After discussing rogue IPv6 RA challenges and the million ways one can circumvent IPv6 RA guard with IPv6 extension headers, Christopher Werny focused on practical aspects of this thorny topic: how can we test IPv6 RA Guard implementations and how good are they?
I was recently working with a customer to configure Azure AD as the SAML provider for their ExtraHop appliances. Although the process is pretty well documented in the ExtraHop docs, it is spread out in a few locations and there are a couple of gotchas we ran into. In this post, I...continue reading
In this episode of the IPv6 Buzz podcast, Ed, Scott, and Tom talk about microsegmentation with IPv6 and what the IT use cases look like.
The post IPv6 Buzz 109: Microsegmentation With IPv6 appeared first on Packet Pushers.
I’ve rebuilt my data center fabrics live training class, adding a lot of new material across the board, and adding a few new topics. To cover all this new material, the class has been expanded from three to six hours. I’m teaching it for the first time on the 29th and 30th of this month.
From the Safari Books description—
Data centers are the foundation of the cloud, whether private, public, on the edge, or in the center of the network. This training will focus on topologies and control planes, including scale, performance, and centralization. This training is important for network designers and operators who want to understand the elements of data center design that apply across all hardware and software types.
This class consists of two three-hour sessions. The first session will focus on the physical topology, including a short history of spine-and-leaf fabrics, the characteristics of fabrics (versus the broader characteristics of a network), and laying out a spine-and-leaf network to support fabric lifecycle and scaling the network out. The first session will also consider the positive and negative aspects of using single- and multi-forwarding engine (FE) devices to build a fabric, and various aspects of Continue reading
Lots of interesting stuff coming up this month on the Hedge, and here at Rule11 … listen here to find out all about upcoming episodes and training.
You can register for the DC fabric training I mention in this update here.
How much of the traffic on the Internet is wasted—traffic no-one really wanted, and yet is being carried and paid for by providers and end users? In a world increasingly concerned about the waste of precious resources, this is an important topic to consider. Leslie Daigle joins Russ White and Tom Ammon on this episode of the Hedge to discuss the kinds of traffic she’s seeing hit their large-scale honey-trap, and the implications for the Internet.
Long long time ago, Daniel Dib started an interesting Twitter discussion with this seemingly simple question:
How does a switch/router know from the bits it has received which layer each bit belongs to? Assume a switch received 01010101, how would it know which bits belong to the data link layer, which to the network layer and so on.
As is often the case, Peter Paluch provided an excellent answer in a Twitter thread, and allowed me to save it for posterity.
Broadcom has announced a new ASIC in the Trident family that can monitor flows in real time to identify anomalies that may indicate DDoS attacks, port scans, data exfiltration, and other threats, but has yet to announce security partners to take advantage of this capability.
The post New Trident 4C ASIC Includes Real-Time Threat Analysis Option appeared first on Packet Pushers.