Exploring VMware’s Kubernetes App Connectivity and Security Solution: A Deep Dive, with Demos
Modern apps need to run in multi-cluster, multi-cloud environments across a mix of traditional and microservices architectures. In this context, enterprise platform, infrastructure, and operations teams are presented with unique challenges in securely connecting and managing modern workloads, in delivering scalable services, or bridging between traditional VM workloads and containers, and supporting production operations for modern apps.
VMware recently introduced the “VMware Modern Apps Connectivity solution”, which brings together the advanced capabilities of Tanzu Service Mesh (TSM) and VMware NSX Advanced Load Balancer ALB (formerly Avi Networks) address today’s unique enterprise challenges.
In this blog, we’ll take a deeper look at this solution and demonstrate how its cloud-native principles enable a set of important use cases that automate the process of connecting, observing, scaling, and better securing applications across multi-site environments and clouds. We’ll also show how state-of-the-art capabilities in this solution — like Global Server Load Balancing (GSLB) and Intelligent Autoscaling — enable enterprises to deliver advanced use cases such as cloud-bursting.
Step 0: Set up (typical HA architecture for a modern distributed app)
Let’s start by looking at our set-up, which is a typical architecture for a highly-available modern app deployment Continue reading
Confronting European Encroachment on Encryption
In late 2020, as Portugal prepared to take over the rotating Presidency of the Council of the European Union (EU), the Internet Society’s Portugal Chapter began ramping up its advocacy against worrying new plans to create encryption backdoors. The Council of the European Union, in a resolution in November 2020, and the European Commission (EC), in a […]
The post Confronting European Encroachment on Encryption appeared first on Internet Society.
Day Two Cloud 101: Closing The Network/Cloud Gap Before You Fall In (Sponsored)
On today's episode, sponsored by BlueCat Networks, we examine the technology and human challenges that arise when you integrate on-prem and the public cloud. You can't continue to do things in the cloud with traditional toolsets and processes. You need to update the tech and the people, including how they collaborate. We also discuss a new report that examines the need for, and challenges of, integrating networking and cloud teams. Our guest is Andrew Wertkin, Chief Strategy Officer at BlueCat.Day Two Cloud 101: Closing The Network/Cloud Gap Before You Fall In (Sponsored)
On today's episode, sponsored by BlueCat Networks, we examine the technology and human challenges that arise when you integrate on-prem and the public cloud. You can't continue to do things in the cloud with traditional toolsets and processes. You need to update the tech and the people, including how they collaborate. We also discuss a new report that examines the need for, and challenges of, integrating networking and cloud teams. Our guest is Andrew Wertkin, Chief Strategy Officer at BlueCat.
The post Day Two Cloud 101: Closing The Network/Cloud Gap Before You Fall In (Sponsored) appeared first on Packet Pushers.
Smart Security Strategies for the World of Social Media
As a way to avoid risks, social media security is vital for every business or enterprise in blocking targeted attacks, securing corporate accounts from compromise, fighting scams, and frauds.Celebrating 7 Years of Project Galileo
Every June, we celebrate the anniversary of Project Galileo. This year, we are proud to celebrate seven years of protecting the most vulnerable groups on the Internet from cyber attacks. June is a busy month for us at Cloudflare, with the anniversary of Project Galileo and Access Now’s RightsCon, one of the largest events on human rights in the digital age. As we collaborate with civil society on topics from technology, privacy, digital security and public policy, we learn how to better protect critical voices on the Internet but also how to use the Cloudflare network to make positive changes to the Internet ecosystem.
We started Project Galileo in 2014 with the idea that we need to protect voices that are targeted for working in sensitive areas. As such, we give these voices the resources to protect themselves online against powerful opponents. Whether their opponent’s aim is to intimidate, silence, or steal sensitive information, cyber attacks can cause significant damage to organizations that work in areas such as human rights, independent media, education, and social justice. As the world moves online — a factor accelerated by COVID-19 — access to powerful cybersecurity tools is critical for organizations around the world. Continue reading
Real-Life Network-as-a-Graph Examples
After reading the Everything Is a Graph blog post, Vadim Semenov sent me a long list of real-life examples (slightly edited):
I work in a big enterprise and in order to understand a real packet path across multiple offices via routers and firewalls (when mtr or traceroute don’t work – they do not show firewalls), I made OSPF network visualization based on LSDB output. The idea is quite simple – save information about LSA1 and LSA2 (LSA5 optionally) and that will be enough in order to build a graph (use show ip ospf database router/network on Cisco devices).
Technology Advancements that Led to the Success of NASA’s Mars Rover Landing
Space exploration is one of the most unique and innovative things in the world. With each passing mission NASA employs new and advanced technology in their space missions. Space missions aren’t always a success however with latest technology, NASA has been enjoying some great success.
Ingenuity Mars Helicopter
Mars has a very thin atmosphere so it was necessary for NASA to come up with a powerful object that could fly around the planet and take photographs. This ingenuity Mars helicopter can easily fly around the red planet so that the astronauts can take pictures even far away from their landing base.
MOXIE
MOXIE is one of the most important technologies that is going to revolutionize the space program. MOXIE is a technology that is going to convert the carbon dioxide in Mars atmosphere to oxygen. This will be a great way to have unlimited amount of oxygen once NASA plans to start a base on Mars.
In addition to the above two technologies, NASA also uses new technologies for entry in to the atmosphere. descent and then landing.
Range Trigger
Good landing is very important when you are trying to land on another planet. You need to hit all the Continue reading
Introducing OSPF Support in NSX-T 3.1.1
NSX-T has revolutionized the data center and plays a key role in modern data center fabrics. Its unmatched capabilities are key elements in any effort to modernize networking in the data center.
NSX-T version 3.1.1 will go down as a critical milestone in this journey, as it supports OSPF version 2.
Based on RFC 2328, Open Shortest Path First Version 2 (OSPF v2) provides fast convergence, scalability, and is widely known among network architects and their operations teams. As a result, it is one of the most popular link state routing protocols in enterprise networks and data centers.
Interconnecting your physical networking fabric with NSX-T was possible using static routes and BGP. OSPF is now an option to consider leveraging dynamic routing protocols in the data center. By supporting OSPF as a dynamic routing protocol, existing NSX for vSphere customers can migrate seamlessly to NSX-T.
In this blogpost, we will demonstrate how to implement OSPFv2 within NSX-T in your data center.
OSPF Support in NSX-T
Providing connectivity between users and applications in a data center is crucial. The main purpose of any routing protocol is to dynamically exchange or share information regarding the reachability of a network.
Hackers Targeting Router Devices: Is Your Household Vulnerable?
Millions of households are currently at risk of cyber attacks because they're running outdated and unpatched routers.Modify HTTP request headers with Transform Rules
HTTP headers are central to how the web works. They are used for passing additional information between the client and server, such as which security permissions to apply and information about the client, allowing the correct content to be served.
Today we are announcing the immediate availability of the second action within Transform Rules, “HTTP Request Header Modification”, available for all Cloudflare plans. This new functionality provides Cloudflare administrators with the ability to easily set or remove HTTP request headers as traffic flows through Cloudflare. This allows customers to enrich requests with information such as the Cloudflare Bot Management ‘Bot Score’ prior to being sent to their servers. Previously, HTTP request header modification was done using a Cloudflare Worker. Today we’re introducing an easier way to do this without writing a single line of code.
Luggage tags of the World Wide Web
Think of HTTP headers as the “luggage tag” attached to your bags when you check in at the airport.
Generally, you don't need to know what those numbers and words mean. You just know they are important in getting your suitcase from the boarding desk, to the correct Continue reading
Unequal-Cost Multipath with BGP DMZ Link Bandwidth
In the previous blog post in this series, I described why it’s (almost) impossible to implement unequal-cost multipathing for anycast services (multiple servers advertising the same IP address or range) with OSPF. Now let’s see how easy it is to solve the same challenge with BGP DMZ Link Bandwidth attribute.
I didn’t want to listen to the fan noise generated by my measly Intel NUC when simulating a full leaf-and-spine fabric, so I decided to implement a slightly smaller network:
Tools 8. Visual Analysis of the Network Path with Open Source Databases and Python
Hello my friend,
Over the past several articles we have taken a look into the most popular tools for the network troubleshooting. To be precise, we have covered an approach to find your public IP address in a programmable way, how to measure your Internet connectivity speed with Speedtest, how to measure the connectivity speed between your endpoints using iPerf, rapid check of hosts presence in the network with fping, how to check the quality of the path through the network with MTR, and how to see what are in the packets you have in your network. Covering these tools for you and sharing ideas about automation with them led us to creating a new open source tool, which we are happy to share with the community. This time we decided not to think long on its name and just called it the Traceroute Analyzer.
2
3
4
5
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
What is the network automation?
Tech Bytes: Wi-Fi 6E – New Spectrum, New Opportunities (Sponsored)
Today’s Tech Bytes podcast dives into Wi-Fi 6E, the extended version of the Wi-Fi 6 standard that takes advantage of newly available spectrum in the 6 GHz band. We’re sponsored today by Aruba, a Hewlett Packard Enterprise company, and we’ll explore highlights of the standard and discuss Aruba’s forthcoming 6E AP.
The post Tech Bytes: Wi-Fi 6E – New Spectrum, New Opportunities (Sponsored) appeared first on Packet Pushers.