The concept of VRFs is likely one that you’re familiar with. They are the de facto standard when we talk about isolating layer 3 networks. As we’ve talked about previously, they are used extensively in applications such as MPLS VPNs and really provide the foundation for layer 3 network isolation. They do this by allowing the creation of multiple routing tables. Any layer 3 construct can then be mapped into the VRF. For instance, I could assign an IP address to an interface and then map that interface into the VRF. Likewise, I could configure a static route and specify that the route is part of a given VRF. Going one step further I could establish a BGP session off of one of the VRF interfaces and receive remote BGP routes into the VRF. VRFs are to layer 3 like VLANs are to layer 2.
So while we’ve talked about how they are typically used and implemented on networking hardware like routers and switches – we haven’t talked about how they’re implemented in Linux. Actually – they’re fairly new to the Linux space. The functionality was actually written by Cumulus Networks and then contributed to the Linux kernel (kudos Continue reading
On today's Heavy Networking, sponsored by Palo Alto Networks, we examine what SASE means to you as a network engineer, its effects on how applications are protected and how you provide access to end users, and useful things to think about regarding how SASE services are provisioned and operated while you evaluate whether SASE is right for your org.
The post Heavy Networking 575: Designing Better Networking And Security With SASE (Sponsored) appeared first on Packet Pushers.
We are excited to be a sponsor of this year’s virtual KubeCon + CloudNativeCon Europe conference, taking place May 4–7, 2021 online. We hope you’ll join us by visiting our virtual booth, where a team of Tigera experts will be standing by to speak with you.
Our team will be conducting live demos, Ask the Architect sessions, 1:1 chats, and more during our booth hours.
Tigera booth hours
We will have eight 30-minute interactive sessions focused on addressing questions about Kubernetes security and observability. Stop by our booth to check out the times for these sessions.
Attendees can view each booth representative’s profile and initiate a private or group text chat, or request a video call.
Our booth will have a built-in public chat window where booth representatives and attendees can post and reply to messages. Announcements about upcoming activities will be posted in this chat by Tigera representatives.
We have 5 pairs of Apple AirPods to give away! The first 100 visitors to our booth will automatically be entered to win. Attendees Continue reading
A few weeks ago I received a Raspberry Pi 400 as a gift. I didn’t have time to do anything beyond plug it in and verify that it works. It’s great that the Pi 400 comes with everything you need except for a screen: there’s the computer itself, mouse, HDMI cable and power adapter.
The Pi 400 has been sitting gathering dust when Cloudflare launched Auditable Terminal giving me the perfect excuse to get out the Pi 400 and hook it up.
Auditable Terminal gives you a fully featured SSH client in your browser. You authenticate using Cloudflare Access and can log into a computer from anywhere just using the browser and get a terminal. And using Cloudflare Tunnel you can securely connect a computer to Cloudflare without punching holes in a firewall. And you end up with a consistent terminal experience across devices: 256 colours, Unicode support and the same fonts everywhere.
This is ideal for my use case: set up the Pi 400 on my home network, use Cloudflare Tunnel to connect it to the Cloudflare network, use Auditable Terminal to connect to the Pi 400 via Cloudflare and the tunnel using nothing more than a browser.
Here’s Continue reading
A little over a year into the COVID-19 pandemic, our reliance on private, safe, and secure communication has become more critical than ever. So it’s no surprise that organizations across all sectors are increasingly adopting encryption. It’s our strongest digital security tool online, keeping the information we share in daily activities like online banking, working […]
The post A Digital Dystopia: How Calls for Backdoors to Encryption Would Ruin the Internet for Everyone appeared first on Internet Society.
I know the title sounds like a buzzword-bingo-winning clickbait, but it’s true. Adrian Giacometti decided to merge the topics of two ipSpace.net online courses and automated deployment of AWS security rules using Terraform within GitLab CI pipeline, with Slack messages serving as manual checks and approvals.
Not only did he do a great job mastering- and gluing together so many diverse bits and pieces, he also documented the solution and published the source code:
Want to build something similar? Join our Network Automation and/or Public Cloud course and get started. Need something similar in your environment? Adrian is an independent consultant and ready to work on your projects.
I know the title sounds like a buzzword-bingo-winning clickbait, but it’s true. Adrian Giacometti decided to merge the topics of two ipSpace.net online courses and automated deployment of AWS security rules using Terraform within GitLab CI pipeline, with Slack messages serving as manual checks and approvals.
Not only did he do a great job mastering- and gluing together so many diverse bits and pieces, he also documented the solution and published the source code:
Want to build something similar? Join our Network Automation and/or Public Cloud course and get started. Need something similar in your environment? Adrian is an independent consultant and ready to work on your projects.
One of the big movements in the networking world is disaggregation—splitting the control plane and other applications that make the network “go” from the hardware and the network operating system. This is, in fact, one of the movements I’ve been arguing in favor of for many years—and I’m not about to change my perspective on the topic. There are many different arguments in favor of breaking the software from the hardware. The arguments for splitting hardware from software and componentizing software are so strong that much of the 5G transition also involves the open RAN, which is a disaggregated stack for edge radio networks.
If you’ve been following my work for any amount of time, you know what comes next: If you haven’t found the tradeoffs, you haven’t looked hard enough.
This article on hardening Linux (you should go read it, I’ll wait ’til you get back) exposes some of the complexities and tradeoffs involved in disaggregation in the area of security. Some further thoughts on hardening Linux here, as well. Two points.
First, disaggregation has serious advantages, but disaggregation is also hard work. With a commercial implementation you wouldn’t necessarily think about these kinds of supply chain issues. Continue reading
Operating a data center fabric is a substantial challenge. Nokia Fabric Services System embraces automation to manage your data center fabric. In today's episode, sponsored by Nokia, we dive into Fabric Services System and SR Linux to learn how they bring intent-based automation to your data center.
The post Tech Bytes: Rethinking Network Automation Using Nokia Fabric Services System (Sponsored) appeared first on Packet Pushers.
I’m happy to coach through write about network architecture too. Learning in public helps everyone
https://t.co/ckMdHUnwt4
— Matt Broberg (@mbbroberg) April 23, 2021
The tradition of technology blogging is built on the idea of learning in public, something Matt’s encouraging with Red Hat’s Enable Architect blog linked in his tweet above. We encourage it at Packet Pushers, too. We think everyone has at least one blog post in them worth sharing with the community. Let us know, and we’ll set you up with an author account.
Starting a blog, especially for the technically savvy, is not overly difficult, though. Maybe Matt and I are hoping to make it even easier to share by offering our platforms, but I don’t think the time it takes to stand up a blog is necessarily the barrier.
I think the biggest barrier is the “in public” part. Architects and engineers tend to be introverts who are at times unsure of themselves. We don’t want to be learning in public. We want to be left alone to figure it out. When we’ve figured it out, maybe then will we share, once we’re supremely confident that we’ve got it 110% right. We just don’t Continue reading