Many applications these days require authentication to external systems with resources, such as users and passwords to access databases and service accounts to access cloud services, and so on. In such cases, private information, like passwords and keys, becomes necessary. It is essential to take extra care in managing such sensitive data. For example, if you write your AWS key information or password in a script for deployment and then push it to a Git repository, all users who can read it will also be able to access it, and you could be in trouble. Even if it's an internal repository, you run the risk of a potential leak.
Before we talk about Vault, let's take a look at how we've used to manage secrets.
We use SaltStack as a bare-metal configuration management tool. The core of the Salt ecosystem consists of two major components: the Salt Master and the Salt Minion. The configuration state is owned by Salt Master, and thousands of Salt Minions automatically install packages, generate configuration files, and start services to the node based on the state. The state may contain secrets, such as passwords and API Continue reading
This lesson walks through the creation of a simple package. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python Networking and Distributed […]
The post Practical Python For Networking: 6.3 – Making A Simple Package Example – Video appeared first on Packet Pushers.
Two week ago I described how to create a simple VRF Lite lab with netsim-tools VRF configuration module. Adding MPLS/VPN to the mix and creating a full-blown MPLS/VPN lab is a piece of cake. In this blog post we’ll build a simple topology with two VRFs (red and blue) and two PE-routers:
Lab topology
Two week ago I described how to create a simple VRF Lite lab with netlab VRF configuration module. Adding MPLS/VPN to the mix and creating a full-blown MPLS/VPN lab is a piece of cake. In this blog post we’ll build a simple topology with two VRFs (red and blue) and two PE-routers:
Lab topology
In this second post I will look at Ethernet VPN (EVPN), what is it and how to configure a BGP EVPN session on Aruba devices.
Please note, this post will focus on the establishment of the BGP EVPN session between peers, and thus will not present a fully functioning EVPN network. I aim to build the configuration up in stages to enable the reader to confidently understand the different pieces of EVPN-VXLAN as a technology.
Reading through EVPN RFCs one gets an impression of its convoluted development, or rather, the evolving area of focus for its application.
To summarize, it started life as a service-provider focused VPLS successor, then jumped over to the control plane for virtualized data centres, now gaining a foothold in campus networks.
I put together an overview of the various RFCs here.
In the first post in this series, I explained the VXLAN forwarding process, that relies upon flood and learn.
Palo Alto Networks announces new innovations for Prisma SASE for protecting the hybrid workforce, including the general availability of Prisma SD-WAN bandwidth licensing on-demand and Okyo Garde Enterprise Edition.
The post Protecting The Hybrid Workforce With Palo Alto Networks Secure, Flexible SASE Solution appeared first on Packet Pushers.
Making friends as an adult can seem daunting, but it doesn’t have to be. There are many ways to meet new people and build lasting relationships.
Making friends as an adult can be challenging, but it can also be rewarding. With a little effort, you can develop lasting relationships with the people around you. Here are a few tips to get you started:
One of the best ways to meet new friends is by joining a club or group that aligns with your interests. This could be anything from a book club to a hiking group to a cooking class. Not only will you have something in common with the other members, but you’ll also have the opportunity to bond over shared activities.
Another great way to meet new people is by attending local events and festivals. These are usually great occasions for socializing, and you never know who you might meet. You might even make some new friends that live right in your own neighborhood.
If you’re looking Continue reading
Earlier this month, Cloudflare’s systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record.
While this isn’t the largest application-layer attack we’ve seen, it is the largest we’ve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.
The attack, lasting less than 15 seconds, targeted a Cloudflare customer on the Professional (Pro) plan operating a crypto launchpad. Crypto launchpads are used to surface Decentralized Finance projects to potential investors. The attack was launched by a botnet that we’ve been observing — we’ve already seen large attacks as high as 10M rps matching the same attack fingerprint.
Cloudflare customers are protected against this botnet and do not need to take any action.
What’s interesting is that the attack mostly came from data centers. We’re Continue reading
This lesson walks through basic examples of packages. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python Networking and Distributed Denial Of […]
The post Practical Python For Networking: 6.2 – Package Examples – Video appeared first on Packet Pushers.
Enrique Vallejo asked an interesting question a while ago:
When was X.25 official declared dead? Note that the wikipedia claims that it is still in use in parts of the world.
Wikipedia is probably right, and had several encounters with X.25 that would corroborate that claim. If you happen to have more up-to-date information, please leave a comment.
Enrique Vallejo asked an interesting question a while ago:
When was X.25 official declared dead? Note that the wikipedia claims that it is still in use in parts of the world.
Wikipedia is probably right, and had several encounters with X.25 that would corroborate that claim. If you happen to have more up-to-date information, please leave a comment.