Mesosphere Scores $125M in Funding to Target IoT, Geo Expansion
The latest funding round pushes the company's total haul to nearly a quarter-billion dollars since its founding in 2013.
Using 4-Byte BGP AS Numbers with EVPN on Junos
After documenting the basic challenges of using EBGP and 4-byte AS numbers with EVPN automatic route targets, I asked my friends working for various vendors how their implementation solves these challenges. This is what Krzysztof Szarkowicz sent me on specifics of Junos implementation:
To learn more about EVPN technology and its use in data center fabrics, watch the EVPN Technical Deep Dive webinar.
Read more ...Cisco ASAv Vagrant Libvirt Box Install
Build a Cisco ASAv Vagrant box for use with the libvirt provider.Cisco IOSv Vagrant Libvirt Box Install
Build a Cisco IOSv Vagrant box for use with the libvirt provider.Cisco ASAv Vagrant Libvirt Box Install
In this post I will cover how to create a Cisco ASAv Vagrant box for use with the vagrant-libvirt provider as well as enabling the REST API. This post assumes a working installation of Vagrant with the vagrant-libvirt plugin already installed. You can follow this post to get the...Cisco IOSv Vagrant Libvirt Box Install
In this post I will cover how to create a Cisco IOSv Vagrant box for use with the vagrant-libvirt provider. This post assumes a working installation of Vagrant with the vagrant-libvirt plugin already installed. You can follow this post to get the vagrant-libvirt plugin installed. For...Amateur Radio and FT8
My interest in SDR got me into Amateur Radio. One reason was that so that I could transmit on non-ISM bands and with more power. Turns out the 2.3GHz band available to Amateur Radio operators is much quieter than the 2.4GHz band where WiFi, bluetooth, microwave ovens, drones, cordless phones and everything else lives. Shocker, I know.
Amateur radio doesn’t just have voice and morse code, there’s also digital modes.
A popular mode is FT8. It’s only used to exchange signal reports, so there’s no chatting. It’s in fact often practically unattended.
It’s a good way to check the quality of your radio setup, and the radio propagation properties that depend on how grumpy the ionosphere is at the moment.
If you transmit, even if you nobody replies, you’ll be able to see on PSKReporter who heard you, which is useful.
Because propagation should be pretty much symmetric, receiving a strong signal should mean that two-way communication is possible with the station. Though FT8 is a slow mode that will get through where others won’t, so a weak FT8 signal means that any voice communication is very unlikely to get through.
Unfortunately unlike WSPR the standard FT8 Continue reading
Learning TrustSec – An Introduction to Inline Tagging
In my last article, Basic TrustSec – Implementing Manual SGTs and SGACLs,
we talked about a basic TrustSec configuration. In that example, we shared the understanding of having two devices connected to a single switch and enforcing traffic policies via SGACL. We know that there are more scalable and automated ways to configure TrustSec enabled networks, but our goal is to work toward understanding the building blocks.
In today’s article, we will expand our knowledge and connect the two devices to different switches. The trunks between these switches will be configured to carry the associated source SGT’s (Security Group Tags). The topology used for this discussion is as follows.
Topology
To demonstrate the topic of inline SGT, we will need to accomplish the following.
- Configure and Confirm that 192.168.254.11 (connected to c9kSW1) is recognized by its switch with an SGT of 2.
- Configure and Confirm that 192.168.254.100 (connected to c9kSW2) is recognized by its switch with an SGT of 3.
- Configure the trunk between the switches to carry SGTs
- Configure an enforcement policy to demonstrate overall functionality
Configuration Steps
c9kSW1 configuration/confirmation for host port
//We are using static SGT and need to do IP Device Continue reading
Learning TrustSec – An Introduction to Inline Tagging
In my last article, Basic TrustSec – Implementing Manual SGTs and SGACLs,
we talked about a basic TrustSec configuration. In that example, we shared the understanding of having two devices connected to a single switch and enforcing traffic policies via SGACL. We know that there are more scalable and automated ways to configure TrustSec enabled networks, but our goal is to work toward understanding the building blocks.
In today’s article, we will expand our knowledge and connect the two devices to different switches. The trunks between these switches will be configured to carry the associated source SGT’s (Security Group Tags). The topology used for this discussion is as follows.
Topology
To demonstrate the topic of inline SGT, we will need to accomplish the following.
- Configure and Confirm that 192.168.254.11 (connected to c9kSW1) is recognized by its switch with an SGT of 2.
- Configure and Confirm that 192.168.254.100 (connected to c9kSW2) is recognized by its switch with an SGT of 3.
- Configure the trunk between the switches to carry SGTs
- Configure an enforcement policy to demonstrate overall functionality
Configuration Steps
c9kSW1 configuration/confirmation for host port
//We are using static SGT and need to do IP Device Continue reading
Learning TrustSec – An Introduction to Inline Tagging
In my last article, Basic TrustSec – Implementing Manual SGTs and SGACLs,
we talked about a basic TrustSec configuration. In that example, we shared the understanding of having two devices connected to a single switch and enforcing traffic policies via SGACL. We know that there are more scalable and automated ways to configure TrustSec enabled networks, but our goal is to work toward understanding the building blocks.
In today’s article, we will expand our knowledge and connect the two devices to different switches. The trunks between these switches will be configured to carry the associated source SGT’s (Security Group Tags). The topology used for this discussion is as follows.
Topology
To demonstrate the topic of inline SGT, we will need to accomplish the following.
- Configure and Confirm that 192.168.254.11 (connected to c9kSW1) is recognized by its switch with an SGT of 2.
- Configure and Confirm that 192.168.254.100 (connected to c9kSW2) is recognized by its switch with an SGT of 3.
- Configure the trunk between the switches to carry SGTs
- Configure an enforcement policy to demonstrate overall functionality
Configuration Steps
c9kSW1 configuration/confirmation for host port
//We are using static SGT and need to do IP Device Continue reading
MTU (Maximum Transmit Unit) and MSS (Maximum Segment Size)
What is difference between MTU and MSS ? Most frequent question asked on the internet by networking guys.Hope this post will answer all queries related to MTU and MSS. As per Wikipedia , the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single, network layer, transaction , that […]Average Network Delay and Queuing Theory basics
So recently I was looking at the Linear programming formulations of Traffic engineering problems and one of the problem was to find the path with the goal to minimize the Average network delay. Which got me thinking that for topology design related problems, how can I calculate the Average network delay? As you can guess, […]Introducing Brigade – The Python automation framework
Brigade is a new automation framework written in Python and intended to be consumed directly from Python. You could describe it as the automation framework for Pythonistas. This might strike you as something wonderful, or it could trigger your spider-sense. Writing code? Isn’t that just for programmers? Continue reading
Zero Trust. Maximize Network Virtualization and Micro-segmentation
It’s official: when it comes to security threats, the question IT teams should be asking is not if but when. VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation. Analysis found that 92% of respondents reported having faced minor security incidents in the last 12 months alone, while 65% of respondents endured a major incident in the same time span. These figures seal the deal; the naïve days of preparing for potential issues are long gone. Cyber threats are real, imminent, and happen often.
Companies today attribute more of their security issues to improper network segmentation than to the volume of threats overall. In response, leaders across industries are turning to network virtualization – specifically the Zero Trust security model – as a key strategy in combating threats. This strategy posits that whether a network is labeled secure or insecure, both should be treated as equally vulnerable. Further, the Zero Trust model supports the argument that ”traditional, perimeter-based security configurations are no longer a sufficient measure for protecting the network, and highlights steps companies can take to better secure their network, starting with network virtualization Continue reading
Zero Trust. Maximize Network Virtualization and Micro-segmentation
VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation.
CenturyLink Plans to Lay Off 2% of Its Workforce
Union leaders lash out at CenturyLink's CEO Glen Post, but it's likely the layoffs come from former Level 3 executives who are taking over leadership of the company.
NetScout Revenue Sinks 27% in Q4 Fiscal 2018
The company also reported more downward guidance for its upcoming fiscal year, but remains optimistic about its product revenue.
Link Propagation 117
Welcome to Link Propagation, a Packet Pushers newsletter. Link Propagation is included in your free membership. Each week we scour the InterWebs to find the most relevant practitioner blog posts, tech news, and product announcements. We drink from the fire hose so you can sip from a coffee cup. Blogs How Real Life Can Change […]Transitioning Away From Legacy IT
One of the more exciting things I saw at Dell Technologies World this week was the announcement by VMware that they are supporting Microsoft Azure now in additional to AWS. It’s interesting because VMware is trying to provide a proven, stable migration path for companies that are wanting to move to the cloud but still retain their investments in VMware and legacy virtualization. But is offing legacy transition a good idea?
Hold On For One More Day
If I were to mention VLAN 1002-1005 to networking people, they would likely jump up and tell me that I was crazy. Because those VLANs are not valid on any Cisco switches save for the Nexus line. But why? What makes these forbidden? Unless you’re studying for your CCIE you probably just know these are bad and move on.
Turns out, they are a legacy transition mechanism from the IOS-SX days. 1002 and 1004 were designed to bridge FDDI-to-Ethernet, and 1003 and 1005 did the same for Token Ring. As Greg Ferro points out here, this code was tightly bound into IOS-SX and likely couldn’t be removed for fear of breaking the OS. The reservation continued forward in all IOS branches except Continue reading
Carbon Black Stock Raises $125 Million in Public Debut
The security company priced its IPO at the high end of its $17-$19 range.