We’re all becoming extremely aware of the importance of east-west protection. Recent security breaches have highlighted the role of Zero Trust as an essential strategy to protect valuable information. As a result, organizations are explicitly considering the security of east-west traffic flows to prevent adversaries from gaining a foothold in the data center and moving laterally across the network to access high-value data.
The biggest problem with protecting against advanced threats is the need to inspect all network traffic to prevent unwanted access by hackers, malicious insiders, or users with compromised accounts.
The traditional approach involves setting up a series of network Test Access Points (TAPs) to see traffic going over the network. Tapped traffic is then sent to a centralized Network Traffic Analyzer (NTA) appliance for monitoring. All of this – designing the infrastructure, acquiring the devices and appliances, configuring, implementing, and managing them—can present serious issues.
Let’s look at the challenges of the traditional approach, and then show how a distributed implementation can not only respond to the challenges but also provide operational simplicity.
A network architect must determine which network assets are most critical, which locations Continue reading
The DENT network OS has been designed with edge use cases in mind.
The post Putting A Dent In Open-Source Switches: NOS/Device-Driver Combo Gains Traction appeared first on Packet Pushers.
Tons of new things were added to netsim-tools in December 2021:
But wait, there’s more ;)
The purpose of this guide is to discuss the next steps after installing Noction Flow […]
It’s January 1 again. The last 365 days have been fascinating for sure. The road to recovery doesn’t always take the straightest path. 2021 brought some of the the normal things back to us but we’re still not quite there yet. With that in mind, I wanted to look back at some of the things I proposed last year and see how they worked out for me:
2021, another year, another year of the pandemic. I had lots of plans for 2021 and life decided to get in the way of most of them. At the start of the year I set my yearly goals outlined in this post. Someone really close to me was diagnosed with Cancer in January and helping them...continue reading
https://codingpackets.com/blog/2021-goals
As the year comes to a close, I often reflect and make predictions about what’s to come in the next. I’ve written end-of-year predictions posts in the past, but this is my first one at Cloudflare. I joined as Field CTO in September and currently enjoy the benefit of a long history in the Internet industry with fresh eyes regarding Cloudflare. I’m excited to share a few of my thoughts as we head into the new year. Let’s go!
“Never make predictions, especially about the future.”
— Casey Stengel
Over the last few years, 5G networks have begun to roll out gradually worldwide. When carriers bombard us with holiday ads touting their new 5G networks, it can be hard to separate hype from reality. But 5G technology is real, and the promise for end-users is vastly more wireless bandwidth and lower network latency. Better network performance will make websites, business applications, video streaming, online games, and emerging technologies like AR/VR all perform better.
The trend of flexible work will also likely increase the adoption of 5G mobile and fixed wireless broadband. Device makers will ship countless new products with embedded 5G in the coming Continue reading
This post has been in my drafts for a while, and its time to finish it off. Over the last couple of years I have been learning Go off and on. It was one of my goals for 2021 to learn Go well and I spent a fair amount of time digging into Go at the first half of this year. I have...continue reading
Recently, I had to replace one of the nodes in my 3 node Proxmox cluster. Once I replaced it, I found that I had certificate (both HTTP and SSH) errors between the hosts In this post, I will show you how to resolve that issue. The following software was used in this post. Proxmox -...continue reading
Troubleshooting container connectivity issues and performance hotspots in Kubernetes clusters can be a frustrating exercise in a dynamic environment where hundreds, possibly thousands of pods are continually being created and destroyed. If you are a DevOps or platform engineer and need to troubleshoot microservices and application connectivity issues, or figure out why a service or application is performing slowly, you might use traditional packet capture methods like executing tcpdump against a container in a pod. This might allow you to achieve your task in a siloed single-developer environment, but enterprise-level troubleshooting comes with its own set of mandatory requirements and scale. You don’t want to be slowed down by these requirements, but rather address them in order to shorten the time to resolution.
Dynamic Packet Capture is a Kubernetes-native way that helps you to troubleshoot your microservices and applications quickly and efficiently without granting extra permissions. Let’s look at a specific use case to see some challenges and best practices for live troubleshooting with packet capture in a Kubernetes environment.
Let’s talk about this use case in the context of a hypothetical situation.
Your organization’s DevOps and platform teams are trying to figure out Continue reading
In this post, we look at how to generate a Nornir network inventory from DNA-Center, using Python.