Tech Bytes: Deploying Sovereign Clouds With VMware And Tietoevry
Today on the Tech Bytes podcast, we explore the concept of sovereign clouds with sponsor VMware. Sovereign clouds provide the agility and scale of the cloud while ensuring data resides in a specific country or geography and meets area requirements for security and privacy. We speak with Tietoevry, one of the first VMware partners to offer major sovereign cloud solutions for its Nordic clients.How Cloudflare Images addressed the aCropalypse vulnerability
Acropalypse (CVE-2023-21036) is a vulnerability caused by image editing tools failing to truncate images when editing has made them smaller, most often seen when images are cropped. This leaves remnants of the cropped contents written in the file after the image has finished. The remnants (written in a ‘trailer’ after the end-of-image marker) are ignored by most software when reading the image, but can be used to partially reconstruct the original image by an attacker.
The general class of vulnerability can, in theory, affect any image format if it ignores data written after the end of the image. In this case the applications affected were the ‘Markup’ screenshot editor that shipped with Google Pixel phones from the Pixel 3 (saving its images in the PNG format) and the Windows Snipping tool (with both PNG and JPEG formats).
Our customers deliver their images using Cloudflare Images products and may have images that are affected. We would like to ensure their images are protected from this vulnerability if they have been edited using a vulnerable editor.
As a concrete example, imagine a Cloudflare customer running a social network, delivering images using Cloudflare Images. A user of the social network might Continue reading
Fun Reading: History of the Early Internet
Bruce Davie collected numerous articles describing various aspects of early Internet history and pre-Internet days, including A Brief History of the Internet and The Design Philosophy of the DARPA Internet Protocols.
Have fun ;)
Fun Reading: History of the Early Internet
Bruce Davie collected numerous articles describing various aspects of early Internet history and pre-Internet days, including A Brief History of the Internet and The Design Philosophy of the DARPA Internet Protocols.
Have fun ;)
Worth Watching: Ethernet Thick Yellow Cable
Justus sent me an email with an interesting link:
Since you love to make comparisons to the good ol’ thick yellow cable while I as a mid-30 year old adult have no idea what you are talking about: Computerphile made a video about Ethernet on the occasion of its 50th birthday. The university of Nottingham got the chance to show their museum pieces :-) (about 8:45 min).
Thanks a million!
Worth Watching: Ethernet Thick Yellow Cable
Justus sent me an email with an interesting link:
Since you love to make comparisons to the good ol’ thick yellow cable while I as a mid-30 year old adult have no idea what you are talking about: Computerphile made a video about Ethernet on the occasion of its 50th birthday. The university of Nottingham got the chance to show their museum pieces :-) (about 8:45 min).
Thanks a million!
Catalyst SD-WAN – Bootstrapping a Catalyst8000v Using a File on Bootflash
Yesterday I showed how to bootstrap a Catalyst8000v from the CLI. Today, I will show how to put a file on bootflash which includes the configuration but also the root certificate and the certificate of the device. This is a bit of a more streamlined process and can also be useful if you don’t know what CLI commands to use as vManage will generate the configuration for you.
Starting out, we have a freshly booted router that is in autonomous mode (non-SD-WAN):
Router#sh ver | i operating Router operating mode: Autonomous
To generate the bootstrap configuration, the process is to first go through the regular process of attaching a device to a template. Go to Configuration -> Templates and select Attach Devices:
Select the correct device:
Fill in the information needed:
Click Update to reflect the edits:
Then click Next:
Click Configure Devices and vManage will try to push the config but the device is offline:
Once this is done, vManage has all the information it needs to generate the bootstrap. Go to Configuration -> Devices and select the correct device and then Generate Bootstrap Configuration:
Then vManage will disply the following window. Choose Cloud-Init and have the box selected Continue reading
Cisco 8000v Throughput on Azure
https://codingpackets.com/blog/cisco-8000v-throughput-on-azure
Heavy Networking 689: Prepping For Certification Exams With Mary Fasang
Certifications are a part of life in IT. On today's Heavy Networking we explore preparation strategies with guest Mary Fasang. Her certs run the gamut from CompTIA to MCSE to the CCNP, as well as the PMP and ITIL certs. How should you prepare for a cert in 2023 when there’s so much content, so many training options, as well as home labbing available? How do you handle failure? Which certs have been the hardest? What study materials have proved helpful? Mary shares her strategies.
The post Heavy Networking 689: Prepping For Certification Exams With Mary Fasang appeared first on Packet Pushers.
Heavy Networking 689: Prepping For Certification Exams With Mary Fasang
Certifications are a part of life in IT. On today's Heavy Networking we explore preparation strategies with guest Mary Fasang. Her certs run the gamut from CompTIA to MCSE to the CCNP, as well as the PMP and ITIL certs. How should you prepare for a cert in 2023 when there’s so much content, so many training options, as well as home labbing available? How do you handle failure? Which certs have been the hardest? What study materials have proved helpful? Mary shares her strategies.Catalyst SD-WAN – Botstrapping a Catalyst8000v in a Virtual Lab
I’m rebuilding my Catalyst SD-WAN lab and thought I would give some quick pointers on how to bootstrap a Catalyst 8000v in your virtual lab. When the router first boots up, it will be in autonomous mode (non-SD-WAN mode):
Router#show version | i operating Router operating mode: Autonomous
Configure the router to be in controller mode which will cause it to reboot:
Router#controller-mode enable Enabling controller mode will erase the nvram filesystem, remove all configuration files, and reload the box! Ensure the BOOT variable points to a valid image Continue? [confirm] % Warning: Bootstrap config file needed for Day-0 boot is missing Do you want to abort? (yes/[no]): no
To bootstrap the router, the following is needed:
- System IP
- Site ID
- Organization name
- vBond name/IP
- IP address of tunnel interface (if not using DHCP)
- Tunnel interface name
- DNS server (if using name resolution)
- On-premises root cert (if using your own certificates)
- Certificate
First, verify that the router is now in controller mode:
Router#show version | i operating Router operating mode: Controller-Managed
Create a small bootstrap configuration with all the required parameters. Mine is below (some information redacted):
config-transaction system system-ip x.x.x.x site-id xxxxxxxxxx organization-name "sd-wan-lab-daniel" vbond 192. Continue reading
WISP/FISP Design: Switch Centric (SWC) Topology
Overview
This is an article i’ve wanted to write for a long time. In the last decade, the work that we have done at iparchitechs.com with WISPs/FISPs in network design using commodity equipment like MikroTik and FiberStore has yielded quite a few best practices and lessons learned.
While the idea of “router on a stick” isn’t new, when we first started working with WISPs/FISPs and MikroTik routers 10+ years ago, we immediately noticed a few common elements in the requests we’d get for consulting:
“I’m out of ports on my router…how do I add more?”
“I started with a single router, how do I make it redundant and keep NAT/peering working properly”?
“I have high CPU on my router and I don’t know how to add capacity and split the traffic”
“I can’t afford Cisco or Juniper but I need a network that’s highly available and resilient”
Coming from a telco background where a large chassis was used pretty much everywhere for redundancy and relying on links split across multiple line cards with LACP, that was one of my first inclinations to solve the Continue reading