Archive

Category Archives for "Networking"

Getting Started in the Mobile World

Got this challenge from one of my readers:

I've recently changed jobs and I am currently working for a telco. The problem is that I have no idea of what they are talking about when they mention SGSN, GGSN, Gi, Gn, etc... I only know routing and switching stuff :(.

Obviously he tried to search for information and failed.

Read more ...

Juniper QFX 5100 & VMware ESXI Host NIC Teaming -Design Consideration

The objective of this article is to highlight design consideration for NIC Teaming between  Juniper QFX 5100 (Virtual Chassis -VC) and VMWare ESXI host.

Reference topology is as under:-

We have 2 x Juniper QFX 5100 48S switches which are deployed as VC in order to provide connectivity to  compute machines. All compute machines are running VMWare ESXI Hyper-visor. Link Aggregation Group (LAG or Active/ Active NIC Teaming) is  required between compute machines and QFX 5100 VC.

  • Data Traffic from server to switch – xe-0/0/0  interface on both switches connected to NIC 3 & 4 on a single Compute Machine.
  • ESXI Host Management  and V-Motion Traffic from server to Switch-  xe-0/0/45 interface from both switches connected to NIC 1 & 2 ports on compute machine.
  • VLANs-ID
    • Data VLANs – 116, 126
    • V-Motion- 12
    • ESXI Management-11

Hence,the requirement is to configure  LAG (Active/ Active NIC Teaming) between compute machines and network switch for optimal link utilization in addition to fault tolerance if in case one physical link goes down between network switch and compute machine.

In order to achieve the required results one’s needs to understand default load balancing mechanism over LAG member interfaces in Juniper devices and same load balancing mechanism must be  configured on VMware ESXI Continue reading

Judge paves the way for British hacker’s extradition to US

A U.K. judge has ruled in favor of extraditing a British man to the U.S. on charges of hacking government computers, despite fears he may commit suicide.Lauri Love, 31, has been fighting his extradition for allegedly stealing data from U.S. government agencies, including the Department of Defense and NASA.On Friday, a Westminster Magistrates court ruled that Love can be safely extradited to the U.S. to face trial, even though he has Asperger Syndrome and a history of depression.“I send this case to the secretary of state for her decision as to whether or not Mr. Love should be extradited,” Judge Nina Tempia said in the ruling.To read this article in full or to leave a comment, please click here

Webcast: Hardening Microservices Security

Microservices is one of the buzz words of the moment. Beyond the buzz, microservices architecture offers a great opportunity for developers to rethink how they design, develop, and secure applications.

On Wednesday, September 21st, 2016 at 10am PT/1pm ET join SANS Technology Institute instructor and courseware author, David Holzer, as well as CloudFlare Solutions Engineer, Matthew Silverlock, as they discuss best practices for adopting and deploying microservices securely. During the session they will cover:

  • How microservices differ from SOA or monolithic architectures
  • Best practices for adopting and deploying secure microservices for production use
  • Avoiding continuous delivery of new vulnerabilities
  • Limiting attack vectors on a growing number of API endpoints
  • Protecting Internet-facing services from resource exhaustion

Don't miss this chance to learn from the pros. Register now!

Wroth Reading: Exascale might prove difficult

The supercomputing industry is accustomed to 1,000X performance strides, and that is because people like to think in big round numbers and bold concepts. Every leap in performance is exciting not just because of the engineering challenges in bringing systems with kilo, mega, tera, peta, and exa scales into being, but because of the science that is enabled by such increasingly massive machines. But every leap is getting a bit more difficult as imagination meets up with the constraints of budgets and the laws of physics. The exascale leap is proving to be particularly difficult, and not just because it is the one we are looking across the chasm at. —The Next Platform

LinkedInTwitterGoogle+Facebook

The post Wroth Reading: Exascale might prove difficult appeared first on 'net work.

FBI faces lawsuit because it’s stayed mum on iPhone 5c hack

The FBI’s refusal to reveal how it accessed an iPhone 5c from a San Bernardino mass shooter will face scrutiny in court. USA Today’s parent company and two other news groups have filed a lawsuit against the agency, demanding it turn over the details.In March, the FBI unlocked the passcode-protected iPhone through an unknown third party, for a reportedly large sum that the agency hasn’t officially disclosed.The lack of details prompted USA Today to submit a Freedom of Information Act request to the FBI, regarding the costs paid to the third-party contractor. But in June, the FBI denied the request, claiming that the disclosure could interfere with law enforcement.To read this article in full or to leave a comment, please click here

Tech jobs that will get you the biggest raise next year

The biggest raises in 2017 will go to data scientists, who can expect a 6.4% boost in pay next year. That’s well above the average 3.8% increase that’s predicted for tech workers, according to new data from Robert Half Technology. The recruiting and staffing specialist recently released its annual guide to U.S. tech salaries, which finds IT workers will be getting slightly bigger pay bumps than many other professionals. Across all fields, U.S. starting salaries for professional occupations are projected to increase 3.6% in 2017. The largest gains will occur in tech – where starting salaries for newly hired IT workers are forecast to climb 3.8%.To read this article in full or to leave a comment, please click here

Remote Safe Mode attack defeats Windows 10 pass-the-hash defenses

Microsoft tries to protect user account credentials from theft in Windows 10 Enterprise, and security products detect attempts to pilfer user passwords. But all those efforts can be undone by Safe Mode, according to security researchers.The Safe Mode is an OS diagnostic mode of operation that has existed since Windows 95. It can be activated at boot time and only loads the minimal set of services and drivers that Windows requires to run.This means that most third-party software, including security products, don't start in Safe Mode, negating the protection they otherwise offer. In addition, there are also Windows optional features like the Virtual Secure Module (VSM), which don't run in this mode.To read this article in full or to leave a comment, please click here

Worth Reading: Joining forces against mass collection

Some of the world’s biggest companies and organizations joined forces with Microsoft to fend off the U.S. government’s habitual practice of demanding access to customers’ personal information. Microsoft filed a lawsuit against the U.S. Department of Justice (DOJ) in April, arguing it is unconstitutional to seize computer data from third parties and subsequently issue gag orders so companies cannot notify customers. Now a motley crew of institutions, organizations, and businesses — like Apple, Google, Delta Air Lines, Mozilla, The Washington Post, Fox News, the American Civil Liberties Union, the U.S. Chamber of Commerce — have joined the cause by signing and submitting an amicus brief. —The Stream

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Joining forces against mass collection appeared first on 'net work.

Integrating SRX in Svc Provider Network (Routing and Multi-tenancy Considerations)

Service Providers networks are always have complex requirements of multi-tenancy, routing & security and pose challenges to network architects.  In this blog I will write about SRX integration in Svc Provider Network while highlighting methodologies how to handle challenges of implementing security features with multi-tenancy and routing consideration.srx-in-sp

                                                                               REFERENCE TOPOLOGY

Devices have been classified into following segments based on their role:-

  •  Remote Customer Network (consist of Customer PCs connected to Provide Edge through Customer Edge).
  • Provider Network (Consist of Provider Edge Routers and Provider Back Bone Rout
  • Data Center Network (Consist of Internet Firewall and Server inside Data Center directly connected with Internet Firewall).
  •   Internet Edge (Consist of Internet Router connected with Internet Firewall hence providing internet access to Customer Networks connected with Data Center through provider network).

Traffic flow and security requirements are as under:-

  • Customer 1 Network (PC-1) requires access to Server-1 installed in Data Center and to Public DNS Server reachable via Internet Edge Router.
  • Continue reading

FBI urges ransomware victims to step forward

The FBI has issued a plea for those who have been hit by ransomware to report this to federal law enforcement so that the country can get a better sense of just how bad this problem really is.Ransomware refers to malware that encrypts files on computers or locks users out of their computers, and requests ransom be paid to set files free or allow users to regain access. Such malware, often going by spooky names like Cryptolocker or TeslaCrypt, can be activated by clicking on a web link or even visiting a compromised website, or opening an file in email. One nasty variant even takes your money and still deletes your files.To read this article in full or to leave a comment, please click here

DevOps and the Infrastructure Dumpster Fire

dumpsterfire2

We had a rousing discussion about DevOps at Cloud Field Day this week. The delegates talked about how DevOps was totally a thing and it was the way to go. Being the infrastructure guy, I had to take a bit of umbrage at their conclusions and go on a bit of a crusade myself to defend infrastructure from the predations of developers.

Stable, Boy

DevOps folks want to talk about continuous improvement and continuous development (CI/CD) all the time. They want the freedom to make changes as needed to increase bandwidth, provision ports, and rearrange things to fit development timelines and such. It’s great that they have they thoughts and feelings about how responsive the network should be to their whims, but the truth of infrastructure today is that it’s on the verge of collapse every day of the week.

Networking is often a “best effort” type of configuration. We monkey around with something until it works, then roll it into production and hope it holds. As we keep building more patches on to of patches or try to implement new features that require something to be disabled or bypassed, that creates a house of cards that is only as Continue reading

1 2,401 2,402 2,403 2,404 2,405 3,508