Archive

Category Archives for "Networking"

3 steps to improve collaboration between networking and security pros

(Enterprise Management Associates finds that enterprises are trying to improve collaboration between their network-infrastructure and operations teams and their information-security and cybersecurity teams. This article discusses challenges faced by these teams based on a survey of 366 IT and security professionals detailed in the report “NetSecOps: Aligning Networking and Security Teams to Ensure Digital Transformation”, by EMA Vice President of Research Networking Shamus McGillicuddy.)To read this article in full, please click here

Monitoring Linux system resources with bpytop

The bpytop tool is similar to other performance monitoring tools available for Linux systems like top, iotop, htop, bashtop etc. It’s a terminal-based resource monitor that works efficiently and is visually appealing.The tool was ported from bashtop and rewritten in Python, so you need to have Python—version 3.6 or later—installed on your system to use it. (The “bpy” portion of the name undoubtedly stands for “bash Python”.)If you already have Python installed on your system, you can check the version using one of these sets of commands:Fedora Linux Mint ====== ========== $ which python $ which python3 /usr/bin/python /usr/local/bin/python3 $ python -V $ python3 -V Python 3.9.7 Python 3.8.10 Both systems shown are running Python3, but the Fedora system has /usr/bin/python set up as a symbolic link to python and the other system does not. So, they’re both using Python3.To read this article in full, please click here

3 steps to better collaboration between networking and security pros

(Enterprise Management Associates finds that enterprises are trying to improve collaboration between their network-infrastructure and operations teams and their information-security and cybersecurity teams. This article discusses challenges faced by these teams based on a survey of 366 IT and security professionals detailed in the report “NetSecOps: Aligning Networking and Security Teams to Ensure Digital Transformation”, by EMA Vice President of Research Networking Shamus McGillicuddy.)To read this article in full, please click here

Overlay Virtual Networking Examples

One of ipSpace.net subscribers wanted to see a real-life examples in the Overlay Virtual Networking webinar:

I would be nice to have real world examples. The webinar lacks of contents about how to obtain a fully working L3 fabric overlay network, including gateways, vrfs, security zones, etc… I know there is not only one “design for all” but a few complete architectures from L2 to L7 will be appreciated over deep-dives about specific protocols or technologies.

Most ipSpace.net webinars are bits of a larger puzzle. In this particular case:

Read more …

Git as a source of truth for network automation

The first step when automating a network is to build the source of truth. A source of truth is a repository of data that provides the intended state: the list of devices, the IP addresses, the network protocols settings, the time servers, etc. A popular choice is NetBox. Its documentation highlights its usage as a source of truth:

NetBox intends to represent the desired state of a network versus its operational state. As such, automated import of live network state is strongly discouraged. All data created in NetBox should first be vetted by a human to ensure its integrity. NetBox can then be used to populate monitoring and provisioning systems with a high degree of confidence.

When introducing Jerikan, a common feedback we got was: “you should use NetBox for this.” Indeed, Jerikan’s source of truth is a bunch of YAML files versioned with Git.

Why Git?

If we look at how things are done with servers and services, in a datacenter or in the cloud, we are likely to find users of Terraform, a tool turning declarative configuration files into infrastructure. Declarative configuration management tools like Salt, Puppet,1 or Ansible take Continue reading

pygnmi 12. pyGNMI CLI to Explore GNMI Capabilities of the Network Devices

Hello my friend,

For a a while we were silent about pyGNMI; however, it doesn’t mean that the project is abandoned. Actually, it is quite opposite: we are very delighted and thankful for the community that we have a number of contributors from the whole world, who is taking part in the pyGNMI project and committing new code. Thanks to the community, a few new features were added as well as a number of bugs fixed. And today we will take a look one of such community-added features, which is called pygnmcli.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Is GNMI a Good Interface for Network Automation?

Yes, it is. GNMI is one of the most recent interfaces created for the management plane, which allows you to manage the network devices (i.e., retrieve configuration and operational data, modify configuration) and collect the streaming or event-driven telemetry. Sounds like one-size-fits-all, isn’t it? On top of that, GNMI supports also different transport Continue reading

ISP Design Guide: Separation of network functions – introduction and overview

PDF link is here


A reference guide for new & existing ISPs that need to understand network functions and separation.

“How do I add redundancy?”
“How do I scale?”
“How do I reduce downtime and operational costs?”

These are questions that I get asked practically every day as a consulting network architect that designs and builds ISPs.

In most cases the answer is the same whether the ISP uses fixed wireless broadband, copper or fiber to deliver the last mile – separation of network functions.

This illustrated guide is intended to define the topic and create visual context for each function using a network drawing. It’s the first in a new series on this subject.

A new series of content

This topic is deep and there is a lot to unpack so this will be the first segment in a series of blog posts and videos covering function separation.

Large ISPs typically already embrace the philosophy of separating network functions, so the focus of this series will be to help new or growing regional ISPs understand the design intent and the challenges/costs of running networks that don’t separate network functions.


http://iparchitechs.com/contact

Welcome to Full Stack Week

Welcome to Full Stack Week
Welcome to Full Stack Week

As you read this you are using the Internet. Stop and think about that for a minute. We speak about finding something “on the Internet”; we speak about “using the Internet” to perform a task. We essentially never say something like “I'm going to look for this on a server using the Internet as an intermediary between my computer and the server”.

We speak about and think about the Internet as a single, whole entity that we use and rely on. That’s behind the vision of “The Network is the Computer”. What matters is not the component parts that go into “the Internet” but what they come together to create.

That’s also the vision behind Cloudflare’s network.

We don’t want anyone to think about “caching content on a server in a Cloudflare data center” or “writing code that runs on (something called) the edge”. We want you to simply think of it as a single, global network that provides a CDN, a WAF, DDoS protection, Zero Trust and the ability to write infinitely scalable code and have it just work.

Scaling software is hard, and almost no programmer wants to spend their time worrying what will happen if Continue reading

Having a Cloud Router – Always handy!

Note:

This can be set up for free of cost in a sense of having 100$ cloud credit and Trial license for vMX and is for testing for a limited amount of time for and setting a router in the cloud, In the long run, even this testing would cost some money.

This will guide you on how to set up a prod system properly on AWS – https://www.juniper.net/documentation/us/en/software/vmx/vmx-aws/topics/concept/vmx-aws-overview.html

I Wish

Often I wish that I have some sort of online cloud router (either Cisco or Juniper) to look around some knobs and also to do some rapid testing or rehash of some of the concepts. I prefer mostly Juniper for their awesome logical-systems concept and it’s easy to build a good number of 14 routers that can also run MPLS.

Solution

With Docker and Kubernetes, many of the NFV functions are even easier, I came across implementations of Juniper cRPD Route Reflectors in production environments and its all based on docker-containers, and their orchestration and vMX and other product lines are very well engineered at this point in time and no longer they are at starting stage.

cRPD – https://www.juniper.net/documentation/us/en/software/crpd/crpd-deployment/topics/concept/understanding-crpd.html

What is that Continue reading

8 Tips for a Successful Network Migration

I have done many network migrations over the years. Now a days it’s a more rare event but this weekend we migrated some Core switches with very little down time. What are some of the things that you should do to maximize the odds of a successful migration?

Plan

If your migration went successful without planning, that doesn’t mean you are smart, just lucky. Every migration requires planning. What steps are involved in the migration? How do you validate each step? Who needs to be involved in the migration? Who needs to validate services when the migration is done? What are the criteria for a successful migration? How much time do you need to perform the migration? At what point do roll back? What are the steps involved in rolling back?

A migration plan can have varying levels of detail. I’ve worked with some very critical networks where we have had to describe each and every step in detail including every command that is involved in the migration. This takes a lot of time but you can’t cut corners when you are working with networks that can affect people’s health and lives.

Prepare

Prepare as much as you can. This Continue reading

Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack

Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack
Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack

Earlier this week, Cloudflare automatically detected and mitigated a DDoS attack that peaked just below 2 Tbps — the largest we’ve seen to date. This was a multi-vector attack combining DNS amplification attacks and UDP floods. The entire attack lasted just one minute. The attack was launched from approximately 15,000 bots running a variant of the original Mirai code on IoT devices and unpatched GitLab instances.

Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack
DDoS attack peaking just below 2 Tbps‌‌

Network-layer DDoS attacks increased by 44%

Last quarter, we saw multiple terabit-strong DDoS attacks and this attack continues this trend of increased attack intensity. Another key finding from our Q3 DDoS Trends report was that network-layer DDoS attacks actually increased by 44% quarter-over-quarter. While the fourth quarter is not over yet, we have, again, seen multiple terabit-strong attacks that targeted Cloudflare customers.

Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack
DDoS attacks peaking at 1-1.4 Tbps

How did Cloudflare mitigate this attack?

To begin with, our systems constantly analyze traffic samples “out-of-path” which allows us to asynchronously detect DDoS attacks without causing latency or impacting performance. Once the attack traffic was detected (within sub-seconds), our systems generated a real-time signature that surgically matched against the attack patterns to mitigate the attack without impacting Continue reading

1 431 432 433 434 435 3,345