Not Your Mama’s Security Architecture (Thwack)
It puts a firewall at the edge of the network or it gets the hose again. Think that’s still how security works? I don’t think so, my friend.
On the Solarwinds Thwack Geek Speak blog I look at how security architectures have changed from when our Mama used to create them, and I even take a moment to mention Greg Ferro (because, well, why not). Please do take a trip to Thwack and check out my post, “Not Your Mama’s Security Architecture“.
Please see my Disclosures page for more information about my role as a Solarwinds Ambassador.
If you liked this post, please do click through to the source at Not Your Mama’s Security Architecture (Thwack) and give me a share/like. Thank you!
DNS OARC 27
The DNS OARC meetings are an instance of a meeting that concentrates on the single topic of the DNS, and in this case it delves as deep as anyone is prepared to go! It's two days where too much DNS is barely enough!CCDE Practical Exam Dates 2018
Below is the CCDE Practical/Lab exam dates for 2018. As you might know there are four exam yearly. You can attend maximum four times. You don’t have to pass any exam other than CCDE Written Qualification exam to be able to attend CCDE Practical/Lab exam. For the cost, registration process , refund and […]
The post CCDE Practical Exam Dates 2018 appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
From Law School Dropout to Senior Network Engineer
Amy Arnold talks about her networking career and offers advice to aspiring networking pros.
Introduction to PAT- Port Address Translation
Today I am going to talk about PAT- Port Address Translation or so called as NAT overloading. Before we start with the PAT, please check the facts of NAT in the below mentioned link which i explained earlier.
NAT- Network Address Translation
Well with the above mentioned article link, let me brief you about the NAT is short bullet points
- Enables intra-networks that use private IP addresses to connect to the Internet by translating the address to a globally registered IP address.
- Stores mapping of local to global address in NAT table
- Increases network security by hiding internal IP addresses
- Typically operates at the border of a stub network (single connection to neighbor network)
- Private inside addresses = inside local
- Public addresses = inside global
Now let's talk about the PAT- Port Address Translation, below are the points about PAT
- NAT configured to advertise only one address for the entire internal network to the outside world “static PAT” or “address overloading” or “many-to-one”
- Appends a unique source port number to each translation to outside IP address
- Total number available internal addresses per 1 outside address is 65,536 ports
- Attempts to assign first available port number, if already allocated assigns Continue reading
Reducing the Number of Transported Routes
One of my friends sent me this design challenge:
Assume you’re migrating from another WAN transport technology to MPLS. The existing network has 3000 routes but the MPLS carrier is limiting you to 1000 routes. How could you solve this with MPLS?
Personally, I think MPLS is a red herring.
A better question would be “how do you reduce the number of routes transported across your WAN network” or “how do you reduce the routing interaction with your MPLS service providers” (particularly intriguing if you use more than one of them).
As always, there are several options and it’s impossible to recommend the best one:
- Readdressing is usually out of question (or at least too messy to try). It might also break numerous firewall rules and other hard-coded stuff… unless you automated everything, but then it wouldn’t be hard to readdress, would it?
- The usual answer would be to summarize the routes. The usual challenge is that you might not be able to do it (because random addressing). Furthermore, summarization is a lossy compression, and loss of forwarding information might result in black holes.
- RFC 1925 states that there’s nothing that cannot be solved with another layer Continue reading
Getting Started with Python Development
Over the last several years I’ve made a couple of efforts to become better at Python. As it stands now – I’d consider myself comfortable with Python but more in terms of scripting rather than actual Python development. What does Python Development mean? To me – at this point – it’s means writing more than a single Python file that does one thing. So why have my previous efforts failed? I think there have been a few reasons I never progressed much past scripting…
- I didn’t have a good understanding of Python tooling and the best way to build a project. This meant that I spent a large chunk of time messing around with Python versions, packages, and not actually writing any code. I was missing the fundamentals in terms of how to work in Python.
- I didn’t have a real goal in mind. Trying to learn something through ‘Hello World’ type examples doesn’t work for me. I need to see real world examples of something I’d actually use in order to understand how it works. I think this is likely why some of the higher level concepts in Python didn’t fully take hold on the Continue reading
The Current Approach to Data Handling Isn’t Working – The Equifax Breach Illustrates Why
Are you from the United States or Canada? If so, there is a big chance you had sensitive personal information stolen in the biggest data breach of the summer. Equifax, a major consumer credit agency in North America, experienced a data breach resulting in the loss of the personal information of over 140 million individuals, which puts its victims at increased risk of identity theft and other forms of fraud. The Equifax breach is on a massive scale, but it is only the latest in a very long list of reported data breaches in recent years. According to Gemalto, over nine billion individual records have been lost or stolen in reported data breaches since 2013 – and the vast majority of breaches go unreported. Data handlers of all types continue to act irresponsibly, failing to protect the data of their users or to even attempt to apply basic data protection procedures.
How data handlers protect the privacy of user data isn’t working.
The dominant approach to data handling, based around the concepts of risk and compliance, is over 35-years-old. With this approach, data handlers try to adhere to regulatory requirements and minimize the risk to themselves – not necessarily Continue reading
Broadcom’s Purchase of Brocade Gets Delayed, Again
Extreme will purchase Brocade's networking assets directly from Brocade.
Oracle Promises One Cloud to Rule Them All
New public cloud networking, compute, and storage features stomp on AWS, the company claims.
Dobar dan, Hrvatska! Announcing Cloudflare’s Zagreb Data Center
Fire the Gric Cannon! Hot on the heels of several birthday week product announcements, we continue to expand our global network.
Cloudflare is excited to announce the launch of our newest data center in Zagreb, Croatia, furthering the breadth of our network to 118 cities across 58 countries. Our Europe network alone now spans 33 cities across 25 countries (with at least ten new cities being planned). [For trivia fans: Our list of data centers beginning with the letter Z now spans four cities, with the others being Zhengzhou, Zhuzhou and Zurich].
Zagreb: A Thousand Years
CC BY 2.0 image by Mario Fajt, sobrecroacia.com
With a rich history going back almost a thousand years, Zagreb is sometimes called the City of Museums. Visitors can join the Saturday spica to Dolac market to try out the traditional paprenjak biscuit, hop on the shortest cable car in the world, explore Maksimir Park and more in this charming European city.
Local Interconnection
Croatia is home to over 3 million Internet users, with Internet penetration approaching 75%, which is high but still significantly lower than the European average of ~85%. Our newest deployment improves the security and Continue reading
Proof that our customers’ success is our success
From the start, one mission has driven us: to bring the economics and agility that the web-scale giants enjoy in networking to companies of all sizes.
We announced Cumulus Express at the start of the year with that mission front of mind. The response has exceeded our expectations and reaffirmed our belief that web-scale IT is something companies across the spectrum are serious about. open chassis based on Facebook Backpack — has helped us attract some amazing new customers within the Fortune 100, helping us boost bookings by more than 20%. An interesting insight from speaking to our customers is that established enterprises are looking to create a web-scale architecture with fixed and modular platforms. Both our fixed-form Cumulus Express offering as well as our modular platforms like Backpack cater to companies like those that need a joint solution that is easy to procure and quick to deploy. On average, the availability of Cumulus Express has cut the time it takes from initial conversation to live proof of concept (PoC) in half, meaning that our customers are seeing value faster.
But it isn’t just the Fortune 100 taking an interest; we’ve also seen uptake among other mainstream enterprises. For example, both Healthcare Realty, a major real estate trust, and Perth Radiological Clinic chose Express as a means of quickly expanding their existing Cumulus deployments. What’s more, we’re speaking to a whole range of other companies that are interested in following in their footsteps.
So how did we get here? Simple: we listened.
Many cloud architects we spoke with in the process of developing this product wanted more choice. Many companies were eager to build modern, web-scale networks, but needed the ability to deploy a PoC quickly before committing to the disaggregated model. This was particularly true among large, established enterprises. Others were already on board, but were used to buying their networking system as an appliance. We needed to create an option that would make buying Cumulus Linux — and getting a PoC up and running — quick and easy in both instances.
Enter Cumulus Express. With it, you get a fixed or modular switch preloaded with Cumulus Linux and a set of certified cables and optics. Offering our open networking software and high performance switching hardware in one ready-to-run package was one more way we could make web-scale networking more accessible to more companies and help them be successful.
It’s been a great year for us so far, but we never feel our work is done. I’ve always been steadfast in my belief that building great, enduring companies requires great products — built by listening to customers — so that’s what we’re going to continue to do. Keep sharing your feedback and ideas with us, because it fuels us to keep improving.
Alongside Cumulus Express, we’ve worked extremely hard to bring other standard-setting products like Host Pack to market and build further on our mission of bringing web-scale to the masses. What Cumulus Networks now has is the most mature offering on the market, so we’re perfectly placed to serve the demand for web-scale for years to come.
The post Proof that our customers’ success is our success appeared first on Cumulus Networks Blog.
Intent Washing with @CloudToad
Now this is marketing I can get behind.
Kubernetes Co-Developer: Community Eyes Big Cloud Providers’ Commitment
Heptio CTO Joe Beda claims greater Kubernetes reach will be achieved, not by a single technology, but by solving problems.