0

La découverte des peers BGP LLDP

The post La découverte des peers BGP LLDP appeared first on Noction.

0

Even Simple Data Models Are a Huge Win

Dan Augustine sent me a wonderful example illustrating how even a very simple data model together with some automation templates can simplify a large-scale deployment.

---

We have a 100 router installation coming up for our schools and both of our installation vendors do not use open source templating tools and they are not willing to share.

Having taken the Data Models in Network Automation part of your Network Automation Concepts webinar, I decided to install GitLab, make an Ansible project and invite our installation partners to the project.

0

Using the cheat command on Fedora Linux

The term "cheat sheet" has long been used to refer to listings of commands with quick explanations and examples that help people get used to running them on the Linux command line and understanding their many options.Most Linux users have, at one time or another, relied on cheat sheets to get them started. There is, however, a tool called "cheat" that comes with a couple hundred cheat sheets and that installs quickly and easily on Fedora and likely many other Linux systems. Read on to see how the cheat command works.Finding installed packages on Fedora Linux systems First, to install cheat on Fedora, use a command like one of these:To read this article in full, please click here

0

Using the cheat command on Fedora Linux

The term "cheat sheet" has long been used to refer to listings of commands with quick explanations and examples that help people get used to running them on the Linux command line and understanding their many options.Most Linux users have, at one time or another, relied on cheat sheets to get them started. There is, however, a tool called "cheat" that comes with a couple hundred cheat sheets and that installs quickly and easily on Fedora and likely many other Linux systems. Read on to see how the cheat command works.Finding installed packages on Fedora Linux systems First, to install cheat on Fedora, use a command like one of these:To read this article in full, please click here

0

How PowerShell can find features and roles on Windows servers

The PowerShell Get-WindowsFeature command—or, more properly, cmdlet—can retrieve a list of Windows features, including server roles, that are installed on a server or workstation running Windows, making it a handy tool for server admins.Learning about it can point up its value and how a broader knowledge of PowerShell commands may lead to more efficient administration of Windows servers.[Get regularly scheduled insights by signing up for Network World newsletters.] Tim Ferrill By default, the output of the Get-WindowsFeature cmdlet provides something of a hierarchical view with individual features having boxes checked or not depending on their installation status. (Click to expand the image at left.) This is great for quickly eyeballing a single server to get an idea of what functions it provides, but as the list contains upwards of 250 roles and features, it starts to lose practicality when you are looking for a specific set of features or want to inventory multiple servers in a single pass.To read this article in full, please click here

0

How PowerShell can find features and roles on Windows servers

The PowerShell Get-WindowsFeature command—or, more properly, cmdlet—can retrieve a list of Windows features, including server roles, that are installed on a server or workstation running Windows, making it a handy tool for server admins.Learning about it can point up its value and how a broader knowledge of PowerShell commands may lead to more efficient administration of Windows servers.[Get regularly scheduled insights by signing up for Network World newsletters.] Tim Ferrill By default, the output of the Get-WindowsFeature cmdlet provides something of a hierarchical view with individual features having boxes checked or not depending on their installation status. (Click to expand the image at left.) This is great for quickly eyeballing a single server to get an idea of what functions it provides, but as the list contains upwards of 250 roles and features, it starts to lose practicality when you are looking for a specific set of features or want to inventory multiple servers in a single pass.To read this article in full, please click here

0

Juniper service provides AI-based network management

Juniper Networks has rolled out a cloud-based service that uses AI to manage everything from network inventory and configuration details to device status and contract information.Juniper Support Insights securely gathers network information from Juniper’s Junos switching and routing portfolio, including ACX, EX, MX, PTX, QFX, and SRX Series platforms and provides it to the Juniper cloud. Learn more about 5G and WiFi 6 What is 5G? How is it better than 4G? How to determine if WiFi 6 is right for you What is MU-MIMO? Why do you need it in your wireless routers? When to use 5G, when to use WiFi 6 How enterprises can prep for 5G networks The Junos devices can connect directly to the cloud or via Lightweight Collector, an on-premises appliance that can link up to 20,000 devices to the cloud.To read this article in full, please click here

0

Label standard and best practices for Kubernetes security

In this blog post, I will be talking about label standard and best practices for Kubernetes security. This is a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchical security design that is capable of achieving your enterprise security and compliance requirements, then define your label standard in alignment with your design. This is not meant to be a comprehensive guide for all your label requirements, but rather a framework that guides you through developing your own label standard to meet your specific security requirements.

Kubernetes labels for network policies

Labels are key/value pairs that are attached to Kubernetes objects to identify attributes that are intuitive for users and that are required for specific purposes, such as inventory reporting or the enforcement of an intent.

Label classification

Kubernetes network policies represent the intent of enforcing security controls to pods using labels to match intended endpoints. Label prefixes can be used to identify label classification. The following short-list is a high-level classification of endpoints required for developing a Kubernetes network policies design:

• Multi-tenancy
• Application microsegmentation
• External endpoints
• Host endpoints

Label scope

Labels Continue reading

0

Best Practices for Managing Your Hardening Project

A successful server hardening project requires the right techniques and tools. A critical factor that impacts ROI is how deep are you going to go with automation.

0

How we build software at Cloudflare

Cloudflare provides a broad range of products — ranging from security, to performance and serverless compute — which are used by millions of Internet properties worldwide. Often, these products are built by multiple teams in close collaboration and delivering them can be a complex task. So ever wondered how we do so consistently and safely at scale?

Software delivery consists of all the activities to get working software into the hands of customers. It’s usual to talk about software delivery with reference to a model, or framework. These provide the scaffolding for most modern software delivery models, although in order to minimise operational friction it’s usual for a company to tailor their approach to suit their business context and culture.

For example, a company that designs the autopilot systems for passenger aircraft will require very strict tolerances, as a failure could cost hundreds of lives. They would want a different process to a cutting edge tech startup, who may value time to market over system uptime or stability.

Before outlining the approach we use at Cloudflare it’s worth quickly running through a couple of commonly used delivery models.

The Waterfall Approach

Waterfall has its foundations (pun intended) in construction and Continue reading

0

Prossimo: Making the Internet Memory Safe

The Let’s Encrypt certificate authority, but it has also turned its hand to fixing memory problems. It sponsors, via Google, so Rust in Linux in no small part to fix its built-in C memory problems. And, it also has a whole department, Rustls, a safer memory-safe code. Memory-safe programs are written in languages that avoid the usual use after free problems. C, C++, and Assembly, for all their speed, make it all too easy to make these kinds of mistakes. Languages such as Rust, Go, and C#, however, Continue reading

0

Arista’s Evolution to Data-Driven Networking

Arista’s EOS (Extensible Operating System) has been nurtured over the past decade, taking the best principles of extensible, open and scalable networks. While SDN evangelists insisted that the right way to build networks started with the decoupling of hardware and software in the network, manipulated by a centralized, shared controller, many companies failed to provide the core customer requisite in a clean software architecture and implementation coupled with key technical differentiation. This has been the essence of Arista EOS.

0

Collect hashes from remote computers

I was recently asked to create a script that should calculate the hash values of all files on remote computers. The collection must be done in parallel on all computers.  My choice fell on Bash because it allows to quickly collect hashes using a combination of SSH, sshpass, find and hash (coreutils package). The collect_hashes.sh script […]
Continue reading...

0

Where Would You Need DNS Anycast?

One of the publicly observable artifacts of the October 2021 Facebook outage was an intricate interaction between BGP routing and their DNS servers needed to support optimal anycast configuration. Not surprisingly, it was all networking engineers' fault according to some opinions¹

There’s no need for anycast²/BGP advertisement for DNS servers. DNS is already highly available by design. Only network people never understand that, which leads to overengineering.

It’s not that hard to find a counter-argument³: while it looks like there are only 13 root name servers⁴, each one of them is a large set of instances advertising the same IP prefix⁵ to the Internet.

0

Customized COSU Device Management Solutions

Once connected to the network, COSU devices should be monitored to determine where they are located and whether use conforms to policy guidelines.

0

Javascript Notes: Variables

Like most languages, variables in Javascript are defined with the = operator. There are 3 different keywords that can be used to define a variable. var - Depricated, should not be used for ES6+. let - Variable can be re-assigned. Value can be mutated. const - Variable cannot be...continue reading

0

Searching through compressed files on Linux

There are quite a few ways to search through compressed text files on Linux systems without having to uncompress them first. Depending on the format of the files, you can choose to view entire files, extract specific text, navigate through file contents searching for content of interest, and sometimes even edit content. IFirst, to show you how this works, I compressed the words file on one of my Linux systems (/usr/share/dict/words) using these commands:$ cp /usr/share/dict/words . $ 7z a words.7z words $ bzip2 -k words $ gzip -k words $ xz -k words $ zip words.zip words How to use the grep command on Linux   The -k options used with the bzip2, gzip, and xz commands kept these commands from removing the original file, which they would by default. The resultant files then looked like this:To read this article in full, please click here

0

Searching through compressed files on Linux

There are quite a few ways to search through compressed text files on Linux systems without having to uncompress them first. Depending on the format of the files, you can choose to view entire files, extract specific text, navigate through file contents searching for content of interest, and sometimes even edit content. IFirst, to show you how this works, I compressed the words file on one of my Linux systems (/usr/share/dict/words) using these commands:$ cp /usr/share/dict/words . $ 7z a words.7z words $ bzip2 -k words $ gzip -k words $ xz -k words $ zip words.zip words How to use the grep command on Linux   The -k options used with the bzip2, gzip, and xz commands kept these commands from removing the original file, which they would by default. The resultant files then looked like this:To read this article in full, please click here

0

It’s official: VMware and Dell have split

VMware is once again a standalone company as it has officially split with its parent firm, Dell and untied the knot that has held them together since 2016.The move is widely seen as a way for both companies to work with new partners and expand their respective technologies while keep close ties to each other.[Get regularly scheduled insights by signing up for Network World newsletters.] It also has financial impacts. According to the Financial Times, Dell Technologies will shed its 81% stake in publicly traded VMware, creating an independent software company with a stock market value of nearly $64 billion. Dell’s remaining hardware operations have an implied value of $33 billion, based on its latest share price. To read this article in full, please click here

0

Vapor IO Realizes Open Grid Vision With INZONE 5G Edge Services

One of the defining characteristics of edge applications is the need for low latency to absorb and analyze data from connected devices deployed in locations such as retail stores, manufacturing facilities, distribution centers, and municipal infrastructure. Until recently, most chatter about “the edge” has been vague, often conflating the extension of cloud service delivery to […]

The post Vapor IO Realizes Open Grid Vision With INZONE 5G Edge Services appeared first on Packet Pushers.