Archive

Category Archives for "Networking"

Durham County goes Cisco for enterprise network ops and security proficiency

The IT department in Durham County, N.C.'s government was spending far too much time manually addressing network and security operations and turned to Cisco to help achieve the operational and security effectiveness it was looking for.The government in Durham County, N.C., was spending hours and hours manually provisioning its network and keeping security policies current, so it decided two-and-a-half years ago to upgrade for the sake of efficiency and security.Since then, the government’s IT staff of four has migrated its traditional point-to-point network to a more modern enterprise featuring the software-defined technologies of Cisco’s Application Centric Infrastructure (ACI) and DNA Center that support its 2,100 enterprise end-users and online services for 315,000 county residents. To read this article in full, please click here(Insider Story)

Durham County goes Cisco for enterprise network ops and security proficiency

The government in Durham County, N.C., was spending hours and hours manually provisioning its network and keeping security policies current, so it decided two and a half years ago to upgrade for the sake of efficiency and security.Since then, the government’s IT staff of four has migrated its traditional point-to-point network to a more modern enterprise featuring the software-defined technologies of Cisco’s Application Centric Infrastructure (ACI) in the data center and DNA Center in its campus to support its 2,100 enterprise end users and online services for 315,000 county residents. To read this article in full, please click here(Insider Story)

Tracing Soon-to-Expire Federal .gov Certificates with CT Monitors

Tracing Soon-to-Expire Federal .gov Certificates with CT Monitors

As of December 22, 2018, parts of the US Government have “shut down” because of a lapse in appropriation. The shutdown has caused the furlough of employees across the government and has affected federal contracts. An unexpected side-effect of this shutdown has been the expiration of TLS certificates on some .gov websites. This side-effect has emphasized a common issue on the Internet: the usage of expired certificates and their erosion of trust.

For an entity to provide a secure website, it needs a valid TLS certificate attached to the website server. These TLS certificates have both start dates and expiry dates. Normally certificates are renewed prior to their expiration. However, if there’s no one to execute this process, then websites serve expired certificates--a poor security practice.

This means that people looking for government information or resources may encounter alarming error messages when visiting important .gov websites:

Tracing Soon-to-Expire Federal .gov Certificates with CT Monitors

The content of the website hasn’t changed; it’s just the cryptographic exchange that’s invalid (an expired certificate can’t be validated). These expired certificates present a trust problem. Certificate errors often dissuade people from accessing a website, and imply that the site is not to be trusted. Browsers purposefully make it difficult to continue to Continue reading

Q-in-Q Support in Multi-Site EVPN

One of my subscribers sent me a question along these lines (heavily abridged):

My customer is running a colocation business, and has to provide L2 connectivity between racks, sometimes even across multiple data centers. They were using Q-in-Q to deliver that in a traditional fabric, and would like to replace that with multi-site EVPN fabric with ~100 ToR switches in each data center. However, Cisco doesn’t support Q-in-Q with multi-site EVPN. Any ideas?

As Lukas Krattiger explained in his part of Multi-Site Leaf-and-Spine Fabrics section of Leaf-and-Spine Fabric Architectures webinar, multi-site EVPN (VXLAN-to-VXLAN bridging) is hard. Don’t expect miracles like Q-in-Q over VNI any time soon ;)

Read more ...

Episode 43 – Peering With Providers

In this episode of the Network Collective Community Roundtable, the panel discusses the nuances of getting your organization connected to the internet. Is it as simple as connecting a cable and calling it a day, or is there more to think about when designing your Internet edge? Joining the Network Collective team for this conversation is Dr. Pete Welcher and Tom Ammon.

 

We would like to thank VIAVI Solutions for sponsoring this episode of Network Collective. VIAVI Solutions is an application and network management industry leader focusing on end-user experience by providing products that optimize performance and speed problem resolution. Helping to ensure delivery of critical applications for businesses worldwide, Viavi offers an integrated line of precision-engineered software and hardware systems for effective network monitoring and analysis. Learn more at www.viavisolutions.com/networkcollective.

We would also like to think PathSolutions for sponsoring this episode of Network Collective. PathSolutions TotalView is designed to automatically dig deep into network devices to learn what they know about your network’s performance. This means your network is no longer full of mysteries because you know everything your network knows. Try TotalView on your network, and it will show you 5 things about your network that you didn’t previously know. You can find out Continue reading

BGP in 2018 – Part2: BGP Churn

The scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. Dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match then the routing system will lose data, and at that point the routing system will head into turgid instability. This second part of the report of BGP across 2018 will look at the profile of BGP updates across 2018 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing.

Operations guide

One of the most common requests we, as consultants, get from our customers is for an operations guide as the final deliverable for any data center build out. There are a few goals for such a guide:

  • Allow the customer to better transfer knowledge as their teams grow and change.
  • Provide an “as built” guide that explains step-by-step how to deploy and manage the infrastructure.
  • Tie together the operational workflow for all the new components that are leveraged in the modern open-networking paradigm.

Since Scott and I have been working on many operations guides, we thought it would be great to document our process so that customers can write their own operations guides.

The operations guide for web scale networking goes beyond just documenting configuration backups, user account access and change requests though. Web scale networking integrates proven software development processes and as such, the operations guide needs to account for these workflows.

As Built

The starting point of all operations guides is the initial build. Most of the cabling architecture, traffic flows and features, along with decision making and architectural choices, are captured within the High level Design and Low Level Design document. The operations guide on the other Continue reading

1 1,029 1,030 1,031 1,032 1,033 3,345