Archive

Category Archives for "Networking"

Network Automation with CUE – Augmenting Ansible workflows

Hardly any conversation about network automation that happens these days can avoid the topic of automation frameworks. Amongst the few that are still actively developed, Ansible is by far the most popular choice. Ansible ecosystem has been growing rapidly over the last few years, with modules being contributed by both internal (Redhat) and external (community) developers. Having the backing of one of the largest open-source first companies has allowed Ansible to spread into all areas of infrastructure – from server automation to cloud provisioning. By following the principle of eating your own dog food, Redhat used Ansible in a lot of its own open-source projects, which made it even more popular in the masses. Another important factor in Ansible’s success is the ease of understanding. When it comes to network automation, Ansible’s stateless and agentless architecture very closely follows a standard network operation experience – SSH in, enter commands line-by-line, catch any errors, save and disconnect. But like many complex software projects, Ansible is not without its own challenges, and in this post, I’ll take a look at what they are and how CUE can help overcome them.

Ansible Automation Workflow

Let’s start with an overview of the intermediate Ansible Continue reading

Kubernetes Unpacked 013: Azure Kubernetes Service (AKS) In Production

In this episode, Michael Levan catches up Richard Hooper, Microsoft Azure MVP and Azure Architect, to chat about Azure Kubernetes Service (AKS) in production. Richard spends the majority of his time working with organizations that are either using AKS, or are migrating to AKS, so he has a ton of experience in how to actually use AKS in the real-world.

The post Kubernetes Unpacked 013: Azure Kubernetes Service (AKS) In Production appeared first on Packet Pushers.

Should security systems be the network?

Recently during a research interview with a small but fast-growing business, for the first time I encountered an organization with a “no-network-vendor” network. That is, instead of using Cisco or Dell or even a white-box solution for switching and routing, the company deployed only Fortinet equipment for its entire network. That is, every network component is part of the security infrastructure for them.They built the network this way not just to bake security into its core (a great idea in itself) but also for: ease of management: they have one tool, it manages every component ease of deployment: they have only two or three versions of each appliance, all the same except for capacity and port count ease of expansion to new locations: every site is the same as any other site of similar size They have a small stock of replacement appliances on the shelf, with which they provide rapid recovery for all locations. They could easily also consume security-operations center as-a-service, and use professional services for nearly all the rest of their network operations. In essence, their security solution could become their complete network solution as well.To read this article in full, please click here

Should security systems be the network?

Recently during a research interview with a small but fast-growing business, for the first time I encountered an organization with a “no-network-vendor” network. That is, instead of using Cisco or Dell or even a white-box solution for switching and routing, the company deployed only Fortinet equipment for its entire network. That is, every network component is part of the security infrastructure for them.They built the network this way not just to bake security into its core (a great idea in itself) but also for: ease of management: they have one tool, it manages every component ease of deployment: they have only two or three versions of each appliance, all the same except for capacity and port count ease of expansion to new locations: every site is the same as any other site of similar size They have a small stock of replacement appliances on the shelf, with which they provide rapid recovery for all locations. They could easily also consume security-operations center as-a-service, and use professional services for nearly all the rest of their network operations. In essence, their security solution could become their complete network solution as well.To read this article in full, please click here

8 free, cheap, and hands-on ways to learn about network administration

A diploma and certifications are great to have, but hands-on experience can take you even further than your educational accomplishments. Playing around with the technology might help you retain information better, too. So don’t just read how to do something, but actually do it.You probably don’t have a rack full of enterprise routers and switches to play around with, but there are some free and budget-friendly ways to get experience. You just need some time and eagerness to learn.Here are eight ideas to get you some of that hands-on experience with networking, starting with simpler projects and progressing to more complex ones. Some of the earlier tasks may just take just a few minutes, while others are more for a weekend project.To read this article in full, please click here

BrandPost: Why Retailers Value Wi-Fi and Location-Based Services for New Connected Customer Experiences

By: Todd Johnson, Director of Vertical Marketing at Juniper Networks. Delivering an exceptional customer experience has never been more challenging. Retailers need to leverage technology to embrace new consumer habits and shopping styles while also meeting their in-store expectations with enhanced and personalized experiences and an interactive physical shopping journey.To understand the emerging demands for retail customer experience, Juniper conducted two surveys: the Juniper Workplaces and Public Spaces Enterprise IT Survey and the Juniper Remote Workplaces and Public Spaces Consumer Survey.To read this article in full, please click here

BGP Route Reflectors in the Forwarding Path

Bela Varkonyi left two intriguing comments on my Leave BGP Next Hops Unchanged on Reflected Routes blog post. Let’s start with:

The original RR design has a lot of limitations. For usual enterprise networks I always suggested to follow the topology with RRs (every interim node is an RR), since this would become the most robust configuration where a link failure would have the less impact.

He’s talking about the extreme case of hierarchical route reflectors, a concept I first encountered when designing a large service provider network. Here’s a simplified conceptual diagram (lines between boxes are physical links as well as IBGP sessions between loopback interfaces):

Read more …

IBM goes big on quantum-computer hardware, software

IBM has rolled out its most powerful quantum-computing system so far—the Osprey, a 433-qubit machine that supports three times more qubits than its current Eagle system, and reiterated its plan to have a 1,121-qubit processor, called Condor, out in 2023.At the IBM Quantum Summit 2022, the company also said it was continuing development of a modular quantum platform called System Two that will combine multiple processors into a single system with new communication links that IBM says will use hybrid-cloud middleware to integrate quantum and classical workflows.In addition IBM said it will continue to prototype quantum software applications for specific use cases. By 2025, IBM said, developers will be able to explore quantum machine-learning applications and more.To read this article in full, please click here

Protecting election groups during the 2022 US midterm elections

Protecting election groups during the 2022 US midterm elections
Protecting election groups during the 2022 US midterm elections

On Tuesday, November 8, 2022, constituents cast their ballots for the 2022 US midterm elections, which included races for all 435 seats in the House of Representatives, 35 of the 100 seats in the Senate, and many gubernatorial races in states including Florida, Michigan, and Pennsylvania. Preparing for elections is a giant task, and states and localities have their work cut out for them with corralling poll workers, setting up polling places, and managing the physical security of ballots and voting machines.

We at Cloudflare are proud to be able to play a role in helping safeguard the integrity of the electoral process. Through our Impact programs, we provide cyber security products to help protect access to authoritative voting information and the security of sensitive voter data.

We have reported on our work in the election space with the Athenian Project, dedicated to protecting state and local governments that run elections; Cloudflare for Campaigns, a project with a suite of Cloudflare products to secure political campaigns’ and state parties’ websites and internal teams; and Project Galileo, in which we have helped voting rights organizations and election results sites stay online during traffic spikes.

Since our reporting in Continue reading

Day Two Cloud 171: The Challenges Of Scaling Microservices Testing

On today's Day Two Cloud we talk about testing. While developers do the testing, operators may be responsible for setting up testing environments, which can be a lot of work. That work increases with microservices because of all the complexities and dependencies that come with connecting and orchestrating microservices-based applications. Today we talk about how to address testing challenges with Arjun Iyer, and explore a solution he's developed for simplifying end-to-end microservices testing in a Kubernetes environment. This is not a sponsored show, but we do talk about Signadot, a startup Arjun founded in the testing space.

Day Two Cloud 171: The Challenges Of Scaling Microservices Testing

On today's Day Two Cloud we talk about testing. While developers do the testing, operators may be responsible for setting up testing environments, which can be a lot of work. That work increases with microservices because of all the complexities and dependencies that come with connecting and orchestrating microservices-based applications. Today we talk about how to address testing challenges with Arjun Iyer, and explore a solution he's developed for simplifying end-to-end microservices testing in a Kubernetes environment. This is not a sponsored show, but we do talk about Signadot, a startup Arjun founded in the testing space.

The post Day Two Cloud 171: The Challenges Of Scaling Microservices Testing appeared first on Packet Pushers.

Hedge 154: Path Aware Networking Research Group

Applications generally assume the network provides near-real-time packet transmission without regard for what the application is trying to do, what kind of traffic is being transmitted, etc. Back in the real world, its often important for the network to coordinate with applications to more efficiently carry traffic offered. The Path Aware Research Group (PANRG) in the Internet Research Task Force (IRTF) is looking at the problems involved in understanding and signaling the path characteristics to applications.

In this episode of the Hedge, Brian Trammel joins Tom Ammon and Russ White to discuss the current work on path aware networking.

download

Intel announces CPUs and GPUs for high-performance computing

Intel has announced new processors with high-bandwidth memory (HBM) geared toward high-performance computing (HPC), supercomputing, and artificial intelligence (AI).The products are known as the Xeon CPU Max series and GPU Max series. The chips are based on existing technology; the CPU is 4th Generation Xeon Scalable, aka Sapphire Rapids, and the GPU is Ponte Vecchio, the data center version of Intel's Xe GPU technology.To read this article in full, please click here

Intel announces CPUs and GPUs for high-performance computing

Intel has announced new processors with high-bandwidth memory (HBM) geared toward high-performance computing (HPC), supercomputing, and artificial intelligence (AI).The products are known as the Xeon CPU Max series and GPU Max series. The chips are based on existing technology; the CPU is 4th Generation Xeon Scalable, aka Sapphire Rapids, and the GPU is Ponte Vecchio, the data center version of Intel's Xe GPU technology.To read this article in full, please click here

AWS Direct Connect Site-Link — A very excellent service

< MEDIUM: https://raaki-88.medium.com/aws-direct-connect-site-link-a-very-excellent-service-10c13a389c8d >

Site-link is really a nice extension to the DX Gateway’s offering. Let me simplify it.

Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-direct-connect-sitelink/ — I Can’t Recommend this more, this is a very very nice read.

Few Important Points

  1. AWS Direct Connect Site Link is a private connection between your on-premises network and your AWS Direct Connect location.
  2. Site Link provides high bandwidth and low latency connection between your on-premises network and AWS.
  3. Site Link uses industry standard 802.1q VLANs to provide a secure connection between your on-premises network and AWS.
  4. Site Link is available in 1 Gbps and 10 Gbps speeds.
  5. You can use Site Link to connect to multiple AWS Direct Connect locations.
  6. The site Link is available in all AWS Regions.

Problem — I want to connect my two Data-Centres to Direct Connect Gateway through AWS Backbone.

Let’s see a reference Architecture

Image Credits — AWS https://d2908q01vomqb2.cloudfront.net/5b384ce32d8cdef02bc3a139d4cac0a22bb029e8/2021/12/01/Slide1-14.jpg

Replicating the above scenario

Few important aspects

  • Connect DC1-DC2 via AWS Global Backbone Network
  • If both DCs use the same BGP ASN 65001 in this case, use allowas-in to allow looping in AS-PATH
  • When you enable site-link BGP session won’t flap but it Continue reading
1 247 248 249 250 251 3,347