0

EVPN/MPLS Bridging Forwarding Model

Most networking engineers immediately think about VXLAN and data center switches when they hear about EVPN. While that’s the most hyped use case, EVPN standardization started in 2012 as a layer-2 VPN solution on top of MPLS transport trying to merge the best of VPLS and MPLS/VPN worlds.

If you want to understand how any technology works, and what its quirks are, you have to know how it was designed to be used. In this blog post we’ll start that journey exploring the basics of EVPN used in a simple MLPS network with three PE-routers:

0

What is a network switch, and how does it work?

Modern networks are critical for any enterprise. Networks deliver business applications, multimedia messages and key data to end users around the world. A fundamental element that networks have in common is the network switch, which helps connect devices for the purpose of sharing resources within a local area network (LAN).What is a network switch? A network switch is a physical device that operates at the Data Link layer of the Open Systems Interconnection (OSI) model -- Layer 2. It takes in packets sent by devices that are connected to its physical ports, and forwards them to the devices the packets are intended to reach. Switches can also operate at the Network Layer (Layer 3) where routing occurs.To read this article in full, please click here

0

Micron to build largest chip factory in US history

Micron plans to build a memory chip fabrication plant in upstate New York that it said will be the size of 40 football fields and create about 50,000 jobs. It may spend up to $100B over the next 20 years on the facility.

0

Aryaka rolls out cloud-based web gateway for SASE-focused WAN offering

Long-time WAN provider Aryaka today released a version of its Zero Trust WAN product that incorporates a new Secure Web Gateway and Firewall-as-a-Service as it works toward a SASE-enabled WAN offering.The idea is to provide a much more updated version of WAN to enterprise customers-– where SD-WAN traditionally lived in a box in branch offices, the pandemic and the evolving SASE model prompted a more flexible rethink. Now, Aryaka’s latest model is an entirely cloud-based offering, routing secure traffic to branch offices or remote employees while being able to employ robust security technologies via Aryaka’s own cloud.To read this article in full, please click here

0

Automate Calico Cloud and EKS cluster integration using AWS Control Tower

Productive, scalable, and cost-effective, cloud infrastructure empowers innovation and faster deliverables. It’s a no-brainer why organizations are migrating to the cloud and containerizing their applications. As businesses scale their cloud infrastructure, they cannot be bottlenecked by security concerns. One way to release these bottlenecks and free up resources is by using automation.

What if you could automate the deployment and integration of your container security services with your cluster’s environment?

In a joint blog post with AWS Marketplace, AWS Sr. Cloud Application Architect, Deepak Sihag, joins Tigera’s Technical Marketing Engineer, Joseph Yostos, to walk you through the process of activating, deploying, and configuring Calico Cloud in your AWS Control Tower environment. And of course, how to automate the process of connecting Calico Cloud to your EKS cluster.

Blog highlights

Aside from showing you how you can fully leverage the preconfigured resources of AWS Control Tower, the solution walkthrough also highlights:

• Event-driven automation to connect an EKS cluster with Calico Cloud
• AWS CloudFormation deployment
• Detailed runthrough of prerequisite configurations
• Step-by-step guide on how to automate Calico Cloud and EKS cluster integration using AWS Control Tower
• How to clean up your account to avoid incurring costs

Why read the blog?

As the Continue reading

0

VMware embraces DPUs to stretch the use of CPUs

While it is clearly early in the game, VMware has made a bunch of moves recently to ensure that DPUs and the smartNICs they enable are an equal part of enterprise networking environments of the future.VMware is a leading proponent of using digital processing units to free-up server CPU cycles by offloading networking, security, storage, and other processes in order to rapidly and efficiently supporting edge- and cloud-based workloads.Competitors—and partners in some cases—including Intel, Nvidia, AWS, and AMD, also have plans to more tightly integrate DPU-based devices into in firewalls, gateways, enterprise load balancing, and storage-offload applications.To read this article in full, please click here

0

VMware embraces DPUs to stretch the use of CPUs

While it is clearly early in the game, VMware has made a bunch of moves recently to ensure that DPUs and the smartNICs they enable are an equal part of enterprise networking environments of the future.VMware is a leading proponent of using digital processing units to free-up server CPU cycles by offloading networking, security, storage, and other processes in order to rapidly and efficiently supporting edge- and cloud-based workloads.Competitors—and partners in some cases—including Intel, Nvidia, AWS, and AMD, also have plans to more tightly integrate DPU-based devices into in firewalls, gateways, enterprise load balancing, and storage-offload applications.To read this article in full, please click here

0

Advanced OOBM Tactics Simplify and Reinforce Remote Data Center Access

Modern out-of-band management (OOBM) platforms offer a wealth of new features to aid administrators with zero-touch deployments and robust, failure-resistant remote data center connectivity.

0

Used servers: Bargain or too good to be true?

Enterprise IT teams are always on the lookout for ways to save money or gain operational efficiencies. One approach is to purchase used data center equipment such as servers, rather than investing in brand new systems and paying top dollar.There’s no shortage of resellers who cater to this market. Some equipment resellers specifically target gear from hyperscalers, because the hyperscalers replace their hardware at a fast pace, and the equipment they turnover can be more powerful than what most enterprises use today.Those in the business of selling used equipment say demand for their offerings is high.To read this article in full, please click here

0

Used servers: Bargain or too good to be true?

Enterprise IT teams are always on the lookout for ways to save money or gain operational efficiencies. One approach is to purchase used data center equipment such as servers, rather than investing in brand new systems and paying top dollar.There’s no shortage of resellers who cater to this market. Some equipment resellers specifically target gear from hyperscalers, because the hyperscalers replace their hardware at a fast pace, and the equipment they turnover can be more powerful than what most enterprises use today.Those in the business of selling used equipment say demand for their offerings is high.To read this article in full, please click here

0

Repost: What’s Wrong with Network Automation

Responding to my Infrastructure as Code Sounds Scary blog post, Deepak Arora posted an interesting (and unfortunately way too accurate) list of challenges you might encounter when trying to introduce network automation in an enterprise environment.

He graciously allowed me to repost his thoughts on my blog.

---

Why don’t we agree on that :

0

The 10 most powerful companies in enterprise networking 2022

Networking vendors have a lot on their plate. They need to innovate in areas like automation, AIOps, Zero Trust Network Access (ZTNA), secure access service edge (SASE), visibility, and multi-cloud management.They must respond to customer preferences for subscription models and network as-a-service (NaaS) offerings. In a recent survey, IDC reported that 61% of organizations worldwide were interested in shifting to consumption-based models for IT investments rather than capital intensive purchases.To read this article in full, please click here

0

What we served up for the last Birthday Week before we’re a teenager

Almost a teen. With Cloudflare’s 12th birthday last Tuesday, we’re officially into our thirteenth year. And what a birthday we had!

36 announcements ranging from SIM cards to post quantum encryption via hardware keys and so much more. Here’s a review of everything we announced this week.

Monday

What	In a sentence…
The First Zero Trust SIM	We’re bringing Zero Trust security controls to the humble SIM card, rethinking how mobile device security is done, with the Cloudflare SIM: the world’s first Zero Trust SIM.
Securing the Internet of Things	We’ve been defending customers from Internet of Things botnets for years now, and it’s time to turn the tides: we’re bringing the same security behind our Zero Trust platform to IoT.
Bringing Zero Trust to mobile network operators	Helping bring the power of Cloudflare’s Zero Trust platform to mobile operators and their subscribers.

Tuesday

What	In a sentence…
Workers Launchpad	Leading venture capital firms to provide up to $1.25 BILLION to back startups built on Cloudflare Workers.
Startup Plan v2.0	Increasing the scope, eligibility and products we include under our Startup Plan, enabling more developers and startups to build the next big thing on top of Cloudflare.
workerd: Continue reading

0

Network Break 401: Google Teases Multi-Gig Home Broadband; New USB Cables Use Slightly Less Plastic

Today's Network Break covers three Google stories including Google Fiber's ambitions for multi-gig Internet and the killing of Stadia. We also discuss a rise in firewall sales, using plant-based materials in USB cables, and more IT news.

0

Network Break 401: Google Teases Multi-Gig Home Broadband; New USB Cables Use Slightly Less Plastic

Today's Network Break covers three Google stories including Google Fiber's ambitions for multi-gig Internet and the killing of Stadia. We also discuss a rise in firewall sales, using plant-based materials in USB cables, and more IT news.

The post Network Break 401: Google Teases Multi-Gig Home Broadband; New USB Cables Use Slightly Less Plastic appeared first on Packet Pushers.

0

Offensive Security & Threat Hunting: The Best Defense is a Good Offense

Offensive security is the future of cybersecurity as the proactive mindset enables threat hunters to be more efficient in detecting vulnerabilities.

0

Monday Mobility Quick Thoughts

I’m getting ready for Mobility Field Day 8 later this week and there’s been a lot of effort making sure we’re ready to go. That means I’ve spent lots of time thinking about event planning instead of writing. So I wanted to share some quick thoughts with you ahead of this week as well as WLPC Europe next week.

• I remain convinced than half of the objections that are raised by oversight organizations when it comes to adopting new technology come from the fact they got caught flat-footed and weren’t ready for it to be popular. Whether it’s the Wi-Fi 6E safety issue or the report earlier this year from the FAA about 5G and airports it just seems like organizations spend less time doing actual investigation and more time writing press releases about how they are ready to figure it all out yet.
• I also remain cautiously optimistic that the new Apple devices rumored to be coming out later this year, namely the iPad Pro and MacBook Pro with M2 chips, will have Wi-Fi 6E support. Yes, the iPhone didn’t. It’s also a smaller device with less room to add new hardware. The iPad and MacBook have historically gotten Continue reading

0

Defending against future threats: Cloudflare goes post-quantum

There is an expiration date on the cryptography we use every day. It’s not easy to read, but somewhere between 15 or 40 years, a sufficiently powerful quantum computer is expected to be built that will be able to decrypt essentially any encrypted data on the Internet today.

Luckily, there is a solution: post-quantum (PQ) cryptography has been designed to be secure against the threat of quantum computers. Just three months ago, in July 2022, after a six-year worldwide competition, the US National Institute of Standards and Technology (NIST), known for AES and SHA2, announced which post-quantum cryptography they will standardize. NIST plans to publish the final standards in 2024, but we want to help drive early adoption of post-quantum cryptography.

Starting today, as a beta service, all websites and APIs served through Cloudflare support post-quantum hybrid key agreement. This is on by default¹; no need for an opt-in. This means that if your browser/app supports it, the connection to our network is also secure against any future quantum computer.

We offer this post-quantum cryptography free of charge: we believe that post-quantum security should be the new baseline for the Internet.

Deploying post-quantum cryptography seems like a Continue reading

0

Introducing post-quantum Cloudflare Tunnel

Undoubtedly, one of the big themes in IT for the next decade will be the migration to post-quantum cryptography. From tech giants to small businesses: we will all have to make sure our hardware and software is updated so that our data is protected against the arrival of quantum computers. It seems far away, but it’s not a problem for later: any encrypted data captured today (not protected by post-quantum cryptography) can be broken by a sufficiently powerful quantum computer in the future.

Luckily we’re almost there: after a tremendous worldwide effort by the cryptographic community, we know what will be the gold standard of post-quantum cryptography for the next decades. Release date: somewhere in 2024. Hopefully, for most, the transition will be a simple software update then, but it will not be that simple for everyone: not all software is maintained, and it could well be that hardware needs an upgrade as well. Taking a step back, many companies don’t even have a full list of all software running on their network.

For Cloudflare Tunnel customers, this migration will be much simpler: introducing Post-Quantum Cloudflare Tunnel. In this blog post, first we give an overview of how Cloudflare Tunnel Continue reading

0

Automatic (secure) transmission: taking the pain out of origin connection security

In 2014, Cloudflare set out to encrypt the Internet by introducing Universal SSL. It made getting an SSL/TLS certificate free and easy at a time when doing so was neither free, nor easy. Overnight millions of websites had a secure connection between the user’s browser and Cloudflare.

But getting the connection encrypted from Cloudflare to the customer’s origin server was more complex. Since Cloudflare and all browsers supported SSL/TLS, the connection between the browser and Cloudflare could be instantly secured. But back in 2014 configuring an origin server with an SSL/TLS certificate was complex, expensive, and sometimes not even possible.

And so we relied on users to configure the best security level for their origin server. Later we added a service that detects and recommends the highest level of security for the connection between Cloudflare and the origin server. We also introduced free origin server certificates for customers who didn’t want to get a certificate elsewhere.

Today, we’re going even further. Cloudflare will shortly find the most secure connection possible to our customers’ origin servers and use it, automatically. Doing this correctly, at scale, while not breaking a customer’s service is very complicated. This blog post explains how we are Continue reading