Archive

Category Archives for "Networking"

It’s official: VMware and Dell have split

VMware is once again a standalone company as it has officially split with its parent firm, Dell and untied the knot that has held them together since 2016.The move is widely seen as a way for both companies to work with new partners and expand their respective technologies while keep close ties to each other.[Get regularly scheduled insights by signing up for Network World newsletters.] It also has financial impacts. According to the Financial Times, Dell Technologies will shed its 81% stake in publicly traded VMware, creating an independent software company with a stock market value of nearly $64 billion. Dell’s remaining hardware operations have an implied value of $33 billion, based on its latest share price. To read this article in full, please click here

Vapor IO Realizes Open Grid Vision With INZONE 5G Edge Services

One of the defining characteristics of edge applications is the need for low latency to absorb and analyze data from connected devices deployed in locations such as retail stores, manufacturing facilities, distribution centers, and municipal infrastructure. Until recently, most chatter about “the edge” has been vague, often conflating the extension of cloud service delivery to […]

The post Vapor IO Realizes Open Grid Vision With INZONE 5G Edge Services appeared first on Packet Pushers.

Tech Bytes: Advania Chooses Apstra For Data Center Operations (Sponsored)

Today on the Tech Bytes podcast, sponsored by Juniper, we talk with a customer of Juniper’s Apstra intent-based networking data center software. IT solutions provider Advania uses Apstra internally to operate its own data centers, as well as for customer engagements.

The post Tech Bytes: Advania Chooses Apstra For Data Center Operations (Sponsored) appeared first on Packet Pushers.

Sunburst

The recently released open source Sunburst application provides a real-time visualization of the protocols running a network. The Sunburst application runs on the sFlow-RT real-time analytics platform, which receives standard streaming sFlow telemetry from switches and routers throughout the network to provide comprehensive visibility.
docker run -p 8008:8008 -p 6343:6343/udp sflow/prometheus
The pre-built sflow/prometheus Docker image packages sFlow-RT with the applications for exploring real-time sFlow analytics. Run the command above, configure network devices to send sFlow to the application on UDP port 6343 (the default sFlow port) and connect with a web browser to port 8008 to access the user interface.
 
The chart at the top of this article demonstrates the visibility that sFlow can provide into nested protocol stacks that result from network virtualization. For example, the most deeply nested set of protocols shown in the chart is:
  1. eth: Ethernet
  2. q: IEEE 802.1Q VLAN
  3. trill: Transparent Interconnection of Lots of Links (TRILL)
  4. eth: Ethernet
  5. q: IEEE 802.1Q VLAN
  6. ip: Internet Protocol (IP) version 4
  7. udp: User Datagram Protocol (UDP)
  8. vxlan: Virtual eXtensible Local Area Network (VXLAN)
  9. eth: Ethernet
  10. ip Internet Protocol (IP) version 4
  11. esp IPsec Encapsulating Continue reading

VXLAN: Virtualizing Data Center Networks for the Cloud Era

Since VXLAN was introduced in 2014 it has become an important component of modern data center network fabrics. This blog reviews what VXLAN is, why it was developed, how it is being used in data centers, and advantages over other virtualization technologies. In an upcoming blog, we will look at some innovative VXLAN applications outside the data center.

What is VXLAN?

Virtual eXtensible Local Area Network (VXLAN) is an Internet standard protocol that provides a means of encapsulating Ethernet (Layer 2) frames over an IP (Layer 3) network, a concept often referred to as “tunneling.” This allows devices and applications to communicate across a large physical network as if they were located on the same Ethernet Layer 2 network.

Tunneling approaches such as VXLAN provide an important tool to virtualize the physical network, often called the “underlay,” and allow for connectivity to be defined and managed as a set of virtual connections, called the “overlay.” These virtual connections can be created, modified and removed as needed without any change to the physical underlay network. (Mike Capuano’s blog, What to Know About Data Center Overlay Networks, provides a deeper dive on overlays.)

While VXLAN is only one Continue reading

Network Break 357: Switchless Networking? Startup Rockport Says Yes; ISPs Monetize Customer Surveillance

Take a Network Break! This week we discuss how startup Rockport Networks brings switchless networking to the data center. The FTC says ISPs are amassing and monetizing sensitive customer data. Cisco unveils new routing silicon, Juniper sees revenues rise and income fall, and more tech news.

The post Network Break 357: Switchless Networking? Startup Rockport Says Yes; ISPs Monetize Customer Surveillance appeared first on Packet Pushers.

Sudan: seven days without Internet access (and counting)

Sudan: seven days without Internet access (and counting)
Sudan: seven days without Internet access (and counting)

It's not every day that there is no Internet access in an entire country. In the case of Sudan, it has been five days without Internet after political turmoil that started last Monday, October 25, 2021 (as we described).

The outage continues with almost a flat line and just a trickle of Internet traffic from Sudan. Cloudflare Radar shows that the Internet in Sudan is still almost completely cut off.

Sudan: seven days without Internet access (and counting)

There was a blip of traffic on Tuesday at ~14:00 UTC, for about one hour, but it flattened out again, and it continues like that — anyone can track the evolution on the Sudan page of Cloudflare Radar.

Sudan: seven days without Internet access (and counting)

Internet shutdowns are not that rare

Internet disruptions, including shutdowns and social media restrictions, are common occurrences in some countries and Sudan is one where this happens more frequently than most countries according to Human Rights Watch. In our June blog, we talked about Sudan when the country decided to shut down the Internet to prevent cheating in exams, but there were situations in the past more similar to this days-long shutdown — something that usually happens when there’s political unrest.

The country's longest recorded network disruption was back in Continue reading

Software-defined perimeter is a good place to start a rollout of Zero Trust network access

Zero Trust relies on continuously re-authorizing users, applications, and devices to establish myriad “perimeters of one” in the environment, but the name isn’t quite accurate.Zero Trust doesn’t literally mean zero trust; it means zero implicit trust. You—whether that means a person, or a software or hardware system—are not to be trusted simply by virtue of where you are on the network; there is no network perimeter within which you are automatically trusted to connect to services. And you are not to be trusted now just because you were trusted when you first gained access to the network; gaining admission once is not the same thing as ongoing trust. And you are not to be trusted to make the new service connection you are trying to make now just because you were trusted to make the previous one.To read this article in full, please click here

Software-defined perimeter is a good place to start a rollout of Zero Trust network access

Zero Trust relies on continuously re-authorizing users, applications, and devices to establish myriad “perimeters of one” in the environment, but the name isn’t quite accurate.Zero Trust doesn’t literally mean zero trust; it means zero implicit trust. You—whether that means a person, or a software or hardware system—are not to be trusted simply by virtue of where you are on the network; there is no network perimeter within which you are automatically trusted to connect to services. And you are not to be trusted now just because you were trusted when you first gained access to the network; gaining admission once is not the same thing as ongoing trust. And you are not to be trusted to make the new service connection you are trying to make now just because you were trusted to make the previous one.To read this article in full, please click here

How to choose an edge gateway

There could be as many as 15 billion IoT devices connected to enterprise infrastructure by 2029, according to Gartner. These devices will generate massive amounts of operational data that needs to be translated from their original protocols, aggregated, and analyzed in order to deliver real-time actionable alerts as well as longer-term business insights.For organizations with significant IoT deployments, edge computing has emerged as an effective way to process sensor data closest to where it is created. Edge computing reduces the latency associated with moving data from a remote location to a centralized data center or to the cloud for analysis, slashes WAN bandwidth costs, and addresses security, data-privacy, and data-autonomy issues.To read this article in full, please click here

How to choose an edge gateway

There could be as many as 15 billion IoT devices connected to enterprise infrastructure by 2029, according to Gartner. These devices will generate massive amounts of operational data that needs to be translated from their original protocols, aggregated, and analyzed in order to deliver real-time actionable alerts as well as longer-term business insights.For organizations with significant IoT deployments, edge computing has emerged as an effective way to process sensor data closest to where it is created. Edge computing reduces the latency associated with moving data from a remote location to a centralized data center or to the cloud for analysis, slashes WAN bandwidth costs, and addresses security, data-privacy, and data-autonomy issues.To read this article in full, please click here

netsim-tools Release 1.0

It looks like netsim-tools reached a somewhat stable state, so it was time to do a cleanup and publish release 1.0 (also available on PyPi, use pip3 install –upgrade netsim-tools to fetch it).

During the cleanup, I removed all references to the obsolete scripts, leaving only the netlab command. I also found an old bash script that enabled LLDP passthrough on Linux bridges and made it part of netlab up process; your libvirt-based labs will have LLDP enabled by default.

Interested? Install the tools and follow the tutorials to get started.

netsim-tools Release 1.0

It looks like netsim-tools reached a somewhat stable state, so it was time to do a cleanup and publish release 1.0 (also available on PyPi, use pip3 install –upgrade netsim-tools to fetch it).

During the cleanup, I removed all references to the obsolete scripts, leaving only the netlab command. I also found an old bash script that enabled LLDP passthrough on Linux bridges and made it part of netlab up process; your libvirt-based labs will have LLDP enabled by default.

Interested? Install the tools and follow the tutorials to get started.

Python Script Pulling AWS IP Prefixes – Part 2

In the previous post I described some of the design considerations for this script and what modules I use. In this post, we will look at using YAML to collect data and use it in Python in the form of a dictionary. Why YAML? YAML is commonly used as a readable way of storing configuration data and there are modules for Python to read that data.

The YAML file is a very basic one containing these mappings:

---
outside_interface: outside
aws_service: s3
aws_region: eu-north-1
asa_ip: 192.168.255.241
...

The three dashes indicate the start of the file and the three dots indicate the end of the file. We have configured what service we are interested in (S3) and in what region (eu-north-1). The outside interface in our Cisco ASA is named outside.

The natural fit to work with mappings in Python is a dictionary. We need to get the data from the file named aws_prefix.yml into a dictionary. To do that, we will use the following code:

def get_yaml_data() -> dict:
    """Gets the interface name, ASA IP address AWS service, and region 
    from the YAML file and returns a dictionary"""
    try:
        with open("aws_prefix.yml")  Continue reading

Worth Reading: Operators and the IETF

Long long time ago (seven years to be precise), ISOC naively tried to bridge the gap between network operators and Internet Vendor Engineering Task Force1. They started with a widespread survey asking operators why they’re hesitant to participate in IETF mailing lists and meetings.

The result: Operators and the IETF draft that never moved beyond -00 version. A quick glimpse into the Potential Challenges will tell you why IETF preferred to kill the messenger (and why I published this blog post on Halloween).

Worth Reading: Operators and the IETF

Long long time ago (seven years to be precise), ISOC naively tried to bridge the gap between network operators and Internet Vendor Engineering Task Force1. They started with a widespread survey asking operators why they’re hesitant to participate in IETF mailing lists and meetings.

The result: Operators and the IETF draft that never moved beyond -00 version. A quick glimpse into the Potential Challenges will tell you why IETF preferred to kill the messenger (and why I published this blog post on Halloween).