It’s Time For Zero Trust Network Access With Zero Exceptions
Today’s digital and cloud-first businesses everywhere are struggling to get a handle on the risks associated with hybrid work and direct-to-app connectivity. For many businesses, Zero Trust Network Access (ZTNA) offers an opportunity to modernize and consolidate architectures while also providing a logical entrance into a broader Zero Trust journey.
The post It’s Time For Zero Trust Network Access With Zero Exceptions appeared first on Packet Pushers.
News Reports Say Broadcom Seeks VMware Acquisition
The two companies have little overlap. But combined, VMware might offer a way to manage Broadcom's remote devices and equipment in data centers.Network Break 383: Cyber Insurers Realize Customers Have Terrible Security; F5’s Big Vulnerability
This week's Network Break discusses a new threat containment feature from Rubrik to prevent companies from re-infecting themselves via compromised backups. F5 has released patches for a serious vulnerability in its Big-IP load balancer, cyber insurers raised premiums by as much 92% last year, and more IT news.Evolved on-prem networking with Netris
Network engineers, even those that have adopted a developer mentality, often struggle with getting to that next evolution of self-service in on-premises data centers. We have...
The post Evolved on-prem networking with Netris appeared first on /overlaid.
Broadening Your Horizons, or Why Broadcom Won’t Get VMware
You might have missed the news over the weekend that Broadcom is in talks to buy VMware. As of right now this news is still developing so there’s no way of knowing exactly what’s going to happen. But I’m going to throw my hat into the ring anyway. VMware is what Broadcom really wants and they’re not going to get it.
Let’s break some of this down.
Broad Street
Broadcom isn’t just one of the largest chip manufactures on the planet. Sure, they make networking hardware that goes into many of the products you buy. Yes, they do make components for mobile devices and access points and a whole host of other things, including the former Brocade fibre channel assets. So they make a lot of chips.
However, starting back in November 2018, Broadcom has been focused on software acquisitions. They purchased CA Technologies for $19 billion. They bought Symantec the next year for $10 billion. They’re trying to assemble a software arm to work along with their hardware aspirations. Seems kind of odd, doesn’t it?
Ask IBM how it feels to be the dominant player in mainframes. Or any other dominant player in a very empty market. It’s lonely Continue reading
Tech Bytes: MSP Softchoice And VMware Tackle Hybrid And Multi-Cloud Deployments (Sponsored)
Today on the Tech Bytes podcast we talk with Managed Service Provider (MSP) and VMware partner of the year Softchoice on how Softchoice helps customers navigate multi-cloud and hybrid cloud deployments using VMware. We cover details about two real-world Softchoice/VMware customer use cases: a Major League Baseball team and a financial services firm.
The post Tech Bytes: MSP Softchoice And VMware Tackle Hybrid And Multi-Cloud Deployments (Sponsored) appeared first on Packet Pushers.
Tech Bytes: MSP Softchoice And VMware Tackle Hybrid And Multi-Cloud Deployments (Sponsored)
Today on the Tech Bytes podcast we talk with Managed Service Provider (MSP) and VMware partner of the year Softchoice on how Softchoice helps customers navigate multi-cloud and hybrid cloud deployments using VMware. We cover details about two real-world Softchoice/VMware customer use cases: a Major League Baseball team and a financial services firm.What are New in Cisco CCDE v3 Exam?
Currently, in 2022, the CCDE exam version is version 3. There are many new changes in CCDE v3 compared to CCDE v2 and in this blog post, some are the new changes will be explained, also for the things that stay the same will be highlighted as well. Also, I will share my takes in the post about these changes.
Before starting the technical changes, let’s start with the exam result announcement change.
CCDE v2 exam has been announced in 8-12 weeks. This was effectively allowing CCDE exam candidates to schedule the exam two times maximum in a year.
Students wouldn’t schedule the exam if they fail because the announcement date and new exam date were usually overlapping.
This changed anymore.
With CCDE v3, exam results are announced in 48 hours. It is almost like CCIE exams.
The CCDEv3 Practical Exam will be in the Cisco CCIE Lab locations anymore
CCDE v2 Lab/Practical exam was done in Professional Pearson Vue Centers. There were 300 of them and done in many different countries.
Unfortunately, this change may not be good for many exam takers as Cisco CCIE Lab locations are not available in many countries and are not as common as Continue reading
BGP Allowas-in feature Explained in 2022
BGP Allowas-in feature needs to be understood well in order to understand the BGP loop prevention behavior, But also, why the BGP Allowas-in configuration might create a dangerous situation, and what are the alternatives of BGP Allowas-in will be explained in this post.
What is the BGP Allowas-in feature?
BGP Allow-as-in feature is used to allow the BGP speaker to accept the BGP updates even if its own BGP AS number is in the AS-Path attribute.
By default EBGP loop prevention is, if any BGP speaker sees its own AS Number in the BGP update, then the update is rejected, thus the advertisement cannot be accepted. But there might be situations to accept the prefixes, thus there are two options to overcome this behavior.
Either accepting the BGP update even if the AS number is in the AS-Path list, with the BGP Allow AS feature or changing the behavior with the BGP AS Override feature.
Without BGP Allowas, let’s see what would happen.
In this topology, Customer BGP AS is AS 100. The customer has two locations.
Service Provider, in the middle, let’s say providing MPLS VPN service for the customer.
As you can understand from the topology, Service Provider Continue reading
Cloudflare achieves key cloud computing certifications — and there’s more to come
This post is also available in French, German and Spanish.
Back in the early days of the Internet, you could physically see the hardware where your data was stored. You knew where your data was and what kind of locks and security protections you had in place. Fast-forward a few decades, and data is all “in the cloud”. Now, you have to trust that your cloud services provider is putting security precautions in place just as you would have if your data was still sitting on your hardware. The good news is, you don’t have to merely trust your provider anymore. There are a number of ways a cloud services provider can prove it has robust privacy and security protections in place.
Today, we are excited to announce that Cloudflare has taken three major steps forward in proving the security and privacy protections we provide to customers of our cloud services: we achieved a key cloud services certification, ISO/IEC 27018:2019; we completed our independent audit and received our Cloud Computing Compliance Criteria Catalog (“C5”) attestation; and we have joined the EU Cloud Code of Conduct General Assembly to help increase the impact of the trusted cloud ecosystem and encourage Continue reading
Largest netsim-tools Topology I’ve Seen So Far
I stumbled upon a blog post by Diptanshu Singh discussing whether IS-IS flooding in highly meshed fabric is as much of a problem as some people would like to make it. I won’t spoil the fun, read his blog post ;)
The really interesting part (for me) was the topology he built with netsim-tools and containerlab: seven leaf-and-spine fabrics connected with WAN links and superspines for a total of 68 instances of Arista cEOS. I hope he automated building the topology file (I’m a bit sorry we haven’t implemented composite topologies yet); after that all he had to do was to execute netlab up to get a fully-configured lab running IS-IS.
Largest netlab Topology I’ve Seen So Far
I stumbled upon a blog post by Diptanshu Singh discussing whether IS-IS flooding in highly meshed fabric is as much of a problem as some people would like to make it. I won’t spoil the fun, read his blog post ;)
The really interesting part (for me) was the topology he built with netlab and containerlab: seven leaf-and-spine fabrics connected with WAN links and superspines for a total of 68 instances of Arista cEOS. I hope he automated building the topology file (I’m a bit sorry we haven’t implemented composite topologies yet); after that all he had to do was to execute netlab up to get a fully-configured lab running IS-IS.
Proxmox/Ceph – Full Mesh HCI Cluster w/ Dynamic Routing
If you have ever used Proxmox, you know it’s a capable and robust open-source hypervisor. When coupled with Ceph, the two can provide a powerful HyperConverged (HCI) platform; rivaling mainstream closed-source solutions like those from Dell, Nutanix, VMWare, etc., and all based on free (paid support available) and open-source software. The distributed nature of HCI […]
The post Proxmox/Ceph – Full Mesh HCI Cluster w/ Dynamic Routing appeared first on Packet Pushers.
Tech Bytes: Palo Alto Networks Introduces Security As Flexible As Today’s Hybrid Workforce (Sponsored)
Today on the Tech Bytes podcast we talk with sponsor Palo Alto Networks about two new approaches for supporting remote and hybrid workers. First is Okyo Garde, a new wireless mesh product to support remote work. And second, a new bandwidth-on-demand option for Palo Alto’s Prisma SD-WAN.
The post Tech Bytes: Palo Alto Networks Introduces Security As Flexible As Today’s Hybrid Workforce (Sponsored) appeared first on Packet Pushers.