Practical Python For Networking: 7.3 – Distribution Example – Video
This lesson wraps up the section on distributing packages with a full example. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python […]
The post Practical Python For Networking: 7.3 – Distribution Example – Video appeared first on Packet Pushers.
TLStorm 2.0 – Armis
Details on Aruba & Extreme Avaya vulnerability
Modern IBGP Design with AddPath and ORR
Nicola Modena created an interesting presentation describing IBGP designs using BGP Additional Paths and Optimal Route Reflection functionality
Hope you’ll enjoy the presentation as much as I did… and make sure you understand potential circular dependencies you might be introducing when running a route reflector as a virtual machine.
Practical Python For Networking: 7.2 Distribution Preparation – Video
This lessons walks through preparing a package for distribution. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python Networking and Distributed Denial […]
The post Practical Python For Networking: 7.2 Distribution Preparation – Video appeared first on Packet Pushers.
The state of cloud-native security 2022 – Tigera’s new market report
We are excited to announce the publication of our first State of Cloud-Native Security market report! The report compiles survey results from more than 300 security and IT professionals worldwide (all of whom have direct container responsibilities), and explores organizations’ needs and challenges when it comes to containers and cloud-native applications, specifically in the areas of security, observability, and compliance.
Report highlights
Our survey results showcase the rise in cloud-native development, while identifying barriers and areas where organizations need support on their cloud-native journey. Some of the report’s key findings include:
- Cloud-native applications gain momentum but present security, compliance, and observability issues.
- While our survey found that 75% of companies are focusing development on cloud-native applications, the increased development (and deployment) also creates the need for more advanced observability and security capabilities.
- Containers require security solutions for runtime, access, and networking.
- 98% of organizations need container security, with runtime security topping the list.
- Cloud-native and container compliance requirements are driving delays and challenges.
- 95% of organizations report they have compliance requirements for cloud-native applications, with 84% stating that meeting these compliance requirements is challenging.
Why read the report?
The report gives organizations a chance to benchmark themselves against the findings, Continue reading
BGP Policy (Part 6)
At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.
In this post I’m going to cover local preference via communities, longer prefix match, and conditional advertisement from the perspective of AS65001 in the following network—
Communities an Local Preference
As noted above, MED is the tool “designed into” BGP for selecting an entrance point into the local AS for specific reachable destinations. MED is not very effective, however, because a route’s preference will always win over MED, and because it is not carried between autonomous systems.
Some operators provide an alternate for MED in the form of communities that set a route’s preference within the AS. For instance, assume 100::/64 is geographically closer to the [65001,65003] link than either of the [65001,65002] links, so AS65001 would prefer traffic destined to 100::/64 enter through AS65003.
In this case, AS65001 can advertise 100::/64 with Continue reading
Whoop Dee Doo for my SuzieQ!
or How I Gained Fabric Like Visibility on a Campus Network Without Any Upgrades Last Updated: 2022-05-05 The network automation landscape moves fast and there is always something you come across which sparks your interest, but sometimes all you can do is it make note of it and hope you have time later on to READ MORE
The post Whoop Dee Doo for my SuzieQ! appeared first on The Gratuitous Arp.
Heavy Strategy Podcast – The Great Realisation Not Great Resignation
Heavy Strategy is about IT strategy. My co-host Johna Till-Johnson is the CEO/founder of Nemertes Research with a lot of strategy experience that combines with her technical background. The great thing is that Johna is willing to strongly debate topics. We go “head to head” and disagree to discuss. Its enjoyable and the feedback has been […]
Learning BGP Module 1 Lesson 2: How BGP Builds Loop-Free Paths – Video
Russ White’s BGP series continues with a discussion of building loop-free paths with the Border Gateway Protocol (BGP). Topics include AS (Autonomous System) paths, loop prevention, why loop checks are inbound, and more on IBGP and EBGP. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel […]
The post Learning BGP Module 1 Lesson 2: How BGP Builds Loop-Free Paths – Video appeared first on Packet Pushers.
The deluge of digital attacks against journalists
“A free press can, of course, be good or bad, but, most certainly without freedom, the press will never be anything but bad.”
― Albert Camus
Since its founding in 1993, World Press Freedom Day has been a time to acknowledge the importance of press freedom and call attention to concerted attempts to thwart journalists’ essential work. That mission is also embedded in the foundations of our Project Galileo, which has a goal of protecting free expression online — after the war in Ukraine started, applications to the project increased by 177% in March 2022 alone.
In Uruguay today, UNESCO’s World Press Freedom Day Global Conference is underway, with a 2022 theme of “Journalism under Digital Siege.”
It is a fitting and timely theme.
While the Internet has limitless potential to make every person a publisher, bad actors — both individuals and governments — routinely deploy attacks to silence free expression. For example, Cloudflare data illustrate a trend of increased cyber attacks since the invasion of Ukraine, and journalists are frequent targets. Covering topics such as war, government corruption, and crime makes journalists vulnerable to aggression online and offline. Beyond the issue of cyber attacks, Russian authorities’ Continue reading
Wildcard proxy for everyone
Today, I have the pleasure to announce that we’re giving everyone the ability to proxy DNS wildcard records. Previously, this feature was only available to our Enterprise customers. After many of our free and pay-as-you-go users reached out, we decided that this feature should be available to everyone.
What is a wildcard DNS record?
A DNS record usually maps a domain name to one or multiple IP addresses or another resource associated with that name, so it’s a one-to-many mapping. Let’s look at an example:
When I do a DNS lookup for the IP address of subdomain1.mycoolwebpage.xyz, I get two IP addresses back, because I have added two A records on that subdomain:
$ dig subdomain1.mycoolwebpage.xyz -t a +short
192.0.2.1
192.0.2.2
I could specify the target of all subdomains like this, with one or multiple DNS records per subdomain. But what if I have hundreds or even thousands of subdomains that I all want to point to the same resource?
This is where a wildcard DNS record comes in. By using the asterisk symbol "*" in the Name field, I can create one or multiple DNS records that are Continue reading
What Happened to FabricPath and Its Friends?
Continuing the what happened to old technologies saga, here’s another question by Enrique Vallejo:
Are FabricPath, TRILL or SPB still alive, or has everyone moved to VXLAN? Are they worth studying?
TL&DR: Barely. Yes. No.
Layer-2 Fabric craziness exploded in 2010 with vendors playing the usual misinformation games that eventually resulted in totally fragmented market full of partial- or proprietary solutions. At one point in time, some HP data center switches supported only TRILL, and other data center switches from the same company supported only SPB.
Now for individual technologies: