Archive

Category Archives for "Networking"

From the Desk of the CEO: Pluribus Raises $20M from Morgan Stanley Expansion Capital to Fuel Growth

To the Pluribus Networks community:

Today, Pluribus Networks announced a funding round of $20 million led by Morgan Stanley Expansion Capital. This is an extremely exciting time for our company and for the industry, and the capital raised during this round will enable Pluribus to increase R&D and add sales and marketing capacity to accelerate its growth in the distributed cloud market, as well as expand into adjacent segments. In the coming months, we’ll be announcing a number of new product and partner initiatives that reflect the market’s increasing need for cost-effective and highly-automated data center networking fabric solutions.

The timing around this funding news is truly ideal. Industry analysts are consistently forecasting an increase in market opportunities around data center switching as digital transformation continues to accelerate globally – Dell ’Oro Group expects the market to surpass $20 billion by 2025. Furthermore, research completed this year by Enterprise Management Associates shows that the majority of enterprises are increasing their number of data center sites and over 80% intend to deploy active-active data centers to support availability zones. In that same research enterprises identify their top two challenges as network operational complexity and network architecture complexity. Pluribus Networks’ Netvisor® Continue reading

Ananki startup tries to simplify private 5G

A startup using open-source components to offer software-defined private 5G as a service hopes to attract enterprises with an architecture that it says is as simple as Wi-Fi's. 5G resources How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises Called Ananki, the company requires little of enterprises in order to deploy the service: Customers set up small-cell 5G radios on-site, point them toward a cloud network running the Ananki software, install SIMs on the enterprise hardware that will tap into the service, and Ananki’s automation remotely configures the radios and provisions the SIMs.To read this article in full, please click here

Kioxia seeks to make the SSD more programmable

NAND flash maker Kioxia has expanded its Software-Enabled Flash technology to bring a greater degree of programmability to NAND storage. The move will benefit hyperscalers the most but will have benefits for enterprises and SMBs as well.Kioxia (formerly Toshiba) first introduced SEF last year. It’s an open-source API that operates as a new kind of hardware flash controller to offload some functions to a controller, thus freeing up the CPU, while allowing large data-center environments to manage at scale.Because the API is open source, competitors in the flash space can adopt the API and customize it for their hardware. Hyperscalers think about SSDs in terms of deploying and serving workloads at scale. Kioxia notes that cloud providers often have different types of drives they deploy for different use cases, like block storage versus file storage or ZNS.To read this article in full, please click here

Kioxia seeks to make the SSD more programmable

NAND flash maker Kioxia has expanded its Software-Enabled Flash technology to bring a greater degree of programmability to NAND storage. The move will benefit hyperscalers the most but will have benefits for enterprises and SMBs as well.Kioxia (formerly Toshiba) first introduced SEF last year. It’s an open-source API that operates as a new kind of hardware flash controller to offload some functions to a controller, thus freeing up the CPU, while allowing large data-center environments to manage at scale.Because the API is open source, competitors in the flash space can adopt the API and customize it for their hardware. Hyperscalers think about SSDs in terms of deploying and serving workloads at scale. Kioxia notes that cloud providers often have different types of drives they deploy for different use cases, like block storage versus file storage or ZNS.To read this article in full, please click here

Should You Build or Buy a Router?

Patrik Schindler sent me an interesting comment to my Open-Source DMVPN Alternatives blog post:

I’ve done searches myself some time ago about the readymade Linux distros supporting DMVPN and got exactly what I asked for.

Glancing over that page appalled me: Different stuff with different configuration languages, probably the need to restart things, thus generating service outages for configuration changes…

Your blog is heavily biased towards big deployments with good opportunities for automation, and the diversity of different components can be easily hidden behind automation scripts of choice. Smaller deployments are almost never being able to compensate the initial overhead of creating all the automation fuzz, and from that perspective, I must admit that configuring a Cisco router feels way more smooth to me.

Welcome to the build-or-buy dilemma, router edition.

Should You Build or Buy a Router?

Patrik Schindler sent me an interesting comment to my Open-Source DMVPN Alternatives blog post:

I’ve done searches myself some time ago about the readymade Linux distros supporting DMVPN and got exactly what I asked for.

Glancing over that page appalled me: Different stuff with different configuration languages, probably the need to restart things, thus generating service outages for configuration changes…

Your blog is heavily biased towards big deployments with good opportunities for automation, and the diversity of different components can be easily hidden behind automation scripts of choice. Smaller deployments are almost never being able to compensate the initial overhead of creating all the automation fuzz, and from that perspective, I must admit that configuring a Cisco router feels way more smooth to me.

Welcome to the build-or-buy dilemma, router edition.

Update on recent VoIP attacks: What should I do if I’m attacked?

Update on recent VoIP attacks: What should I do if I’m attacked?
Update on recent VoIP attacks: What should I do if I’m attacked?

Attackers continue targeting VoIP infrastructure around the world. In our blog from last week, May I ask who’s calling, please? A recent rise in VoIP DDoS attacks, we reviewed how the SIP protocol works, ways it can be abused, and how Cloudflare can help protect against attacks on VoIP infrastructure without impacting performance.

Cloudflare’s network stands in front of some of the largest, most performance-sensitive voice and video providers in the world, and is uniquely well suited to mitigating attacks on VoIP providers.

Because of the sustained attacks we are observing, we are sharing details on recent attack patterns, what steps they should take before an attack, and what to do after an attack has taken place.

Below are three of the most common questions we’ve received from companies concerned about attacks on their VoIP systems, and Cloudflare’s answers.

Question #1: How is VoIP infrastructure being attacked?

The attackers primarily use off-the-shelf booter services to launch attacks against VoIP infrastructure. The attack methods being used are not novel, but the persistence of the attacker and their attempts to understand the target’s infrastructure are.

Attackers have used various attack vectors to probe the existing defenses of targets and try to Continue reading

VMworld 2021: VMware to pack more security into NSX

When it comes to protecting data-center-based resources in the highly distributed world, traditional security hardware and software components just aren’t going to cut it.That’s the bottom line for enterprises as they move to distributed digital environments according to Tom Gillis, senior vice president and general manager of VMware’s networking & advanced security business group. The idea is that security needs to be put deep into the infrastructure fabric and protect workloads across their lifecycle, Gillis said during an interview with Network World at the company’s VMworld virtual conference.To read this article in full, please click here

VMworld 2021: VMware to pack more security into NSX

When it comes to protecting data-center-based resources in the highly distributed world, traditional security hardware and software components just aren’t going to cut it.That’s the bottom line for enterprises as they move to distributed digital environments according to Tom Gillis, senior vice president and general manager of VMware’s networking & advanced security business group. The idea is that security needs to be put deep into the infrastructure fabric and protect workloads across their lifecycle, Gillis said during an interview with Network World at the company’s VMworld virtual conference.To read this article in full, please click here

VMworld 2021: VMware to pack more security into NSX

When it comes to protecting data-center-based resources in the highly distributed world, traditional security hardware and software components just aren’t going to cut it.That’s the bottom line for enterprises as they move to distributed digital environments according to Tom Gillis, senior vice president and general manager of VMware’s networking & advanced security business group. The idea is that security needs to be put deep into the infrastructure fabric and protect workloads across their lifecycle, Gillis said during an interview with Network World at the company’s VMworld virtual conference.To read this article in full, please click here

Learning from Facebook’s Mistakes

On October 4th Facebook managed to achieve one of the more impactful of outages of the entire history of the Internet, assuming that the metric of "impact" is how many users one can annoy with a single outage. What can we as an industry learn from this outage to ensure that we can avoid a recurrence of such a widespread outage in other important and popular service platforms?

Hedge 103: BGP Security with Geoff Huston

Our community has been talking about BGP security for over 20 years. While MANRS and the RPKI have made some headway in securing BGP, the process of deciding on a method to provide at least the information providers need to make more rational decisions about the validity of individual routes is still ongoing. Geoff Huston joins Alvaro, Russ, and Tom to discuss how we got here and whether we will learn from our mistakes.

download

Day Two Cloud 118: Growing Your Open-Source Community

How does a company building a product from an open-source project get off the ground? How does it communicate its value, attract contributors, and develop a user base? And how does it spread the word without turning off engineers with typical tech marketing? Guest Emily Omier is a positioning consultant who helps companies and projects get it right.

The post Day Two Cloud 118: Growing Your Open-Source Community appeared first on Packet Pushers.

Day Two Cloud 118: Growing Your Open-Source Community

How does a company building a product from an open-source project get off the ground? How does it communicate its value, attract contributors, and develop a user base? And how does it spread the word without turning off engineers with typical tech marketing? Guest Emily Omier is a positioning consultant who helps companies and projects get it right.

ARP problems in EVPN

In any L2 overlay network, ARP handling will always remain a big pain for network operators.

This post explains why you should always set ARP timeout to less than 5 minutes in L3 EVPN, and always be cautious of potential …

Wireless LANS in the 21st Century

The power and potential of the next generation cognitive campus are transformative as the industry undergoes a massive transition to hybrid work in the post-pandemic era. A key underpinning to successful campus networking deployments has been our very first acquisition of Mojo Networks for cognitive Wi-Fi. Arista’s entry into wireless is only in its third year, yet the advances in this space will be profound over the next decade.

Staging TLS Certificate: Make every deployment a safe deployment

Staging TLS Certificate: Make every deployment a safe deployment
Staging TLS Certificate: Make every deployment a safe deployment

We are excited to announce that Enterprise customers now have the ability to test custom uploaded certificates in a staging environment before pushing them to production.

With great power comes great responsibility

If you’re running a website or the API that’s behind a popular app, you know your users have high expectations: it can't just be up and running; it also has to be fast and secure. One of the easiest and most standardized ways to secure connections is with the TLS protocol. To do that, you need to acquire a TLS certificate for your domain.

One way to get a certificate is by using a CDN provider, like Cloudflare. We make the process really easy by issuing certificates on your behalf. Not just that, but when your certificate is getting closer to its expiration date, we are responsible for re-issuing it. But, if you don’t want Cloudflare to issue the certificate on your behalf and want to obtain the certificate yourself, you can do so. You can either keep control of your private key, or generate a Certificate Signing Request (CSR) through Cloudflare, so we maintain the private key, but you can still use the certificate authority (CA) of Continue reading

Worth Reading: Do We Need Segment Routing?

Etienne-Victor Depasquale sent me a pointer to an interesting NANOG discussion: why would we need Segment Routing. It’s well worth reading the whole thread (until it devolves into “that is not how MPLS works” arguments), which happens to be somewhat aligned with my thinking:

  • SR-MPLS makes perfect sense (excluding the migration-from-LDP fun)
  • SRv6 (in whatever incantation) is mostly a vendor ploy to sell new chipsets.

Enjoy!