Archive

Category Archives for "Networking"

Network Break 404: Episode Not Found

This week the Network Break covers new SASE capabilities from Fortinet, new 800G hardware from Cisco that uses its homegrown ASIC, and an app from RSA for smart phones that can disable authentication if the app detects malicious behavior. Plus we cover new initiatives from the Open Compute Project, disaggregated Wi-Fi, and more tech news.

The post Network Break 404: Episode Not Found appeared first on Packet Pushers.

Network Break 404: Episode Not Found

This week the Network Break covers new SASE capabilities from Fortinet, new 800G hardware from Cisco that uses its homegrown ASIC, and an app from RSA for smart phones that can disable authentication if the app detects malicious behavior. Plus we cover new initiatives from the Open Compute Project, disaggregated Wi-Fi, and more tech news.

On the ‘net: Privacy and Networking

The final three posts in my series on privacy for infrastructure engineers is up over at Packet Pushers. While privacy might not seem like a big deal to infrastructure folks, it really is an issue we should all be considering and addressing—if for no other reason than privacy and security are closely related topics. The primary “thing” you’re trying to secure when you think about networking is data—or rather, various forms of privacy.

Focusing on legal defensibility is the wrong way to look at privacy, or rather the wrong end of the stick.

What are some best practices network operators can follow to reduce their risk? The simplest way to think about best practices is to think about user rights and risks at each stage of the data lifecycle.

For the final post in this series, I’ll address two topics: the privacy implications of Domain Name System (DNS) queries, and the absolute necessity of having a plan for how to respond to a breach. Let’s start with DNS.

Sidecars are Changing the Kubernetes Load-Testing Landscape

As your infrastructure is scaling and you start to get more traffic, it’s important to make sure everything works as expected. This is most commonly done through testing, with load testing being the optimal way of verifying the resilience of your services. Traditionally, load testing has been accomplished via standalone clients, like JMeter. However, as the world of infrastructure has gotten more modern, and organizations are using tools like Kubernetes, it’s important to have a modern toolset as well. With traditional load testing, you’ll commonly run into one of three major issues: Scripting load tests takes a lot of time Load tests typically run in large, complex, end-to-end environments, that are difficult to provision, as well as being expensive for production-scale infrastructure Data and realistic use cases are impossible to mirror one-to-one, unless you have production data A more modern approach is to integrate your load-testing tools directly into your infrastructure. If you’re using Kubernetes, that can be accomplished via something like an 

Tech Bytes: Using Opengear Every Day–For Disruptions And More (Sponsored)

Today on the Tech Bytes podcast we talk about how to use out-of-band management for daily networking tasks, not just when there’s a problem or crisis. Our sponsor is Opengear and we’re joined by Ramtin Rampour, Solutions Architect, to talk about use cases including zero touch provisioning, configuration, and more.

The post Tech Bytes: Using Opengear Every Day–For Disruptions And More (Sponsored) appeared first on Packet Pushers.

How chaos engineering can improve network resiliency

Conventional wisdom says, ‘If it ain’t broke, don’t fix it.’ Chaos engineering says, ‘Let’s try to break it anyway, just to see what happens.’The online group Chaos Community defines chaos engineering as “the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production.”Practitioners of chaos engineering essentially stress test the system and then compare what they think might happen with what actually does. The goal is to improve resiliency.For network practitioners who have spent their entire careers focused on keeping the network up and running, the idea of intentionally trying to bring it down might seem a little crazy.To read this article in full, please click here

And here’s another one: the Next.js Edge Runtime becomes the fourth full-stack framework supported by Cloudflare Pages

And here's another one: the Next.js Edge Runtime becomes the fourth full-stack framework supported by Cloudflare Pages
And here's another one: the Next.js Edge Runtime becomes the fourth full-stack framework supported by Cloudflare Pages

You can now deploy Next.js applications which opt in to the Edge Runtime on Cloudflare Pages. Next.js is the fourth full-stack web framework that the Pages platform officially supports, and it is one of the most popular in the 'Jamstack-y' space.

Cloudflare Pages started its journey as a platform for static websites, but with last year's addition of Pages Functions powered by Cloudflare Workers, the platform has progressed to support an even more diverse range of use cases. Pages Functions allows developers to sprinkle in small pieces of server-side code with its simple file-based routing, or, as we've seen with the adoption from other frameworks (namely SvelteKit, Remix and Qwik), Pages Functions can be used to power your entire full-stack app. The folks behind Remix previously talked about the advantages of adopting open standards, and we've seen this again with Next.js' Edge Runtime.

Next.js' Edge Runtime

Next.js' Edge Runtime is an experimental mode that developers can opt into which results in a different type of application being built. Previously, Next.js applications which relied on server-side rendering (SSR) functionality had to be deployed on a Node.js server. Running a Node.js Continue reading

Use VRFs for VXLAN-Enabled VLANs

I started one of my VXLAN tests with a simple setup – two switches connecting two hosts over a VXLAN-enabled (gray tunnel) red VLAN. The switches are connected with a single blue link.

Test lab

Test lab

I configured VLANs and VXLANs, and started OSPF on S1 and S2 to get connectivity between their loopback interfaces. Here’s the configuration of one of the Arista cEOS switches:

Use VRFs for VXLAN-Enabled VLANs

I started one of my VXLAN tests with a simple setup – two switches connecting two hosts over a VXLAN-enabled (gray tunnel) red VLAN. The switches are connected with a single blue link.

Test lab

Test lab

I configured VLANs and VXLANs, and started OSPF on S1 and S2 to get connectivity between their loopback interfaces. Here’s the configuration of one of the Arista cEOS switches:

Heavy Networking 652: Why Networkers Should Want Routing Protocols Written In Rustlang

On today’s Heavy Networking episode, I talk with Nick Carter about Flock Networks, his routing protocol stack startup, as well as Nick’s love of the Rust programming language. As a network engineer, maybe you don’t think you care about Rust. Nick’s here to explain why the discerning network engineer might prefer their routing daemons to have been written in Rust. We also talk about the pleasures and travails of startup life.

The post Heavy Networking 652: Why Networkers Should Want Routing Protocols Written In Rustlang appeared first on Packet Pushers.

Heavy Networking 652: Why Networkers Should Want Routing Protocols Written In Rustlang

On today’s Heavy Networking episode, I talk with Nick Carter about Flock Networks, his routing protocol stack startup, as well as Nick’s love of the Rust programming language. As a network engineer, maybe you don’t think you care about Rust. Nick’s here to explain why the discerning network engineer might prefer their routing daemons to have been written in Rust. We also talk about the pleasures and travails of startup life.

Page Shield can now watch for malicious outbound connections made by third-party JavaScript code

Page Shield can now watch for malicious outbound connections made by third-party JavaScript code
Page Shield can now watch for malicious outbound connections made by third-party JavaScript code

Page Shield can now watch for malicious outbound connections made by third-party JavaScript code

Many websites use third party JavaScript libraries to cut development time by using pre-built features. Common examples include checkout services, analytics tools, or live chat integrations. Any one of these JavaScript libraries may be sending site visitors’ data to unknown locations.

If you manage a website, and you have ever wondered where end user data might be going and who has access to it, starting today, you can find out using Page Shield’s Connection Monitor.

Page Shield is our client side security solution that aims to detect malicious behavior and compromises that affect the browser environment directly, such as those that exploit vulnerabilities in third party JavaScript libraries.

Connection Monitor, available from today, is the latest addition to Page Shield and allows you to see outbound connections being made by your users’ browsers initiated by third party JavaScript added to your site. You can then review this information to ensure only appropriate third parties are receiving sensitive data.

Customers on our business and enterprise plans receive visibility in outbound connections provided by Connection Monitor. If you are using our Page Shield enterprise add-on, you also Continue reading

IoT security strategy from those who use connected devices

Freeman Health System has around 8,000 connected medical devices in its 30 facilities in Missouri, Oklahoma, and Kansas. Many of these devices have the potential to turn deadly at any moment. "That’s the doomsday scenario that everyone is afraid of," says Skip Rollins, the hospital chain's CIO and CISO.Rollins would love to be able to scan the devices for vulnerabilities and install security software on them to ensure that they aren't being hacked. But he can't."The vendors in this space are very uncooperative," he says. "They all have proprietary operating systems and proprietary tools. We can't scan these devices. We can't put security software on these devices. We can't see anything they're doing. And the vendors intentionally deliver them that way."To read this article in full, please click here