RESTful control of Cumulus Linux ACLs
The Github pphaal/acl_server project INSTALL page describes how to install the acl_server daemon and configure the NGINX web server front end for the Cumulus Linux REST API to include the acl_server functions. The integration ensures that the same access controls configured for the REST API apply to the acl_server functions, which appear under the /acl/ path.
The following examples demonstrate the REST API.
Create an ACL
curl -X PUT -H 'Content-Type:application/json' --data '["[iptables]","-A FORWARD --in-interface swp+ -d 10.10.100.10 -p udp --sport 53 -j DROP"]' -k -u 'cumulus:CumulusLinux!' https://10.0.0.52:8080/acl/ddos1ACLs are sent as a JSON encoded array of strings. Each string will be written as a line in a file stored under /etc/cumulus/acl/policy.d/ - See Cumulus Linux: Netfilter - ACLs. For example, the rule above will be written to the file 50rest-ddos1.rules with the following Continue reading
Facebook Targets Routing Space With Open/R Platform
The platform originally was part of its Terragraph wireless backhaul network.
Remote User Authentication and RBAC with NSX-T
Remote user authentication and role based access control (RBAC) is an important requirement when deploying new systems in an organization, particularly in the networking world. For that matter, systems typically leverage RADIUS or Active Directory (AD) servers, to name a few.
NSX-T integrates with VMware Identity Manager (vIDM) to get the following benefits related to user authentication:
- Support for extensive AAA Systems, including
- AD-based LDAP, OpenLDAP
- RADIUS
- SmartCards / Common Access Cards
- RSA Secure ID
- Enterprise Single Sign-On
- Common authentication platform across multiple VMware solutions
- Seamless single sign-on experience
This blog post covers the main steps required to integrate NSX-T with vIDM and to configure roles that grant different privileges to different users. It does not cover deployment and hardening of VMware Identity Manager (vIDM). At the end of the post, there is a link to a demo showing how to do the configuration and several role-based access tests.
Assuming that both NSX-T Manager and vIDM appliances are deployed, powered on and configured with the basic management details (IP address, admin users, etc.), the integration requires the following steps:
- Creating a OAuth client ID for the NSX-T Manager in vIDM
- Getting the vIDM appliance thumbprint
- Registering NSX-T Manager with Continue reading
Intel Brings 5G Closer to Reality with Multimode Modems
But the company cautions that 5G is about more than a fast connection.
Oracle Public Cloud Upgrades Target AI, Enterprise, and HPC Applications
Oracle claims the upgrades best AWS with 1,214 percent better storage performance.
Senet Wants to Expand IoT Connectivity Virtually
Cablecos, tower firms, or municipalities can get a cut of the IoT revenues.
Research: CrystalNet: Faithfully Emulating Large Production Networks
Microsoft research paper on network emulation at scale
SD-WAN 101: Introduction to Software-Defined Wide Area Networks
No doubt, there’s a plethora of information on the web about SD-WAN, short for Software-Defined Wide Area Network. It’s the next big thing in networking and everyone’s writing, making a video, or talking about it. But, if you’re like me, any time a new technology emerges, I prefer to learn the fundamentals before jumping into... Read more →
Deploy360 at IETF 100, Day 5: Zaìjiàn from the Lion City
There’s a couple of sessions of interest on the last day of IETF 100 before we wrap up for the week. Friday is only a half-day, but still manages to fit in sessions on human rights considerations and encryption. Human rights is not a topic that Deploy360 typically covers, but we have been increasingly asked to discuss the IRTF initiative on Human Rights Protocols Considerations. (There’s also a recent IETF Journal article on Human Rights Protocol Considerations.)
HRPC is researching the human rights threats on the Internet, whether standards and protocols can enable or threaten these, and is developing recommendations on developing Internet protocols around this. It recently published RFC 8080 outlining human rights threats on the Internet, and will be meeting at 09.30 SGT/UTC+8 to discuss three other drafts relating to Freedom of Association on the Internet, the Politics of Standards, and Unrequested Communications. There will also be a presentation on Chainiac: end-to-end software supply chain security and transparency, plus the next steps forward will be discussed.
NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.
PERC is also meeting at the same time, and has three drafts up for discussion. Continue reading
IPv6 Migration: 5 Best Practices
Follow these expert tips to smooth the process of adopting the new Internet Protocol standard.
Pluribus Networks… 2 Years Later
I first met Pluribus Networks 2.5 years ago during their Networking Field Day 9 presentation, which turned controversial enough that I was advised not to wear the same sweater during NFD16 to avoid jinxing another presentation (I also admit to be a bit biased in those days based on marketing deja-moo from a Pluribus sales guy I’d been exposed to during a customer engagement).
Pluribus NFD16 presentations were better; here’s what I got from them:
Read more ...