Archive

Category Archives for "Networking"

Worth Reading: IPv6 in enterprise networks

Many enterprises are beginning to implement IPv6, often starting with enabling IPv6 on their email and web servers. This, at least, makes it possible to communicate with the outside world via both protocols. Some are also enabling IPv6 in their internal networks, including corporate WANs and data centres. In these instances, enterprises are using dual stack designs. But what about the client networks consisting of mostly Windows PCs? —Wilhelm Boeddinghaus @ APNIC

IDG Contributor Network: 5 things analytics could tell you about your network in 2018

1. Whether your users are happy (without having to talk to them) It’s not always cool to admit, but the ultimate goal of every networker is to have happy users. Like many other thankless jobs, we only hear about problems. When we do, we react. But that isn’t ideal. What we really want is to know about problems as they are developing, before users complain. They don't even have to know.  But we do.A Network Management System (NMS) has been the traditional go-to solution to sniff out these sorts of problems. But most were designed for just one view of a certain part of the network using antiquated technology that doesn't provide any sort of predictive problem solving based on what the user is actually experiencing. It's like trying to figure out San Francisco traffic based on the status of the traffic signals. Just because the signals are working properly doesn’t mean the drivers (users) are having a good experience.To read this article in full, please click here

IDG Contributor Network: 5 things analytics could tell you about your network in 2018

1. Whether your users are happy (without having to talk to them) It’s not always cool to admit, but the ultimate goal of every networker is to have happy users. Like many other thankless jobs, we only hear about problems. When we do, we react. But that isn’t ideal. What we really want is to know about problems as they are developing, before users complain. They don't even have to know.  But we do.A Network Management System (NMS) has been the traditional go-to solution to sniff out these sorts of problems. But most were designed for just one view of a certain part of the network using antiquated technology that doesn't provide any sort of predictive problem solving based on what the user is actually experiencing. It's like trying to figure out San Francisco traffic based on the status of the traffic signals. Just because the signals are working properly doesn’t mean the drivers (users) are having a good experience.To read this article in full, please click here

How Cisco’s newest security tool can detect malware in encrypted traffic

Cisco’s Encrypted Traffic Analytics (ETA), a software platform that monitors network packet metadata to detect malicious traffic, even if its encrypted, is now generally available.The company initially launched ETA in June, 2017 during the launch of its intent-based network strategy and it’s been in a private preview since then. Today Cisco rolled ETA out beyond just the enterprises switches it was originally designed for and made it available on current and previous generation data center network hardware too.+MORE AT NETWORK WORLD: What is intent based networking? | Why intent based networking could be a big deal +To read this article in full, please click here

How Cisco’s newest security tool can detect malware in encrypted traffic

Cisco’s Encrypted Traffic Analytics (ETA), a software platform that monitors network packet metadata to detect malicious traffic, even if its encrypted, is now generally available.The company initially launched ETA in June, 2017 during the launch of its intent-based network strategy and it’s been in a private preview since then. Today Cisco rolled ETA out beyond just the enterprises switches it was originally designed for and made it available on current and previous generation data center network hardware too.+MORE AT NETWORK WORLD: What is intent based networking? | Why intent based networking could be a big deal +To read this article in full, please click here

How Cisco’s newest security tool can detect malware in encrypted traffic

Cisco’s Encrypted Traffic Analytics (ETA), a software platform that monitors network packet metadata to detect malicious traffic, even if its encrypted, is now generally available.The company initially launched ETA in June, 2017 during the launch of its intent-based network strategy and it’s been in a private preview since then. Today Cisco rolled ETA out beyond just the enterprises switches it was originally designed for and made it available on current and previous generation data center network hardware too.+MORE AT NETWORK WORLD: What is intent based networking? | Why intent based networking could be a big deal +To read this article in full, please click here

Reaction: Why Safe Harbors will Fail

Copyright law, at least in the United States, tends to be very strict. You can copy some portion of a work under “fair use” rules, but, for most works, you must ask permission before sharing content created by someone else. But what about content providers? If a content provider user uploads a “song cover,” for instance—essentially a remake of a popular song, not intended to create commercial value for the individual user—should the provider be required to take the content down as a violation of copyright? Content providers argue they should not be required to remove such content. For instance, in a recent article published by the EFF—

Platform safe harbors have been in the crosshairs of copyright industry lobbyists throughout 2017. All year EFF has observed them advancing their plans around the world to weaken or eliminate the legal protections that have enabled the operation of platforms as diverse as YouTube, the Internet Archive, Reddit, Medium, and many thousands more. Copyright safe harbor rules empower these platforms by ensuring that they are free to host user-uploaded content, without manually vetting it (or, worse, automatically filtering it) for possible copyright infringements. Without that legal protection, it would be impossible for Continue reading

Enhancing NSX with Check Point vSEC

While VMware NSX enables micro-segmentation of the Software Defined Data Center, it mostly polices traffic in layers 3 and 4, with only limited application level (layer 7) support.  Sometimes additional layers of protection are needed for use cases such as Secure DMZ or meeting regulatory compliance requirements like PCI, in which case partner solutions can be added to the platform, with traffic steered into the supplemental solution prior to reaching the vSwitch (virtual wire).  The resulting combination is high throughput due to the scale-out nature of NSX, but can also provide deep traffic analysis from the partner solution.

The usual enemy of deep traffic inspection in the data center is bandwidth.  NSX addresses this issue, micro-segmentation security policy is zero trust – only traffic explicitly permitted out of a VM can pass, then steering policy to 3rd party solutions can be designed in order that bulk protocols such as storage and backup bypass them, leaving a more manageable amount of traffic for Check Point vSEC to provide IPS, anti-virus and anti-malware protection on, including Check Point’s Sandblast Zero-Day Protection against zero day attacks.

The connection between vSEC and NSX enables dynamic threat tagging, where traffic from an VM reaches Continue reading

Today’s Mobile Networks Demand Virtual Functionality & Data Analytics

Next-Generation Mobile Network Telecom operators need new network monitoring tools.  Although mobile core networks are increasingly virtualized—through powerful and flexible technologies such as Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) —network monitoring and analytics functions have only recently started to be virtualized. Stand-alone virtual probes still require mirroring of all the traffic which in turn impacts performance... Read more →

Episode 19 – BGP: Traffic Engineering

In this Community Roundtable episode, returning guests Russ White and Nick Russo continue our three part deep dive into the Border Gateway Protocol, or BGP, with a look at the mechanisms within the protocol to perform traffic engineering.

Show Notes

Influence Ingress

  • Classic bestpath options to influence ingress
  • AS-path prepend outbound to influence inbound traffic
    • Why AS Path prepend doesn’t always work
      • In many areas, ISPs are in a full or almost full mesh and connected to common backbones making AS Path prepend largely irrelevant
      • Providers normally use their own local preference for outbound traffic back to a customer
    • MED
      • MED is a hint, it’s often stripped or ignored
      • MED only works if the AS Path is the same on all routes
      • MED is non-transitive and doesn’t mean anything beyond the next hop
      • Longest Match
        • Be careful about this, as it pollutes the DFZ
          • DFZ = default free zone
            • A router belongs to the DFZ if it doesn’t need a 0.0.0.0 route to reach everything on the internet
        • Tragedy of the commons here
          • An enterprise can force inbound traffic to be load-balanced better but it pushes the processing of that traffic engineering onto the internet
        • This is Continue reading

Anker’s Twin USB High Speed Car Phone Charger Is Just $8.99 Right Now

The PowerDrive 2 Elite from Anker is super compact, and can simultaneously charge 2 devices with the fastest possible charge of up to 2.4 amps per port. A soft blue LED light makes it easier to navigate in the dark. 10 safety mechanisms are built in to protect your devices from surge and temperature fluctuations, and an 18-month warranty is included for additional peace of mind.Although we haven't reviewed this model, our PCWorld team test drove the beefier PowerDrive Speed 2 model and found that it delivered on its promises (See: "Anker PowerDrive Speed 2 car charger review: Anker lights the way").To read this article in full, please click here

Is Cisco’s Mobility Express right for you?

One of the hottest topics on the minds of our customers for 2018 continues to be their wireless infrastructure. As WLAN 802.11ac wave 2 devices becoming mainstream, Cisco has placed a stake in the ground claiming to be the “value leader.”Cisco's solution to accomplish this is Mobility Express, designed to help companies easily set up wireless LAN (WLAN) networks. What exactly is Mobility Express? And is it right for you?What is Mobility Express? Mobility Express is the ability to use an access point (AP) as a controller. That means a lightweight network without a controller box. Instead one of the APs on the network acts as the controller. Here is how Cisco describes it:To read this article in full, please click here

Is Cisco’s Mobility Express right for you?

One of the hottest topics on the minds of our customers for 2018 continues to be their wireless infrastructure. As WLAN 802.11ac wave 2 devices becoming mainstream, Cisco has placed a stake in the ground claiming to be the “value leader.”Cisco's solution to accomplish this is Mobility Express, designed to help companies easily set up wireless LAN (WLAN) networks. What exactly is Mobility Express? And is it right for you?What is Mobility Express? Mobility Express is the ability to use an access point (AP) as a controller. That means a lightweight network without a controller box. Instead one of the APs on the network acts as the controller. Here is how Cisco describes it:To read this article in full, please click here

Does Hyperconverged Infrastructure Save Money?

Hyperconverged infrastructure vendors always tout the technology's cost efficiency, arguing that HCI reduces costs because it requires less administrative burden. In this video, Keith Townsend, principal at The CTO Advisor and Interop ITX infrastructure chair, examines whether hyperconvergence really costs less than traditional three-tier IT infrastructure.

1 1,503 1,504 1,505 1,506 1,507 3,443