Network Break 440: Broadcom Releases SONiC-Friendly Trident; Senator Requests Investigations Into Microsoft’s Shoddy Security
On this week's Network Break we discuss a new Broadcom ASIC, a request from US Senator Ron Wyden to three US agencies to investigate Microsoft for sloppy security practices, an Intel pledge to add AI to all its platforms, Juniper financial results, and more IT news.Amazon EC2 Credential Exfiltration: How It Happens and How to Mitigate It
An introduction to Amazon EC2 credentials
When you assign an Identity and Access Management (IAM) role to an Amazon
Elastic Compute Cloud (EC2) instance, the short-term credentials for the role
are made available via a web service known as the
Instance Metadata Service (IMDS).
The IMDS provides an HTTP endpoint for retrieving instance metadata
such as the instance IP address, AWS Region the instance is running in, the
Amazon Machine Image used to launch the instance, and the access key, secret
access key, and session token associated with the instance's IAM role. The AWS
documentation describes how to
retrieve instance role credentials
from IMDS. If you've seen or used the http://169.254.169.254 or
http://fd00:ec2::254 endpoints, then you've seen/used IMDS.
Retrieval of instance role credentials from IMDS is the mechanism by which the AWS CLI and SDKs learn the credentials belonging to the instance's IAM role without you having to configure anything on the instance. Quoting the IAM documentation:
The AWS SDKs, AWS CLI, and Tools for Windows PowerShell automatically get the credentials from the EC2 Instance Metadata Service (IMDS) and use them.
This is great! It means you can start using the AWS CLI, SDKs, or Tools Continue reading
Striking a Balance: Exploring Fairness in Buffer Allocation and Packet Scheduling
Recently, I’ve been contemplating the concept of fairness, and I see interesting parallels between being a parent and being a network professional. As human beings, we have an inherent, intuitive sense of fairness that manifests itself in various everyday situations. Let me illustrate this idea with a couple of hypothetical scenarios:
Scenario 1: Imagine I’m a parent with four young children, and I’ve ordered a pizza for them to share. If I want to divide the pizza fairly among the children, fairness would mean that each child receives an equal portion - in this case, one-quarter of the pizza.
Scenario 2: Now let’s say I’ve ordered another pizza for the same four children, but one of the kids only cares for pizza a little and will only eat one-tenth of his share. In this situation, it wouldn’t be fair for me to give that child who doesn’t like pizza more than one-tenth of the piece because the excess would go to waste. The fair way to divide the pizza would be to give the child who doesn’t like pizza a one-tenth portion and split the remaining nine-tenths evenly among the other three kids.
The approach mentioned in the second scenario Continue reading
Striking a Balance: Exploring Fairness in Buffer Allocation and Packet Scheduling
Recently, I’ve been contemplating the concept of fairness, and I see interesting parallels between being a parent and being a network professional. As human beings, we have an inherent, intuitive sense of fairness that manifests itself in various everyday situations. Let me illustrate this idea with a couple of hypothetical scenarios:Hedge 188: Sidewalk, Who’s Responsible?, and Data Breaches
It’s the last show of the month, which means it is time for a roundtable! Today we are discussing three news stories, including Amazon’s Sidewalk Labs, a court case in California involving Cisco and the Great Firewall of China, and yet another data breach.
In case you didn’t see it I’m uploading the rough *machine generated) transcript of each episode about a week after the episode airs. It takes a little time for the transcription to be created, and then for me to log back in and upload the file.
Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke
If you’ve been staring down the barrel of network automation and wonder what the proper approach might be, today’s episode is for you. The Packet Pushers chat with Tony Bourke about what network automation tools and techniques have become the default standard, how to prepare your network and team for automation, and how to get started.
The post Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke appeared first on Packet Pushers.
Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke
If you’ve been staring down the barrel of network automation and wonder what the proper approach might be, today’s episode is for you. The Packet Pushers chat with Tony Bourke about what network automation tools and techniques have become the default standard, how to prepare your network and team for automation, and how to get started.Considering Private 5G? Here’s What You need to Know
Has private 5G wireless stood up to the hype? In this Tech Insight Report, we break down the major pros and cons for enterprises considering a private 5G network.Cloudflare Radar’s new BGP origin hijack detection system
Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet. It enables networks and organizations to exchange reachability information for blocks of IP addresses (IP prefixes) among each other, thus allowing routers across the Internet to forward traffic to its destination. BGP was designed with the assumption that networks do not intentionally propagate falsified information, but unfortunately that’s not a valid assumption on today’s Internet.
Malicious actors on the Internet who control BGP routers can perform BGP hijacks by falsely announcing ownership of groups of IP addresses that they do not own, control, or route to. By doing so, an attacker is able to redirect traffic destined for the victim network to itself, and monitor and intercept its traffic. A BGP hijack is much like if someone were to change out all the signs on a stretch of freeway and reroute automobile traffic onto incorrect exits.
You can learn more about BGP and BGP hijacking and its consequences in our learning center.
At Cloudflare, we have long been monitoring suspicious BGP anomalies internally. With our recent efforts, we are bringing BGP origin hijack detection to the Cloudflare Radar platform, sharing our detection results with the Continue reading
The Machines Behind the FinOps Curtain: Operationalizing Your Strategy with AI
FinOps is incredibly complex in multi-cloud environments. Increasingly, enterprises are turning to artificial intelligence (AI) for help.Migration Coordinator – Lift and Shift Migration Modes
In the first part of this blog series, takes a high-level view of all the modes that are available with Migration Coordinator, a fully supported tool built into NSX that enables migrating from NSX from vSphere to NSX (NSX-T). The second blog in this series, takes a closer look at the available options for in-place migrations. This third blog in this series, will take the options available for lift and shift type of migration.
Distributed Firewall
Distributed Firewall mode is one of the first lift and shift modes that was introduced with NSX 3.1 release. This mode allows migrating only the firewall configuration over to NSX running on its own dedicated HW.
Locating the mode: This mode is part of the three advanced migration modes and is found by expanding the “Advanced Migration Modes” highlighted in red below:
NSX Prep:
- Installation: NSX manager and Edges. Optionally bridges.
- Configuration:
- Configure the N/S network connectivity
- Create and configure T0s all the way down to the Segments
- Segment ID must match the VNI of the NSX for vSphere logical switches
- Optionally configure bridges if the migration is expected to take long time and network connectivity between the workloads on NSX for vSphere Continue reading
IPv6 Buzz 131: Why Bother With IPv6 When Everyone’s Using NAT?
Today's IPv6 Buzz podcast riffs on a question raised in a Reddit thread that asks why you should use IPv6 when NAT exists. Tom, Ed, and Scott provide answers, and also discuss the complicated role of NAT in both IPv6 and IPv4 networks in the past, present, and future.
The post IPv6 Buzz 131: Why Bother With IPv6 When Everyone’s Using NAT? appeared first on Packet Pushers.
IPv6 Buzz 131: Why Bother With IPv6 When Everyone’s Using NAT?
Today's IPv6 Buzz podcast riffs on a question raised in a Reddit thread that asks why you should use IPv6 when NAT exists. Tom, Ed, and Scott provide answers, and also discuss the complicated role of NAT in both IPv6 and IPv4 networks in the past, present, and future.Cybernews Expert Interview with Tigera President and CEO, Ratan Tipirneni
The challenges companies face regarding private and professional data protection are more important today than ever. In the modern enterprise, cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. However, as digitalization pushes applications and services to the cloud, cyber criminals’ intrusion techniques have become increasingly sophisticated. To stay current with advancing technologies, doubling or tripling security measures is a must.
To understand the critical need for advanced cybersecurity measures, we turned to an expert in the industry, Ratan Tipirneni, President and CEO of Tigera – a company providing active, zero-trust-based security for cloud-native applications running on containers and Kubernetes.
Q: How did the idea of Tigera originate? What has your journey been like so far?
It was over six years ago that Tigera created Project Calico, an open-source container networking and security project.
As containers and Kubernetes adoption grew and organizations started using Kubernetes at scale, Tigera recognized the industry’s need for more advanced security and observability. Tigera has since grown from the Project Calico open-source project to a container security innovator that now supports many Fortune 100 companies across the globe.
Tigera’s continued success comes from listening to customers’ needs, understanding Continue reading