IPv6 Buzz 113: We Have DAD Issues (Duplicate Address Detection)
In this episode of IPv6 Buzz, Ed, Scott, and Tom talk about our DAD issues — well, our IPv6 Duplicate Address Detection (DAD) issues anyway. DAD is a feature of IPv6 that looks for duplicate IP addresses among hosts on the same segment. We discuss how it works and operational considerations.
The post IPv6 Buzz 113: We Have DAD Issues (Duplicate Address Detection) appeared first on Packet Pushers.
IPv6 Buzz 113: We Have DAD Issues (Duplicate Address Detection)
In this episode of IPv6 Buzz, Ed, Scott, and Tom talk about our DAD issues — well, our IPv6 Duplicate Address Detection (DAD) issues anyway. DAD is a feature of IPv6 that looks for duplicate IP addresses among hosts on the same segment. We discuss how it works and operational considerations.CI-Based Cloud Network Automation
A pioneer in cloud networking for the last decade, Arista has become synonymous with elastic scaling and programmable provisioning through a modern data-driven software stack. Legacy networks with manual box-by-box configurations for production and testing have led to cumbersome and complex practices. Arista leads the industry in cloud automation built on an open foundation.
Rant: Cloudy Snowflakes
I could spend days writing riffs on some of the more creative (in whatever dimension) comments left on my blog post or LinkedIn1. Here’s one about uselessness of network automation in cloud infrastructure (take that, AWS!):
If the problem is well known you can apply rules to it (automation). The problem with networking is that it results in a huge number of cases that are not known in advance. And I don’t mean only the stuff you add/remove to fix operational problems. A friend in one of the biggest private clouds was saying that more than 50% of transport services are customized (a static route here, a PBR there etc) or require customization during their lifecycle (e.g. add/remove a knob). Telcos are “worse” and for good reasons.
Yeah, I’ve seen such environments. I had discussions with a wide plethora of people building private and public (telco) clouds, and summarized the few things I learned (not many of them good) in Address the Business Challenges First part of the Business Aspects of Networking Technologies webinar.
Rant: Cloudy Snowflakes
I could spend days writing riffs on some of the more creative (in whatever dimension) comments left on my blog post or LinkedIn1. Here’s one about uselessness of network automation in cloud infrastructure (take that, AWS!):
If the problem is well known you can apply rules to it (automation). The problem with networking is that it results in a huge number of cases that are not known in advance. And I don’t mean only the stuff you add/remove to fix operational problems. A friend in one of the biggest private clouds was saying that more than 50% of transport services are customized (a static route here, a PBR there etc) or require customization during their lifecycle (e.g. add/remove a knob). Telcos are “worse” and for good reasons.
Yeah, I’ve seen such environments. I had discussions with a wide plethora of people building private and public (telco) clouds, and summarized the few things I learned (not many of them good) in Address the Business Challenges First part of the Business Aspects of Networking Technologies webinar.
Will New CISA Guidelines Help Bolster Cyber Defenses?
The new CISA guidance aims to shake up the way devices are tracked, managed, and protected against unauthorized access and attacksMicroStack installation fails on Ubuntu 20.04
I needed an instance of Openstack in my home lab for some tests and the first attempt was to deploy it with DevStack all-in-one. Is one of the most common methods out there. However it kept on failing (still need to find out why), so I turned to MicroStack. MicroStack describe itself as the most … Continue reading MicroStack installation fails on Ubuntu 20.04Hedge 153: Security Perceptions and Multicloud Roundtable
Tom, Eyvonne, and Russ hang out at the hedge on this episode. The topics of discussion include our perception of security—does the way IT professionals treat security and privacy helpful for those who aren’t involved in the IT world? Do we discourage users from taking security seriously by making it so complex and hard to use? Our second topic is whether multicloud is being oversold for the average network operator.
Day Two Cloud 170: Sovereign DBaaS And Severalnines (Sponsored)
Welcome to Day Two Cloud! On today’s episode---databases. More specifically, controlling your databases. We’re discussing the database control plane company Severalnines with CEO Vinay Joosery. Severalnines is sponsoring today’s discussion about sovereign Databases as a Service (DBaaS).
The post Day Two Cloud 170: Sovereign DBaaS And Severalnines (Sponsored) appeared first on Packet Pushers.
Day Two Cloud 170: Sovereign DBaaS And Severalnines (Sponsored)
Welcome to Day Two Cloud! On today’s episode---databases. More specifically, controlling your databases. We’re discussing the database control plane company Severalnines with CEO Vinay Joosery. Severalnines is sponsoring today’s discussion about sovereign Databases as a Service (DBaaS).Robotic Process Automation Accelerates the Digitization of Healthcare
RPA technology in healthcare uses software bots and artificial intelligence to automate critical or recurring functions, saving organizations time and money over time.Cloudflare is not affected by the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786
Yesterday, November 1, 2022, OpenSSL released version 3.0.7 to patch CVE-2022-3602 and CVE-2022-3786, two HIGH risk vulnerabilities in the OpenSSL 3.0.x cryptographic library. Cloudflare is not affected by these vulnerabilities because we use BoringSSL in our products.
These vulnerabilities are memory corruption issues, in which attackers may be able to execute arbitrary code on a victim’s machine. CVE-2022-3602 was initially announced as a CRITICAL severity vulnerability, but it was downgraded to HIGH because it was deemed difficult to exploit with remote code execution (RCE). Unlike previous situations where users of OpenSSL were almost universally vulnerable, software that is using other versions of OpenSSL (like 1.1.1) are not vulnerable to this attack.
How do these issues affect clients and servers?
These vulnerabilities reside in the code responsible for X.509 certificate verification - most often executed on the client side to authenticate the server and the certificate presented. In order to be impacted by this vulnerability the victim (client or server) needs a few conditions to be true:
- A malicious certificate needs to be signed by a Certificate Authority that the victim trusts.
- The victim needs to validate the malicious certificate or ignore a Continue reading
Scalability Aspects of SR-MPLS
Henk Smit left a wonderful comment discussing various scalability aspects of SR-MPLS. Let’s go through the points he made:
When you have a thousand routers in your networks, you can put all of them in one (IS-IS) area. Maybe with 2k routers as well. But when you have several thousand routers, you want to use areas, if only to limit the blast-radius.
Absolutely agree, and as RFC 3439 explained in more eloquent terms than I ever could:
Scalability Aspects of SR-MPLS
Henk Smit left a wonderful comment discussing various scalability aspects of SR-MPLS. Let’s go through the points he made:
When you have a thousand routers in your networks, you can put all of them in one (IS-IS) area. Maybe with 2k routers as well. But when you have several thousand routers, you want to use areas, if only to limit the blast-radius.
Absolutely agree, and as RFC 3439 explained in more eloquent terms than I ever could: