Fragmentation, Standards Remain Challenges to Open Optical Networks
Vendor community looks to avoid standards being forced onto the market.
Worth Reading: Hijacking Bitcoin
It turns out that if you can hijack less than a hundred BGP prefixes (feasible) you can isolate about 50% of the mining power in the network. Once a collection of nodes are partitioned from the network the network becomes more vulnerable to double spending attacks, transaction filtering, and selfish mining attacks. —Morning Paper
The post Worth Reading: Hijacking Bitcoin appeared first on rule 11 reader.
BGP Monitoring Protocol
The post BGP Monitoring Protocol appeared first on Noction.
How to make your site HTTPS-only
The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla reported that the percentage of requests made by Firefox using encrypted HTTPS passed 50% for the first time. HTTPS has numerous benefits that are not available over unencrypted HTTP, including improved performance with HTTP/2, SEO benefits for search engines like Google and the reassuring lock icon in the address bar.
So how do you add HTTPS to your site or service? That’s simple, Cloudflare offers free and automatic HTTPS support for all customers with no configuration. Sign up for any plan and Cloudflare will issue an SSL certificate for you and serve your site over HTTPS.
HTTPS-only
Enabling HTTPS does not mean that all visitors are protected. If a visitor types your website’s name into the address bar of a browser or follows an HTTP link, it will bring them to the insecure HTTP version of your website. In order to make your site HTTPS-only, you need to redirect visitors from the HTTP to the HTTPS version of your site.
Going HTTPS-only should be as easy as a click of a button, so we Continue reading
Linux Container Security: 10 Essential Elements
Find out the key steps for ensuring comprehensive container security.
Automation or Orchestration?
Have you ever wondered what the difference between automation and orchestration is?
Wikipedia defines automation as use of various control systems for operating equipment. The definition I prefer (because it’s easier to understand in network automation environment) is elimination of well-defined repeatable manual tasks – the emphasis being on well-defined and repeatable.
Read more ...How To: Setting up VPN (IPSec tunnel) to an AWS VPC
- Amazon's VPN connection service that uses the customer gateway and virtual private gateway.
- Using a VPN appliance that acts as a gateway terminating IPSec tunnel.
AWS side configuration
- Create a Virtual Private Gateway. This does not take any settings except a tag/name
- Create a Customer Gateway.
- Make sure the Customer Gateway mimic’s your external / gateway router in your infrastructure. (WAN IP). Select BGP or non-BGP according to your router config.
- Create a new VPC, say 10.0.0.0/16
- Connect the Virtual Private Gateway to this VPC. (VPG -> Attach VPC -> Select your vpc)
- Open the route table for this VPC and enable route propagation (VPC -> Route table -> Route Propataion -> Yes)
- Create new VPN
- Choose specific VPG to associate along with Customer Gateway. You can create a Customer Gateway when creating a VPN if you haven't already done step 1).
- Set routing options. Dynamic if your gateway router Continue reading
Packet Tracer in Firepower Threat Defense
I wanted to share a quick post on a feature that I have found incredibly useful on the ASA and has been extended to Firepower Threat Defense. The feature is called Packet Tracer and is an easy way to apply “packet walk” logic to a flow that would be initiated through the platform. Like most things FTD, the Firepower Management Console is the point of contact for initiating the process.
To initiate Packet Tracer in FTD, open the Firepower Management Console and choose ‘Devices‘ then ‘Device Management‘. Next, select the device that you want to perform the operation and select the icon that looks like a screwdriver and wrench.
This will produce the screen that provides health monitoring and troubleshooting for the device. Selecting “Advanced Troubleshooting” will change the view to a multi-tab troubleshooting screen.
Selecting the Packet Tracer tab will allow for input like Source/Destination, Protocol, Port, SGT, etc.
After filling out this information and choosing “Start“, the device would be put through the same process as an initial packet of a new connection. The resulting packet walk is shown in an expandable tree view or raw text (user selectable).
Tree View
Continue reading
Do We Need Chassis Switches Anymore in the DC?
While Cisco Live this year was far more about the campus than the DC, Cisco did announce the Cisco Nexus 9364C, a spine-oriented switch which can run in both ACI mode and NX-OS mode. And it is a monster.
It’s (64) ports of 100 Gigabit. It’s from a single SoC (the Cisco S6400 SoC).
It provides 6.4 Tbps in 2RU, likely running below 700 watts (probably a lot less). I mean, holy shit.
Cisco Nexus 9364C: (64) ports of 100 Gigabit Ethernet.
And Cisco isn’t the only vendor with an upcoming 64 port 100 gigabit switch in a 2RU form factor. Broadcom’s Tomahawk II, successor to their 25/100 Gigabit datacenter SoC, also sports the ability to have (64) 100 Gigabit interfaces. I would expect the usual suspects to announce switches based on these soon (Arista, Cisco Nexus 3K, Juniper, etc.)
And another vendor Innovium, while far less established, is claiming to have a chip in the works that can do (128) 100 Gigabit interfaces. On a single SoC.
For modern data center fabric, which rely on leaf/spine Clos style topologies, do we even need chassis anymore?
For a while we’ve been reliant upon the Sith-rule on Continue reading
Weakening encryption might be an easy fix, but counterproductive in the long-run
The debate on encryption in the EU has followed a familiar path in pitting national security against concerns about civil liberties and privacy. On the one hand, Governments and intelligence agencies have increasingly claimed that the widespread use of encryption could threaten national security.
Frédéric Donck