Archive

Category Archives for "Networking"

ITRenew integrates Pluribus Networks software with its hyperscale servers

ITRenew, the reseller of slightly used hyperscalar servers, has partnered with Pluribus Networks to add Pluribus’s Netvisor ONE operating system and Adaptive Cloud Fabric controllerless SDN cloud networking software to its hardware.ITRenew resells servers it buys from hyperscalers like Amazon and Google that are retiring them, typically after a year or so. It refurbishes them, offers a warrantee, and sells them to enterprises for half the price of new hardware.ITRenew sells the servers under the Sesame brand, which will now include Pluribus’s open networking software with their hyperscale-grade compute, storage and networking infrastructure for a fully integrated hardware and software solution.To read this article in full, please click here

Cisco tool makes it easier to meld SD-WAN, security domains

Cisco has upgraded two of its core software programs to make it easier for enterprise customers to secure data-center and WAN-connected resources.Cisco has introduced what it calls Integrated Domain, which combines the domain controllers of Cisco DNA Center and Cisco SD-WAN vManage to tie together network connectivity between the two domains as well as ensuring security-policy consistency end-to-end, according to Justin Buchanan, Cisco director of product management, security policy and access.To read this article in full, please click here

Cisco tool makes it easier to meld SD-WAN, security domains

Cisco has upgraded two of its core software programs to make it easier for enterprise customers to secure data-center and WAN-connected resources.https://www.networkworld.com/article/3599213/what-are-data-centers-how-they-work-and-how-they-are-changing-in-size-and-scope.htmlCisco has introduced what it calls Integrated Domain, which combines the domain controllers of Cisco DNA Center and Cisco SD-WAN vManage to tie together network connectivity between the two domains as well as ensuring security-policy consistency end-to-end, according to Justin Buchanan, Cisco director of product management, security policy and access.To read this article in full, please click here

Live Webinar: How Routers Really Work

This Friday (the 12th) I’m presenting a live webinar on How Routers Really Work over at Pearson. From the description:

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

Please join me by registering here.

I’ve changed just a few of the slides from the last time I gave this talk and reordered some things.

Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored)

As forecasts vary between a full return to office and distributed work, IT organizations have to figure out how to monitor and manage work-from-anywhere. This Tech Bytes episode, sponsored by AppNeta, explores how IT can balance on-prem and distributed-work priorities. AppNeta also recently introduced a new monitoring point that runs on Cisco Catalyst switches for improved visibility into app performance at branch and remote sites.

The post Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored) appeared first on Packet Pushers.

Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored)

As forecasts vary between a full return to office and distributed work, IT organizations have to figure out how to monitor and manage work-from-anywhere. This Tech Bytes episode, sponsored by AppNeta, explores how IT can balance on-prem and distributed-work priorities. AppNeta also recently introduced a new monitoring point that runs on Cisco Catalyst switches for improved visibility into app performance at branch and remote sites.

Network Break 358: Unpacking Juniper’s Strategic Objectives; Intel Details New Infrastructure Chip

This weeks' Network Break discusses Juniper's Analyst & Influencer day plus a new Wi-Fi 6E announcement. Intel is teaming up with Google to develop a chip for offloading network, security, and storage jobs from the CPU (but Intel won't call it a DPU). And the FCC revokes authorization for China Telecom to operate in the United States.

The post Network Break 358: Unpacking Juniper’s Strategic Objectives; Intel Details New Infrastructure Chip appeared first on Packet Pushers.

Sizing Up Post-Quantum Signatures

Sizing Up Post-Quantum Signatures
Sizing Up Post-Quantum Signatures

Quantum computers are a boon and a bane. Originally conceived by Manin and Feyman to simulate nature efficiently, large-scale quantum computers will speed-up innovation in material sciences by orders of magnitude. Consider the technical advances enabled by the discovery of new materials (with bronze, iron, steel and silicon each ascribed their own age!); quantum computers could help to unlock the next age of innovation. Unfortunately, they will also break the majority of the cryptography that’s currently used in TLS to protect our web browsing. They fall in two categories:

  1. Digital signatures, such as RSA, which ensure you’re talking to the right server.
  2. Key exchanges, such as Diffie–Hellman, which are used to agree on encryption keys.

A moderately-sized stable quantum computer will easily break the signatures and key exchanges currently used in TLS using Shor’s algorithm. Luckily this can be fixed: over the last two decades, there has been great progress in so-called post-quantum cryptography. “Post quantum”, abbreviated PQ, means secure against quantum computers. Five years ago, the standards institute NIST started a public process to standardise post-quantum signature schemes and key exchanges. The outcome is expected to be announced early 2022.

At Cloudflare, we’re not just following this Continue reading

How To Prevent Arthritis From Computer Usage?

Arthritis is one of the most common conditions faced by office workers. It can be mild or severe. Sometimes the pain can be unmanageable too. Besides that, it can affect you permanently.

If you work on computers every day, you are more likely to suffer from arthritis. But worry no more. Here are some measures that you can take to prevent arthritis from computer usage.

Maintain Movement

Does your job require you to sit in front of a computer all day? If so, then you need to consider taking breaks in between. That is because sitting in one position can stiffen your muscles. By moving around, you can release tension.

Besides that, you should also take small breaks when performing a repetitive task. For example, if you type consistently for long periods, stop in between. And for at least five minutes, ensure that your hands are at rest.

Keep Your Feet In Good Position

If you work on a high desk, then it’s most likely your feet won’t be touching the ground. That is something you need to avoid because it can stress your lower back. As a result, the risk of arthritis development will increase.

One way to ensure Continue reading

Automation 4. Extracting and Exploring 6WING YANG Modules with NETCONF, Pyang and Ansible

Hello my friend,

Some time ago we’ve explained how to deploy a 6WING vRouter in a Linux environmennt, such as our Open Source Virtualised cloud with Debian Linux and ProxMox. One of the good things about 6WIND is that its configuration is entirely based on YANG modules and is exposable via NETCONF. Today you will learn how to get 6WIND YANG modules, how are they structured with Pyang and how to automate its extraction with Ansible.


1
2
3
4
5
No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.

Why Is Everyone so Passionate about Model-Driven Automation and YANG?

All we love nice configuration files made in easy readable YANG or JSON, isn’t it? The beauty of working with them is that you don’t need to create a text string parsers, which is always a difficult task. One of the reasons, why it is so difficult to create parsers, is because of ever changing CLI structures and also values in the semi-formatted text, our ascii tables we see Continue reading

How to rsync files between two remotes?

scp -3 can copy files between two remote hosts through localhost. This comes in handy when the two servers cannot communicate directly or if they are unable to authenticate one to the other.1 Unfortunately, rsync does not support such a feature. Here is a trick to emulate the behavior of scp -3 with SSH tunnels.

When syncing with a remote host, rsync invokes ssh to spawn a remote rsync --server process. It interacts with it through its standard input and output. The idea is to recreate the same setup using SSH tunnels and socat, a versatile tool to establish bidirectional data transfers.

The first step is to connect to the source server and ask rsync the command-line to spawn the remote rsync --server process. The -e flag overrides the command to use to get a remote shell: instead of ssh, we use echo.

$ ssh web04
$ rsync -e 'sh -c ">&2 echo $@" echo' -aLv /data/. web05:/data/.
web05 rsync --server -vlogDtpre.iLsfxCIvu . /data/.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(228) [sender=3.2.3]

The second step is to connect to Continue reading

Soap Opera: SRv6 Is Insecure

I heard about SRv6 when it was still on the drawing board, and my initial reaction was “Another attempt to implement source routing. We know how that ends.” The then-counter-argument by one of the proponents went along the lines of “but we’ll use signed headers to prevent abuse” and I thought “yeah, that will work really well in silicon implementations”.

Years later, Andrew Alston decided to document the state of the emperor’s wardrobe (TL&DR: of course SRv6 is insecure and can be easily abused) and the counter-argument this time was “but that applies to any tunnel technology”. Thank you, we knew that all along, and that’s not what was promised.

You might want to browse the rest of that email thread; it’s fun reading unless you built your next-generation network design on SRv6 running across third-party networks… which was another PowerPoint case study used by SRv6 proponents.

Soap Opera: SRv6 Is Insecure

I heard about SRv6 when it was still on the drawing board, and my initial reaction was “Another attempt to implement source routing. We know how that ends.” The then-counter-argument by one of the proponents went along the lines of “but we’ll use signed headers to prevent abuse” and I thought “yeah, that will work really well in silicon implementations”.

Years later, Andrew Alston decided to document the state of the emperor’s wardrobe (TL&DR: of course SRv6 is insecure and can be easily abused) and the counter-argument this time was “but that applies to any tunnel technology”. Thank you, we knew that all along, and that’s not what was promised.

You might want to browse the rest of that email thread; it’s fun reading unless you built your next-generation network design on SRv6 running across third-party networks… which was another PowerPoint case study used by SRv6 proponents.