Archive

Category Archives for "Networking"

Linux Routing On The Host With FRR

We've all been there, it's supposed to be a relatively simple change and then BOOM! Spanning tree topology change blows up the network :( There is a movement in the data centre space to push the layer 2 boundary down into the host to avoid the bandwidth waste of spanning tree link blocking and...

My DC Virtual Lab Setup – Insights

Hi,

I have been getting a lot of requests offline and online on the lab setup I use, I have to say I have tested many things and finally settled with Vmware ESXi 5.5. Eve-ng was good but not good enough when spawned with multiple instances of qemu, maybe because my host operating system might be slow enough for it.

I will cover the connectivity for two VMX devices but the logic Remains same for any device connectivity.

What I have Already

-> Vmware Esxi5.5

-> Dell R810

-> Insane amount of time to waste :), I hope you won’t fall into the same path.

 

You need to have the OVA files, all settings are straightforward, don’t even worry about Memory allocations yet, there is time for that and also the networking part, import the OVA

There will be two OVA images

Vfp – forwarding plane

VCP – Control Plane

General import – No Rocket science – Don’t worry about any settings as of now

 

This is how my VCP looks like – Again don’t worry about any networking here, catch here – VCP has only two networking Adapters – One for Fxp0 which is the Continue reading

Meltdown and Spectre exploits: Cutting through the FUD

There is lots of information circulating about the new exploits of computer chips from Intel and others announced in the past few days. Some of it has been accurate, and some has been sensationalist and overblown. There is much technical information with high level of details available for both Meltdown and Spectre, so I won’t get into a lot of technical detail here. Rather, I’ll focus on the higher-level issues affecting business and personal computer users.First, to be clear, these exploits affect all the major computer chip architectures. The major chip makers — AMD, ARM and Intel — have decided to work together to mitigate the potential effects of a common enemy that affects most modern computer chips — a good sign for future industry collaboration. And all the major software vendors of Linux, Microsoft for Windows, Apple for macOS, and virtualization software suppliers such as VMware and Citrix have all collaborated to mitigate this threat.To read this article in full, please click here

Meltdown and Spectre exploits: Cutting through the FUD

There is lots of information circulating about the new exploits of computer chips from Intel and others announced in the past few days. Some of it has been accurate, and some has been sensationalist and overblown. There is much technical information with high level of details available for both Meltdown and Spectre, so I won’t get into a lot of technical detail here. Rather, I’ll focus on the higher-level issues affecting business and personal computer users.+RELATED: Intel’s processor flaw is a virtualization nightmare; Red Hat responds to the Intel processor flaw+To read this article in full, please click here

Meltdown and Spectre exploits: Cutting through the FUD

There is lots of information circulating about the new exploits of computer chips from Intel and others announced in the past few days. Some of it has been accurate, and some has been sensationalist and overblown. There is much technical information with high level of details available for both Meltdown and Spectre, so I won’t get into a lot of technical detail here. Rather, I’ll focus on the higher-level issues affecting business and personal computer users.+RELATED: Intel’s processor flaw is a virtualization nightmare; Red Hat responds to the Intel processor flaw+To read this article in full, please click here

Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security

Today the tech media is focused on the announcement of two security vulnerabilities, nicknamed Meltdown and Spectre, that are found in almost all CPUs used in modern devices. Mobile phones, laptops, desktop computers, cloud services, and Internet of Things (IoT) devices are all vulnerable.

There are many articles being published on this topic. The best source of information I’ve found is this site by the security researchers at the Graz University of Technology:

https://meltdownattack.com/

At the bottom of that page are links to the security blog posts, advisories, and other statements from companies and organizations across the industry. In an excellent example of the principles of Collaborative Security, the announcement was coordinated with the release of patches and updates for a wide range of operating systems and devices.

For readers wanting a deeper technical dive, the site from Graz University has links to multiple academic papers. Google’s Project Zero team also published a detailed technical analysis.

From our perspective, today’s news highlights a couple of points:

  • Keeping up to date on patches is critical. We each need to ensure that we upgrade our own systems and devices. If we work for organizations/companies, we need to ensure that processes are in place Continue reading

Understanding the architecture of the modern Linux operating system

Linux is cool and can do amazing things in the enterprise data center, whether it’s hosting a web app or acting as an Internet firewall. But what makes up the modern Linux OS? What are the many pieces and parts that make the Linux OS work? Before we answer those questions, let’s start by answering a few more basic questions about Linux architecture such as…

What is an operating system?

The short answer is that an operating system, or OS, is software that you load on your hardware to make it do things. Without an operating system, most hardware is useless. For example, you might have a Dell computer that runs the Windows 10 operating system from which you run your applications. You might have an iPhone that runs the iOS operating system. You may also have an Apple MacBook that runs the Apple macOS operating system. The operating systems on these hardware platforms are what enable them to run applications, as shown in the graphic.

Linux architecture

What is a kernel, and what does it do?

The kernel is the special piece of the operating system that controls the CPU hardware, allocates memory, accesses data, schedules processes, runs the applications and Continue reading

Getting More Out Of NSX Webcast Series

 

Each episode in this Getting More Out of NSX webcast series has its own topic, so there is no need to watch each episode to understand the next one. The episodes cover a variety of NSX features and explain in detail how NSX is the solution to key challenges faced by IT professionals. With the use of product demos, our NSX experts will show you how NSX allows granular control on an application by application basis to achieve the dream of universal security across the network. You will learn about:

  • NSX optimization for performance – how NSX eliminates the need for agent management and overprovisioning, thus reducing costs
  • NSX automated ubiquitous deployment & enforcement
  • NSX simplified policy management & automation across services

 

Now Available On-Demand

Episode 1: Deep Dive into NSX Service Composer, covered the mapping of applications, adding context to your Security Policy, and the NSX Service Composer and Application Rule Manager. Episode 2: Micro-segmentation Preparation and Planning with vRNI, covered how to perform Plan Security around Applications, build rulesets from Recommendations from vRNI, and verify rules compliance.

There is no need to watch Episodes 1 and 2 to understand Episodes 3 and 4 as each episode has its own topic. Episodes 1 and 2 can be accessed here.

 

Upcoming

Continue reading

Red Hat responds to the Intel processor flaw

How are the Linux vendors addressing the recently-exposed Intel processor flaw? I asked Red Hat and got some solid answers.What is the nature of the problem? Discovered some time ago, but only just yesterday brought into public view, the CPU flaw allows an attacker to bypass restrictions to gain access to privileged memory (which should be inaccessible) -- possibly stealing sensitive information from computer systems, mobile devices, and cloud deployments. There are actually two problems and they've been dubbed "Meltdown" and "Spectre". They potentially affect 90% of computer servers and virtually every Intel microprocessor.The Meltdown flaw is specific to Intel while Spectre is a design flaw that has been used by many processor manufacturers for decades.To read this article in full, please click here

Flowspec and RFC1998?

In a recent comment, Dave Raney asked:

Russ, I read your latest blog post on BGP. I have been curious about another development. Specifically is there still any work related to using BGP Flowspec in a similar fashion to RFC1998. In which a customer of a provider will be able to ask a provider to discard traffic using a flowspec rule at the provider edge. I saw that these were in development and are similar but both appear defunct. BGP Flowspec-ORF https://www.ietf.org/proceedings/93/slides/slides-93-idr-19.pdf BGP Flowspec Redirect https://tools.ietf.org/html/draft-ietf-idr-flowspec-redirect-ip-02.

This is a good question—to which there are two answers. The first is this service does exist. While its not widely publicized, a number of transit providers do, in fact, offer the ability to send them a flowspec community which will cause them to set a filter on their end of the link. This kind of service is immensely useful for countering Distributed Denial of Service (DDoS) attacks, of course. The problem is such services are expensive. The one provider I have personal experience with charges per prefix, and the cost is high enough to make it much less attractive.

Why would the cost be so high? The same Continue reading

39% off American Red Cross Blackout Buddy Emergency Nightlight – Deal Alert

Just leave the slim and trim Blackout Buddy in your wall socket and you’ll never be in the dark. It automatically turns on when the power goes out so that you can easily locate it. Then, fold away the prongs and you've got yourself a flashlight. A very bright idea from the American Red Cross. Flip a switch and the Blackout Buddy also doubles as an LED nightlight, so you can keep your kids' rooms, hallways, or kitchen always illuminated. The Blackout Buddy keeps itself charged and provides up to 4 hours of light when needed. It averages 4.5 out of 5 stars from over 1,800 people on Amazon (read reviews). Its typical list price of $14.64 has been reduced 39% to just $8.98.To read this article in full, please click here

34% off TurboTax Deluxe 2017 Tax Software, Federal & State – Deal Alert

TurboTax coaches you every step of the way and double checks your return as you go to handle even the toughest tax situations, so you can be confident you’re getting every dollar you deserve. Its typical list price of $59.99 has been reduced a generous 34% to $39.86 in a deal that is exclusive to Amazon. Also exclusive to this Amazon deal, receive a free 1-year subscription to Quicken Starter Edition 2018. Learn more, or take advantage of the deal now, on Amazon.To read this article in full, please click here