Years ago I’ve been involved in an interesting discussion focusing on NTP authentication and whether you can actually implement it reliably on Cisco IOS. What I got out of it (apart from a working example) was the feeling that NTP and it’s implementation in Cisco IOS was under-understood and under-documented, so I wrote an article about it. Of course the web version got lost in the mists of time but I keep my archives handy.
Last weekend I migrated that article to blog.ipSpace.net. I hope you’ll still find it useful; while it’s pretty old, the fundamentals haven’t changed in the meantime.
Years ago I’ve been involved in an interesting discussion focusing on NTP authentication and whether you can actually implement it reliably on Cisco IOS. What I got out of it (apart from a working example) was the feeling that NTP and it’s implementation in Cisco IOS was under-understood and under-documented, so I wrote an article about it. Of course the web version got lost in the mists of time but I keep my archives handy.
Last weekend I migrated that article to blog.ipSpace.net. I hope you’ll still find it useful; while it’s pretty old, the fundamentals haven’t changed in the meantime.
On today's Heavy Wireless, Keith Parsons talks with guest is Mark Houtz about designing Eduroam for the future, including the 6Ghz band. Mark explains the challenges of filtering Internet access for K-12 students when they travel outside of their local high school and the technical requirements of Eduroam, specifically the use of WPA3 Enterprise on all frequencies when using the new 6 GHz band. Mark also shares his testing process for Eduroam's compatibility with 6 GHz radios.
The post Heavy Wireless 003: Designing Eduroam For The Future With Mark Houtz appeared first on Packet Pushers.
This week we discuss a new offering from DriveNets that aims to make Ethernet more suitable as a network fabric for AI workloads, why the EU slapped Meta with a $1.3 billion fine, and a new offering from Extreme Networks that lets you manage Extreme gear in the cloud or from on-prem, China banning Micron, and more IT news.
The post Network Break 432: DriveNets Aims To Make Ethernet AI-Friendly; China Goes Eye-For-An-Eye With US Over Tech Bans appeared first on Packet Pushers.
Today on the Tech Bytes podcast we pull back the covers on SASE, or Secure Access Service Edge. Fortinet is our sponsor. One important concept to grasp around SASE is that it’s as much an architecture as it is a product. It requires planning and foresight to put the pieces together and operate them. We talk with Fortinet about the elements of its SASE offering and what a typical customer engagement with SASE looks like.
The post Tech Bytes: Assembling A SASE Architecture With Fortinet (Sponsored) appeared first on Packet Pushers.
Almost all modern network systems, including stateful firewalls, make use of connection tracking (“conntrack”) because it consumes less processing power per packet and simplifies operations. However, there are use cases where connection tracking has a negative impact, as we described in Linux Conntrack: Why it breaks down and avoiding the problem. Distributed Denial of Service (DDoS) mitigation systems, defending against volumetric network attacks, is a well known example of such a use case, as it needs to drop malicious packets as fast as possible. In addition to these attacks, connection tracking becomes a potential attack vector as it is a limited resource. There are also applications generating huge amounts of short lived connections per second, to the point that tracking connections leads to more processing and defeating its intended purposes. These use cases demonstrate that there is a need to not track connections in a firewall, also known as stateless firewalling.
In this blog post, we will explain how Project Calico uses eXpress Data Path (XDP) in its eBPF dataplane (also in its iptables dataplane but not the focus of this post) to improve the performance of its stateless firewall. XDP is an eBPF hook that allows a program to Continue reading