll also provide some links that will provide more details on both attack methods and detection tools. First, a little background. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Shared library vulnerability Both DLL and .so files are shared library files that allow code (and sometimes data) to be shared by various processes. Commonly used code might be put into one of these files so that it can be reused rather than rewritten many times over for each process that requires it. This also facilitates management of commonly used code.To read this article in full, please click here

Tracking down library injections on Linux

While not nearly commonly seen on Linux systems, library (shared object files on Linux) injections are still a serious threat. On interviewing Jaime Blasco from AT&T's Alien Labs, I've become more aware of how easily some of these attacks are conducted.In this post, I'll cover one method of attack and some ways that it can be detected. I'll also provide some links that will provide more details on both attack methods and detection tools. First, a little background. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Shared library vulnerability Both DLL and .so files are shared library files that allow code (and sometimes data) to be shared by various processes. Commonly used code might be put into one of these files so that it can be reused rather than rewritten many times over for each process that requires it. This also facilitates management of commonly used code.To read this article in full, please click here

MPLS is dead, Long live MPLS

The initial hype of SD-WAN claimed that MPLS was dead as SD-WAN was going to remove all need for SLA based circuits. Now that we’re several years in and have some experience under our collective belts, we take a look at whether or not the original hype was correct and what real world customers are doing when it comes to selecting circuits for their SD-WAN networks.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post MPLS is dead, Long live MPLS appeared first on Network Collective.

Juniper’s Mist adds WiFi 6, AI-based cloud services to enterprise edge

Mist, now a Juniper Networks company, has rolled out an artificial-intelligence, cloud-based appliance and a WiFi 6 access point that together aim at helping users deploy smart, high-density wireless networks.Leading the rollout is the Mist Edge appliance that extends Mist’s cloud services to the branch and lets enterprises manage the distributed Wi-Fi infrastructure from a central location.  More about 802.11ax (Wi-Fi 6) Why 802.11ax is the next big thing in wireless FAQ: 802.11ax Wi-Fi Wi-Fi 6 (802.11ax) is coming to a router near you Wi-Fi 6 with OFDMA opens a world of new wireless possibilities 802.11ax preview: Access points and routers that support Wi-Fi 6 are on tap The Mist Edge device features the company’s artificial-intelligence engine that helps automate tasks such as adjusting Wi-Fi signal strength and troubleshooting.  According to Mist, some other potential use cases for Mist Edge include:To read this article in full, please click here

Extreme targets cloud services, SD-WAN, WiFi 6 with $210M Aerohive grab

Extreme Networks opened the checkbook again this week to the tune of $210 million for wireless-networking vendor Aerohive.The move will bring to Extreme Aerohive’s wireless-networking technology – including its new WiFi 6 gear, SD-WAN software and cloud-management services.  See reviews of free, open-source network monitoring tools Icinga: Enterprise-grade, open-source network-monitoring that scales Nagios Core: Network-monitoring software with lots of plugins, steep learning curve Observium open-source network monitoring tool: Won’t run on Windows but has a great user interface Zabbix delivers effective no-frills network monitoring Gartner wrote, "Aerohive's wireless-focused access-network portfolio comprises stand-alone and stackable campus switches, access points and branch-office routers, with a cloud-managed distributed control architecture. Organizations typically employ Aerohive’s HiveManager network management platform [which manages Wi-Fi, Switching, SD-WAN, and NAC] as a public or private cloud, although it also may be deployed on-premises. To manage a multivendor unified access network, the enterprise can use HiveManager to configure, provision and monitor Aerohive APs in conjunction with switches from Aerohive or with N-Series switches from OEM partner Dell EMC." The company also has a relationship with Juniper to managed wired devices.To read this article in full, please click here

Response: Certifications Are Not A Big Deal. Stop Being a Princess About It.

  Toothy McGrin left a comment after I talked how little effort is required to acheive a  vendor certification. Its a hot topic. Here is the discussion, its about 2 minutes in.  CCNA/CCNP may not be a big deal in the circles you travel in, but for a lot of employees and employers they […]

The post Response: Certifications Are Not A Big Deal. Stop Being a Princess About It. appeared first on EtherealMind.

10 HCI startups bucking the consolidation trend

The rapidly growing hyperconverged infrastructure industry – IDC says converged-systems revenue grew 14.8 percent year-over-year in the last quarter of 2018 – is starting to consolidate, with tech giants HPE, Juniper Networks, Cisco and Red Hat all buying promising HCI startups.To read this article in full, please click here(Insider Story)