On today's Heavy Wireless, Keith Parsons talks with guest is Mark Houtz about designing Eduroam for the future, including the 6Ghz band. Mark explains the challenges of filtering Internet access for K-12 students when they travel outside of their local high school and the technical requirements of Eduroam, specifically the use of WPA3 Enterprise on all frequencies when using the new 6 GHz band. Mark also shares his testing process for Eduroam's compatibility with 6 GHz radios.
The post Heavy Wireless 003: Designing Eduroam For The Future With Mark Houtz appeared first on Packet Pushers.
This week we discuss a new offering from DriveNets that aims to make Ethernet more suitable as a network fabric for AI workloads, why the EU slapped Meta with a $1.3 billion fine, and a new offering from Extreme Networks that lets you manage Extreme gear in the cloud or from on-prem, China banning Micron, and more IT news.
The post Network Break 432: DriveNets Aims To Make Ethernet AI-Friendly; China Goes Eye-For-An-Eye With US Over Tech Bans appeared first on Packet Pushers.
Today on the Tech Bytes podcast we pull back the covers on SASE, or Secure Access Service Edge. Fortinet is our sponsor. One important concept to grasp around SASE is that it’s as much an architecture as it is a product. It requires planning and foresight to put the pieces together and operate them. We talk with Fortinet about the elements of its SASE offering and what a typical customer engagement with SASE looks like.
The post Tech Bytes: Assembling A SASE Architecture With Fortinet (Sponsored) appeared first on Packet Pushers.
Almost all modern network systems, including stateful firewalls, make use of connection tracking (“conntrack”) because it consumes less processing power per packet and simplifies operations. However, there are use cases where connection tracking has a negative impact, as we described in Linux Conntrack: Why it breaks down and avoiding the problem. Distributed Denial of Service (DDoS) mitigation systems, defending against volumetric network attacks, is a well known example of such a use case, as it needs to drop malicious packets as fast as possible. In addition to these attacks, connection tracking becomes a potential attack vector as it is a limited resource. There are also applications generating huge amounts of short lived connections per second, to the point that tracking connections leads to more processing and defeating its intended purposes. These use cases demonstrate that there is a need to not track connections in a firewall, also known as stateless firewalling.
In this blog post, we will explain how Project Calico uses eXpress Data Path (XDP) in its eBPF dataplane (also in its iptables dataplane but not the focus of this post) to improve the performance of its stateless firewall. XDP is an eBPF hook that allows a program to Continue reading
TL&DR: Installing an Ethernet NIC with two uplinks in a server is easy1. Connecting those uplinks to two edge switches is common sense2. Detecting physical link failure is trivial in Gigabit Ethernet world. Deciding between two independent uplinks or a link aggregation group is interesting. Detecting path failure and disabling the useless uplink that causes traffic blackholing is a living hell (more details in this Design Clinic question).
Want to know more? Let’s dive into the gory details.
TL&DR: Installing an Ethernet NIC with two uplinks in a server is easy1. Connecting those uplinks to two edge switches is common sense2. Detecting physical link failure is trivial in Gigabit Ethernet world. Deciding between two independent uplinks or a link aggregation group is interesting. Detecting path failure and disabling the useless uplink that causes traffic blackholing is a living hell (more details in this Design Clinic question).
Want to know more? Let’s dive into the gory details.