Rockport’s Switchless Networking – Don’t Call It A SmartNIC

Rockport Networks has announced a switchless data center networking product that targets high-performance compute clusters running latency-sensitive workloads. Instead of switches in a leaf-spine or Clos fabric design, Rockport builds a multi-path mesh using network cards installed in the PCIe slots of servers and storage systems.

The post Rockport’s Switchless Networking – Don’t Call It A SmartNIC appeared first on Packet Pushers.

Bringing Security up to the Speed of the Cloud

There is no reason for security to lag behind and stick to old models when there are the capabilities and infrastructure to enable cloud-first network security.

The 400G Era

As an industry leader in data-driven networking, Arista’s introduction of 400G platforms in 2019 intersected the emerging needs of hyper-scale cloud and HPC customers to dramatically increase bandwidth for specific ultra-high performance applications.

A Brief History of the Meris Botnet

Meris first got our attention due to an exceptionally large 17.2 million requests per second (rps) DDoS attack that it launched against one of our customers. This attack, along with subsequent attacks originated by the Meris botnet, was automatically detected and mitigated by our DDoS protection systems. Cloudflare customers, even ones on the free plan, are protected against Meris attacks.

Over the past months, we’ve been tracking and analyzing the activity of the Meris botnet. Some main highlights include:

Meris targets approximately 50 different websites every single day with a daily average of 104 unique DDoS attacks.
More than 33% of all Meris DDoS attack traffic targeted China-based websites.
More than 12% of all websites that were attacked by Meris are operated by US-based companies.

View more Meris attack insights and trends in the interactive Radar dashboard.

So what is Meris?

Meris (Latvian for plague) is the name of an active botnet behind a series of recent DDoS attacks that have targeted thousands of websites around the world. It was originally detected in late June 2021 by QRator in joint research they conducted with Yandex. Their initial research identified 30,000 to 56,000 bots, but they estimated that the numbers Continue reading

A $1.9B FCC fund to replace banned 5G telco gear might be too little

The Federal Communications Commission has opened up a $1.9 billion fund to help smaller, rural US telcos replace the 5G and other gear in their networks that is made by China-based Huawei and ZTE, whose equipment has been banned since the telecom providers bought it.The Secure and Trusted Communications Networks Reimbursement Program will help service providers remove, replace, and dispose of the equipment, but it's not likely to cover all their costs. “It’s hard to say what the gap is, but what I’m hearing from the rural wireless carriers and the others impacted by this, it won’t be enough,” said IDC research manager Patrick Filkins.The fund is open only to carriers with 10 million or fewer subscribers, and that means mostly rural providers who were attracted to the Chinese companies at least in part because of their less expensive product lines.To read this article in full, please click here

Anycast in Segment Routing

MPLS or Anycast Routing – for a long time, you had to choose one. Segment Routing allows you to have both.

Introduction

It’s hard to overstate how important anycast routing is. DNS root servers and CDN rely on it to …

Creating BGP Multipath Lab with netsim-tools

I was editing the BGP Multipathing video in the Advanced Routing Protocols section of How Networks Really Work webinar, got to the diagram I used to explain the intricacies of IBGP multipathing and said to myself “that should be easy (and fun) to set up with netsim-tools”.

Fifteen minutes later¹ I had the lab up and running and could verify that BGP works exactly the way I explained it in the webinar (at least on Cisco IOS).

Creating BGP Multipath Lab with netlab

Fifteen minutes later¹ I had the lab up and running and could verify that BGP works exactly the way I explained it in the webinar.

Satyen Desai: Why I joined Cloudflare and why I am helping Cloudflare grow in Southeast Asia and Korea

I am excited to announce that I have joined Cloudflare as the Head of Southeast Asia and Korea (SEAK) region to help build a better Internet and to expand Cloudflare’s growing customer, partner and local teams across all the countries in SEAK. Cloudflare is at an emergence phase in this region, with immense growth potential, and this is just the beginning. Cloudflare has had a lot of success globally and our charter is to build on that success and momentum to grow our presence locally to address the demands in Singapore, Malaysia, Thailand, Indonesia, Philippines, Indochina and Korea. Customer engagements in each of the countries in SEAK presents a unique, rich and fulfilling engagement each with their own intricacies.

A little about me

I was born in India (Surat, Gujarat), and at the age of four our family moved to Bahrain where we lived for eight years. We then moved to New Zealand, which is where I completed my senior years of high school and also my Bachelor’s Degree in Information Engineering at Massey University. After graduation, we moved to Melbourne, Australia which is our family home and where my career started.

I love meeting and working with diverse and Continue reading

Utilizing BGP Communities for traffic steering – part 1: Firewalls

Overview:

I typically spend more time in the enterprise data center than most of our team members and this comes with its own unique set of problems. One discussion that seems to never fail to come up is “where do I put the Firewalls (FWs)?”. That is typically followed by I have a disaster recovery or backup site with FWs there as well. This inevitably leads to a state management problem. Let’s look at how we can utilize BGP to address this problem:

what is a BGP standard community
BGP best path selection process
how to utilize them to steer traffic

This is something most service providers deal with on a daily basis but can be new to an enterprise.

BGP Standard communities

A BGP community is a route attribute that, essentially provides extra information for someone to take action or glean information from the route such as where it came from (location, type, organizational role).

By definition, a community is a 32 bit number that can be included with a route and when utilizing the new community format is displayed as (0-65535):(0-65535). It is recommend to utilize the new community format versus the old community format which is Continue reading

ITRenew integrates Pluribus Networks software with its hyperscale servers

ITRenew, the reseller of slightly used hyperscalar servers, has partnered with Pluribus Networks to add Pluribus’s Netvisor ONE operating system and Adaptive Cloud Fabric controllerless SDN cloud networking software to its hardware.ITRenew resells servers it buys from hyperscalers like Amazon and Google that are retiring them, typically after a year or so. It refurbishes them, offers a warrantee, and sells them to enterprises for half the price of new hardware.ITRenew sells the servers under the Sesame brand, which will now include Pluribus’s open networking software with their hyperscale-grade compute, storage and networking infrastructure for a fully integrated hardware and software solution.To read this article in full, please click here

ITRenew integrates Pluribus Networks software with its hyperscale servers

Cisco tool makes it easier to meld SD-WAN, security domains

Cisco has upgraded two of its core software programs to make it easier for enterprise customers to secure data-center and WAN-connected resources.https://www.networkworld.com/article/3599213/what-are-data-centers-how-they-work-and-how-they-are-changing-in-size-and-scope.htmlCisco has introduced what it calls Integrated Domain, which combines the domain controllers of Cisco DNA Center and Cisco SD-WAN vManage to tie together network connectivity between the two domains as well as ensuring security-policy consistency end-to-end, according to Justin Buchanan, Cisco director of product management, security policy and access.To read this article in full, please click here

Cisco tool makes it easier to meld SD-WAN, security domains

Cisco has upgraded two of its core software programs to make it easier for enterprise customers to secure data-center and WAN-connected resources.Cisco has introduced what it calls Integrated Domain, which combines the domain controllers of Cisco DNA Center and Cisco SD-WAN vManage to tie together network connectivity between the two domains as well as ensuring security-policy consistency end-to-end, according to Justin Buchanan, Cisco director of product management, security policy and access.To read this article in full, please click here

Live Webinar: How Routers Really Work

This Friday (the 12th) I’m presenting a live webinar on How Routers Really Work over at Pearson. From the description:

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

Please join me by registering here.

I’ve changed just a few of the slides from the last time I gave this talk and reordered some things.

Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored)

As forecasts vary between a full return to office and distributed work, IT organizations have to figure out how to monitor and manage work-from-anywhere. This Tech Bytes episode, sponsored by AppNeta, explores how IT can balance on-prem and distributed-work priorities. AppNeta also recently introduced a new monitoring point that runs on Cisco Catalyst switches for improved visibility into app performance at branch and remote sites.

The post Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored) appeared first on Packet Pushers.

Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored)

Why Modern Cybersecurity Requires AI

How to hamper the adversary using AI-Powered cybersecurity.

Network Break 358: Unpacking Juniper’s Strategic Objectives; Intel Details New Infrastructure Chip

This weeks' Network Break discusses Juniper's Analyst & Influencer day plus a new Wi-Fi 6E announcement. Intel is teaming up with Google to develop a chip for offloading network, security, and storage jobs from the CPU (but Intel won't call it a DPU). And the FCC revokes authorization for China Telecom to operate in the United States.

The post Network Break 358: Unpacking Juniper’s Strategic Objectives; Intel Details New Infrastructure Chip appeared first on Packet Pushers.