In my last article, Basic TrustSec – Implementing Manual SGTs and SGACLs,
we talked about a basic TrustSec configuration. In that example, we shared the understanding of having two devices connected to a single switch and enforcing traffic policies via SGACL. We know that there are more scalable and automated ways to configure TrustSec enabled networks, but our goal is to work toward understanding the building blocks.
In today’s article, we will expand our knowledge and connect the two devices to different switches. The trunks between these switches will be configured to carry the associated source SGT’s (Security Group Tags). The topology used for this discussion is as follows.
To demonstrate the topic of inline SGT, we will need to accomplish the following.
c9kSW1 configuration/confirmation for host port
//We are using static SGT and need to do IP Device Continue reading
Brigade is a new automation framework written in Python and intended to be consumed directly from Python. You could describe it as the automation framework for Pythonistas. This might strike you as something wonderful, or it could trigger your spider-sense. Writing code? Isn’t that just for programmers? Continue reading
VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation.
It’s official: when it comes to security threats, the question IT teams should be asking is not if but when. VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation. Analysis found that 92% of respondents reported having faced minor security incidents in the last 12 months alone, while 65% of respondents endured a major incident in the same time span. These figures seal the deal; the naïve days of preparing for potential issues are long gone. Cyber threats are real, imminent, and happen often.
Companies today attribute more of their security issues to improper network segmentation than to the volume of threats overall. In response, leaders across industries are turning to network virtualization – specifically the Zero Trust security model – as a key strategy in combating threats. This strategy posits that whether a network is labeled secure or insecure, both should be treated as equally vulnerable. Further, the Zero Trust model supports the argument that ”traditional, perimeter-based security configurations are no longer a sufficient measure for protecting the network, and highlights steps companies can take to better secure their network, starting with network virtualization Continue reading
Union leaders lash out at CenturyLink's CEO Glen Post, but it's likely the layoffs come from former Level 3 executives who are taking over leadership of the company.
The company also reported more downward guidance for its upcoming fiscal year, but remains optimistic about its product revenue.
One of the more exciting things I saw at Dell Technologies World this week was the announcement by VMware that they are supporting Microsoft Azure now in additional to AWS. It’s interesting because VMware is trying to provide a proven, stable migration path for companies that are wanting to move to the cloud but still retain their investments in VMware and legacy virtualization. But is offing legacy transition a good idea?
If I were to mention VLAN 1002-1005 to networking people, they would likely jump up and tell me that I was crazy. Because those VLANs are not valid on any Cisco switches save for the Nexus line. But why? What makes these forbidden? Unless you’re studying for your CCIE you probably just know these are bad and move on.
Turns out, they are a legacy transition mechanism from the IOS-SX days. 1002 and 1004 were designed to bridge FDDI-to-Ethernet, and 1003 and 1005 did the same for Token Ring. As Greg Ferro points out here, this code was tightly bound into IOS-SX and likely couldn’t be removed for fear of breaking the OS. The reservation continued forward in all IOS branches except Continue reading
The security company priced its IPO at the high end of its $17-$19 range.
Tomorrow, the House Judiciary Committee will host what’s likely to be a wide-ranging discussion of how social media companies moderate content, in its hearing on Filtering Practices of Social Media Platforms. While the hearing is sure to include some spectacle and grandstanding, make no mistake: This is a deeply serious issue that deserves thoughtful consideration by policymakers, companies, and users alike. Here are a few key themes we Continue reading
Twitter runs multiple Hadoop clusters across tens of thousands of servers for storage and analytics.
The South Korean company provided the LTE core and RAN gear for the Indian operator’s greenfield network. The scale of the network is bigger than AT&T and Verizon’s networks combined.
Investors were not as impressed as the company's stock was trading down early Friday off of a recent 52-week high.
Intel classified four of the new flaws as “high risk” and four as “medium,” and it's working on patches.
Arista reported excellent earnings for its Q1 2018, but Wall Street, with its insatiable appetite, is concerned the company's growth rates are slowing.
Google releases workflow creation beta; Deutsche Telekom puts 5G technology on German soil; HPE and Red Hat collaborate on containers.
The Future of Networking series continues with guest Kyle Mestery.
Kyle is well known to many corners of the networking community including the open source community. He recently re-joined Cisco as a Distinguished Engineer.
We talk with Kyle to get his take on where the packets are flowing over the next several years, including the tech conference scene, open-source networking, the proliferation of open-source networking OSs, what’s inside Open Network Linux (ONL), and cloud-native network functions virtualization.
ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can smoothly migrate to the cloud, transform your WAN, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt.
Silicon Loons.com – Kyle’s blog
Network Service Mesh – GitHub
Three Years On: Open Standards, Open Source, Open Loop – Cisco Systems
Verizon Launches Virtual Service Bundles – Light Reading
The post Show 388: The Future Of Networking With Kyle Mestery appeared first on Packet Pushers.