Is Security A Feature Or A Product?
This post originally appeared on the Packet Pushers’ Ignition site on July 9, 2019. Premise: I would be cautious about a vendor who sells security as a product or a critical/primary feature. Security-as-a-product is coming to an end. We need to return to making the things we already have work efficiently. There is only so […]
The post Is Security A Feature Or A Product? appeared first on Packet Pushers.
Saying “Yes” the Right Way
If only I had known how hard it was to say “no” to someone. Based on the response that my post about declining things had gotten I’d say there are a lot of opinions on the subject. Some of them were positive and talked about how hard it is to decline things. Others told me I was stupid because you can’t say no to your boss. I did, however, get a direct message from Paul Lampron (@Networkified) that said I should have a follow up post about saying yes in a responsible manner.
Positively Perfect
The first thing you have to understand about the act of asking something is that we’re not all wired the same way when it comes to saying yes. I realize that article is over a decade old at this point but the ideas in it remain valid, as does this similar one from the Guardian. Depending on your personality or how you were raised you may not have the outcome you were expecting when you ask.
Let me give you a quick personal example. I was raised with a southern style mentality that involves not just coming out and asking for something. You Continue reading
A July 4 technical reading list
Here’s a short list of recent technical blog posts to give you something to read today.
Internet Explorer, we hardly knew ye
Microsoft has announced the end-of-life for the venerable Internet Explorer browser. Here we take a look at the demise of IE and the rise of the Edge browser. And we investigate how many bots on the Internet continue to impersonate Internet Explorer versions that have long since been replaced.
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
Looking for something with a lot of technical detail? Look no further than this blog about live-patching the Linux kernel using eBPF. Code, Makefiles and more within!
Hertzbleed explained
Feeling mathematical? Or just need a dose of CPU-level antics? Look no further than this deep explainer about how CPU frequency scaling leads to a nasty side channel affecting cryptographic algorithms.
Early Hints update: How Cloudflare, Google, and Shopify are working together to build a faster Internet for everyone
The HTTP standard for Early Hints shows a lot of promise. How much? In this blog post, we dig into data about Early Hints in the real world and show how much faster the web is with it.
Private Continue reading
Modifying Administrative Distance of Specific BGP Route
In one of the Discords that I’m in there was a user with a complex network consisting of a mix of DMVPN, BGP over MPLS VPN circuits, and SD-WAN. For some prefixes, the path via the private MPLS is preferred, for others, the SD-WAN path. Now, if a prefix is available in two different protocols, BGP vs Overlay Management Protocol (OMP), there is nothing we can do in BGP or OMP to modify which one gets installed into the Routing Information Base (RIB). This is no different than if EIGRP and OSPF were competing to install a prefix into the RIB, the protocol with the lower Administrative Distance (AD) would have its route installed.
The default AD values used on a Cisco device for these protocols are:
- eBGP – 20
- iBGP – 200
- OMP – 251
Based on the AD, OMP will always lose out. It is of course possible to change the AD of BGP, but that would have an effect of all prefixes and we lose the ability to have some prefixes preferred via BGP and others via OMP. I had never changed the AD of a specific BGP prefix before, so I turned to Twitter to see Continue reading
Worth Reading: On the Dangers of Cryptocurrencies…
Bruce Schneier wrote an article on the dangers of cryptocurrencies and the uselessness of blockchain, including this gem:
From its inception, this technology has been a solution in search of a problem and has now latched onto concepts such as financial inclusion and data transparency to justify its existence, despite far better solutions to these issues already in use.
Please feel free to tell me how he’s just another individual full of misguided opinions… after all, what does he know about crypto?
Possible Impacts Of Covid-19 On Data Networking
This post originally appeared on the Packet Pushers’ Ignition site on April 22, 2020. In this post I review what might happen to networking when we return to work. We won’t return to normal, but we will be back at work. To start, here are nine ideas about the pandemic’s impact, divided into two […]
The post Possible Impacts Of Covid-19 On Data Networking appeared first on Packet Pushers.
Juniper vQFX on GNS3
The vQFX is a virtualized version of the Juniper Networks QFX10000 Ethernet switches portfolio. It is a free tool that is not sold and therefore not supported by Juniper. The vQFX offers the same control and data plane features as the physical QFX10000 switches with limited software forwarding performance. We can use the vQFX to […]Continue reading...
Juniper vQFX on GNS3
The vQFX is a virtualized version of the Juniper Networks QFX10000 Ethernet switches portfolio. It […]
The post Juniper vQFX on GNS3 first appeared on Brezular's Blog.
6 Ways Cloud Networking Teams Can Up Their Game
Many cloud networking teams believe that achieving excellence will be too costly and too difficult. But that’s not actually the case.SR Linux in Containerlab
This article uses Containerlab to emulate a simple network and experiment with Nokia SR Linux and sFlow telemetry. Containerlab provides a convenient method of emulating network topologies and configurations before deploying into production on physical switches.
curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/srlinux.yml
Download the Containerlab topology file.
containerlab deploy -t srlinux.yml
Deploy the topology.
docker exec -it clab-srlinux-h1 traceroute 172.16.2.2
Run traceroute on h1 to verify path to h2.
traceroute to 172.16.2.2 (172.16.2.2), 30 hops max, 46 byte packets
1 172.16.1.1 (172.16.1.1) 2.234 ms * 1.673 ms
2 172.16.2.2 (172.16.2.2) 0.944 ms 0.253 ms 0.152 ms
Results show path to h2 (172.16.2.2) via router interface (172.16.1.1).
docker exec -it clab-srlinux-switch sr_cli
Access SR Linux command line on switch.
Using configuration file(s): []
Welcome to the srlinux CLI.
Type 'help' (and press <ENTER>) if you need any help using this.
--{ + running }--[ ]--
A:switch#
SR Linux CLI describes how to use the interface.
A:switch# show system sflow status
Get status of sFlow telemetry.
-------------------------------------------------------------------------
Admin State Continue reading