Archive

Category Archives for "Networking"

Heavy Networking 446: How Open Systems Integrates Security And SD-WAN As A Service

Open Systems integrates security and SD-WAN as a service, including next-gen firewalls and Web gateways. They're the sponsor for today's Heavy Networking podcast. We discuss Open Systems' architecture, how it applies SD-WAN and security policies to traffic, and how Open Systems differentiates itself in this crowded market.

The post Heavy Networking 446: How Open Systems Integrates Security And SD-WAN As A Service appeared first on Packet Pushers.

Commentary: We’re stuck with 40 years old technology

One of my readers sent me this email after reading my Loop Avoidance in VXLAN Networks blog post:

Not much has changed really! It’s still a flood/learn bridged network, at least in parts. We count 2019 and talk a lot about “fabrics” but have 1980’s networks still.

The networking fundamentals haven’t changed in the last 40 years. We still use IP (sometimes with larger addresses and augmentations that make it harder to use and more vulnerable), stream-based transport protocol on top of that, leak addresses up and down the protocol stack, and rely on technology that was designed to run on 500 meters of thick yellow cable.

Read more ...

How to shop for enterprise firewalls

Firewalls have been around for years, but the technology keeps evolving as the threat landscape changes. Here are some tips about what to look for in a next-generation firewall (NGFW) that will satisfy business needs today and into the future.Don't trust firewall performance stats Understanding how a NGFW performs requires more than looking at a vendor’s specification or running a bit of traffic through it. Most firewalls will perform well when traffic loads are light. It’s important to see how a firewall responds at scale, particularly when encryption is turned on. Roughly 80% of traffic is encrypted today, and the ability to maintain performance levels with high volumes of encrypted traffic is critical.To read this article in full, please click here

How to shop for enterprise firewalls

Firewalls have been around for years, but the technology keeps evolving as the threat landscape changes. Here are some tips about what to look for in a next-generation firewall (NGFW) that will satisfy business needs today and into the future.Don't trust firewall performance stats Understanding how a NGFW performs requires more than looking at a vendor’s specification or running a bit of traffic through it. Most firewalls will perform well when traffic loads are light. It’s important to see how a firewall responds at scale, particularly when encryption is turned on. Roughly 80% of traffic is encrypted today, and the ability to maintain performance levels with high volumes of encrypted traffic is critical.To read this article in full, please click here

Cisco goes all in on WiFi 6

Cisco has taken the wraps off a family of WiFi 6 access points, roaming technology and developer-community support all to make wireless a solid enterprise equal with the wired world.“Best-effort’ wireless for enterprise customers doesn’t cut it any more. There’s been a change in customer expectations that there will be an uninterrupted unplugged experience,” said Scott Harrell, senior vice president and general manager of enterprise networking at Cisco. “It is now a wired first world.” More about 802.11ax (Wi-Fi 6) Why 802.11ax is the next big thing in wireless FAQ: 802.11ax Wi-Fi Wi-Fi 6 (802.11ax) is coming to a router near you Wi-Fi 6 with OFDMA opens a world of new wireless possibilities 802.11ax preview: Access points and routers that support Wi-Fi 6 are on tap Bringing a wired first enterprise world together is one of the drivers behind a new family of WiFi 6-based access points (AP) for Cisco’s Catalyst and Meraki portfolios.  WiFi 6 (802.11ax) is designed for high-density public or private environments. But it also will be beneficial in internet of things (IoT) deployments, and in offices that use bandwidth-hogging applications like videoconferencing.To read this article in full, please click here

IDG Contributor Network: Robots extend the scope of IoT applications

Robots and IoT devices are similar in that they both rely on sensors to understand their environment, rapidly process large streams of data and decide how to respond.That’s where the similarities end. Most IoT applications handle well-defined tasks, whereas robots autonomously handle anticipated situations. Let’s consider both from six different vectors:1. Sensor IoT – Binary output from stationary sensor. “Is the door open or closed?” Robots – Complex output from multiple sensors. “What is in front of me? How do I navigate around it?” 2. Processing IoT – Simple data stream of signals handled with well-known programming methods. Robots – Large complex data streams handled by neural network computing. 3. Mobility IoT – Sensors are stationary and signal processing is done in the cloud. Robots – The sensor laden robot is mobile and signal processing is done locally and autonomously. 4. Response IoT – The action to take in response to a situation is well defined. Robots – Multiple actions could be taken in response to a situation. 5. Learning IoT – The application typically does not ‘evolve’ on its own and develop new features. Robots – Machine learning and other techniques are used to let Continue reading

About that Easy Button …

We love layers and abstraction. After all, building in layers and it’s corollary, abstraction, are the foundation of large-scale system design. The only way to build large-scale systems is to divide and conquer, which means building many different component parts with clear and defined interaction surfaces (most often expressed as APIs) and combining these many different parts into a complete system. But abstraction, layering, and modularization have negative aspects as well as positive ones. For instance, according to the State/Optimization/Surface triad, any time we remove state in order to control complexity, we either add an interaction surface (which adds complexity) or we reduce optimization.

Another impact of abstraction, though, is the side effect of Conway’s Law: “organizations which design systems … are constrained to produce designs which are copies of the communication structures of these organizations.” The structure of the organization that designs a system is ultimately baked into the modularization, abstraction, and API schemes of the system itself.

To take a networking instance, many networks use one kind of module for data centers and another for campuses. The style of network built in each place, where the lines are between these different topological locations in the network, the Continue reading

Network Design and Validation: IT Matters

With the complexity of our industry, two things should be obviously necessary. These two things are Network Design and Validation Testing. Design requires identifying the requirements of the business and of dependent systems. This could include things like minimum bandwidth, maximum jitter, convergence time, recovery time, minimal redundancy, etc. It is also important to understand that more rigorous requirements often contribute to cost and operational complexity. Operational complexity creates additional challenges that often erode the very parameters that have been identified as requirements. When this is found true, there are some conversations that need to be had about what is and is not achievable, given the operational and capital budgets–as well as the realistic capabilities of the staff managing the environment.

Validation is also critically important. I posted an article a few weeks ago that illustrated an interesting failure with CAPWAP. Avoiding issues like this require us to first design our network then validate the behavior against the design. Allow me to make a bold statement–If you haven’t designed and validated your network, you DON’T know how it works. Without validation–How do you know that your convergence is subsecond? How do you know that your backup routes work with applications? Continue reading

Venerable Cisco Catalyst 6000 switches ousted by new Catalyst 9600

Few events in the tech industry are truly transformative, but Cisco’s replacement of its core Catalyst 6000 family could be one of those actions for customers and the company.Introduced in 1999, iterations of the Catalyst 6000 have nestled into the core of scores of enterprise networks, with the model 6500 becoming the company’s largest selling box ever. Learn about edge networking How edge networking and IoT will reshape data centers Edge computing best practices How edge computing can help secure the IoT It goes without question that migrating these customers alone to the new switch – the Catalyst 9600  which the company introduced today – will be of monumental importance to Cisco as it looks to revamp and continue to dominate large campus-core deployments. The first Catalyst 9000, introduced in June 2017, is already the fastest ramping product line in Cisco’s history.To read this article in full, please click here

gRPC-Web and Istio: A Report from Service Mesh Day

In this post I’ll briefly describe the problem in the gRPC domain and a solution based on gRPC-Web, Envoy proxy and Istio to neatly solve it.

What is gRPC?

gRPC is a universal, high-performance, open-source RPC framework based on HTTP/2. Essentially, it lets you easily define a service using Protocol Buffers (Protobufs), works across multiple languages and platforms, and is simple to set up and scale. All this leads to better network performance and flexible API management.

Benefits of gRPC-Web

gRPC-Web addresses a shortcoming in the core gRPC framework. As developers look to benefit from the advantages it confers beyond backend microservices—the fact that it doesn’t work so well with web applications running on browsers. Although most browsers support HTTP/2 and gRPC is based on HTTP/2, gRPC has its own protocols that web applications must understand in order to work properly with it. Web applications do not have this capability because browsers don’t support gRPC out of the box.

One way to get around this problem is to use the gRPC-Web plugin and run a proxy like Envoy along with it. Envoy serves as the default proxy for Istio, and on configuring its gRPC-Web filter, it can transcode HTTP requests/responses Continue reading