Archive

Category Archives for "Networking"

NSX-T: Multi-Tiered Routing Architecture

Multi-tenancy exists in some shape or form in almost every network. For an Enterprise network, it can be the separation of tenants based on different business units, departments, different security/network policies or compliance requirements. For a service provider, multi-tenancy can simply be separation of different customers (tenants).

Multi-tenancy doesn’t just allow separation of tenants, but also provides control boundaries as to who controls what. For instance, tenant administrators can control/configure the network and security policies for their specific tenants and a service provider administrator can either provide a shared service or provide inter-tenant or WAN connectivity.

In the logical routing world of NSX-T, this provider function can provide connectivity between the tenant logical networks and  physical infrastructure. It can also provide inter-tenant communication or some shared services (like NAT, Load Balancer etc.) to the tenants.

In my previous post, NSX-T: Routing where you need it (Part 1), I discussed how NSX-T provides optimized E-W distributed routing and N-S centralized routing. In addition to that, NSX-T supports a multi-tiered routing model with logical separation between provider router functions and tenant routing functions. The concept of multi-tenancy is built into the routing model. The top-tier logical router is referred to Continue reading

VxLan – Short Story Lab

Hi,

Note: Its perfectly possible to do VXLAN/EVPN on VQFX and VMX, all you have to do is to setup a good lab over ESXI or if you want you can do it over Eve-ng emulator. I personally did it via ESXI.

Am not covering the petty BGP configuration of Full-Mesh and Evpn-BGP configuration, its very simple, this post mainly Aims at show-casing the quick and short way of setting up EVPN/VXLAN in Vqfx and over vMX

On the way to some DC Lab Practise, I wanted to quickly show you guys how to lab up Vxlan on Vqfx and Vmx.

Intention – I was reading on VxLan and as most of my learning comes around seeing things first and understanding the later, I felt uncomfortable too soon reading at the Documentation, I wanted to learn it by doing.

Here is the topology

 

 

Goal – Build Vxlan / Evpn with a very small set-up to under the workings.

First things first

-> In order to build any VxLan, you need to have some underlay and some overlay. Our underlay is BGP (It can be anything you see, as long as it can exchange Loopback Space and establish IP Continue reading

NDSS 2018: Automating the Process of Vulnerability Discovery

NDSS 2018 is in full swing in San Diego this week and a couple of papers that really grabbed my attention were both in the same session on Network Security and Cellular Networks yesterday.

Samuel Jero, a PhD student at Purdue University and past IRTF Applied Networking Research Prize Winner, presented a fascinating paper on “Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach”. Of the many protocols and algorithms that are in daily use on the Internet, some are more fundamental and important than others and it doesn’t get much more fundamental and important than TCP congestion control.

TCP congestion control is what makes it possible for millions of autonomous devices and networks to seamlessly, and more-or-less fairly, share available bandwidth. Without it the network would literally collapse.

Attacks against congestion control to manipulate senders’ or receivers’ understanding of the state of the network have been known for some time. Jero and his co-authors Endadul Hoque, David Choffnes, Alan Mislove and Cristina Nita-Rotaru developed an approach using model-based testing to address the scalability challenges of previous work to automate the discovery of manipulation attacks against congestion control algorithms.

By building abstract models of several congestion Continue reading

Micron sets its sights on quad-cell storage

Micron is the latest NAND flash memory maker to announce plans for quadruple-level cell (QLC) flash memory, following similar announcements from Toshiba and Western Digital. It's a very technical story with a very real impact.NAND flash memory stores data in one bit per cell, with billions of cells in the flash memory chips. For flash drives to gain capacity, there are two solutions: increase the number of chips in the drive, which has physical limitations, and increase the density per cell, which is limited by the laws of physics.Also read: Impact of Intel and Micron ending their NAND partnership is negligible | Sign up: Receive daily tech news updates The first single-level cell, with one bit per cell, first emerged in the late 1980s when flash drives first appeared for mainframes. In the late 1990s came multi-level cell (MLC) drives capable of storing two bits per cell. Triple-level cell (TLC) didn't come out until 2013 when Samsung introduced its 840 series of SSDs. So, these advances take a long time, although they are being sped up by a massive increase in R&D dollars in recent years.To read this article in full, please click here

Using Go as a scripting language in Linux

Using Go as a scripting language in Linux

At Cloudflare we like Go. We use it in many in-house software projects as well as parts of bigger pipeline systems. But can we take Go to the next level and use it as a scripting language for our favourite operating system, Linux?
Using Go as a scripting language in Linux
gopher image CC BY 3.0 Renee French
Tux image CC0 BY OpenClipart-Vectors

Why consider Go as a scripting language

Short answer: why not? Go is relatively easy to learn, not too verbose and there is a huge ecosystem of libraries which can be reused to avoid writing all the code from scratch. Some other potential advantages it might bring:

  • Go-based build system for your Go project: go build command is mostly suitable for small, self-contained projects. More complex projects usually adopt some build system/set of scripts. Why not have these scripts written in Go then as well?
  • Easy non-privileged package management out of the box: if you want to use a third-party library in your script, you can simply go get it. And because the code will be installed in your GOPATH, getting a third-party library does not require administrative privileges on the system (unlike some other scripting languages). This is especially useful in large Continue reading

Is the IoT backlash finally here?

As pretty much everyone knows, the Internet of Things (IoT) hype has been going strong for a few years now. I’ve done my part, no doubt, covering the technology extensively for the past 9 months. As vendors and users all scramble to cash in, it often seems like nothing can stop the rise IoT.Maybe not, but there have been rumblings of a backlash to the rise of IoT for several years. Consumer and experts worry that the IoT may not easily fulfill its heavily hyped promise, or that it will turn out to be more cumbersome than anticipated, allow serious security issues, and compromise our privacy.To read this article in full, please click here

Is the IoT backlash finally here?

As pretty much everyone knows, the Internet of Things (IoT) hype has been going strong for a few years now. I’ve done my part, no doubt, covering the technology extensively for the past 9 months. As vendors and users all scramble to cash in, it often seems like nothing can stop the rise IoT.Maybe not, but there have been rumblings of a backlash to the rise of IoT for several years. Consumer and experts worry that the IoT may not easily fulfill its heavily hyped promise, or that it will turn out to be more cumbersome than anticipated, allow serious security issues, and compromise our privacy.To read this article in full, please click here

Automation: Easy Button vs Sentient Voodoo Magic Button

Automation has become this “all-encompassing thingy” much like SDN. It’s a software industry problem and it’s critical more now than ever that we do not slip backwards by trying to drag a broken idea forwards.

This post contains nothing new and should act as polish on common sense. If you’re on the look-out for removing pain and getting stuff done with the power of automation, read on.

If your processes and operating handbook for your team or organisation is in disarray, it will not come too much as a surprise when your automation team implements something inherently broken. Naturally the technology, shortly followed by the team will take a boat load of blame. Whilst artificial intelligence and machine learning is promising, unless you have a team of subject matter experts or have very deep pockets, automation today is simple and the patterns are hard wired. Even decision making logic has been should be pre-thought. Automation platforms do not today think creatively and do not possess sentient capabilities. If they did, I would be on a beach right now drinking mojitos, smoking cigars and wondering what to do with my time on this rock (the answer by the way would be Continue reading

On the ‘net: Spectre, Meltdown, and Flexible Scaleout

The recent Meltdown and Spectre attacks illustrate the problematic nature of modern computing systems. While the earlier Rowhammer attack could read or attack one process running in a virtual environment from another process running on the same processor, the Meltdown and Spectre attacks are of a completely different class, enabling a process to read large amounts of information from another process’ memory space. @GestaltIT

Context-Aware Micro-segmentation – Remote Desktop Session Host Enhancements for Citrix

In a previous post by my colleague, Stijn, discussed the new changes to how NSX for vSphere 6.4 handles Remote Desktop Session Host, RDSH, systems with the Identity-based Firewall and context-aware micro-segmentation.

RDSH is an underlying technology from Microsoft that many vendors take advantage of to provide overlay management and application deployment technologies for.  In this post, we’re going to discuss how NSX 6.4 and the new changes to support RDSH hosts works with Citrix XenApp systems.

Citrix XenApp can provide multiple users the ability to connect to a single system to access their applications using the RDSH technology.  These users can be of the same type, for example all HR users, or of multiple types, HR and Engineering users.  NSX has supported User Identity based firewalling for Virtual Desktops since the 6.0 release, but it did not address RDSH in which multiple user sessions are connecting to the same host  This meant less flexibility in controlling what users could access data center application servers without isolating one set of users to one RDSH server.  This model created a very rigid architecture for XenApp customers to follow, which brought about the use of Continue reading

VMware’s Honore’ LaBourdette Discusses ‘Hybridity’ & the Next Wave of Telco Virtualization

Honore’ LaBourdette With 5G and the Internet of Things (IoT) dominating industry conversation, telcos and other communications service providers (CSPs) are embracing network function virtualization and the cloud, with a software-defined architecture. But to truly participate in the cloud economy, compete effectively with OTT rivals, and be positioned to capture the rich opportunities presented by 5G and... Read more →

1 1,471 1,472 1,473 1,474 1,475 3,455