Archive

Category Archives for "Networking"

Master Class: DC Fabrics

I’m teaching another master class over at Juniper on the 13th at 9AM PT:

Spine-and-leaf fabric is the “new standard,” but how much do you know about this topology, its origins, and its properties? This session will consider the history of the Clos, explain the butterfly and Benes, look at why a fabric is a fabric and why “normal networks” are not, and cover some key design considerations when building a fabric.

You can register here.

Cloudflare Radar’s 2020 Year In Review

Cloudflare Radar's 2020 Year In Review
Cloudflare Radar's 2020 Year In Review

Throughout 2020, we tracked changing Internet trends as the SARS-Cov-2 pandemic forced us all to change the way we were living, working, exercising and learning. In early April, we created a dedicated website https://builtforthis.net/ that showed some of the ways in which Internet use had changed, suddenly, because of the crisis.

On that website, we showed how traffic patterns had changed; for example, where people accessed the Internet from, how usage had jumped up dramatically, and how Internet attacks continued unabated and ultimately increased.

Today we are launching a dedicated Year In Review page with interactive maps and charts you can use to explore what changed on the Internet in 2020. Year In Review is part of Cloudflare Radar. We launched Radar in September 2020 to give anyone access to Internet use and abuse trends that Cloudflare normally had reserved only for employees.

Where people accessed the Internet

To get a sense for the Year In Review, let’s zoom in on London (you can do the same with any city from a long list of locations that we’ve analyzed). Here’s a map showing the change in Internet use comparing April (post-lockdown) and February (pre-lockdown). This map compares working hours Continue reading

The Attention Economy And The IT Talent Dearth

In IT operations, finding talent is difficult. For years, there has been a shortage of folks who are capable of maintaining complex infrastructure. To be sure, some of this is geographical. And certainly, the rate of technology change makes it difficult to find people with specific product skills. Hard to find a Kubernetes expert with ten years of experience. ?

But I suspect there’s a couple of other things going on that, when combined, make the talent dearth even worse.

The Brutality Of Complexity

When I was studying for Novell Netware 3 (before directory services) certifications decades ago, there was a lot to know. Networking with IPX. Architecture of x86 servers. NLMs. Storage strategies. Mail systems. Whatever else was in those red books many of us had on our shelves.

Pre-AD Microsoft certifications were similarly challenging. Domain controllers. Backup domain controllers. File & print systems. User permissions and design strategies. The GINA. Networking with IP, IPX, and NetBEUI. Mail systems. IIS. So much more.

That was before the addition of directory services to Novell and Microsoft operating systems. Directory services changed the game for file, print, email, and more back in the day, and it put a major burden on IT Continue reading

Build Resilient, Secure Microservices with Microsegmentation

About 10 to 12 years ago, the world of software experienced a shift in the architectural aspects of enterprise applications. Architects and software builders started moving away from the giant, tightly coupled, monolithic applications deployed in the private data centers to a more microservices-oriented architecture hosted in public cloud infrastructure. The inherent distributed nature of microservices is a new security challenge in the public cloud. Over the last decade, despite the growing adoption of microservices-oriented architecture for building scalable, autonomous, and robust enterprise applications, organizations often struggle to protect against this new attack surface in the cloud compared to the traditional data centers. It includes concerns around multitenancy and lack of visibility and control over the infrastructure, as well as the operational environment. This architectural shift makes meeting security goals harder, especially with the paramount emphasis placed on faster container-based deployments. The purpose of this article is to understand what microsegmentation is and how it can empower software architects, DevOps engineers, and IT security architects to build secure and resilient microservices. Specifically, I’ll discuss the network security challenges associated with the popular container orchestration mechanism Kubernetes, and I will illustrate the value of microsegmentation to prevent lateral movement when a Continue reading

Interconnecting GNS3 Virtual Machines – Video

GNS3 co-founder and developer Jeremy Grossman and networking instructor David Bombal talk with Ethan Banks about how separate GNS3 VMs communicate. You can listen to the full episode, “Heavy Networking 556: The State Of GNS3 For Network Labs,” by clicking this link. Heavy Networking is part of the Packet Pushers network of technical podcasts, including […]

The post Interconnecting GNS3 Virtual Machines – Video appeared first on Packet Pushers.

Automation Win: Chatops-Based Security

It’s amazing how quickly you can deploy new functionality once you have a solid foundation in place. In his latest blog post Adrian Giacometti described how he implemented a security solution that allows network operators to block source IP addresses (identified by security tools) across dozens of firewalls using a bot listening to a Slack channel.

Would you be surprised if I told you we covered similar topics in our automation course? ?

Keep reading

Automating responses to scripts on Linux using expect and autoexpect

The Linux expect command takes script writing to an entirely new level. Instead of automating processes, it automates running and responding to other scripts. In other words, you can write a script that asks how you are and then create an expect script that both runs it and tells it that you're ok.Here's the bash script:#!/bin/bash echo "How are you doing?" read ans [Get regularly scheduled insights by signing up for Network World newsletters.] Here's the expect script that provides the response to the query:#!/usr/bin/expect set timeout -1 spawn ./ask # ask is name of script to be run expect "How are you doing?\r" send -- "ok\r" expect eof When you run the script, you should see this:To read this article in full, please click here

Network Break 315: Pluralsight Sold For $3.5 Billion; Dent NOS Hitchhikes To The Edge

This week's Network Break discusses the jaw-dropping $3.5 billion purchase of Pluralsight; welcomes a new network OS to life, the universe, and everything; debates whether ICANN was cautious or tardy in implementing DNSSEC for gTLD name servers, catches up on the SolarWinds hack, and more tech conversation.

The post Network Break 315: Pluralsight Sold For $3.5 Billion; Dent NOS Hitchhikes To The Edge appeared first on Packet Pushers.

Protecting Workloads with Global Network Backing Using Site Recovery Manager

Many thanks to Dimitri Desmidt from VMware, NSBU for providing the Design details of Multi-Location and Federation.

Preface

Starting NSX-T version 3.0.2 workloads with NSX-T global network backing (L2 stretched segment) can be protected and recovered using Site Recovery Manager (SRM). More details on Multi-Locations with Federation are available here.

Note: This post does not contain the installation and configuration details of NSX-T federation, vSphere Replication and Site Recovery Manager. Hence, it is necessary to meet the following pre-requisite to achieve the goal of protecting workloads with global segments using SRM.

Pre-requisite

  • Understanding of NSX-T Federation and its configuration is necessary.
  • Understanding the installation and configuration of vSphere Replication and Site Recovery Manager (SRM) is necessary.

Limitations

SRM is not currently supported with Federation with VM Tags, Segment Ports, or Segment Ports Tags. As mentioned in the Design Guide for Multi-Locations here:

  • Currently recovered VMs via SRM does not recover their NSX VM Tags.
  • Recovered VMs will receive new Segment Ports on the new LM.
  • If the Federation Security is based on VM Tags, Segment Ports or Segment Ports Tags then the recovered compute VMs in another location (London in our example here) do not have their Continue reading

Give The Network Designer That Came Before You A Break

When you take over a network as a technical lead, you often run into design elements that make you do a spit-take. They did WHAT? Really? Were they...stupid? Clueless? Stupid AND clueless? Maybe they were, but I argue that you should give those humans that came before you a break. You weren't there. You don't know what constraints they were operating under. Since you don't know those things, it's hard to pass fair judgement. Unfair judgement? Oh, yeah. All day long, and you can even feel righteous while doing so. Super smug.

The post Give The Network Designer That Came Before You A Break appeared first on Packet Pushers.

Understanding GNS3 Appliances – Video

The labbing tool GNS3 has a capability called “appliances” but it may not mean what you think it means. GNS3 co-founder and developer Jeremy Grossman and networking instructor David Bombal talk with Ethan Banks about what appliances mean in the context of this software. You can listen to the full episode, “Heavy Networking 556: The […]

The post Understanding GNS3 Appliances – Video appeared first on Packet Pushers.

Tech Bytes: SD-WAN Helps Medical Imaging Company Get The Picture Faster (Sponsored)

This Tech Bytes podcast explores how SimonMed, a medical imaging company, turned to an SD-WAN deployment from Silver Peak to reduce image delivery time from minutes to seconds, improve performance of VoIP, and begin a migration from expensive MPLS circuits.

The post Tech Bytes: SD-WAN Helps Medical Imaging Company Get The Picture Faster (Sponsored) appeared first on Packet Pushers.

Webinars in 2021

After deciding to take a slightly longer coffee break I went through the list of outstanding projects trying to figure out which ones I could complete in first half of 2021, which ones I’ll get to “eventually” and what’s a lost cause.

Guest Speakers

Irena is telling me that I should stop inviting guest speakers – our calendar is full until June 2021. Here’s what we have planned and what we got done at the time of the last update (January 30, 2021).

Read more …

The Week in Internet News: U.K. Investigating Google Chrome’s Privacy Push

No more cookies: Google’s Chrome browser has announced a plan to replace tracking cookies with a system that shares less information with advertisers, but the U.K.’s Competition and Markets Authority is worried that more user privacy would have a “significant impact” on news websites and on the digital advertising market, the BBC reports. The agency has warned that publishers’ profits could drop if they no longer run personalized advertisements.

A vulgar display of content: The Chinese National Office Against Pornographic and Illegal Publications has fined short video app Douyin, a sister app to TikTok, for spreading “obscene, pornographic and vulgar information,” the South China Morning Post says. The app was fined “tens of thousands of yuan,” the regulator said. Regulators said they received more than 900 reports related to pornographic and vulgar content on Douyin in the past year.

The sports car Internet: Gigabit Internet service is coming to rural Kansas and Missouri with funding from the Federal Communications Commission’s Rural Digital Opportunity Fund, FlatlandKC.org reports. The site compared gigabit speeds to a fast sports car. The FCC has selected 180 winning bidders to receive $9.2 billion in funding to provide increased Internet access to 5.2 million Continue reading

1 583 584 585 586 587 3,345