Archive

Category Archives for "Networking"

Weekend Reads 050424


Quantum sensing is poised to revolutionize virtually every aspect of our world. Quantum sensing’s distinctive ability to detect magnetic signatures is already aiding in navigation for countless fuel tankers worldwide, providing otherwise unachievable medical scans, and keeping all of our computer clocks in sync.


Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities.


A growing number of data center operators and equipment vendors are anticipating the proliferation of direct liquid cooling systems (DLC) over the next few years. As far as projections go, Uptime Institute’s surveys agree: the industry consensus for the mainstream adoption of liquid-cooled IT converges on the latter half of the 2020s.


The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security.


The IETF has had a long tradition of doing its technical work through a consensus process, taking into account the different views among IETF participants and coming to (at least rough) consensus on technical matters.


This is where Two-Factor Authentication (2FA) steps in as a powerful tool to bolster security. Let’s delve into Continue reading

Cilium’s Past Points to Its Future 

Cilium is obviously undergoing a lot of changes as a dynamic and popular open source project that heavily utilizes eBPF, but its original reason remains in check:  a tool that offers security, observability and networking capabilities. Its capabilities — or hooks — extend from the kernel to throughout the network, including cloud, on-premises or other infrastructures. This definition covers a lot of things, while Cilium should continue to adapt and extend as infrastructure needs change. @tgraf__ ‘s « Cilium Vision » has a lot of future but the core design remains in place. @thenewstack March 19, 2024 In this article, we look at Thomas Graf, who is CTO of Isovalent, described during his KubeCon + CloudNativeCon Europe talk Continue reading

IPB150: IPv6 Basics: ICMPv6

As part of our ongoing series on IPv6 basics, today we cover the differences you should be aware of between ICMPv4 and ICMPv6. Internet Control Message Protocol (ICMP) is the protocol that lets you test reachability: Pings, echoes, TCP connections, etc. We explain what you need to know and why you need to know it,... Read more »

Configuration of BGP afi/safi L2VPN EVPN and NVE Tunnel Interface

Overlay Network Routing: MP-BGP L2VPN/EVPN



EVPN Fabric Data Plane – MP-BGP


Instead of being a protocol, EVPN is a solution that utilizes the Multi-Protocol Border Gateway Protocol (MP-BGP) for its control plane in an overlay network. Besides, EVPN employs Virtual eXtensible Local Area Network (VXLAN) encapsulation for the data plane of the overlay network.

Multi-Protocol BGP (MP-BGP) is an extension of BGP-4 that allows BGP speakers to encode Network Layer Reachability Information (NLRI) of various address types, including IPv4/6, VPNv4, and MAC addresses, into BGP Update messages. The MP_REACH_NLRI path attribute (PA) carried within MP-BGP update messages includes Address Family Identifier (AFI) and Subsequent Address Family Identifier (SAFI) attributes. The combination of AFI and SAFI determines the semantics of the carried Network Layer Reachability Information (NLRI). For example, AFI-25 (L2VPN) with SAFI-70 (EVPN) defines an MP-BGP-based L2VPN solution, which extends a broadcast domain in a multipoint manner over a routed IPv4 infrastructure using an Ethernet VPN (EVPN) solution.

BGP EVPN Route Types (BGP RT) carried in BGP update messages describe the advertised EVPN NLRIs (Network Layer Reachability Information) type. Besides publishing IP Prefix information with IP Prefix Route (EVPN RT 5), BGP EVPN uses MAC Advertisement Route (EVPN RT 2) Continue reading

NAN062: The Team Behind Nautobot (Part 1)

Today we chat with the maintainers of Nautobot, the open source network source of truth and network automation platform. Jason Edelman, Ken Celenza, John Anderson explain how their day jobs at professional services company, Network to Code, informs their work on Nautobot. They walk us through Nautobot’s core, out-of-the-box capabilities as well as the extensibility... Read more »

3 observability best practices for improved security in cloud-native applications

Why is observability important for better security?

Observability, especially in the context of cloud-native applications, is important for several reasons. First and foremost is security. By design, cloud-native applications rely on multiple, dynamic, distributed, and highly ephemeral components or microservices, with each microservice operating and scaling independently to deliver the application functionality. In this type of microservices-based architecture, observability and metrics provide security insights that enable teams to identify and mitigate zero-day threats through the detection of anomalies in microservices metrics, such as traffic flow, process calls, syscalls, and more. Using machine learning (ML) and heuristic analysis, security teams can identify abnormal behavior and issue alerts.

Observability also enables security teams to visualize the blast radius in the event of a breach. Using this information, teams can apply mitigating controls, such as security policy updates, to isolate the breached microservice and thereby limit exposure.

And finally, observability helps DevOps teams maintain the quality of service by identifying service failure and performance hotspots, and conducting a detailed investigation with capabilities such as packet capture and distributed tracing.

Observability challenges

DevOps and SRE teams today are being overwhelmed by an enormous amount of data from multiple, disparate systems that monitor infrastructure and Continue reading

Managing Multiple Python Versions with pyenv

Managing Multiple Python Versions with pyenv

In my Python journey, I've always stuck to just one version of Python at a time. I happily used Python 3.9 for quite a while, then switched to Python 3.10 without any issues. Everything was perfect until recently when I tried installing a Python application using pip, but no matter what I did, the installation kept failing. I couldn't fix the issue even after hours of Googling.

That's when I finally decided to check the documentation (which I should have done from the start), and there it was, this application requires a minimum Python version of 3.8 and was only tested on versions 3.8 and 3.9. That made me think, maybe I should have installed it using Python 3.9, but how? I'm no expert in Linux or Unix systems, and I worried that reinstalling Python 3.9 could mess up other projects I'd built on 3.10.

So, I started exploring how to manage multiple Python versions on the same machine, and that's when I stumbled upon a tool called 'pyenv'. This seemed like the perfect solution to my problem, so I decided to learn more about it.

Python For Network Engineers Continue reading

Cisco vPC in VXLAN/EVPN Network – Part 2 – Configuring vPC

When building leaf and spine networks, leafs connect to spines, but leafs don’t connect to leafs, and spines don’t connect to spines. There are exceptions to this and vPC is one of those exceptions. The leafs that are going to be part of the same vPC need to connect to each other. There are two ways of achieving this:

  • Physical interfaces.
  • Fabric peering.

We will first use physical interfaces and then later remove that and use fabric peering. Now, my lab is virtual so take physical with a grain of salt, but they will be dedicated interfaces. The following will be required to configure vPC:

  • Enable vPC.
  • Enable LACP.
  • Create vPC domain.
  • Create a VRF for the vPC peer keepalive.
  • Configure the interface for vPC peer keepalive.
  • Configure the vPC peer keepalive.
  • Configure the vPC peer link interfaces.
  • Configure the vPC peer link.

This is shown below:

The vPC is now up:

Leaf1# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1   
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
 Continue reading

Repost: The Real LISP Mobility Use Case

Béla Várkonyi is working on an interesting challenge: building ground-to-airplane(s) networks providing multilink mobility. Due to its relative simplicity, he claims LISP works much better than BGP in that environment.

In some newer routers BGP would not be such a big bottleneck, but you need a lot of knob turning in BGP to get it right, while in LISP it is quite simple.

If you have many thousands concurrent airplanes with multi-link and max. 16 subnets with different routing policies on each, and the radio links are going up and down, then you have a large number of mobility events.

Read more …

Repost: The Real LISP Mobility Use Case

Béla Várkonyi is working on an interesting challenge: building ground-to-airplane(s) networks providing multilink mobility. Due to its relative simplicity, he claims LISP works much better than BGP in that environment.

In some newer routers BGP would not be such a big bottleneck, but you need a lot of knob turning in BGP to get it right, while in LISP it is quite simple.

If you have many thousands concurrent airplanes with multi-link and max. 16 subnets with different routing policies on each, and the radio links are going up and down, then you have a large number of mobility events.

Read more …
1 48 49 50 51 52 3,411