Archive

Category Archives for "Networking"

Join me at PlatformCon 2022 to learn how to secure could-native applications using open source tools

PlatformCon 2022 is just around the corner and I’m excited to be speaking at the conference alongside other platform practitioners and pioneers. My talk, Using open-source software to secure cloud-native applications, will examine—you guessed it—how to use open-source software like Kubernetes to secure cloud-native applications.

I’m looking forward to giving this talk because I think this topic is extremely relevant to the Platform Engineering community. Cloud-native microservices applications bring so many amazing advantages for many software application needs, but they also bring lots of security challenges, and if those are handled incorrectly it can be a minefield. Ephemeral workloads appear and disappear, workload network addressing is transient, and traditional firewalls can’t police the data path effectively.

Open-source orchestration solutions like Kubernetes define an application-centric component called ‘NetworkPolicy,’ but they do not implement it. In my session I’ll discuss how, with a change of tools and mindset, open-source software can help to implement security for cloud-native applications whilst still allowing the user to benefit from all the advantages. I’m excited to help people understand how to get on the right path and give them enough information to make their own informed decision on how to proceed

What’s special Continue reading

Network Break 384: Broadcom To Buy VMware; DuckDuckGo Slammed For Microsoft Tracking Deal

On today's Network Break we dig into Broadcom's proposed acquisition of VMware for about $61 billion. We also cover a serious VMware vulnerability that is being exploited in the wild, and criticism of DuckDuckGo for a deal with Microsoft that allows some data to be collected from the privacy browser. We also cover the latest financial results from Dell Technologies and Broadcom.

The Future of Zero Trust in a Hybrid World

In the first article in this series, we discussed what zero trust security is and why it matters. In the second article in this series, we talked about the benefits of zero trust network access. In this third article installment, we will dive into using zero trust models within container security. In this fourth article, we will discuss the future of zero trust in a world that is increasingly remote.  While remote work originally appeared en masse as a Band-Aid fix for organizations to keep working during the COVID-19 pandemic, it is now decidedly here to stay. According to research from McKinsey shows that most executives no longer plan to have non-essential staff working on-site five days a week. And employees are happily abiding.

Platform Week wrap-up

Platform Week wrap-up
Platform Week wrap-up

A comprehensive developer platform includes all the necessary storage, compute, and services to effectively deliver an application. Compute that runs globally and auto-scales to execute code without having to worry about the underlying infrastructure; storage for user information, objects, and key-value pairs; and all the related services including delivering video, optimizing images, managing third-party components, and capturing telemetry.

Whether you’re looking to modernize legacy backend infrastructure or are building a brand-new application from the ground up the Cloudflare Developer Platform provides all the building blocks you need to deliver an application on the edge.

Recently, during Platform Week, we made a number of announcements expanding what’s possible with the Developer Platform. Let’s take a look at some of the announcements we made and what this enables you to build. For a complete list visit the Platform Week hub.

Compute

The core of our compute offering is Workers, our serverless runtime. Workers integrates with other Cloudflare offerings helping you route requests, take action on bots, send an email, or route and filter emails, just to name a few.

There are times when you’ll want to use multiple Workers to perform an action, Workers now have the ability to call another Continue reading

VXLAN-Focused Design Clinic in June 2022

ipSpace.net subscribers are probably already familiar with the Design Clinic: a monthly Zoom call in which we discuss real-life design- and technology challenges. I started it in September 2021 and it quickly became reasonably successful; we covered almost two dozen topics so far.

Most of the challenges contributed for the June 2022 session were focused on VXLAN use cases (quite fitting considering I just updated the VXLAN Technical Deep Dive webinar), including:

  • Can we implement Data Center Interconnect (DCI) with VXLAN? (Yes, but…)
  • Can we run VXLAN over SD-WAN (and does it make sense)? (Yes/No)
  • What happened to traditional MPLS/VPN Enterprise core and can we use VXLAN/EVPN instead? (Still there/Maybe)
  • Should we use routers or switches as data center WAN edge devices, and how do we integrate them with VXLAN/EVPN data center fabric? (Yes 😊)

For more details, join us on June 6th. There’s just a minor gotcha: you have to be an active ipSpace.net subscriber to do it.

VXLAN-Focused Design Clinic in June 2022

ipSpace.net subscribers are probably already familiar with the Design Clinic: a monthly Zoom call in which we discuss real-life design- and technology challenges. I started it in September 2021 and it quickly became reasonably successful; we covered almost two dozen topics so far.

Most of the challenges contributed for the June 2022 session were focused on VXLAN use cases (quite fitting considering I just updated the VXLAN Technical Deep Dive webinar), including:

  • Can we implement Data Center Interconnect (DCI) with VXLAN? (Yes, but…)
  • Can we run VXLAN over SD-WAN (and does it make sense)? (Yes/No)
  • What happened to traditional MPLS/VPN Enterprise core and can we use VXLAN/EVPN instead? (Still there/Maybe)
  • Should we use routers or switches as data center WAN edge devices, and how do we integrate them with VXLAN/EVPN data center fabric? (Yes 😊)

For more details, join us on June 6th. There’s just a minor gotcha: you have to be an active ipSpace.net subscriber to do it.

“Much more than just writing.” How I got started as a content designer

“Much more than just writing.” How I got started as a content designer
“Much more than just writing.” How I got started as a content designer

Content design is a relatively new discipline, but one that deeply affects how users perceive, choose, and use products. People who work in content design can take many names (content designers, UX writers, product writers, just to name a few) but in a nutshell, our job is to help users accomplish goals on an interface by providing them with the right guidance at the right time. Unlike visual designers, content designers are not responsible for the graphic layout or the look and feel of a given interface — instead, we own what we call the conversation between product and user along each journey to ensure that the user has all the information they need to reach their goal.

The interesting thing is — when interfaces are concerned, the more effective the text, the less noticeable it will be to users. Great content on an interface “just works”; it disappears into a delightful user experience while leading happy users to success, whatever it is they’re trying to get done with a given product. Content designers achieve that by making sure they know user needs inside out and which problems the product is trying to solve. Next, in partnership with visual designers, Continue reading

VPNs can complement SASE

The pandemic has accelerated the development of better ways to serve and secure remote workers, which make it a good time to rexamine VPNS.Recently VPNs have received technical boosts with the addition of protocol options that improve functionality far ahead of where they were when first invented. At the same time, new security architectures zero trust network access (ZTNA), secure access service edge (SASE), and security service edge (SSE) are making inroads into what had been the domain of remote-access VPNs.To read this article in full, please click here

VPNs can complement SASE

The pandemic has accelerated the development of better ways to serve and secure remote workers, which make it a good time to rexamine VPNS.Recently VPNs have received technical boosts with the addition of protocol options that improve functionality far ahead of where they were when first invented. At the same time, new security architectures zero trust network access (ZTNA), secure access service edge (SASE), and security service edge (SSE) are making inroads into what had been the domain of remote-access VPNs.To read this article in full, please click here

netsim-tools Simple VLAN Example

I had no idea how convoluted VLANs could get until I tried to implement them in netsim-tools. We’re not done yet – we have access VLANs, VLAN trunks (including native VLAN support), and VLAN (SVI) interfaces, but we’re still missing routed VLAN subinterfaces – but we have enough functionality to show you a few VLAN examples.

We’ll start with the simplest option: a single VLAN stretched across two bridges switches with two Linux hosts connected to it. netsim-tools can configure VLANs on Arista EOS, Cisco IOSv, VyOS, Dell OS10, and Nokia SR Linux. We’ll use the quickest (deployment-wise) option: Arista EOS on containerlab.

netlab Simple VLAN Example

I had no idea how convoluted VLANs could get until I tried to implement them in netlab.

We’ll start with the simplest option: a single VLAN stretched across two bridges switches with two Linux hosts connected to it. netlab can configure VLANs on Arista EOS, Cisco IOSv, Cisco Nexus OS, VyOS, Dell OS10, and Nokia SR Linux. We’ll use the quickest (deployment-wise) option: Arista EOS on containerlab.

Simple VLAN topology

Simple VLAN topology

Worth Reading: ACI Terraform Scalability

Using Terraform to deploy networking elements with an SDN controller that cannot replace the current state of a tenant with the desired state specified in a text file (because nobody ever wants to do that, right) sounds like a great idea… until you try to do it at scale.

Noël Boulene hit interesting scalability limits when trying to provision VLANs on Cisco ACI with Terraform. If you’re thinking about doing something similar, you REALLY SHOULD read his article.

Worth Reading: ACI Terraform Scalability

Using Terraform to deploy networking elements with an SDN controller that cannot replace the current state of a tenant with the desired state specified in a text file (because nobody ever wants to do that, right) sounds like a great idea… until you try to do it at scale.

Noël Boulene hit interesting scalability limits when trying to provision VLANs on Cisco ACI with Terraform. If you’re thinking about doing something similar, you REALLY SHOULD read his article.