What Will Be the Real Impact From Knative?

Some view the platform as the death knell for serverless platforms not based on Kubernetes, while others tout patience.

Reaction: Network software quality

Over at IT ProPortal, Dr Greg Law has an article up chiding the networking world for the poor software quality. To wit—

When networking companies ship equipment out containing critical bugs, providing remediation in response to their discovery can be almost impossible. Their engineers back at base often lack the data they need to reproduce the issue as it’s usually kept by clients on premise. An inability to cure a product defect could result in the failure of a product line, temporary or permanent withdrawal of a product, lost customers, reputational damage, and product reengineering expenses, any of which could have a material impact on revenue, margins, and net income.

Let me begin here: Dr. Law, you are correct—we have a problem with software quality. I think the problem is a bit larger than just the networking world—for instance, my family just purchased two new vehicles, a Volvo and a Fiat. Both have Android systems in the center screen. And neither will connect correctly with our Android based phones. It probably isn’t mission critical, like it could be for a network, but it is annoying.

But even given software quality is a widespread issue in our world, it is still Continue reading

Classic Rock and Cloud-Native Attacks Collide at Black Hat

Leading cloud access security broker (CASB) vendors McAfee and Bitglass talk security and cloud-native attacks at Black Hat.

Alibaba Cloud Eyes Expansion Into Southeast Asia With New Products, Partners

At the Alibaba Cloud Summit this week, the cloud provider launched a wide breadth of products that span serverless, data, search and analytics, IoT, and machine learning.

India’s Idea Cellular Will Use Nokia’s Cloud Core

Nokia’s cloud-native core technology will help the Indian operator evolve from LTE to a 5G core.

Cisco software, subscription strategies pay off

Cisco’s strategy of diversifying into a more software-optimized business is paying off – literally.The software differentiation was perhaps never more obvious than in its most recent set of year-end and fourth quarter results. (Cisco's 2018 fiscal year ended July 28.)  Cisco said deferred revenue for the fiscal year was $19.7 billion, up 6 percent overall, “with deferred product revenue up 15 percent, driven largely by subscription-based and software offers, and deferred service revenue was up 1 percent.”[ Related: Getting grounded in intent-based networking] The portion of deferred product revenue that is related to recurring software and subscription offers increased 23 percent over 2017, Cisco stated. In addition, Cisco reported deferred revenue from software and subscriptions increasing 23 percent to $6.1 billion in the fourth quarter alone.To read this article in full, please click here

Cisco software, subscription strategies pay off

Cisco’s strategy of diversifying into a more software-optimized business is paying off – literally.The software differentiation was perhaps never more obvious than in its most recent set of year-end and fourth quarter results. (Cisco's 2018 fiscal year ended July 28.)  Cisco said deferred revenue for the fiscal year was $19.7 billion, up 6 percent overall, “with deferred product revenue up 15 percent, driven largely by subscription-based and software offers, and deferred service revenue was up 1 percent.”[ Related: Getting grounded in intent-based networking] The portion of deferred product revenue that is related to recurring software and subscription offers increased 23 percent over 2017, Cisco stated. In addition, Cisco reported deferred revenue from software and subscriptions increasing 23 percent to $6.1 billion in the fourth quarter alone.To read this article in full, please click here

Cisco software, subscription strategies pay off

Cisco’s strategy of diversifying into a more software-optimized business is paying off – literally.The software differentiation was perhaps never more obvious than in its most recent set of year-end and fourth quarter results. (Cisco's 2018 fiscal year ended July 28.)  Cisco said deferred revenue for the fiscal year was $19.7 billion, up 6 percent overall, “with deferred product revenue up 15 percent, driven largely by subscription-based and software offers, and deferred service revenue was up 1 percent.”[ Related: Getting grounded in intent-based networking] The portion of deferred product revenue that is related to recurring software and subscription offers increased 23 percent over 2017, Cisco stated. In addition, Cisco reported deferred revenue from software and subscriptions increasing 23 percent to $6.1 billion in the fourth quarter alone.To read this article in full, please click here

Enable Private DNS with 1.1.1.1 on Android 9 Pie

Recently, Google officially launched Android 9 Pie, which includes a slew of new features around digital well-being, security, and privacy. If you’ve poked around the network settings on your phone while on the beta or after updating, you may have noticed a new Private DNS Mode now supported by Android.

This new feature simplifies the process of configuring a custom secure DNS resolver on Android, meaning parties between your device and the websites you visit won’t be able to snoop on your DNS queries because they’ll be encrypted. The protocol behind this, TLS, is also responsible for the green lock icon you see in your address bar when visiting websites over HTTPS. The same technology is useful for encrypting DNS queries, ensuring they cannot be tampered with and are unintelligible to ISPs, mobile carriers, and any others in the network path between you and your DNS resolver. These new security protocols are called DNS over HTTPS, and DNS over TLS.

Configuring 1.1.1.1

Android Pie only supports DNS over TLS. To enable this on your device:

1. Go to Settings → Network & internet → Advanced → Private DNS.
2. Select the Private DNS provider hostname option.
3. Enter Continue reading

How to protect your infrastructure from DNS cache poisoning

Domain Name System (DNS) is our root of trust and is one of the most critical components of the internet. It is a mission-critical service because if it goes down, a business’s web presence goes down.DNS is a virtual database of names and numbers. It serves as the backbone for other services critical to organizations. This includes email, internet site access, voice over internet protocol (VoIP), and the management of files.You hope that when you type a domain name that you are really going where you are supposed to go. DNS vulnerabilities do not get much attention until an actual attack occurs and makes the news. For example, in April 2018, public DNS servers that managed the domain for Myetherwallet were hijacked and customers were redirected to a phishing site. Many users reported losing funds out of their account, and this brought a lot of public attention to DNS vulnerabilities.To read this article in full, please click here

How to protect your infrastructure from DNS cache poisoning

Domain Name System (DNS) is our root of trust and is one of the most critical components of the internet. It is a mission-critical service because if it goes down, a business’s web presence goes down.DNS is a virtual database of names and numbers. It serves as the backbone for other services critical to organizations. This includes email, internet site access, voice over internet protocol (VoIP), and the management of files.You hope that when you type a domain name that you are really going where you are supposed to go. DNS vulnerabilities do not get much attention until an actual attack occurs and makes the news. For example, in April 2018, public DNS servers that managed the domain for Myetherwallet were hijacked and customers were redirected to a phishing site. Many users reported losing funds out of their account, and this brought a lot of public attention to DNS vulnerabilities.To read this article in full, please click here

How to protect your infrastructure from DNS cache poisoning

Domain Name System (DNS) is our root of trust and is one of the most critical components of the internet. It is a mission-critical service because if it goes down, a business’s web presence goes down.DNS is a virtual database of names and numbers. It serves as the backbone for other services critical to organizations. This includes email, internet site access, voice over internet protocol (VoIP), and the management of files.You hope that when you type a domain name that you are really going where you are supposed to go. DNS vulnerabilities do not get much attention until an actual attack occurs and makes the news. For example, in April 2018, public DNS servers that managed the domain for Myetherwallet were hijacked and customers were redirected to a phishing site. Many users reported losing funds out of their account, and this brought a lot of public attention to DNS vulnerabilities.To read this article in full, please click here

Worth Reading: Identity is the new perimeter

Whereas businesses used to be able to build their own data centers to protect their information and applications, and put up firewalls for security, the cloud is forcing them to change their approach, he says. Combined with the fact that most people are going mobile, it’s time for defenses to evolve. —Kelly Sheridan @Dark Reading

GitOps in Networking

This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.

Tom Limoncelli published a must-read article in ACM Queue describing GitOps – the idea of using Pull Requests together with CI/CD pipeline to give your users the ability to request changes to infrastructure configuration.

Using GitOps in networking is nothing new – Leslie Carr talked about this concept almost three years ago @ RIPE 71, and I described some of the workflows you could use in Network Automation 101 webinar.

BrandPost: The Adaptive Network Webinar Series

Constructing a more adaptive network takes more than the industry finally finding the resolve to do it.  There are real technology advancements that must be brought to bear.  It is these advancements – nurtured in the care of those with the will and experience to disrupt the status quo – that will drive the industry forward to the reality of the Adaptive Network. Whether you are taking the initial first steps or planning a larger-scale transformation, this sought-after webinar series will provide you the insight and proven experience to help you traverse this complex journey.To read this article in full, please click here

Fiber transmission range leaps to 2,500 miles, and capacity increases

Fiber transmission could be more efficient, go farther, carry more traffic and be cheaper to implement if the work of scientists in Sweden and Estonia is successful.In a recent demonstration, researchers at Chalmers University of Technology, Sweden, and Tallinn University of Technology, Estonia, used new, ultra-low-noise amplifiers to increase the normal fiber-optic transmission link range six-fold.And in a separate experiment, researchers at DTU Fotonik, Technical University of Denmark used a unique frequency comb to push more than the total of all internet traffic down one solitary fiber link.[ Read also: How Google is speeding up the Internet ] Fiber transmission limits Signal noise and distortion have always been behind the limits to traditional (and pretty inefficient) fiber transmission. They’re the main reason data-send distance and capacity are restricted using the technology. Experts believe, however, that if the noise that’s found in the amplifiers used for gaining distance could be cleaned up and the signal distortion inherent in the fiber itself could be eliminated, fiber could become more efficient and less costly to implement.To read this article in full, please click here

Fiber transmission range leaps to 2,500 miles, and capacity increases

Fiber transmission could be more efficient, go farther, carry more traffic and be cheaper to implement if the work of scientists in Sweden and Estonia is successful.In a recent demonstration, researchers at Chalmers University of Technology, Sweden, and Tallinn University of Technology, Estonia, used new, ultra-low-noise amplifiers to increase the normal fiber-optic transmission link range six-fold.And in a separate experiment, researchers at DTU Fotonik, Technical University of Denmark used a unique frequency comb to push more than the total of all internet traffic down one solitary fiber link.[ Read also: How Google is speeding up the Internet ] Fiber transmission limits Signal noise and distortion have always been behind the limits to traditional (and pretty inefficient) fiber transmission. They’re the main reason data-send distance and capacity are restricted using the technology. Experts believe, however, that if the noise that’s found in the amplifiers used for gaining distance could be cleaned up and the signal distortion inherent in the fiber itself could be eliminated, fiber could become more efficient and less costly to implement.To read this article in full, please click here

Fiber transmission range leaps to 2,500 miles, and capacity increases

Fiber transmission could be more efficient, go farther, carry more traffic and be cheaper to implement if the work of scientists in Sweden and Estonia is successful.In a recent demonstration, researchers at Chalmers University of Technology, Sweden, and Tallinn University of Technology, Estonia, used new, ultra-low-noise amplifiers to increase the normal fiber-optic transmission link range six-fold.And in a separate experiment, researchers at DTU Fotonik, Technical University of Denmark used a unique frequency comb to push more than the total of all internet traffic down one solitary fiber link.[ Read also: How Google is speeding up the Internet ] Fiber transmission limits Signal noise and distortion have always been behind the limits to traditional (and pretty inefficient) fiber transmission. They’re the main reason data-send distance and capacity are restricted using the technology. Experts believe, however, that if the noise that’s found in the amplifiers used for gaining distance could be cleaned up and the signal distortion inherent in the fiber itself could be eliminated, fiber could become more efficient and less costly to implement.To read this article in full, please click here

Improving DevOps Security Practices

Tales from the field: Best practices for initial provisioning (Part 1)

Working with the Cumulus Professional Services team, we get the privilege of seeing how many folks use and operationalize Cumulus Linux. Over time, we’ve learned many lessons and best practices that can benefit others who are getting started on the journey. It’s for that reason that we’re putting virtual pen to virtual paper and writing this post. This article is the first in a series of two that will discuss how to use Zero Touch Provisioning (ZTP) and automation tools together for maximum efficiency in your initial provisioning. This post is going to focus on ZTP while the next will focus on automation tooling.

Cumulus Linux: Batteries included

Let’s recap — what comes configured with Cumulus out of the box?

• 2 user accounts (cumulus and root, but only cumulus supports login via a default password
• Some COntrol Plane Policing (COPP) rules that limit lots of different types of control traffic
• SSHv2 enabled by default
• NTP enabled by default

You’ll notice here that we’ve said nothing about interface configuration. Like all network switches and routers we start with a pretty blank slate from an interface configuration perspective. We leverage ZTP to give us some initial configuration for the node to use Continue reading