0

Automation 3. Configuring of Nokia SROS via NETCONF/YANG with pySROS and Python

Hello my friend,

we continue the review and tutorial of pySROS, the Nokia Python library to manage the Nokia SR OS based routers via NETCONF/YANG. In previous blogposts we’ve covered how to poll the configuration and operational data and how to structure the received data and explore its YANG modules. Today we’ll take a look how to configure Nokia SR OS based devices.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

I Have Software Developers in My Company. Why Should I Do Automation?

This is one of the trickiest questions, which doesn’t have a simple answer. Really, why should you, network or security engineer, bother yourself and step into completely new and unknown world of automation and development? The reason for that very simple: network and security automation (and infrastructure automation in general) requires detailed knowledge of the network and security infrastructure first of all. We always say at our trainings: automation is automation of your knowledge and skills. So

On top of that, Continue reading

0

Weekend Reads 102921

If your organization includes Android devices as part of its bring-your-own-device (BYOD) policy or uses embedded systems, then a recent root expiration for Let’s Encrypt digital certificates may potentially place your organization at risk.

In a threat hunting approach, when we find some malicious file, binary, or a program, we need to collect the artifacts from them and search within our whole environment to find any possible traces of malicious activity.

In other words, how to fool advanced threat detection systems, past the all-seeing eye of which, according to marketers, no extra byte can slip through. I am talking about systems that use big data analytics as one of the main tools for detecting suspicious activity like SIEM and XDR.

Intel Corp. and Alphabet Inc.’s Google Cloud on Wednesday said they have worked together to create a new category of chip that Intel hopes will become a major seller in the booming cloud computing market.

Attacks involving SEO poisoning — where adversaries artificially increase the search engine ranking of websites hosting their malware to lure potential victims — are on the rise.

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published cybersecurity guidance Continue reading

0

Worth Reading: Programming Sucks

Just FYI: if you’re wondering about the wisdom of every networking engineer should become a programmer religion, you might benefit from the Programming Sucks reality check. I had just enough exposure to programming to realize how spot-on it is (and couldn’t decide whether to laugh or cry).

0

Worth Reading: Programming Sucks

Just FYI: if you’re wondering about the wisdom of every networking engineer should become a programmer religion, you might benefit from the Programming Sucks reality check. I had just enough exposure to programming to realize how spot-on it is (and couldn’t decide whether to laugh or cry).

0

Calico is celebrating 5 years

October marks the five-year anniversary of Calico Open Source, the most widely adopted solution for container networking and security. Calico Open Source was born out of Project Calico, an open-source project with an active development and user community, and has grown to power 1.5M+ nodes daily across 166 countries.

When Calico was introduced 5 years ago, the world—and technology—was much different from what it is today. The march toward distributed applications and microservices had just begun. Today, open-source projects like Project Calico are enabling the large-scale adoption of a modern architecture that is ultimately responsible for the wholesale transition to digital transformations that we are witnessing.

As part of our celebration, we’ve compiled a few comments from people who have worked on the project over the years.

“Calico works well out of the box. It scales well, rarely has bugs, and is feature rich. Tigera does a good job supporting its customers also.” —Network engineer

“[Calico is] the industry standard [for] networking for Kubernetes.” —Platform engineer

“The support for a lot of K8s distributions (either on-prem or cloud managed) is great with Calico.” —Platform architect

“[Calico helped us learn] about network segmentation in cloud-native environments.” Continue reading

0

A Word of Warning for Remote IT Infrastructure Workforces

To continue to support a remote IT workforce, due diligence must be performed to both reduce the number of hardware components that must be managed and the steps to be taken when outages occur.

0

Heavy Networking 604: Taking A Systems Approach To Networking With Bruce Davie

Today's Heavy Networking discusses the notion of looking at, and learning about, networking via a systems approach. Our guest is Dr. Bruce Davie who's had a long career in networking, has written numerous IETF RFCs, and is the author of a new set of free books on networking and computer systems.

The post Heavy Networking 604: Taking A Systems Approach To Networking With Bruce Davie appeared first on Packet Pushers.

0

Heavy Networking 604: Taking A Systems Approach To Networking With Bruce Davie

Today's Heavy Networking discusses the notion of looking at, and learning about, networking via a systems approach. Our guest is Dr. Bruce Davie who's had a long career in networking, has written numerous IETF RFCs, and is the author of a new set of free books on networking and computer systems.

0

Getting In Front of Future Regret

Yesterday I sat in on the keynote from Commvault Connections21 and participated in a live blog of it on Gestalt IT. There was a lot of interesting info around security, especially related to how backup and disaster recovery companies are trying to add value to the growing ransomware issue in global commerce. One thing that I did take away from the conversation wasn’t specifically related to security though and I wanted to dive into a bit more.

Reza Morakabati, CIO for Commvault, was asked what he thought teams needed to do to advance their data strategy. And his response was very insightful:

Ask your team to imagine waking up to hear some major incident has happened. What would their biggest regret be? Now, go to work tomorrow and fix it.

It’s a short, sweet, and powerful sentence. Technology professionals are usually focused on implementing new things to improve productivity or introduce new features to users and customers. We focus on moving fast and making people happy. Security is often seen as running counter to this ideal. Security wants to keep people safe and secure. It’s not unlike the parents that hold on to their child’s bicycle after the training wheels Continue reading

0

How to use the xargs command: 2-Minute Linux Tips

In this Linux tip, learn how to use the xargs command. It accepts input that is piped to it and then uses that input as arguments to whatever command you specify.

0

Nonlinear Effects of Optimization-Induced Complexity

We have school holidays this week, so I’m reposting wonderful comments that would otherwise be lost somewhere in the page margins. Today: Minh Ha on recent Facebook failure and overly complex systems (slightly edited).

---

I incidentally commented on your NSF post some 3 weeks before […the Facebook outage…] happened, on the unpredictable nature of nonlinear effects resulting from optimization-induced complexity. Their outage just drives home the point that optimization is a dumb process and leads to combinations of circular dependency that no one can account for and test.

0

Nonlinear Effects of Optimization-Induced Complexity

We have school holidays this week, so I’m reposting wonderful comments that would otherwise be lost somewhere in the page margins. Today: Minh Ha on recent Facebook failure and overly complex systems (slightly edited).

---

I incidentally commented on your NSF post some 3 weeks before […the Facebook outage…] happened, on the unpredictable nature of nonlinear effects resulting from optimization-induced complexity. Their outage just drives home the point that optimization is a dumb process and leads to combinations of circular dependency that no one can account for and test.

0

On DNS Openness

How open is the DNS market? This is q question that is not just about barriers to competitive entry for new providers into the market. There is more to this question about the use of markets as a signalling mechanism across a diverse collection of intertwined producers and consumers. How effective is the market as a signalling mechanism across these entities? Is the market providing clear signals that allows orchestration of activity to support the evolution of a coherent and robust service? Is the market-driven evolution of the delivered product or service one that is chaotic and periodically disrupted?

0

BrandPost: Connectivity Shouldn’t Limit Industry 4.0 Acceleration

When the coronavirus pandemic forced shutdowns across the world, industries faced a disaster unlike ever before. Facilities and IT systems were operational, yet people could not physically access them. According to a 2021 McKinsey survey, Industry 4.0 technologies were a lifesaver, with 94% of respondents saying they helped keep operations running and more than half (56%) reporting they were critical to doing so.COVID-19 put Industry 4.0 and digital transformation into third gear, while preparing enterprises for the post-pandemic era. However, these technologies depend on connectivity, and legacy solutions such as wired connections or WiFi are not up to the challenge. To read this article in full, please click here

0

Peek Under the Hood: SE Labs NDR Test 

Earlier this month, SE Labs awarded VMware the first ever AAA rating for Network Detection and Response (NDR)–highlighted by our ability to provide 100 percent protection from four major advanced and persistent (APT) groups across multi-cloud environments. The NDR test, the first of its kind, signified the changing threat landscape where enterprises need to identify and stop attackers inside the network where they are able to move freely to discover valuable information they can exfiltrate. Given expanding threat surfaces due to modern applications, work from anywhere and cloud transformation, the assumption is that attackers are likely already inside your network, making legacy cybersecurity tests focused solely on the perimeter increasingly-unsuitable assessments for protecting today’s modern enterprise. 

According to the results from SE Labs, VMware NSX NDR provides 100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network. 

Given that this is the first test of its kind, we wanted to give you a look under the hood to see how SE Labs used VMware NDR to detect all malicious network traffic and payloads from a specific threat group—OilRig – APT 34. Check out the Continue reading

0

Audience Q+A: Gluware LiveStream Video [8/8]

Michael Haugh of Gluware joins Greg Ferro + Drew Conry-Murray of the Packet Pushers to discuss several questions that came in during the event. Most of them were technical, nerdy details. If you’re a network engineer, this Q&A is especially for you. If Gluware might be a fit for your network automation needs, visit here. […]

The post Audience Q+A: Gluware LiveStream Video [8/8] appeared first on Packet Pushers.

0

A Look Inside Modern Design Principles for Secure Boot in CPU Hardware

Secure boot features are typically customizable and capable of being turned on or off by the OEM. The question then arises of which mode should be the default.

0

NetApp overhauls cloud storage lineup

NetApp used its virtual NetApp Insight 2021 conference as the launchpad for several new technologies and enhancements to existing products, as well as to announce an acquisition. All are meant to bolster the on-prem storage supplier’s cloud offerings.First up, NetApp introduced ONTAP 9.10 Enterprise Data Management software, which includes upgrades that protect against ransomware and enhanced detection and recovery capabilities. The new software also features expanded data management capabilities and NVMe/TCP support.NVMe traditionally works over a network fabric, but there are bottlenecks – namely, you have to build the fabric. NVMe/TCP allows the same storage devices to be shared among data centers through the Internet protocol over the existing network.To read this article in full, please click here

0

Big Picture: BFD, Non-Stop Forwarding, and Graceful Restart

We have school holidays this week, so I’m reposting wonderful comments that would otherwise be lost somewhere in the page margins. Today: Erik Auerswald’s excellent summary of BFD, NSF, and GR.

---

I’d suggest to step back a bit and consider the bigger picture: What is BFD good for? What is GR/NSF/NSR/SSO good for?

BFD and GR/NSF/NSR/SSO have different goals: one enables quick fail over, the other prevents fail over. Combining both promises to be interesting.

0

Big Picture: BFD, Non-Stop Forwarding, and Graceful Restart

We have school holidays this week, so I’m reposting wonderful comments that would otherwise be lost somewhere in the page margins. Today: Erik Auerswald’s excellent summary of BFD, NSF, and GR.

---

I’d suggest to step back a bit and consider the bigger picture: What is BFD good for? What is GR/NSF/NSR/SSO good for?

BFD and GR/NSF/NSR/SSO have different goals: one enables quick fail over, the other prevents fail over. Combining both promises to be interesting.