Archive

Category Archives for "Networking"

It’s Time For Zero Trust Network Access With Zero Exceptions

Today’s digital and cloud-first businesses everywhere are struggling to get a handle on the risks associated with hybrid work and direct-to-app connectivity. For many businesses, Zero Trust Network Access (ZTNA) offers an opportunity to modernize and consolidate architectures while also providing a logical entrance into a broader Zero Trust journey.

The post It’s Time For Zero Trust Network Access With Zero Exceptions appeared first on Packet Pushers.

3 Consul Service Mesh Myths Busted

Van Phan Van is a technical product marketing manager for Consul at HashiCorp. He has been in the infrastructure space for most of his career and loves learning about new technologies and getting his hands dirty. When not staring at this computer screen, he's sharing pictures of food to his wife's dismay. He lives in San Jose, California, with his wife and two young boys. Most infrastructure engineers have a good idea what Terraform does, and those who care about security likely know about HashiCorp Vault, but what about popular open source networking tool back in 2014, it has grown into a much more comprehensive networking platform. So let’s take a look at three Consul capabilities you may have misconceptions about or not be taking full advantage of. Consul Bolsters Zero Trust Networking Ashher Syed Ashher is a product marketing leader at HashiCorp and is based in Austin, Texas. When he's Continue reading

Broadening Your Horizons, or Why Broadcom Won’t Get VMware

You might have missed the news over the weekend that Broadcom is in talks to buy VMware. As of right now this news is still developing so there’s no way of knowing exactly what’s going to happen. But I’m going to throw my hat into the ring anyway. VMware is what Broadcom really wants and they’re not going to get it.

Let’s break some of this down.

Broad Street

Broadcom isn’t just one of the largest chip manufactures on the planet. Sure, they make networking hardware that goes into many of the products you buy. Yes, they do make components for mobile devices and access points and a whole host of other things, including the former Brocade fibre channel assets. So they make a lot of chips.

However, starting back in November 2018, Broadcom has been focused on software acquisitions. They purchased CA Technologies for $19 billion. They bought Symantec the next year for $10 billion. They’re trying to assemble a software arm to work along with their hardware aspirations. Seems kind of odd, doesn’t it?

Ask IBM how it feels to be the dominant player in mainframes. Or any other dominant player in a very empty market. It’s lonely Continue reading

Broadcom reportedly working to acquire VMware

Silicon Valley chipmaker Broadcom is working on a deal to acquire cloud service and virtualization provider VMware, although an agreement is not expected to be imminent, according to published reports.VMware's market cap sits around $40 billion, although no proposed purchase price has been disclosed as yet. If a deal is eventually reached, it would be the latest in a long line of acquisitions for Broadcom, which has built itself up, in large part, on the basis of multiple high-profile buyouts.The company acquired network switching manufacturer Brocade in November 2016 for nearly $6 billion, development and security software firm CA Technologies in November 2018 for $19 billion, and the enterprise security division of Symantec in August 2019 for more than $10 billion.To read this article in full, please click here

Tech Bytes: MSP Softchoice And VMware Tackle Hybrid And Multi-Cloud Deployments (Sponsored)

Today on the Tech Bytes podcast we talk with Managed Service Provider (MSP) and VMware partner of the year Softchoice on how Softchoice helps customers navigate multi-cloud and hybrid cloud deployments using VMware. We cover details about two real-world Softchoice/VMware customer use cases: a Major League Baseball team and a financial services firm.

The post Tech Bytes: MSP Softchoice And VMware Tackle Hybrid And Multi-Cloud Deployments (Sponsored) appeared first on Packet Pushers.

Tech Bytes: MSP Softchoice And VMware Tackle Hybrid And Multi-Cloud Deployments (Sponsored)

Today on the Tech Bytes podcast we talk with Managed Service Provider (MSP) and VMware partner of the year Softchoice on how Softchoice helps customers navigate multi-cloud and hybrid cloud deployments using VMware. We cover details about two real-world Softchoice/VMware customer use cases: a Major League Baseball team and a financial services firm.

What are New in Cisco CCDE v3 Exam?

Currently, in 2022, the CCDE exam version is version 3. There are many new changes in CCDE v3 compared to CCDE v2 and in this blog post, some are the new changes will be explained, also for the things that stay the same will be highlighted as well. Also, I will share my takes in the post about these changes.

Before starting the technical changes, let’s start with the exam result announcement change.

CCDE v2 exam has been announced in 8-12 weeks. This was effectively allowing CCDE exam candidates to schedule the exam two times maximum in a year.

Students wouldn’t schedule the exam if they fail because the announcement date and new exam date were usually overlapping.

This changed anymore.

With CCDE v3, exam results are announced in 48 hours. It is almost like CCIE exams.

The CCDEv3 Practical Exam will be in the Cisco CCIE Lab locations anymore

CCDE v2 Lab/Practical exam was done in Professional Pearson Vue Centers. There were 300 of them and done in many different countries.

Unfortunately, this change may not be good for many exam takers as Cisco CCIE Lab locations are not available in many countries and are not as common as Continue reading

BGP Allowas-in feature Explained in 2022

BGP Allowas-in feature needs to be understood well in order to understand the BGP loop prevention behavior, But also, why the BGP Allowas-in configuration might create a dangerous situation, and what are the alternatives of BGP Allowas-in will be explained in this post.

What is the BGP Allowas-in feature?

BGP Allow-as-in feature is used to allow the BGP speaker to accept the BGP updates even if its own BGP AS number is in the AS-Path attribute.

By default EBGP loop prevention is, if any BGP speaker sees its own AS Number in the BGP update, then the update is rejected, thus the advertisement cannot be accepted. But there might be situations to accept the prefixes, thus there are two options to overcome this behavior.

Either accepting the BGP update even if the AS number is in the AS-Path list, with the BGP Allow AS feature or changing the behavior with the BGP AS Override feature.

Without BGP Allowas, let’s see what would happen.

BGP AS Override

In this topology, Customer BGP AS is AS 100. The customer has two locations.

Service Provider, in the middle, let’s say providing MPLS VPN service for the customer.

As you can understand from the topology, Service Provider Continue reading

SASE or SSE? Don’t let hype distract from enterprise needs

Secure access service edge (SASE) has generated a buzz over the last couple of years, particularly in light of the pandemic and its associated surge in remote employees. But SASE hasn’t quite materialized in the way Gartner – which first coined the term in a 2019 white paper – initially expected. In particular, there’s been pushback around the idea that SASE should be delivered by a single vendor, as a single integrated cloud service at the network edge.The SASE model combines network security functions with WAN capabilities, delivering the security elements in the cloud and using SD-WAN at the edge or in the cloud. Key security functions include secure web gateway (SWG), zero trust network access (ZTNA), firewall as a service (FWaaS), and cloud access security broker (CASB).To read this article in full, please click here

SASE or SSE? Don’t let hype distract from enterprise needs

Secure access service edge (SASE) has generated a buzz over the last couple of years, particularly in light of the pandemic and its associated surge in remote employees. But SASE hasn’t quite materialized in the way Gartner – which first coined the term in a 2019 white paper – initially expected. In particular, there’s been pushback around the idea that SASE should be delivered by a single vendor, as a single integrated cloud service at the network edge.The SASE model combines network security functions with WAN capabilities, delivering the security elements in the cloud and using SD-WAN at the edge or in the cloud. Key security functions include secure web gateway (SWG), zero trust network access (ZTNA), firewall as a service (FWaaS), and cloud access security broker (CASB).To read this article in full, please click here

Cloudflare achieves key cloud computing certifications — and there’s more to come

Cloudflare achieves key cloud computing certifications — and there’s more to come

This post is also available in French, German and Spanish.

Cloudflare achieves key cloud computing certifications — and there’s more to come

Back in the early days of the Internet, you could physically see the hardware where your data was stored. You knew where your data was and what kind of locks and security protections you had in place. Fast-forward a few decades, and data is all “in the cloud”. Now, you have to trust that your cloud services provider is putting security precautions in place just as you would have if your data was still sitting on your hardware. The good news is, you don’t have to merely trust your provider anymore. There are a number of ways a cloud services provider can prove it has robust privacy and security protections in place.

Today, we are excited to announce that Cloudflare has taken three major steps forward in proving the security and privacy protections we provide to customers of our cloud services: we achieved a key cloud services certification, ISO/IEC 27018:2019; we completed our independent audit and received our Cloud Computing Compliance Criteria Catalog (“C5”) attestation; and we have joined the EU Cloud Code of Conduct General Assembly to help increase the impact of the trusted cloud ecosystem and encourage Continue reading

Largest netsim-tools Topology I’ve Seen So Far

I stumbled upon a blog post by Diptanshu Singh discussing whether IS-IS flooding in highly meshed fabric is as much of a problem as some people would like to make it. I won’t spoil the fun, read his blog post ;)

The really interesting part (for me) was the topology he built with netsim-tools and containerlab: seven leaf-and-spine fabrics connected with WAN links and superspines for a total of 68 instances of Arista cEOS. I hope he automated building the topology file (I’m a bit sorry we haven’t implemented composite topologies yet); after that all he had to do was to execute netlab up to get a fully-configured lab running IS-IS.

Largest netlab Topology I’ve Seen So Far

I stumbled upon a blog post by Diptanshu Singh discussing whether IS-IS flooding in highly meshed fabric is as much of a problem as some people would like to make it. I won’t spoil the fun, read his blog post ;)

The really interesting part (for me) was the topology he built with netlab and containerlab: seven leaf-and-spine fabrics connected with WAN links and superspines for a total of 68 instances of Arista cEOS. I hope he automated building the topology file (I’m a bit sorry we haven’t implemented composite topologies yet); after that all he had to do was to execute netlab up to get a fully-configured lab running IS-IS.

Proxmox/Ceph – Full Mesh HCI Cluster w/ Dynamic Routing

If you have ever used Proxmox, you know it’s a capable and robust open-source hypervisor. When coupled with Ceph, the two can provide a powerful HyperConverged (HCI) platform; rivaling mainstream closed-source solutions like those from Dell, Nutanix, VMWare, etc., and all based on free (paid support available) and open-source software. The distributed nature of HCI […]

The post Proxmox/Ceph – Full Mesh HCI Cluster w/ Dynamic Routing appeared first on Packet Pushers.

Tech Bytes: Palo Alto Networks Introduces Security As Flexible As Today’s Hybrid Workforce (Sponsored)

Today on the Tech Bytes podcast we talk with sponsor Palo Alto Networks about two new approaches for supporting remote and hybrid workers. First is Okyo Garde, a new wireless mesh product to support remote work. And second, a new bandwidth-on-demand option for Palo Alto’s Prisma SD-WAN.

The post Tech Bytes: Palo Alto Networks Introduces Security As Flexible As Today’s Hybrid Workforce (Sponsored) appeared first on Packet Pushers.

IBM launches a software-defined storage server for AI

IBM has added a new member to its Spectrum Scale Enterprise Storage Server (ESS) portfolio that featuers a faster controller CPU and more throughput and that is designed  to work with Nvidia’s DGX dense compute servers for AI training.The new ESS 3500 is a 2U design with 24 drive bays and a maximum raw capacity of 368TB. But it can achieve up to 1PB through LZ4 compression, a first for the series that earlier ESS versions do not have. The ESS 3500 can achieve up to 91GB/s of throughput performance, better than the 80GB/s of the older models.To read this article in full, please click here