NSX-T 2.0 is here!
VMware NSX is a network virtualization and security platform for the enterprise that is helping our customers make the transition to the digital era. As developers embrace new technologies like containers, and the percentage of workloads running in public clouds increases, network virtualization must expand to offer a full range of networking and security services,... Read more →
NSX-T 2.0 is here !
VMware NSX is a network virtualization and security platform for the enterprise that is helping our customers make the transition to the digital era. As developers embrace new technologies like containers, and the percentage of workloads running in public clouds increases, network virtualization must expand to offer a full range of networking and security services, natively, in these environments.
Today, we are announcing the next version of NSX-T that can provide network virtualization for a multi-cloud and multi-hypervisor environment. The NSX technology that you are familiar with and use it for so many years is now be available for cloud and container environments. Circa VMworld 2016, we showed a prototype of NSX that can provide network virtualization and micro-segmentation for native AWS workloads. That journey is now complete and the initial availability of that service for some customers is already available for their AWS workloads.
NSX can now provide seamless network virtualization for workloads running on either VMs or Containers. VMs can be located either on-prem or on AWS. NSX will provide the entire feature set for either Vmware vSphere Hypervisors or KVM hypervisors. For native workloads on AWS, NSX will provide VMware NSX Secure Cloud to provide the Continue reading
Google leaked prefixes – and knocked Japan off the Internet
Last Friday, 25 August, a routing incident caused large-scale internet disruption. It hit Japanese users the hardest, slowing or blocking access to websites and online services for dozens of Japanese companies.
What happened is that Google accidentally leaked BGP prefixes it learned from peering relationships, essentially becoming a transit provider instead of simply exchanging traffic between two networks and their customers. This also exposed some internal traffic engineering that caused many of these prefixes to get de-aggregated and therefore raised their probability of getting accepted elsewhere.
The incident technically lasted less than ten minutes, but spread quickly around the Internet and caused some damage. Connectivity was restored, but persistently slow connection speeds affected industries like finance, transportation, and online gaming for several hours. Google apologized for the trouble, saying it was caused by an errant network setting that was corrected within eight minutes of its discovery.
This incident showed, again, how fragile the global routing system still is against configuration mistakes, to say nothing about malicious attacks.
What it also showed is a lack of defense – the incident propagated seemingly without any attempt from other networks to stop it.
The Internet Society works to address security in many ways, Continue reading
The Business Case for Retail MEC: A TCO Analysis and its Implications in the 5G Era
As the research shows, MEC has deep implications for retail—from both a total cost of ownership (TCO) and use-case perspective.
IGF-USA: Promoting a More Inclusive Internet
The IGF-USA took place in Washington D.C on July 24, 2017. During the event, the panel “Promoting a More Inclusive Internet” looked at current barriers to an inclusive Internet and explored how access could be expanded to underserved areas and to underrepresented communities. Moderated by Dr. Brandie Nonnecke, Research & Development Manager for CITRIS and the Banatao Institute at the University of California-Berkeley and Chair of the San Francisco-Bay Area Internet Society Chapter Working Group on Internet Governance, the panel brought together several experts on access provision, each with many years experience of connecting the unconnected in the USA and overseas.
Decentralized Approach
One of the main themes of the panel was that there is no ‘one size fits all’ approach to getting communities online. Rather than focus on technical deployment, the panelists argued that the focus needs to shift to what Internet access actually means to different communities and to solutions adapted to fit their specific needs. When proposing solutions, the first question that needs to be asked is, ‘What are the problems that Internet access will solve?’ Often, what works for one community won’t work for another. “No one should decide what other people’s Internet access Continue reading
New Coder: Stop What You’re Doing!
Let’s get coding! We’ve selected a language, we’ve done some online training, and we’re ready to get coding and automate the first thing we stumble across. How exciting! Aaaaannnnnd STOP.
On the Solarwinds Thwack Geek Speak blog I looked at the “80:20” rule and how to use it to guide where to get the biggest return on investment when spending time coding, then I gave some advice on how to select a task to automate. Please do take a trip to Thwack and check out my post, “New Coder: Stop What You’re Doing“.
Please see my Disclosures page for more information about my role as a Solarwinds Ambassador.
If you liked this post, please do click through to the source at New Coder: Stop What You’re Doing! and give me a share/like. Thank you!
BGP Route Reflector in Plain English
BGP Route Reflector in Plain English, in this post, I will explain you the BGP Route Reflector basics, after you read this post, you will be able to answer many questions regarding BGP Route Reflectors. Outline of this post is as below. What is BGP Route Reflector ? Why BGP Route Reflector […]
The post BGP Route Reflector in Plain English appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
VNIX-NOG 2017 held in Ho Chi Minh City
VNNIC, the National Internet Registry (NIR) of Vietnam, organized 2 major events in Ho Chi Minh City. VNNIC IP Member meeting on 24th August at VNNIC HCMC Office and second VNIX-NOG event on 25th August at Saigon Prince Hotel and was attended by our Deploy360 colleague Aftab Siddiqui. NetNam, a local ISP, provided Internet connectivity for the NOG event and did a great job by providing a dual stack IPv4 and IPv6 network.
The first event was for VNNIC IP members where reports were presented and NIR policies discussed, but the NOG event the following day was attended by around 70 people from various organizations including all the major telcos and ISPs in the country, the Internet Society, APNIC, Google and BBIX.
The opening speech was provided by Nguyen Hong Thang – Deputy Director of VNNIC, and a welcome note was added by Vu The Binh – General Secretary of Vietnam Internet Association (VIA) . Presentations from the event are available here, but the emphasis was on local participants to share their experience and local community engagement.
Nguyen Tran Hieu (VNIX) shared some network statistics of the Hanoi and Ho Chi Minh City nodes, which unfortunately showed that most members Continue reading
6 Key Milestones in Computer Networking History
Take a look back at some breakthrough networking technologies.
What’s Next for a Network Architect?
A network architect working for a system integrator sent me a number of questions along the lines of “what would be an interesting alternative to pursuing another CCxE certification?”
He wrote:
Read more ...StackStorm Architecture Part I – StackStorm Core Services
A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together.
In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time. I’ll be doing this in a series of posts, so we can explore a particular topic in detail without getting overwhelmed.
Also, it’s worth noting that this isn’t intended to be an exhaustive reference for StackStorm’s architecture. The best place for that is still the StackStorm documentation. My goal in this series is merely to give a little bit of additional insight into StackStorm’s inner workings, and hopefully get those curiosity juices flowing. There will be some code references, some systems-level insight, probably both.
Also note that this is a living document. This is an open source project under active development, and while I will try to keep specific Continue reading
StackStorm Architecture Part I – StackStorm Core Services
A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together.
In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time. I’ll be doing this in a series of posts, so we can explore a particular topic in detail without getting overwhelmed.
Also, it’s worth noting that this isn’t intended to be an exhaustive reference for StackStorm’s architecture. The best place for that is still the StackStorm documentation. My goal in this series is merely to give a little bit of additional insight into StackStorm’s inner workings, and hopefully get those curiosity juices flowing. There will be some code references, some systems-level insight, probably both.
Also note that this is a living document. This is an open source project under active development, and while I will try to keep specific Continue reading
StackStorm Architecture Part I – StackStorm Core Services
A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together. In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time.StackStorm Architecture Part I – StackStorm Core Services
A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together. In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time.StackStorm Architecture Part I – StackStorm Core Services
A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together. In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time.Cumulus Linux 3.4 REST API
The following ddos.js script is modified to use the REST API to send Network Command Line Utility - NCLU commands to add and remove ACLs, see Installing and Managing ACL Rules with NCLU:
var user = "cumulus";
var password = "CumulusLinux!";
var thresh = 10000;
var block_minutes = 1;
setFlow('udp_target',{keys:'ipdestination,udpsourceport',value:'frames'});
setThreshold('attack',{metric:'udp_target', value:thresh, byFlow:true, timeout:10});
function restCmds(agent,cmds) {
for(var i = 0; i < cmds.length; i++) {
let msg = {cmd:cmds[i]};
http("https://"+agent+":8080/nclu/v1/rpc",
"post","application/json",JSON.stringify(msg),user,password);
}
}
var controls = {};
var id = 0;
setEventHandler(function(evt) {
var key = evt.agent + ',' + evt.flowKey;
if(controls[key]) return;
var ifname = metric(evt.agent,evt.dataSource+".ifname")[0].metricValue;
if(!ifname) return;
var now = (new Date()).getTime();
var name = 'ddos'+id++;
var [ip,port] = evt.flowKey.split(',');
var cmds = [
'add acl ipv4 '+name+' drop udp source-ip any source-port '+port+' dest-ip '+ip+' dest-port any',
Continue reading
Pluribus Netvisor OS Automates VMware NSX tunnel Orchestration in a World of VMs, Containers and Bare Metal
Pluribus Networks will be highlighting how our Netvisor® OS and the Adaptive Cloud Fabric™ interoperates with VMware® NSX to simplify...BGP leak causing Internet outages in Japan and beyond.
Yesterday some Internet users would have seen issues with their Internet connectivity, experiencing slowness or parts of the Internet as unreachable. This incident hit users in Japan particularly hard and it caused the Internal Affairs and Communications Ministry of Japan to start an investigation into what caused the large-scale internet disruption that slowed or blocked access to websites and online services for dozens of Japanese companies. In this blog post we will take a look at the root cause of these outages, who was affected and what networks were involved. Starting at 03:22 UTC yesterday (aug 25) followers of @BGPstream would have seen an increase in alerts involving Google. The BGPstream alerts were informing us that Google was announcing the peering lan prefixes of a few well known Internet exchanges. This in itself is actually a fairly common type of incident and typically indicates something isn’t quite right within the networks hijacking those prefixes and so these alerts were the first clues that something wasn’t quite right with Google’s BGP advertisements.
A closer look at our data shows not only BGP hijack incidents but also a high number of BGP leak events. A random example is this one: 171. Continue reading