0

iBGP for PE-CE

I’ve worked on many large-scale MPLS VPN solutions, some with as many as 20k-30k managed CPEs, and as everybody knows – where you run BGP with this sort of setup. It’s almost always eBGP with a single AS across all sites using AS-override, or each site gets a different AS number, to get around the age-old eBGP loop prevention mechanisms which tend to get in the way when we use L3VPNs.

Recently I came across RFC 6368 which describes how iBGP can actually be used as a PE-CE protocol, in order to make the provider network more transparent from a BGP perspective. Usually there’s no problem running eBGP and 99% of networks seem to operate perfectly fine with it, however if the customer CE routers have a large BGP element behind them, the provider’s AS numbers and interactions with the BGP updates can in some cases cause problems.

Recently Cisco added support to run iBGP for PE-CE with the addition of a new command placed under the VRF – “neighbor <x.x.x.x> internal-vpn-client” in JUNOS the command is “independent-domain” which goes under the routing-options for the routing-instance.

For this configuration, consider the following basic topology:

CE-1 and CE-2 Continue reading

0

Verizon’s breach experts missed one right under their noses

Verizon Enterprise, a bulwark against cyberattacks at many large organizations, has suffered a security breach itself.A flaw in the company's systems allowed an attacker to steal contact information on Verizon Enterprise customers, the company acknowledged Thursday. Verizon said it has fixed the flaw and is notifying those users, but it hasn't disclosed how many were affected. The intruder couldn't get to any customer proprietary network information, Verizon said, referring to data such as call records and billing information.The breach came to light Thursday in a post on the blog Krebs on Security. Krebs reported the hacker stole contact information for about 1.5 million Verizon Enterprise customers and offered it for sale for US$100,000 on a cybercrime forum. Because the data was offered for sale in the MongoDB format, among others it's likely the attacker forced a MongoDB database at Verizon to dump its contents, the blog said.To read this article in full or to leave a comment, please click here

0

Google Cloud De-Scripts Deployment of Linux Containers

Kubernetes 1.2 can now handle 1,000 nodes and 30,000 pods.

0

ArubaOS-Switch 16.01 – Device profile for Aruba AP

When deploying a wireless network, the network admin still needs to configure the wired network switch ports for the Access Point connections. The device profile feature in ArubaOS-Switch simplifies this action. Access Point switch port       The switch … Continue reading →

0

Comware supports HPE Smart SAN for 3PAR

When configuring a Fibre Channel storage environment, there are basically 2 parts in the configuration: Setup of the SAN Infrastructure (F/E ports, domain IDs, trunks, VSANs) Zoning configuration: done at initial setup and updated for every new server/storage system added … Continue reading →

0

Oracle Cloud Reaches Into the Enterprise

Oracle is moving into the enterprise data center with a subscription-based cloud offering.

0

The Future of Merchant Silicon and Network Virtualization

The threat of white box switches has cast a shadow over big network equipment vendors for years, as the combination of Moore’s Law and economies of scale provides merchant switch silicon an overwhelming price/performance advantage over proprietary platforms.

0

Worth Reading: Scrutinizing the Cisco-Arista legal battles

The legal battle between Cisco and Arista has heated up in a big way. Earlier this month, Judge David Shaw of the International Trade Commission (ITC) released the public version of the findings in the case. The findings reveal curious aspects of this case that raise questions about Cisco’s intentions and put a spotlight on Silicon Valley work culture. -via Network Computing

The post Worth Reading: Scrutinizing the Cisco-Arista legal battles appeared first on 'net work.

0

Microsoft & HPE Help Mesosphere Raise $73.5M

Both Microsoft and HPE are customers as well.

0

Aruba Certifications

I attended the Aruba Mobility Bootcamp and the Clearpass Essentials training in January. Both courses (MBC and CPE) provide a solid overview and introduction of the Aruba Controller feature set and the Clearpass Policy Manager (RADIUS, TACACS, Guest, BYOD and … Continue reading →

0

NASA competition could net you $1.5M for next great airship

NASA this week said it was considering a new Centennial Challenge: Build and airship capable of long duration flight for scientific missions.The agency issued a Request For information to see if there was enough industry interest in the challenge and to further develop rules for the competition. You may recall that NASA’s Centennial Challenges Program sets up challenging contests for the public, academia, and industry with an eye towards developing innovative technologies.To read this article in full or to leave a comment, please click here

0

US accuses 7 Iranians of hacking US banks, New York dam

The U.S. government says seven Iranians working for the country's Islamic Revolutionary Guard Corps are responsible for 187 denial of service attacks aimed at banks across the U.S. between 2011 and 2013.It also says one of the individuals gained access to the control system for the Bowman Avenue Dam, a small dam north of New York City, and would have been able to control flow of water through the system had it not been disconnected for repairs.The accused worked for two Iranian computer companies, ITSecTeam and Mersad, and were contracted by the Iranian government to conduct the attacks, according to a Department of Justice indictment unsealed on Thursday.To read this article in full or to leave a comment, please click here

0

Busy and interesting times!

It has been a while since new content has been posted, mainly due to time constraints/other priorities, but I’ll try to make it up in the next weeks! Let’s start with a quick update of everything that has happened in … Continue reading →

0

Yokohama

The post Yokohama appeared first on 'net work.

0

Book Winners!

Lots of good suggestions in my inbox—thanks to all who gave me some great design ideas to blog about. I eventually chose two winners, as I uncovered another copy of the book to give away! The two winners are Patrick Watson and Matthew Sabin. I’m going to try and run something like this every three or four months, so look for another one in the future.

The post Book Winners! appeared first on 'net work.

0

Network Management Tools: Best Practices For Success

0

Justice Department indicts Iran hackers in massive financial cyberattack

The U.S. Department of Justice has indicted seven Iranian hackers in connection with cyberattacks on U.S. banks, the New York Stock Exchange, AT&T and a water facility in New York.The seven live outside the U.S. and it’s questionable whether they will ever be apprehended and tried, according to reports by Reuters, the New York Times and the Washington Post.To read this article in full or to leave a comment, please click here

0

Baremetal cloud using Packet

Typical Opensource demo applications comes packaged as a Vagrant application which starts a bunch of VMs and does automatic provisioning. I have a Windows machine with Virtualbox and VMWare player installed. Since Virtualbox does not support nested virtualization with 64 bit VMs(More details can be found in my previous blogs on Virtualbox and VMWare player), … Continue reading Baremetal cloud using Packet →

0

Expanded Integration between VMware NSX and AirWatch Advances Device-to-Datacenter Security

The latest AirWatch update expands VMware NSX integration, uniting two great technologies to create the foundation of next-generation security. Continue reading

0

HPE Leads As Cloud Infrastructure Supplier