VMware, Pivotal Execs Say Google’s On-Prem Kubernetes Validates PKS
The competitive landscape for managed, on-premises Kubernetes services is becoming increasingly crowded with the likes of Cisco and even Google itself jumping in.
Check Out Our Newest Network Security Course!
We’ve just added a new ISC2 course, The Systems Security Certified Practitioner.
General Outline
The broad spectrum of topics included in the SSCP Common Body of Knowledge ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following 7 domains:
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Cryptography
- Network and Communications Security
- Systems and Application Security
About the Course
The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
Full Stack Journey 025: How To Embrace Network Evolution With Andrew Hrycaj
Today's Full Stack Journey explores the evolution of networking technology and how it affects engineers. Guest Andrew Hrycaj discuss where the industry is going, personal skill development, getting team members on board with new networking technologies and learning requirements, and more.
The post Full Stack Journey 025: How To Embrace Network Evolution With Andrew Hrycaj appeared first on Packet Pushers.
Full Stack Journey 025: How To Embrace Network Evolution With Andrew Hrycaj
Today's Full Stack Journey explores the evolution of networking technology and how it affects engineers. Guest Andrew Hrycaj discuss where the industry is going, personal skill development, getting team members on board with new networking technologies and learning requirements, and more.
New York City Groups Take Broadband into Their Own Hands
A handful of groups in New York City are bypassing large ISPs and building their own community networks, as a way to provide cheaper, and in many cases faster and more reliable service.
NYC Mesh and Silicon Harlem, both about five years old, are among a handful of community-based network providers that are working to provide Internet connection alternatives in New York City. The projects seek to fill in coverage gaps – in terms of both geography and reliability – plaguing incumbent broadband providers.
The nonprofit NYC Mesh, with about a dozen core volunteers and no full-time employees, provides and combination of fiber and wireless Internet access in downtown Manhattan, a large chunk of Brooklyn, and corners of the Bronx and Queens, says organizer Brian Hall.
A monthly payment for service – with average speeds of 80 Mpbs and up to 200 Mbps for some users – is voluntary. Many residential members choose to pay $20 a month, while many businesses pay between $50 and $100, but it’s not required.
Volunteers were inspired to launch the service for a number of reasons, Hall says. They wanted to close the digital divide by providing inexpensive broadband service, and Continue reading
AWS ABCs – EC2 Internet Connectivity
So, you’ve created a compute instance (ie, a virtual machine) on Amazon EC2. Next question: does the instance require access to and/or from the Internet?
Protip: just because you created the instance in the public cloud, i.e. the cloud that you get to over the Internet, it doesn’t mean that your instances all need to sit on the Internet. They can have direct inbound and outbound Internet access, no Internet access, or something in between (which I’ll explain).
The basic building block for networking on AWS is the VPC (Virtual Private Cloud). Within a VPC, you define your IP space, gateways, ACLs, DHCP options, and more. Gateways will be the focus of this article.
TL;DR
- Internet Gateway == static NAT: 1-to–1 mapping between the private IP address assigned to an instance and a public IP address that gets assigned to the instance. Note this implies that NAT works in both directions (in- and outbound) and enables direct reachability to the instance from the Internet via its public IP address.
- NAT Gateway == NAT overload, aka port address translation: all instances behind the NAT Gateway are mapped to a single public IP address.
- No gateways == no NAT! No Internet Continue reading
Get a head start with QUIC
Today Cloudflare opened the door on our beta deployment of QUIC with the announcement of our test site: cloudflare-quic.com. It supports the latest draft of the IETF Working Group’s draft standard for QUIC, which at this time is at: draft 14.
The Cloudflare Systems Engineering Team has a long history of investing time and effort to trial new technologies, often before these technologies are standardised or adopted elsewhere. We deployed early experiments in standards such as: HTTP/2,
TLS1.3, DNSSEC, DNS over HTTP, Encrypted SNI, when they were still in incubation. We committed to these technologies in their very early stages because we believed that they made for a safer, faster, better internet. And now we’re excited to do the same with QUIC.
In this blog post, we will show you how you can unlock the cloudflare-quic.com achievement and be some of the first people in the world to perform a HTTP transaction over the global internet using QUIC. This will be a moment that you can tell your grandkids about - if they can stop laughing at your stories of cars with wheels and use of antiquated words like: “meme” and Continue reading
Mode and Versa Use Ericsson’s Global Network for SD-WAN
The two vendors are offering connectivity and SD-WAN over Ericsson’s private network. The offering looks similar to Aryaka’s.
The QUICening
Six o’clock already, I was just in the middle of a dream, now I’m up, awake, looking at my Twitter stream. As I do that the Twitter app is making multiple API calls over HTTPS to Twitter’s servers somewhere on the Internet.
Those HTTPS connections are running over TCP via my home WiFi and broadband connection. All’s well inside the house, the WiFi connection is interference free thanks to my eero system, the broadband connection is stable and so there’s no packet loss, and my broadband provider’s connection to Twitter’s servers is also loss free.
Those are the perfect conditions for HTTPS running over TCP. Not a packet dropped, not a bit of jitter, no congestion. It’s even the perfect conditions for HTTP/2 where multiple streams of requests and responses are being sent from my phone to websites and APIs as I boot my morning. Unlike HTTP/1.1, HTTP/2 is able to use a single TCP connection for multiple, simultaneously in flight requests. That has a significant speed advantage over the old way (one request after another per TCP connection) when conditions are good.
But I have to catch an early train, got to be to work by nine, so Continue reading
Monitoring and Visibility for the Hybrid Cloud
Today’s hybrid architectures require a combination of monitoring techniques to create a modern, full-stack, hybrid cloud monitoring capability.
Upcoming Webinars and Events: October 2018
The fast pace of webinars continues in October 2018:
- Rachel Traylor will talk about graph theory and its relevance to reliable network design on October 8th;
- The Amazon Web Services Networking webinar will start on October 11th. The second session is planned for October 25th;
- On October 16th we’ll have the third session of VMware NSX technical deep dive (unless I manage to finish on time later today… not likely).
There are no on-site events planned until early December:
- We’ll run another on-site workshop in Zurich on December 5th . This time we’ll focus on using VXLAN and EVPN to build multi-site fabrics;
- I’ll talk about making SDN better with IPv6 on December 6th.
You can attend all upcoming webinars with an ipSpace.net webinar subscription. Online courses and on-site events require separate registration.
AWS ABCs — EC2 Internet Connectivity
So, you've created a compute instance (ie, a virtual machine) on Amazon EC2. Next question: does the instance require access to and/or from the Internet?
Protip: just because you created the instance in the public cloud, i.e. the cloud that you get to over the Internet, it doesn't mean that your instances all need to sit on the Internet. They can have direct inbound and outbound Internet access, no Internet access, or something in between (which I'll explain).
The basic building block for networking on AWS is the VPC (Virtual Private Cloud). Within a VPC, you define your IP space, gateways, ACLs, DHCP options, and more. Gateways will be the focus of this article.
T-Mobile Preps for Sprint Merger by Hiring CenturyLink’s Sunit Patel
Patel oversaw CenturyLink’s integration with Level 3 Communications and has experience with many large acquisitions.
Reference Guide Update: Deploying NSX Data Center on an ACI Underlay
NSX Data Center is now the de facto SDN standard for the Private Cloud. Reference guides for NSX Data Center are proven to reduce complexity in managing the physical switch infrastructure. This increases the infrastructures stability and requires a minimal set of system and service configuration to bring up the fabric. Organizations utilize NSX Data Center for a diverse set of use cases including security, a diverse application framework deployment platform, and application continuity across private and hybrid clouds. With reference designs for any underlay, NSX Data Center is fulfilling its promise to be a platform over any infrastructure. NSX Data Center provides the cornerstone for the Virtual Cloud Network.
Overview of NSX Data Center with ACI Underlay
Ever since publishing our original design guide Deploying NSX with Cisco ACI as an Underlay, there has been an avalanche of interest in building out a more simplified Cisco infrastructure with ACI as the underlay. Most of the requests are for more detail when constructing the ACI underlay. The high-level design guidance in the original NSX reference design for ACI discussed the minimum ACI constructs necessary for an NSX Data Center deployment. These ideals have not changed. The original paper called Continue reading