Investing in hacking IoT: A startup in Israel has raised $12.5 million in investments to help governments hack the Internet of Things and other technologies, Forbes reports. What could go wrong? Toka says it’ll provide spy tools for whatever device its clients require, with a special focus on the IoT.
Encryption wars, part 348: U.S. FBI Director Christopher Wray says legislation allowing law enforcement agencies access to encrypted devices may be necessary if the government and private vendors cannot come to a compromise, Cyberscoop reports. The FBI has, for several years, complained that its investigations are hampered by encrypted devices, although many security experts say encryption backdoors will make us all less safe.
AI for good: More than 2,000 Artificial Intelligence experts have signed a pledge saying they will not participate in the development of legal, autonomous weapons systems, Gizmodo reports. Autonomous weapons posed a “clear and present danger to the citizens of every country in the world,” the pledge says.
Clamping down: The government in Iraq shut down the Internet for two days in response to protests there, CircleID says. The government ordered the disconnection of the fiber backbone that carries traffic for most of the country Continue reading
IHS said that the top optical equipment vendors posted more than $1 billion in revenues last year. Worldwide, Huawei remains the market heavyweight.
Take a Network Break! Today we’re joined by guest John Fruehe. Amazon sent shock waves through the networking industry on rumors it might sell whitebox switches to the enterprise. The cloud giant says it has no current plans, but we examine other ways AWS might get into your network.
AWS adds EC2 instances to its Snowball edge storage device, and Big Switch Networks rolls out new software to enable VPC-like networking in your private data center.
A British government agency dings Huawei on national security, Deutsche Telekom joins Linux Foundation Networking, and Cato Networks adds identity routing to its SD-WAN offering.
Last but not least, Cisco releases more than two dozen security advisories, and Microsoft rakes in the money in its fourth quarter and fiscal 2018 financial reports.
Get links to all these news stories below.
The Packet Pushers have launched a brand new membership site called Ignition. Ignition offers free and premium memberships and hosts exclusive content for subscribers, including videos, reports, blogs, and more. Check it out at ignition.packetpushers.net.
Exclusive: Amazon denies it will challenge Cisco with switch sales – MarketWatch
Video: Amazon To Sell Whitebox ? Analysis and Thinking Because Continue reading
A look at ways network teams can keep an eye on network performance as enterprises connect to public cloud services.
The container craze may be new, but organizations can use some traditional IT practices to manage Linux container deployments.
In this post, I’m going to explain how to establish a BGP peering session between Juniper QFX Series Switches and VMware NSX Edge Service Gateway. VMware NSX provides many features and services, one of which is dynamic routing via the use of an ESG. Typically, ESGs are placed at the edge of your virtual infrastructure to act as a gateway. There are two primary deployment options, stateful HA or non-stateful ECMP. In this example, we’re looking at the ECMP deployment option.
We have a pair of Juniper QFX5110 switches that we will configure to enable EBGP peering with each NSX Edge Gateway. We also have a pair of NSX Edge Gateway devices that are placed at the edge of a virtualized infrastructure. Each QFX has a /31 point-to-point network to each ESG. These networks are enabled via 802.1q subinterfaces which provide connectivity across the underlying blade chassis interconnect modules.
We’ll start by configuring BGP on our NSX Edge Gateways.
Via global settings for ESG1, we need to set a Router ID. The router ID is used to identify from where a packet is received.
ESG1 > Manage > Continue reading
Describe the differences between various ipSpace.net training options has been on my to-do list for ages, but I successfully managed to ignore it till I deployed the new top-level menu that contains training category.
Our designers never considered menu items without a corresponding link, so I got an ugly mess that needed to be cleaned up either by fixing the CSS or writing the overview document.
End result: a high-level document describing how ipSpace.net webinars, courses and workshops fit into the bigger picture.
During the summer break, I’m publishing blog posts about the projects I’m working on. Regular blog posts will return in autumn.
I’ve told this story 984828934 time in the past year, but bear with me. We got a new director-type last year, and he has challenged all of us to do things differently. As in everything. Anything that we’re doing today should be done differently by next year. This isn’t saying that we’re doing things wrong. This is just a challenge mix things up, integrate new tools, and get rid of the noise. Our group has responded big-time, and we’re now doing most of our day-to-day tasks with a tool of some kind. A couple weeks ago, I realized that I did a whole day’s work without logging directly into any gear — everything was through a tool. It was a proud moment for me and the group.
To kick off this new adventure, we’re starting with writing all our own stuff in-house; we’re obviously not talking about a full, commercial orchestration deployment here. We’ve talking about taking care of the menial tasks that we are way too expensive to be doing. Simple tasks. Common tasks. Repeatable tasks. All game. What’s the MAC address of that host? Continue reading
In the last article, we performed a packet walk of a simple VPNv4 network. This article will expand our deployment by allowing the CE_Sites to advertise their own routes via BGP. For this configuration, we will use some overlapping and some unique private AS numbers.
One thing that must be considered is whether or not the same BGP AS is used throughout a given VRF. For example, if we use 64512 at both CE_Site_1 and CE_Site_2 the BGP routes will be dropped as they are advertised toward the customer site. This is demonstrated by doing a simple configuration to advertise 1.1.1.1 from CE_Site_1.
interface Loopback0 description Loopback ip address 1.1.1.1 255.255.255.255 ! router bgp 64512 bgp log-neighbor-changes network 1.1.1.1 mask 255.255.255.255 neighbor 10.1.1.1 remote-as 1
router bgp 1 ! no bgp default ipv4-unicast neighbor 20.20.20.20 remote-as 1 neighbor 20.20.20.20 update-source Loopback0 ! address-family vpnv4 neighbor 20.20.20.20 activate neighbor 20.20.20.20 send-community both exit-address-family ! address-family ipv4 vrf RED redistribute connected neighbor 10.1. Continue reading
Earlier this month we released Dynamic Steering for Load Balancing which allows you to have your Cloudflare load balancer direct traffic to the fastest pool for a given Cloudflare region or colo (Enterprise only).
To build this feature, we had to solve two key problems: 1) How to decide which pool of origins was the fastest and 2) How to distribute this decision to a growing group of 151 locations around the world.
As my math teacher taught me, the shortest distance between two points is a straight line. This is also typically true on the internet - the shorter approximate distance there is between a user going through Cloudflare location to a customer origin, the better the experience is for the user. Geography is one way to approximate speed and we included the Geo Steering function when we initially introduced the Cloudflare Load Balancer. It is powerful, but manual; it’s not the best way. A customer on Twitter said it best:
@Cloudflare #FeatureRequest why can’t your load balancers determine which server is closest to the user then direct them to that one?
I don't want to have configure 10+ regions manually. This Continue reading
Redhat Ansible talking about the future of Ansible, making it biggerer and betterer.
The post BiB 52 Redhat Ansible – Moving up and scaling out appeared first on Packet Pushers.
Analytics for the real world WAN using agents to provide deeper visibility. Also Campus LANs and Wireless so you can build QOE dashboard.
The post BiB 51 Nyansa Networks Analytics for SD-WANs and Campus appeared first on Packet Pushers.