Briefing: Corsa Technology
Takeaway - Corsa Networks is focussed on provided a hardware data plane for SDN WAN use cases.
The post Briefing: Corsa Technology appeared first on EtherealMind.
Response: John Chambers sold more than 30% of his Cisco shares in last month. Heavy sales from others. Thats not good.
This article at Seeking Alpha shows that John Chambers sold more than 30% his Cisco shares last month and is just one of 8 other executives who sold significant numbers of shares in the last month.
The post Response: John Chambers sold more than 30% of his Cisco shares in last month. Heavy sales from others. Thats not good. appeared first on EtherealMind.
Video over Internet
Couple days ago I made an interesting talk about Video Traffic over Internet. Sales engineer goes to company and he claims that Video traffic can be carried over Internet without any problem. This is of course wrong and to understand why I have to explain some technical concepts. Main take away from this article is […]
Author information
The post Video over Internet appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
Planning a Project Before Your Execution
This year I have worked on a number of projects and most of them had no planning while others had very little. The planning phase of a project is the most critical part of a project. Planning can not only make or break a project, but your reputation as well. If a project doesn’t go […]
Author information
The post Planning a Project Before Your Execution appeared first on Packet Pushers Podcast and was written by Charles Galler.
Lets Meet: Travelling in San Francisco Jun16-22, 2014
I'm be in San Francisco next week and available of meetings and #BeerOclocks
The post Lets Meet: Travelling in San Francisco Jun16-22, 2014 appeared first on EtherealMind.
Starting with Chef
You might be asking yourself why a network engineer would be concerning himself with a product like Chef. It’s a long story, but lets start by saying that my interest was first peaked when I heard that the new line of Cisco Nexus switches would have a integrated Chef client. I’ve known about Chef and Puppet for a long time, but I’ve never really sat down and looked to see how they worked. So rather than starting with Chef on Nexus, I thought it would be prudent to get some base experience with the application in a more ‘normal’ application.
So how does this fit into networking? I think we can all agree that data center networking can change. I’m carefully phrasing that statement by using the word ‘can’. If you don’t know it already, I don’t buy the ‘SDN will change everything you do’ line of thinking. In fact, I try as hard as I can not even to use the term SDN. Why? Because it’s far too vague of a term that can mean almost anything depending on you how you want to interpret it. Beyond being a Continue reading
“This account is locked. You can’t log in” for super user in Junos Space
After a few fat-fingered attempts to get the password entered, i realised I had locked myself out of a new Space installation. There’s only one user at that stage – ‘super’. And now I’ve locked the account. Damn.
To unlock this, you will need to go on the console and enter debug mode. This means you need to know the admin and maintenance mode passwords. Assuming you do, do the following:
mysql> use build_db
Database changed
mysql> select * from USER_IP_ADDRESS;
+--------+--------------+---------------------+--------------+----------+---------+
| id | ipAddress | ipLockedTime | failureCount | isLocked | user_id |
+--------+--------------+---------------------+--------------+----------+---------+
| 229377 | 172.20.45.85 | 2014-06-11 16:29:07 | 0 | 1 | 610 |
+--------+--------------+---------------------+--------------+----------+---------+
1 row in set (0.00 sec)
Update the table to make isLocked 0:
mysql> update USER_IP_ADDRESS set isLocked=0;
Query OK, 1 row affected (0.08 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select * from USER_IP_ADDRESS;
+--------+--------------+---------------------+--------------+----------+---------+
| id | ipAddress | ipLockedTime | failureCount | isLocked | user_id |
+--------+--------------+---------------------+--------------+----------+---------+
| 229377 | 172.20.45.85 | 2014-06-11 16:29:07 | 0 | 0 | 610 |
+--------+--------------+---------------------+--------------+----------+---------+
1 row in set (0.00 sec)
mysql> quit
An introduction to Zero Trust virtualization-centric security
This post will be the first in a series that examine what I think are some of the powerful security capabilities of the VMware NSX platform and the implications to the data center network architecture. In this post we’ll look at the concepts of Zero Trust (as opposed to Trust Zones), and virtualization-centric grouping (as opposed to network-centric grouping). Note: […]An introduction to Zero Trust virtualization-centric security
This post will be the first in a series that examine what I think are some of the powerful security capabilities of the VMware NSX platform and the implications to the data center network architecture. In this post we’ll look at the concepts of Zero Trust (as opposed to Trust Zones), and virtualization-centric grouping (as opposed to network-centric grouping).
Note: Zero Trust as a guiding principle to enterprise wide security is inspired by Forrester’s “Zero Trust Network Architecture”.
What are we trying to accomplish?
We want to be able to secure all traffic in the data center without compromise to performance (user experience) or introducing unmanageable complexity. Most notably the proliferation of East-West traffic; we want to secure traffic between any two VMs, or between any VM and physical host, with the best possible security controls and visibility – per flow, per packet, stateful inspection with policy actions, and detailed logging – in a way that’s both economical to obtain and practical to deploy.
Trust Zones of Insecurity
Until now, it hasn’t been possible (much less economically feasible or even practical) to directly connect every virtual machine to its own port on a firewall. Because of this, the Continue reading
An introduction to Zero Trust virtualization-centric security
This post will be the first in a series that examine what I think are some of the powerful security capabilities of the VMware NSX platform and the implications to the data center network architecture. In this post we’ll look at the concepts of Zero Trust (as opposed to Trust Zones), and virtualization-centric grouping (as opposed to network-centric grouping).
Note: Zero Trust as a guiding principle to enterprise wide security is inspired by Forrester’s “Zero Trust Network Architecture”.
What are we trying to accomplish?
We want to be able to secure all traffic in the data center without compromise to performance (user experience) or introducing unmanageable complexity. Most notably the proliferation of East-West traffic; we want to secure traffic between any two VMs, or between any VM and physical host, with the best possible security controls and visibility – per flow, per packet, stateful inspection with policy actions, and detailed logging – in a way that’s both economical to obtain and practical to deploy.
Trust Zones of Insecurity
Until now, it hasn’t been possible (much less economically feasible or even practical) to directly connect every virtual machine to its own port on a firewall. Because of this, the Continue reading
An introduction to Zero Trust virtualization-centric security
This post will be the first in a series that examine what I think are some of the powerful security capabilities of the VMware NSX platform and the implications to the data center network architecture. In this post we’ll look at the concepts of Zero Trust (as opposed to Trust Zones), and virtualization-centric grouping (as opposed to network-centric grouping).
Note: Zero Trust as a guiding principle to enterprise wide security is inspired by Forrester’s “Zero Trust Network Architecture”.
What are we trying to accomplish?
We want to be able to secure all traffic in the data center without compromise to performance (user experience) or introducing unmanageable complexity. Most notably the proliferation of East-West traffic; we want to secure traffic between any two VMs, or between any VM and physical host, with the best possible security controls and visibility – per flow, per packet, stateful inspection with policy actions, and detailed logging – in a way that’s both economical to obtain and practical to deploy.
Trust Zones of Insecurity
Until now, it hasn’t been possible (much less economically feasible or even practical) to directly connect every virtual machine to its own port on a firewall. Because of this, the Continue reading
The 24 Rules I Work By – Infographic
I came across this infographic from Anna Vital of Funders and Founders and loved it. As relevant as some of it is, there is an obvious focus on running a startup and not working in IT. Because of that I thought it might be useful to do something similar around the ‘rules’ I work by; my workplace and career philosophy […]
Author information
The post The 24 Rules I Work By – Infographic appeared first on Packet Pushers Podcast and was written by Steven Iveson.
Perspective on Arista IPO and Market Positioning
For the last 20 years, a “silicon moat” that has protected Cisco and other networking vendors from market competition. Arista was one of the first startups to embrace merchant silicon,open source software and a modern software development methodology to focus on core value like reliability and features.
The post Perspective on Arista IPO and Market Positioning appeared first on EtherealMind.
Briefing: HP Helion, Virtual Cloud Networking, FlexFabric 7900, SDN and OpenStack at HP Discover
HP Discover is happening this week and have three announcements that I'm summarising here. They are Virtual Cloud Network (VCN), FlexFabric 7900 switch and a supporting package of consulting to implement cloud in your organisation.
The post Briefing: HP Helion, Virtual Cloud Networking, FlexFabric 7900, SDN and OpenStack at HP Discover appeared first on EtherealMind.
Introduction and LAB tutorial of HP Helion Community Edition, the OpenStack based “cloud” system that can give you a personal cloud!
For best article visual quality, open Introduction and LAB tutorial of HP Helion Community Edition, the OpenStack based “cloud” system that can give you a personal cloud! directly at NetworkGeekStuff.
Hewlett-Packard (HP) is a long enterprise supporter of cloud technologies and early this year, they released publicly HP Helion Community Edition (CE). HP Helion is HP’s OpenStack based cloud system with which HP plans to provide value added services (both in sense of software and service) with the upcoming release of HP Helion Enterprise edition later this year. In this article, I plan to introduce you to the HP Helion CE, quickly guide you through the installation, basic operations and in the end get you a quick view on the OpenStack architecture in general.
HP and “clouds”
For a long time HP has been providing cloud solution based on their internal Cloud Service Automation or “CSA” system to enterprise grade customers as part of their portfolio. I had access to several projects using this environment and although I still have mixed feelings about their effectiveness, they were a step in the right direction as classical (now called “legacy”) data-centers are loosing popularity to cloud and other automated systems. The Continue reading
Snort rules for Etumbot
Since publication of the Etumbot blog on Friday, June 6th, we’ve received numerous requests to publish Snort rules for the network indicators described therein. You can find Snort rules for the Etumbot C&C communications on Arbor’s github at
https://github.com/arbor/snort/blob/master/etumbot.rules
While we are not Snort syntax experts, we have performed basic testing for the Etumbot communications we’ve been able to observe over the wire. Specifically, the first three Snort rules for Etumbot RC4 Key Request, Etumbot Registration Request, and EtumBot Ping all triggered successfully when the corresponding network traffic was observed.
Remember to change the SIDs as appropriate for your environment. We also anticipate these rules will be incorporated into the EmergingThreats Open feed in the very near term.
RESTful control of Cumulus Linux ACLs
 |
| Figure 1: Elephants and Mice |
This article demonstrates a self contained real-time Elephant flow marking solution that leverages the visibility and control features of Cumulus Linux.
SDN fabric controller for commodity data center switches provides some background on the capabilities of the commodity switch hardware used to run Cumulus Linux. The article describes how the measurement and control capabilities of the hardware can be used to maximize data center fabric performance:
- Visibility: Cumulus recently added sFlow support, providing the network wide visibility needed for control - see Cumulus Networks, sFlow and data center automation.
- Control: Cumulus Linux Netfilter (ACLs) describes how standard Linux ebtables / iptables configuration files are used to manage the ACL/policy capabilities of the hardware.
For example, the following command creates a filter called Continue reading
Network Diagrams: Font Selection and Production Context. Choosing Slab or Thin fonts
Sometimes it looks right in the drawing tool but doesn't look right in the document. I forgot about balancing the image with the way that it looks on the page with words around it. Another post in my series on Network Diagrams.
The post Network Diagrams: Font Selection and Production Context. Choosing Slab or Thin fonts appeared first on EtherealMind.
Show 191 – Netvisor – the Pluribus Network Hypervisor – Sponsored
Pluribus Networks has a unique approach to Software Defined Networking that turns a network switch into a server and application platform. In this sponsored show, Sunay Tripathi deep dives into Netvisor and explains how it can fit into your network architecture.
Author information
The post Show 191 – Netvisor – the Pluribus Network Hypervisor – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.
[minipost] Mikrotik/RouterBoard port-knocking example for firewall/NAT openings
For best article visual quality, open [minipost] Mikrotik/RouterBoard port-knocking example for firewall/NAT openings directly at NetworkGeekStuff.
The situation is very simple, you are away from home (imagine visiting a friend or being at work), but you desperately would like to access your internal LAN FTP/Samba/etc… , but you do not have with you your own notebook or any device with a VPN capability to tunnel to your home securely. So what to do ? You do not really want to open your home firewall and NAT whole internet to the internal PC or server on your LAN. Lucky for you, there exists a trick under a name of “port-knocking” where you can send to your home firewall a sequence of TCP or UDP packets with specific ports (the ports act as a password) and your home system can temporarily open the firewall and NAT to only your source IP from which these packets arrived. In this quick example I will show you how to do this on Mikrotik (where I do this for several years now) and I will point you to generic linux tutorial for the same using iptables in links below.
Main Example
Target: I want to access my Continue reading