Archive

Category Archives for "Networking"

Mastering Active Directory groups can streamline management, pave way for automation

On the surface, Active Directory groups are a simple and straightforward way to manage identities (users and/or computers) and assign permissions. Users or computers are added as group members, and the group is referenced in access control lists (ACL) on file shares, mailboxes, applications, or other corporate resources. But experienced admins know that this simplicity quickly goes out the window as environments scale. As group memberships grow, management of memberships becomes increasingly complex.Over the years, Microsoft and others have developed best practices for managing groups and permissions in an Active Directory environment. These strategies are something of a lost art, but there’s value to be gained by leveraging these layers of sophistication.To read this article in full, please click here

Mastering Active Directory groups can streamline management, pave way for automation

On the surface, Active Directory groups are a simple and straightforward way to manage identities (users and/or computers) and assign permissions. Users or computers are added as group members, and the group is referenced in access control lists (ACL) on file shares, mailboxes, applications, or other corporate resources. But experienced admins know that this simplicity quickly goes out the window as environments scale. As group memberships grow, management of memberships becomes increasingly complex.Over the years, Microsoft and others have developed best practices for managing groups and permissions in an Active Directory environment. These strategies are something of a lost art, but there’s value to be gained by leveraging these layers of sophistication.To read this article in full, please click here

netlab: IRB with Anycast Gateways

netlab release 1.4 added support for static anycast gateways and VRRP. Today we’ll use that functionality to add anycast gateways to the VLAN trunk lab:

Lab topology

Lab topology

We’ll start with the VLAN trunk lab topology and make the following changes:

  • We’ll rearrange the node list to make sure the switches get the lowest possible node ID:
nodes: [ s1, s2, h1, h2, h3, h4 ]
  • The switches have to use the new gateway module:
groups: switches: members: [ s1, s2 ] module: [ vlan, gateway ] device: eos
  • We have to enable first-hop gateway on VLAN links:
vlans: red: gateway: True blue: gateway: True
  • The default FHRP protocol is anycast (we could also use VRRP), and the default shared IP address is the last IP address in the subnet. We’ll use the first IP address in the subnet:
gateway.id: 1

After starting the lab you’ll notice the change in node identifiers and interface IP addresses. Without the anycast gateway, netlab assigns node ID 1 (and loopback IP address 10.0.0.1) to S1. Now that the node ID 1 is reserved, S1 gets loopback address 10.0.0.2.

The only other change on the Continue reading

Looking at Centrality in the DNS

Many aspects of the digital environment are dominated by a small clique of extremely large enterprises. Meta and Twitter may be teetering at the moment, but we have Google, Apple, Microsoft and Amazon who are still strongly dominant in their respective markets. Looking further afield, what about our common infrastructure services that everyone is forced to rely upon? How's the Domain Name System faring? Is the DNS also falling under the influence of these digital hypergiants? Or is the DNS still highly distributed and resisting the trends of centralization? Lets take a look at some DNS data to see if we can answer this question.

Mastodon – Part 1 – Installing

About this series

Mastodon

I have seen companies achieve great successes in the space of consumer internet and entertainment industry. I’ve been feeling less enthusiastic about the stronghold that these corporations have over my digital presence. I am the first to admit that using “free” services is convenient, but these companies are sometimes taking away my autonomy and exerting control over society. To each their own of course, but for me it’s time to take back a little bit of responsibility for my online social presence, away from centrally hosted services and to privately operated ones.

This series details my findings starting a micro blogging website, which uses a new set of super interesting open interconnect protocols to share media (text, pictures, videos, etc) between producers and their followers, using an open source project called Mastodon.

Introduction

Similar to how blogging is the act of publishing updates to a website, microblogging is the act of publishing small updates to a stream of updates on your profile. You can publish text posts and optionally attach media such as pictures, audio, video, or polls. Mastodon lets you follow friends and discover new ones. It doesn’t do this in a centralized way, however.

Groups Continue reading

Worth Reading: Another Hugo-Based Blog

Bruno Wollmann migrated his blog post to Hugo/GitHub/CloudFlare (the exact toolchain I’m using for one of my personal web sites) and described his choices and improved user- and author experience.

As I keep telling you, always make sure you own your content. There’s absolutely no reason to publish stuff you spent hours researching and creating on legacy platforms like WordPress, third-party walled gardens like LinkedIn, or “free services” obsessed with gathering visitors' personal data like Medium.

Worth Reading: Another Hugo-Based Blog

Bruno Wollmann migrated his blog post to Hugo/GitHub/CloudFlare (the exact toolchain I’m using for one of my personal web sites) and described his choices and improved user- and author experience.

As I keep telling you, always make sure you own your content. There’s absolutely no reason to publish stuff you spent hours researching and creating on legacy platforms like WordPress, third-party walled gardens like LinkedIn, or “free services” obsessed with gathering visitors’ personal data like Medium.

Troubleshooting EVPN with Arista EOS (Control Plane Edition)

“It’s all fun and games until you can’t ping your default gateway.”

While EVPN/VXLAN brings a number of benefits when compared to a more traditional Core/Aggregation/Access layer style network with only VLANs and SVIs, it is different enough that you’ll need to learn some new troubleshooting techniques. It’s not all that different than what you’ve probably done before, but it is different enough to warrant a blog post.

This article is on how to troubleshoot EVPN/VXLAN on Arista EOS switches, and the command line commands will reflect that. However, as EVPN/VXLAN are a collection of IETF standards, the overall technique will translate to any EVPN/VXLAN platform.

The scenario this article is going to explore is endpoint to endpoint connectivity, though it can also be easily modified for endpoint to network connectivity. It doesn’t matter if the host is on the same VXLAN segment or a different one.

The primary strategy will be to verify the control plane. EVPN/VXLAN has a control plane, a data plane, an overlay and an underlay. Generally, I’ve found that most issues occur on the control plane. The control plane process looks like this:

ICYMI: Developer Week 2022 announcements

ICYMI: Developer Week 2022 announcements
ICYMI: Developer Week 2022 announcements

Developer Week 2022 has come to a close. Over the last week we’ve shared with you 31 posts on what you can build on Cloudflare and our vision and roadmap on where we’re headed. We shared product announcements, customer and partner stories, and provided technical deep dives. In case you missed any of the posts here’s a handy recap.

Product and feature announcements

Announcement Summary
Welcome to the Supercloud (and Developer Week 2022) Our vision of the cloud -- a model of cloud computing that promises to make developers highly productive at scaling from one to Internet-scale in the most flexible, efficient, and economical way.
Build applications of any size on Cloudflare with the Queues open beta Build performant and resilient distributed applications with Queues. Available to all developers with a paid Workers plan.
Migrate from S3 easily with the R2 Super Slurper A tool to easily and efficiently move objects from your existing storage provider to R2.
Get started with Cloudflare Workers with ready-made templates See what’s possible with Workers and get building faster with these starter templates.
Reduce origin load, save on cloud egress fees, and maximize cache hits with Cache Reserve Cache Reserve is graduating to open Continue reading

Dell expands data-protection product line

Dell Technologies has announced new products and services for data protection as part of its security portfolio.Active data protection is often treated as something of an afterthought, especially compared to disaster recovery. Yet it's certainly a problem for companies. According to Dell’s recent Global Data Protection Index (GDPI) research, organizations are experiencing higher levels of disasters than in previous years, many of them man-made. In the past year, cyberattacks accounted for 48% of all disasters, up from 37% in 2021, and are the leading cause of data disruption.One of the major stumbling blocks in deploying data-protection capabilities is the complexity of the rollout. Specialized expertise is often required, and products from multiple vendors are often involved. Even the hyperscalers are challenged to provide multicloud data-protection services.To read this article in full, please click here

Dell expands data-protection product line

Dell Technologies has announced new products and services for data protection as part of its security portfolio.Active data protection is often treated as something of an afterthought, especially compared to disaster recovery. Yet it's certainly a problem for companies. According to Dell’s recent Global Data Protection Index (GDPI) research, organizations are experiencing higher levels of disasters than in previous years, many of them man-made. In the past year, cyberattacks accounted for 48% of all disasters, up from 37% in 2021, and are the leading cause of data disruption.One of the major stumbling blocks in deploying data-protection capabilities is the complexity of the rollout. Specialized expertise is often required, and products from multiple vendors are often involved. Even the hyperscalers are challenged to provide multicloud data-protection services.To read this article in full, please click here

Dell expands data-protection product line

Dell Technologies has announced new products and services for data protection as part of its security portfolio.Active data protection is often treated as something of an afterthought, especially compared to disaster recovery. Yet it's certainly a problem for companies. According to Dell’s recent Global Data Protection Index (GDPI) research, organizations are experiencing higher levels of disasters than in previous years, many of them man-made. In the past year, cyberattacks accounted for 48% of all disasters, up from 37% in 2021, and are the leading cause of data disruption.One of the major stumbling blocks in deploying data-protection capabilities is the complexity of the rollout. Specialized expertise is often required, and products from multiple vendors are often involved. Even the hyperscalers are challenged to provide multicloud data-protection services.To read this article in full, please click here

Heavy Networking 656: Embedding Zero Trust Into Applications

On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss.

The post Heavy Networking 656: Embedding Zero Trust Into Applications appeared first on Packet Pushers.

Heavy Networking 656: Embedding Zero Trust Into Applications

On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss.