Layer-3 Carrier Ethernet

One of ipSpace.net subscribers asked for my opinion about Adaptive IP, a concept promoted by one of the optical connectivity vendors. As he put it:

My interest in Carrier Ethernet moving up to Layer 3 is to see if it would be something to account for in the future.

A quick search resulted in a marketecture using Segment Routing (of course) and an SDN controller (what else could one be using today) using Path Computation Element Protocol (PCEP) to program the network devices… and then I hit a regwall. They wanted to collect my personal details to grace me with their whitepaper, and I couldn’t find even a link to the product documentation.

Layer-3 Carrier Ethernet

One of ipSpace.net subscribers asked for my opinion about Adaptive IP, a concept promoted by one of the optical connectivity vendors. As he put it:

My interest in Carrier Ethernet moving up to Layer 3 is to see if it would be something to account for in the future.

A quick search resulted in a marketecture using Segment Routing (of course) and an SDN controller (what else could one be using today) using Path Computation Element Protocol (PCEP) to program the network devices… and then I hit a regwall. They wanted to collect my personal details to grace me with their whitepaper, and I couldn’t find even a link to the product documentation.

Tonga Volcano Highlights Global Undersea Cable Network Fragility

Tech Bytes: Why Network Design Matters For Security Clouds (Sponsored)

On today’s Tech Bytes podcast we’re talking security clouds; that is, cloud services that offer capabilities including firewalls, traffic inspection, Web gateways, and more. We explore why these clouds aren’t all the same, and why the architecture, including networking, makes a difference. Netskope is this episode's sponsor.

The post Tech Bytes: Why Network Design Matters For Security Clouds (Sponsored) appeared first on Packet Pushers.

Tech Bytes: Why Network Design Matters For Security Clouds (Sponsored)

Zero Trust is hard but worth it

At the end of last year, I heard from a long-time enterprise contact that had a major security concern. The company had installed three layers of security and just completed an audit. It showed that since thIey’d finished their installation they’d had five security incidents, and all of them had originated inside their security perimeter, bypassing most of their protection.Their question was what they did wrong and how they could fix it.What this company experienced is far from rare, and the source of their problems and the paths to correction are far from easy.We tend to think of security as a goal we can achieve with a simple toolkit. Not so. Security is the state you achieve by dealing with all likely threats, and every threat has to be addressed in its own unique way. Problems can come from hackers gaining access to an application or database from the outside, through things like stealing credentials or exploiting weak authentication.To read this article in full, please click here

Zero Trust is hard but worth it

At the end of last year, I heard from a long-time enterprise contact that had a major security concern. The company had installed three layers of security and just completed an audit. It showed that since thIey’d finished their installation they’d had five security incidents, and all of them had originated inside their security perimeter, bypassing most of their protection.Their question was what they did wrong and how they could fix it.What this company experienced is far from rare, and the source of their problems and the paths to correction are far from easy.We tend to think of security as a goal we can achieve with a simple toolkit. Not so. Security is the state you achieve by dealing with all likely threats, and every threat has to be addressed in its own unique way. Problems can come from hackers gaining access to an application or database from the outside, through things like stealing credentials or exploiting weak authentication.To read this article in full, please click here

Using the Linux look command to select lines from files

The look command on Linux can be handy for selecting particular lines from text files with sorted contents. Let's look into how it can be used and where you might run into some problems.Case sensitivity If you type a command such as "look unix", you should see this:$ look unix UNIX Unix unix Notice that, because no file was specified in the command shown, look reverts to using the words file on the system (probably /usr/share/dict/words or whatever that points to). Also notice that it finds the three lines in the file even though the argument for the command has only lowercase characters. The command is case-insensitive when you don't provide a file name and instead allow it to default to the words file.To read this article in full, please click here

Using the Linux look command to select lines from files

The look command on Linux can be handy for selecting particular lines from text files with sorted contents. Let's look into how it can be used and where you might run into some problems.Case sensitivity If you type a command such as "look unix", you should see this:$ look unix UNIX Unix unix Notice that, because no file was specified in the command shown, look reverts to using the words file on the system (probably /usr/share/dict/words or whatever that points to). Also notice that it finds the three lines in the file even though the argument for the command has only lowercase characters. The command is case-insensitive when you don't provide a file name and instead allow it to default to the words file.To read this article in full, please click here

Network Break 365: Salesforce Forces Multi-Factor Authentication; FAA Implements 5G Buffer Zones

This week on Network Break we discuss why Salesforce is requiring multi-factor authentication from customers starting in February 2022, examine an SFP module that comes with a tiny computer running Linux, highlight the vast gap between cloud hype and cloud spending compared to traditional IT gear, and cover more IT news.

The post Network Break 365: Salesforce Forces Multi-Factor Authentication; FAA Implements 5G Buffer Zones appeared first on Packet Pushers.

Network Break 365: Salesforce Forces Multi-Factor Authentication; FAA Implements 5G Buffer Zones

Cloudflare customers on Free plans can now also get real-time DDoS alerts

We’re excited to announce that customers using our Free plan can now get real-time alerts about HTTP DDoS attacks that were automatically detected and mitigated by Cloudflare. The real-time DDoS alerts were originally announced over a year ago but were made available to customers on the Pro plan or higher. This announcement extends the DDoS alerts feature to Free plan users. You can read the original announcement blog post here.

What is a DDoS attack?

A Distributed Denial of Service (DDoS) attack is a cyber-attack that attempts to disrupt your online business. Whether your business relies on VoIP servers, UDP-based gaming servers, or HTTP servers, DDoS attacks can be used to disrupt any type of Internet property, server, or network.

In this blog post, we’ll focus on DDoS attacks that target HTTP servers. Whether your HTTP server is powering a mobile app, an eCommerce website, an API gateway, or any other HTTP application, if an attacker sends you more requests than it can handle, your server won't be able to serve your real users. A flood of requests can cause service disruptions or even take your entire server offline. DDoS attacks can have real-world consequences such as a blow to Continue reading

5 Ways to Protect Your Identity Online

One of the most important things to protect in this day and age is your identity. We live in a world where our personal information is constantly at a risk of being stolen, so it’s important to take precautions to prevent that from happening. With all the data breaches lately, it has become clear that we need to put more effort into protecting ourselves online. It’s no secret that the internet is a dangerous place. With the amount of personal information we share online, it can be easy to become a target for hackers and scammers. To help you protect your identity online, here are 5 ways you can stay protected on the internet.

Avoid Public Wi-Fi

One of the easiest ways to get hacked online is by using public Wi-Fi. Anyone can monitor your traffic when you’re connected to a public network, which means they could steal any data that’s sent over it. This includes usernames and passwords for all the different accounts you have on sites like Facebook or Gmail. Hackers are known to set up fake networks in order to gain access into people’s private information. 

Be Careful With Your Social Media Accounts

Social media has Continue reading

Lenovo expands edge computing portfolio with AI-focused Nvidia GPUs

Lenovo’s latest addition to the ThinkEdge portfolio of edge-computing devices packs Nvidia GPUs with AI capabilities into a ruggedized design that’s roughly the size of a laptop.The ThinkEdge SE450 is a 2U, 300mm (12 inches) unit that includes a third-generation Xeon Platinum processor and up to four single-width or two double-width GPUs, along with six NVMe SSDs and 1TB of DDR4 memory, making it one of the first Nvidia-certified Edge systems. There is also a slightly larger model that’s 360mm (14.2 inches). Read more: 4 essential edge-computing use casesTo read this article in full, please click here

Lenovo expands edge computing portfolio with AI-focused Nvidia GPUs

Lenovo’s latest addition to the ThinkEdge portfolio of edge-computing devices packs Nvidia GPUs with AI capabilities into a ruggedized design that’s roughly the size of a laptop.The ThinkEdge SE450 is a 2U, 300mm (12 inches) unit that includes a third-generation Xeon Platinum processor and up to four single-width or two double-width GPUs, along with six NVMe SSDs and 1TB of DDR4 memory, making it one of the first Nvidia-certified Edge systems. There is also a slightly larger model that’s 360mm (14.2 inches). Read more: 4 essential edge-computing use casesTo read this article in full, please click here

Running IS-IS over Unnumbered Ethernet Interfaces

Last time we figured out that we cannot run OSPF over unnumbered interfaces that are not point-to-point links because OSPF makes assumptions about interface IP addresses. IS-IS makes no such assumptions; IPv4 and IPv6 prefixes are just a bunch of TLVs exchanged between routers over a dedicated layer-3 protocol with ridiculously long network addresses.

Could we thus build a totally unnumbered IP network with IS-IS even when the network contains multi-access segments? It depends:

Running IS-IS over Unnumbered Ethernet Interfaces

Last time we figured out that we cannot run OSPF over unnumbered interfaces that are not point-to-point links because OSPF makes assumptions about interface IP addresses. IS-IS makes no such assumptions; IPv4 and IPv6 prefixes are just a bunch of TLVs exchanged between routers over a dedicated layer-3 protocol with ridiculously long network addresses.

Could we thus build a totally unnumbered IP network with IS-IS even when the network contains multi-access segments? It depends:

Five Benefits of Software-Defined Network Security

Fundamentals of Discrete Event Simulation(DES)

Introduction

In the last blog, we looked at SIS/SIR epidemic modeling using Discrete event simulation. This post will cover some fundamental concepts of Discrete Event Simulation, look at a few basic examples to develop an understanding, and end with a simulation of M/M/1 queuing model.

To get started, let’s look at an elementary example.Assume that we want to estimate the probability of observing the head in an experiment of tossing a coin. We know that if the coin is not biased, then the likelihood of getting a head is 1/2. We also know that if I toss the coin two or three times, we may not get exactly 1/2. We expect that if we keep tossing the coin for a very long time, the average probability of getting heads will converge to 1/2.

Experiment

So let’s run the experiment 1000 times of tossing the coin, and we get 0.49 as the probability of getting head, which is very close to our expectation of 1/2.

import random
import numpy as np
n = 1000
observed = []

for i in range(n):
    outcome = random.choice(['Head', 'Tail'])
    if outcome == 'Head':
        observed. Continue reading

Automation 9. Comparing data collection with NAPALM and OpenConfig/YANG over NETCONF in Python for Cisco IOS XR and Arista EOS

Hello my friend,

We hope you have aa good festive period, celebrated Christmas and New Year with your family and friends, and started the new year. Some time ago we’ve discussed a comparison of NAPALM and OpenConfig at a high level and promised to share some details. Today you will see the details of data collection with NAPALM and NETCONF with OpenConfig YANG modules.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Where to Start with Automation?

Recently we have had an interesting webinar together with Rick Donato, my colleague from a Network Automation Industry. During the webinar we mapped various products existing in the automation (not only network, but in general) space and, you know what, there is indeed a huge amount of products. Therefore, when you are already a savvy in the automation world, you can benefit from them a lot. However, if you are just making first steps, you will be totally lost.

We want you to be a beneficiary Continue reading