Archive

Category Archives for "Networking"

Leaf and spine network emulation on Mac OS M1/M2 systems


The GitHub sflow-rt/containerlab project contains example network topologies for the Containerlab network emulation tool that demonstrate real-time streaming telemetry in realistic data center topologies and network configurations. The examples use the same FRRouting (FRR) engine that is part of SONiC, NVIDIA Cumulus Linux, and DENT network operating systems. Containerlab can be used to experiment before deploying solutions into production. Examples include: tracing ECMP flows in leaf and spine topologies, EVPN visibility, and automated DDoS mitigation using BGP Flowspec and RTBH controls.

The Containerlab project currently has limited support for Mac OS, stating "ARM-based Macs (M1/2) are not supported, and no binaries are generated for this platform. This is mainly due to the lack of network images built for arm64 architecture as of now." However, this argument doesn't apply to the Linux based images used in these examples.

First install Docker Desktop on your Apple silicon based Mac (select the Apple Chip option).

mkdir clab
cd clab
docker run --rm -it --privileged \
  --network host --pid="host" \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /run/netns:/run/netns \
  -v $(pwd):$(pwd) -w $(pwd) \
  sflow/clab bash

Run Containerlab by typing the above commands in a terminal. This command uses a pre-built multi-architecture Continue reading

Intel launches Agilex FPGA for smart networking

Intel has launched a field-programmable gate array—Agilex 7 with R-Tile—that features PCIe 5.0 and CXL capabilities for processing networking workloads.The Agilex FPGA is primarily used in smartNICs that offload the processing of network traffic from the CPU, thus freeing up CPU capacity for other tasks. Intel sees Agilex playing a role in data centers, telecommunications, and financial services, among other high-traffic industries.Agilex is a rebranding of Intel’s Stratix and Arria FPGA lines that involves renumbering, with Agilex 3 being the low-end and Agilex 9 the high-end. So Agilex 7 is not the seventh generation of the chip but is the second most powerful processor in the family.To read this article in full, please click here

Microsoft integrates Nvidia’s AI Enterprise Suite with Azure Machine Learning

Microsoft is integrating Nvidia’s AI Enterprise software suite with its Azure Machine Learning service to help enterprise developers build, deploy, and manage applications based on large language models, it said Tuesday.Developers and enterprises will have access to over 100 frameworks, pretrained large language models, and development tools as part of AI Enterprise Suite integration with Microsoft’s Azure Machine Learning service, the companies said in a joint statement. For now, the integration is only available through an invitation-only preview in the Nvidia community registry.To read this article in full, please click here

Kubernetes Security And Networking 8: Loading The Cillium CNI – Video

Container Network Interfaces (CNIs) are plug-ins that enable networking capabilities. This video provides a brief overview of the Cillium CNI and the importance of network policies. https://www.youtube.com/watch?v=nzswIJpdPtY You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and Greg, plus […]

The post Kubernetes Security And Networking 8: Loading The Cillium CNI – Video appeared first on Packet Pushers.

Make your FortiGate firewalls work with Kubernetes: How Calico enables Fortinet firewalls to secure Kubernetes workloads

FortiGate firewalls are highly popular and extensively utilized for perimeter-based security in a wide range of applications, including monolithic applications developed and deployed using the traditional waterfall model. These firewalls establish a secure perimeter around applications, effectively managing inbound and outbound traffic for the organization. FortiGate relies on IP addresses for implementing “allow/deny” policies.

The use of IP addresses is effective for non-cloud native applications, where static IP addresses serve as definitive network identifiers. However, in a Kubernetes environment, workloads have dynamic IP addresses that change whenever they are restarted or scaled out to different nodes. This dynamic nature poses challenges when utilizing FortiGate with Kubernetes workloads, requiring continuous updates to firewall rules and the opening of large CIDR ranges for node-based access. This introduces security and compliance risks, as workloads running on these CIDR ranges gain unrestricted access to external or public services.

To facilitate the usage of FortiGate firewalls with Kubernetes workloads, it becomes crucial to identify workloads that necessitate access to external resources and assign them fixed IP addresses for utilization in FortiGate firewall rules. The integration of Calico with FortiGate firewalls and FortiManager offers an elegant solution, enabling the use of FortiGate firewalls while retaining existing Continue reading

Nvidia joins with Dell to target on-prem generative AI

Dell Technologies and Nvidia are jointly launching an initiative called Project Helix that will help enterprises to build and manage generative AI models on-premises, they said Tuesday.The companies will combine their hardware and software infrastructure in the project to support the complete generative AI lifecycle from infrastructure provisioning through modeling, training, fine-tuning, application development, and deployment, to deploying inference and streamlining results, they said in a joint statement.Dell will contribute its PowerEdge servers, such as the PowerEdge XE9680 and PowerEdge R760xa, which are optimized to deliver performance for generative AI training and AI inferencing, while Nvidia contribution to Project Helix, will be its H100 Tensor Core GPUs and Nvidia Networking to form the infrastructure backbone for generative AI workloads.To read this article in full, please click here

Nvidia joins with Dell to target on-prem generative AI

Dell Technologies and Nvidia are jointly launching an initiative called Project Helix that will help enterprises to build and manage generative AI models on-premises, they said Tuesday.The companies will combine their hardware and software infrastructure in the project to support the complete generative AI lifecycle from infrastructure provisioning through modeling, training, fine-tuning, application development, and deployment, to deploying inference and streamlining results, they said in a joint statement.Dell will contribute its PowerEdge servers, such as the PowerEdge XE9680 and PowerEdge R760xa, which are optimized to deliver performance for generative AI training and AI inferencing, while Nvidia contribution to Project Helix, will be its H100 Tensor Core GPUs and Nvidia Networking to form the infrastructure backbone for generative AI workloads.To read this article in full, please click here

Now on sale at Bed Bath & Beyond: One slightly used data center

With Bed Bath & Beyond filing for bankruptcy last month, it’s liquidation-sale time. That doesn’t mean just  blankets and cookware; it also includes its data center in North Carolina. Not just its servers but the whole facility.The data center in Claremont, N.C., was built in 2013 with a total of 47,500 square feet, 9,500 feet of which is raised floor space, with the ability to double the amount of raised floor space and boost the total power from 1MW to 3.5MW.It is rated a Tier III on the data-center ranking scale of I through IV. Tier III data centers have redundant components and infrastructure for power and cooling, with a guaranteed 99.982% availability.To read this article in full, please click here

Now on sale at Bed Bath & Beyond: One slightly used data center

With Bed Bath & Beyond filing for bankruptcy last month, it’s liquidation-sale time. That doesn’t mean just  blankets and cookware; it also includes its data center in North Carolina. Not just its servers but the whole facility.The data center in Claremont, N.C., was built in 2013 with a total of 47,500 square feet, 9,500 feet of which is raised floor space, with the ability to double the amount of raised floor space and boost the total power from 1MW to 3.5MW.It is rated a Tier III on the data-center ranking scale of I through IV. Tier III data centers have redundant components and infrastructure for power and cooling, with a guaranteed 99.982% availability.To read this article in full, please click here

Dealing with Cisco ACI Quirks

Sebastian described an interesting Cisco ACI quirk they had the privilege of chasing around:

We’ve encountered VM connectivity issues after VM movements from one vPC leaf pair to a different vPC leaf pair with ACI. The issue did not occur immediately (due to ACI’s bounce entries) and only sometimes, which made it very difficult to reproduce synthetically, but due to DRS and a large number of VMs it occurred frequently enough, that it was a serious problem for us.

Here’s what they figured out:

Dealing with Cisco ACI Quirks

Sebastian described an interesting Cisco ACI quirk they had the privilege of chasing around:

We’ve encountered VM connectivity issues after VM movements from one vPC leaf pair to a different vPC leaf pair with ACI. The issue did not occur immediately (due to ACI’s bounce entries) and only sometimes, which made it very difficult to reproduce synthetically, but due to DRS and a large number of VMs it occurred frequently enough, that it was a serious problem for us.

Here’s what they figured out:

BrandPost: The role of network access control in Zero Trust security

By: Eve-Marie Lanza, Senior Security Solutions Marketing Manager, HPE Aruba Networking.An advertising campaign from the 1980s posited that peanut butter and chocolate were, “two great tastes that taste great together.” While confectionary tastes may vary, there’s no denying that some things just work better together. When it comes to IT security, network access control, and Zero Trust security are like peanut butter and chocolate—great on their own, undeniably better together.Network access control vs. Zero Trust securityNetwork access control and Zero Trust security are not the same, but they are related.To read this article in full, please click here

FCC’s latest spectrum move rewards satellite providers

The FCC’s latest spectrum policy announcement, which preserves 500MHz of the 12GHz band for satellite use while designating another 500MHz for terrestrial radios, is a recognition that satellite internet providers like Starlink are being heard, according to experts.The commission’s latest notice of proposed rulemaking, posted May 18, reflects a more even-handed approach than has been adopted in the past. In carving up the airwaves for C-band usage, substantial amounts of spectrum were taken away from incumbent satellite users and handed off to terrestrial operators, most notably major telecom providers.To read this article in full, please click here

Ethernet turns 50, but its voyage has only begun

You’d be hard pressed to find another technology that has been as useful, successful, and ultimately influential as Ethernet, and as it celebrates its 50th anniversary this week, it is clear that Ethernet’s journey is far from over.Since its invention by Bob Metcalf and David Boggs back in 1973, Ethernet has continuously been expanded and adapted to become the go-to Layer 2 protocol in computer networking across industries.To read this article in full, please click here