0

EVPN-VXLAN Explainer 5 – Layer 3 with Asymmetrical IRB

Thus far, this series of posts have all been about Layer 2 over Layer 3 models; the customer ethernet frames encapsulated in UDP, traversing L3 networks. The routing has been confined underlay, the customer traffic has stayed within the same network.
No longer! In this post, things start getting a little more interesting, as we look at routing the customer traffic with an EVPN feature called Integrated Routing and Bridging, or IRB.

• First we look at the concept of routing in VXLAN networks.
• Then we have an in-depth look at asymmetrical IRB (I'll be dealing with symmetrical in the next post).

✅ L2 is intra-subnet, L3 is inter-subnet

📥 Intra-subnet

To define terms, when I say 'intra-subnet', that is L2 traffic transferred between nodes in the same subnet.

📤 Inter-subnet

'Inter-subnet' refers to a traffic flow that traverses subnet boundaries.

☎️ The Centralized IP L3 Gateways of Old

• With VXLAN networks in the past, inter-subnet communication was often performed by a centralized, IP only, gateway on behalf of the rest of the network.
• Traffic from customer-side networks would need to be sent to this central device for routing, which often created inefficient traffic flows, and possibly a bandwidth choke-point.
• Imagine Continue reading

0

Beware of Vendors Bringing White Papers

A few weeks ago I wrote about tradeoffs vendors have to make when designing data center switching ASICs, followed by another blog post discussing how to select the ASICs for various roles in data center fabrics.

You REALLY SHOULD read the two blog posts before moving on; here’s the buffer-related TL&DR for those of you ignoring my advice ;)

0

Beware of Vendors Bringing White Papers

A few weeks ago I wrote about tradeoffs vendors have to make when designing data center switching ASICs, followed by another blog post discussing how to select the ASICs for various roles in data center fabrics.

You REALLY SHOULD read the two blog posts before moving on; here’s the buffer-related TL&DR for those of you ignoring my advice ;)

0

Digital infrastructure outages get more costly

Digital infrastructure outages have gotten more and more expensive over the course of the past several years, according to a report from the Uptime Institute. Meanwhile, the total number of major outages has remained the same—meaning that, on average, an increasingly large amount of money is getting spent on recovering from each disruption.The proportion of individual outages resulting in losses of over $100,000 is increasing, according to the report, up to 47% of all outages in 2021 from 40% in the previous year. The institute said that, while it doesn't calculate an average overall cost per outage, overall trends are toward more costs being incurred by the average outage.To read this article in full, please click here

0

AMD ups its supercomputer components

AMD is working on an accelerated processing unit that will outperform its current top APU that powers the world’s first exascale supercomputer.At its recent analyst day, the company introduced a new high-end accelerator, the Instinct MI300, an APU that combines Zen 4 CPUs, the latest generation of GPU technology, plus AMD’s Infinity Cache and Infinity architecture in one package. It will deliver eight times the AI performance of AMD’s current high-end ACU, the MI250, and will be available next year.A pool of high-bandwidth memory on the ACU is shared between the CPU and the GPU allowing them to communicate freely without the performance or energy overhead of redundant memory copies.To read this article in full, please click here

0

AMD ups its supercomputer components

AMD is working on an accelerated processing unit that will outperform its current top APU that powers the world’s first exascale supercomputer.At its recent analyst day, the company introduced a new high-end accelerator, the Instinct MI300, an APU that combines Zen 4 CPUs, the latest generation of GPU technology, plus AMD’s Infinity Cache and Infinity architecture in one package. It will deliver eight times the AI performance of AMD’s current high-end ACU, the MI250, and will be available next year.A pool of high-bandwidth memory on the ACU is shared between the CPU and the GPU allowing them to communicate freely without the performance or energy overhead of redundant memory copies.To read this article in full, please click here

0

Securing cloud workloads in 5 easy steps

As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals. Traditional security paradigms based on perimeter-driven firewalls do not scale for communication between workloads within the cluster and 3rd-party APIs outside the cluster. The traditional paradigm also does not provide granular access controls to the workloads and zero-trust architecture, leaving cloud-native applications with a larger attack surface.

Calico Cloud offers an easy 5-step process for fast-tracking your organization’s cloud-native application journey by making security a business enabler while mitigating risk.

Step 1: Visibility

Gaining visibility into workload-to-workload communication with all metadata context intact is one of the biggest challenges when it comes to deploying microservices. You can’t apply security controls to what you can’t see. The traffic is not just flowing from a client to a server in this new cloud native distributed architecture but also between namespaces that reside between many nodes, causing flow proliferation. With Calico Cloud, you get a dynamic visualization of all traffic flowing through your network in an easy-to-read UI.

Example 1: You can view all the inside and outside (east-west and north-south) connections directly from Calico’s Continue reading

0

3 SD-WAN Challenges and Solutions

Points to consider when selecting an SD-WAN solution include WAN/LAN branch architecture, deployment and service provisioning, and centralized management.

0

Cisco service predicts SD-WAN problems

Cisco is set to offer the first fruits of its technology that promises to let enterprises proactively avoid network problems and increase application performance.At its Cisco Live event this week the company took the wraps off ThousandEyes WAN Insights service that will let Cisco SD-WAN customers get network forecasts and SD-WAN policy recommendations for elevating application performance and user experience across enterprise sites.[ Get daily insights by signing up for Network World newsletters. ] “Today’s hybrid work environments are incredibly complex, made up of highly sophisticated applications that are distributed across heterogeneous networks and accessed by end users from a variety of locations that may have vastly different underlying network conditions,” Mike Hicks, principal solutions analyst with Cisco ThousandEyes, wrote in a blog. "ThousandEyes WAN Insights helps IT operations teams anticipate changes to these environments using data-driven analysis that gives them actionable network recommendations to reduce issues and optimize performance across Internet, cloud, and SaaS."To read this article in full, please click here

0

Heavy Networking 635: Unified Network Fabrics With Juniper Apstra (Sponsored)

In today’s sponsored Heavy Networking we talk to Juniper Apstra about how how Apstra delivers on unified data center operations, why fabrics are everywhere, how Apstra differs from other automation and intent solutions, and more. Our guest is Mansour Karam, VP of Product Management.

The post Heavy Networking 635: Unified Network Fabrics With Juniper Apstra (Sponsored) appeared first on Packet Pushers.

0

Heavy Networking 635: Unified Network Fabrics With Juniper Apstra (Sponsored)

In today’s sponsored Heavy Networking we talk to Juniper Apstra about how how Apstra delivers on unified data center operations, why fabrics are everywhere, how Apstra differs from other automation and intent solutions, and more. Our guest is Mansour Karam, VP of Product Management.

0

Cisco moves Catalyst, Nexus management to the cloud

Cisco is taking a big step toward cloud-management of both its Catalyst campus and Nexus data center equipment.At the Cisco Live customer event this week, the company rolled out two cloud-based management services that provide more options for enterprises to support hybrid workforces. [ Get regularly scheduled insights by signing up for Network World newsletters. ] Catalyst management in the cloud The first service, Cloud Management for Cisco Catalyst, lets customers manage and troubleshoot Catalyst 9000 switching and wireless campus and branch devices from the company’s cloud-based Meraki dashboard, which can manage and troubleshoot a wide variety of devices and networks from a single screen. According to Cisco, Catalyst customers can run a CLI command with information about their organization, and it will move management of that device over to the Meraki cloud.To read this article in full, please click here

0

Cisco moves Catalyst, Nexus management to the cloud

Cisco is taking a big step toward cloud-management of both its Catalyst campus and Nexus data-center equipment.At the Cisco Live customer event this week, the company rolled out two cloud-based management services that provide more options for enterprises to support hybrid workforces. [ Get regularly scheduled insights by signing up for Network World newsletters. ] Catalyst management in the cloud The first service, Cloud Management for Cisco Catalyst, lets customers manage and troubleshoot Catalyst 9000 switching and wireless campus and branch devices from the company’s cloud-based Meraki dashboard, which can manage and troubleshoot a wide variety of devices and networks from a single screen. According to Cisco, Catalyst customers can run a CLI command with information about their organization, and it will move management of that device over to the Meraki cloud.To read this article in full, please click here

0

Cisco moves Catalyst, Nexus management to the cloud

Cisco is taking a big step toward cloud-management of both its Catalyst campus and Nexus data-center equipment.At the Cisco Live customer event this week, the company rolled out two cloud-based management services that provide more options for enterprises to support hybrid workforces. [ Get regularly scheduled insights by signing up for Network World newsletters. ] Catalyst management in the cloud The first service, Cloud Management for Cisco Catalyst, lets customers manage and troubleshoot Catalyst 9000 switching and wireless campus and branch devices from the company’s cloud-based Meraki dashboard, which can manage and troubleshoot a wide variety of devices and networks from a single screen. According to Cisco, Catalyst customers can run a CLI command with information about their organization, and it will move management of that device over to the Meraki cloud.To read this article in full, please click here

0

Atos announces major restructuring plans in wake of CEO exit

France-based IT company Atos has announced plans to restructure in the wake of the sudden resignation of its CEO, Rodolphe Belmer. The plan to split its operations and sell assets saw the company's shares fall by more than 25% Tuesday.The potential separation will see Atos split up into two publicly listed entities: SpinCo will include company's Evidian subsidiary, bringing together Atos' big data and security (BDS) business units, and overseen by Philippe Oliva; TFCo will house Atos' legacy Tech Foundations unit  and be managed by Nourdine Bihmane.To read this article in full, please click here

0

Using OpenSSL With Ed Harmoush 4/6 Inspecting Certificates: Valid Certificates – Video

ED, HIS TLS COURSE, AND THE FREE OPENSSL CHEATSHEET Twitter @ed_pracnet https://practicalnetworking.net Practical TLS course: https://pracnet.net/tls OpenSSL Cheatsheet: https://pracnet.net/openssl FILES FOR THE CERT/KEY MATCHING EXERCISE: ZIP VERSION: packetpushers-pracnet-openssl.zip https://ln5.sync.com/dl/1f1f63d90/kqztwkp9-hkcz3yvq-tuzx79ke-aewxgaip TAR.GZ VERSION: packetpushers-pracnet-openssl.tar.gz https://ln5.sync.com/dl/0791b8d50/q973jpyb-qrmz3cpd-xeiar9zn-qu99gi5w FOR MORE INFO Hashing, Hashing Algorithms, and Collisions – Cryptography Symmetric Encryption vs Asymmetric Encryption Public & Private Keys – Signatures & […]

The post Using OpenSSL With Ed Harmoush 4/6 Inspecting Certificates: Valid Certificates – Video appeared first on Packet Pushers.

0

Zero Trust vs. Microsegmentation: Establish a Winning Strategy

Rivalries sometimes last a lifetime… and then turn to mist. zero trust architecture or achieve microsegmentation may seem different, the end goal of protecting systems and information from increasingly sophisticated attacks is the priority. Zero Trust as a Model for Security Strategy When

0

Cloudflare mitigates 26 million request per second DDoS attack

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.

The attack targeted a customer website using Cloudflare’s Free plan. Similar to the previous 15M rps attack, this attack also originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things (IoT) devices.

Record-breaking attacks

Over the past year, we’ve witnessed one record-breaking attack after the other. Back in August 2021, we disclosed a 17.2M rps HTTP DDoS attack, and more recently in April, a 15M rps HTTPS DDoS attack. All were automatically detected and mitigated by our HTTP DDoS Managed Ruleset which is powered by our autonomous edge DDoS protection system.

The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak. To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn’t able to generate more than one Continue reading

0

Exam time means Internet disruptions in Syria, Sudan and Algeria

It is once again exam time in Syria, Sudan, and Algeria, and with it, we find these countries disrupting Internet connectivity in an effort to prevent cheating on these exams. As they have done over the past several years, Syria and Sudan are implementing multi-hour nationwide Internet shutdowns. Algeria has also taken a similar approach in the past, but this year appears to be implementing more targeted website/application blocking.

Syria

Syria has been implementing Internet shutdowns across the country since 2011, but exam-related shutdowns have only been in place since 2016. In 2021, exams took place between May 31 and June 22, with multi-hour shutdowns observed on each of the exam days.

This year, the first shutdown was observed on May 30, with subsequent shutdowns (to date) seen on June 2, 6, and 12. In the Cloudflare Radar graph below, traffic for Syria drops to zero while the shutdowns are active. According to Internet Society Pulse, several additional shutdowns are expected through June 21. Each takes place between 02000530 UTC (0500–0830 local time). According to a published report, the current exam cycle covers more than 500,000 students for basic and general secondary education certificates.

Consistent with Continue reading

0

Multicast PIM Dense Mode vs PIM Sparse Mode