Archive

Category Archives for "Networking"

VXLAN Limitations of Data Center Switches

One of my readers found this Culumus Networks article that explains why you can’t have more than a few hundred VXLAN-based VLAN segments on every port of 48-port Trident-2 data center switch.

Expect to see similar limitations in most other chipsets. There’s a huge gap between millions of segments enabled by 24-bit VXLAN Network Identifier and reality of switching silicon. Most switching hardware is also limited to 4K VLANs.

Read more ...

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). In response we have just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.

Drupal Advisory: https://www.drupal.org/sa-core-2018-002

Aruba co-founder: We want to live on the edge

Tech companies of every stripe are staking their claim to the internet of things, and networking vendors like Aruba are no exception. But to hear co-founder and president Keerti Melkote tell it, his company’s pitch might have a little more heat on it than others.Aruba’s IoT credentials are based on a relatively simple premise – by definition, IoT devices have to be on the network, and they’re one of the bigger fish in that particular pool.[ Find out how 5G wireless could change networking as we know it and how to deal with networking IoT. | Get regularly scheduled insights by signing up for Network World newsletters. ] The company has a lot of experience in onboarding devices – hard-won during the era of BYOD, covering provisioning, credentials, privilege levels and monitoring – which translates well to the world of IoT, particularly given the urgent need to secure those devices.To read this article in full, please click here

BrandPost: How network automation moves AI from science fiction to reality

Artificial intelligence (AI) has become a buzzword, and what once was realized only in sci-fi movies, is now a burgeoning reality in IT processes.There are significant savings — both in terms of time and money — to be had, as well as an increase in mission delivery.However, before organizations can take advantage of advancements like AI today, they must take a few key steps. One area is in the network. Let’s explore how enterprises can begin to evolve their network technology to leverage AI capabilities in the near future.AutomationNetwork automation is a meaningful step towards AI that can provide enhanced mission delivery today. By leveraging automation capabilities within the network, immediate efficiencies can be realized.To read this article in full, please click here

BrandPost: Mobile user engagement apps: Trends & requirements

The mobile engagement app has emerged as a way to acquire, retain, and monetize loyal user bases. When designed properly, everyone gains from the app. Users are more satisfied, productive, and even safer. Businesses can enjoy larger and more predictable revenue streams. Executed poorly, mobile apps can have low download rates, and become abandoned, forgotten or deleted.To learn more about how businesses are using these apps and their plans for the future, we surveyed companies across all industries. A high percentage of organizations have already determined they need an engagement app. To date, most of the apps in use are being developed in-house; commercial off-the-shelf versions are up and coming, but not yet well-known. We learned there is still lots of room for improvement and that an important requirement of the apps is to track location.To read this article in full, please click here

BrandPost: 802.11ax enhancements: What’s all the hype about?

Devin Akin, the Principal Wi-Fi Architect for Divergent Dynamics, recently gave a great webinar presentation on the upcoming release of the new 802.11ax standard.When any new technology is introduced, there is a tendency for companies to over-rotate and get caught up with the hype. Devin is anti-hype; he balances the discussion with education, and shares the detailed realities of the new underlying technology. As with past introductions of 802.11 enhancements, it is important to pay attention to the standard ratification date, silicon production schedules, and in particular, 11ax client introductions.  What’s So Different About 802.11ax?To read this article in full, please click here

BrandPost: An efficient network: The Fabric of a complex paperless hospital system

As CTO of a large regional hospital system, I know that the network is vital to everything. I consider the network in the same critical category as electricity, oxygen, and water. It needs to be available 24x7x365 to support Concord Hospital’s half a million patients and over 5,000 network users across our 30 locations.Because we don’t do anything on paper, the network can never go down. Extreme Fabric Connect has solved that problem for us. It provides a secure, self-healing, highly-available network to serve our patients effectively in our complex paperless environment. All the Benefits of MPLS, None of the HeadachesTo read this article in full, please click here

BrandPost: The cloud payoff: Ensuring hybrid works for your enterprise

As more and more enterprises move to hybrid cloud, there are some interesting relationships among enterprises, Internet and cloud exchanges, and colocation providers to satisfy IT strategies through hybrid clouds. In its Strategic Roadmap for Data Center Infrastructure, Gartner notes that “by 2019, 80% of enterprises will have an IT strategy that includes multiple Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers.” This is up from only 10% in 2015, while “by the end of 2018, 10% of enterprises will close their on-premises data centers entirely.”To read this article in full, please click here

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character which results in remote code execution.

We have also in accordance, just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.

Drupal Advisory: https://www.drupal.org/sa-core-2018-002

Building Our New Website: POSSE and Sharing on Facebook, Twitter, LinkedIn, Google+ and More

As we built our new website, one of my own guiding principles was “POSSE“, a content publishing model from the “IndieWeb” movement. The idea is:

Publish on your
Own
Site,
Syndicate
Elsewhere

Essentially, make sure you own your own content – and then share it out onto other sites and services. (See the IndieWeb page about POSSE for more discussion.) Make your own website the “hub” for all your content, and then have spokes going out to all the other places where people might discover and learn about your content.

To me, this model is the best way to support the principles of the open Internet, while engaging people in the places where they already are.

Why does this matter?

We aren’t just publishing reports, papers, blog posts and articles for the sake of talking about what we are doing.

We are publishing content to bring about change that ensures the Internet remains open, globally connected, and secure. As we said in our vision statement for the new website:

Our website is a driving force in Continue reading

Policing, Shaping, and Performance

Policing traffic and shaping traffic are two completely different things, but it is hard to know, in the wild, what the impact of one or the other will have on a particular traffic flow, or on the performance of applications in general. While the paper under review here, An Internet-Wide Analysis of Traffic Policing, is largely focused on the global ‘net, specifically from a content provider’s perspective, it contains lessons for just about every network operator who needs to manage Quality of Service (QoS) in a sane and meaningful way.

Flach, Tobias, Pavlos Papageorge, Andreas Terzis, Luis Pedrosa, Yuchung Cheng, Tayeb Karim, Ethan Katz-Bassett, and Ramesh Govindan. 2016. “An Internet-Wide Analysis of Traffic Policing.” In Proceedings of the 2016 ACM SIGCOMM Conference, 468–482. SIGCOMM ’16. New York, NY, USA: ACM. https://doi.org/10.1145/2934872.2934873.

Traffic policing involves setting up a queue with a pool of tokens. For some unit of traffic—assume a packet here—received, a token is consumed. When a packet is transmitted, the token is added back to the pool. If the pool is sized correctly, short bursts in the traffic stream will be allowed through, but if the application attempts to establish a session using more bandwidth Continue reading

Let’s Encrypt Offers Free Multi-Domain HTTPS Certificates

Let’s Encrypt, a nonprofit certificate authority launched in 2016, has delivered on its pledge to offer free certificates that enable secure HTTP connections for complete domains.

The organization’s new wildcard certificate service, allowing website operators to secure all subdomains of a domain with a single certificate, should help the Internet become more secure by enabling wider deployment of HTTPS, Josh Aas, executive director of the Internet Security Research Group, wrote in a blog post. (Full disclosure: the Internet Society is a major sponsor of Let’s Encrypt.)

Last July, Let’s Encrypt had promised that it would offer free wildcard certificates. With the recent release of the ACMEv2 [Automatic Certificate Management Environment] Protocol, the organization delivered on that promise.

“Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS,” Aas wrote. “We’re excited about the prospect of a 100% HTTPS Web and we’re working hard to get there.”

A wildcard certificate isn’t recommended for all websites, Aas noted. In most cases, other certificates, such as single-domain ones, will be more appropriate.

Although wildcard certificates enable streamlined management of HTTPS, some security Continue reading

We’ve Added a New Google Cloud Platform Course to Our Video Library!

This course introduces AWS professionals to the core capabilities of Google Cloud Platform (GCP) in the four technology pillars: networking, compute, storage, and database. It is designed for AWS Solution Architects and SysOps Administrators familiar with AWS features and setup, who want to gain experience configuring GCP products.

The Google Cloud Platform for AWS Professionals is 6 hours and 9 minutes long and is taught by Joseph Holbrook. If you’re interested in watching, you can view the course using your All Access Pass or buy the course at ine.com.

About the Instructor:

Joe Holbrook has been in the IT field since 1993 when he was exposed to several HPUX systems on board a US Navy flagship. He has migrated from UNIX world to Storage Area Networking (SAN) and then onto Enterprise Virtualization and Cloud Architecture. He worked for numerous companies like HDS, 3PAR Data, Brocade, Dimension Data, EMC, Northrup Grumman, ViON, Ibasis.net, Chematch.com, SAIC and Siemens Nixdorf. Currently he works as a Subject Matter Expert specializing in Cloud/IT Security focused on Data Storage infrastructure services and Data migrations to the Cloud.

He holds Industry leading certifications from Amazon Web Services, Google Cloud Platform, Brocade, Hitachi Data Systems, Continue reading