0

Working with Linux VRFs

The concept of VRFs is likely one that you’re familiar with. They are the de facto standard when we talk about isolating layer 3 networks. As we’ve talked about previously, they are used extensively in applications such as MPLS VPNs and really provide the foundation for layer 3 network isolation. They do this by allowing the creation of multiple routing tables. Any layer 3 construct can then be mapped into the VRF. For instance, I could assign an IP address to an interface and then map that interface into the VRF. Likewise, I could configure a static route and specify that the route is part of a given VRF. Going one step further I could establish a BGP session off of one of the VRF interfaces and receive remote BGP routes into the VRF. VRFs are to layer 3 like VLANs are to layer 2.

So while we’ve talked about how they are typically used and implemented on networking hardware like routers and switches – we haven’t talked about how they’re implemented in Linux. Actually – they’re fairly new to the Linux space. The functionality was actually written by Cumulus Networks and then contributed to the Linux kernel (kudos Continue reading

0

Heavy Networking 575: Designing Better Networking And Security With SASE (Sponsored)

On today's Heavy Networking, sponsored by Palo Alto Networks, we examine what SASE means to you as a network engineer, its effects on how applications are protected and how you provide access to end users, and useful things to think about regarding how SASE services are provisioned and operated while you evaluate whether SASE is right for your org.

The post Heavy Networking 575: Designing Better Networking And Security With SASE (Sponsored) appeared first on Packet Pushers.

0

Heavy Networking 575: Designing Better Networking And Security With SASE (Sponsored)

On today's Heavy Networking, sponsored by Palo Alto Networks, we examine what SASE means to you as a network engineer, its effects on how applications are protected and how you provide access to end users, and useful things to think about regarding how SASE services are provisioned and operated while you evaluate whether SASE is right for your org.

0

Join Tigera at KubeCon + CloudNativeCon Europe 2021

We are excited to be a sponsor of this year’s virtual KubeCon + CloudNativeCon Europe conference, taking place May 4–7, 2021 online. We hope you’ll join us by visiting our virtual booth, where a team of Tigera experts will be standing by to speak with you.

Visit us at our booth

Our team will be conducting live demos, Ask the Architect sessions, 1:1 chats, and more during our booth hours.

Live demo and Ask the Expert sessions

We will have eight 30-minute interactive sessions focused on addressing questions about Kubernetes security and observability. Stop by our booth to check out the times for these sessions.

Private 1:1 chats & calls

Attendees can view each booth representative’s profile and initiate a private or group text chat, or request a video call.

Public booth chat

Our booth will have a built-in public chat window where booth representatives and attendees can post and reply to messages. Announcements about upcoming activities will be posted in this chat by Tigera representatives.

Enter our raffle to win Apple AirPods

We have 5 pairs of Apple AirPods to give away! The first 100 visitors to our booth will automatically be entered to win. Attendees Continue reading

0

SSHing to my Raspberry Pi 400 from a browser, with Cloudflare Tunnel and Auditable Terminal

A few weeks ago I received a Raspberry Pi 400 as a gift. I didn’t have time to do anything beyond plug it in and verify that it works. It’s great that the Pi 400 comes with everything you need except for a screen: there’s the computer itself, mouse, HDMI cable and power adapter.

The Pi 400 has been sitting gathering dust when Cloudflare launched Auditable Terminal giving me the perfect excuse to get out the Pi 400 and hook it up.

Auditable Terminal gives you a fully featured SSH client in your browser. You authenticate using Cloudflare Access and can log into a computer from anywhere just using the browser and get a terminal. And using Cloudflare Tunnel you can securely connect a computer to Cloudflare without punching holes in a firewall. And you end up with a consistent terminal experience across devices: 256 colours, Unicode support and the same fonts everywhere.

This is ideal for my use case: set up the Pi 400 on my home network, use Cloudflare Tunnel to connect it to the Cloudflare network, use Auditable Terminal to connect to the Pi 400 via Cloudflare and the tunnel using nothing more than a browser.

Here’s Continue reading

0

Siemens and Google Cloud team to deliver AI-based manufacturing solutions

Coming soon to a factory floor near you: Google AI.Google Cloud and Siemens have announced an agreement that calls for Siemens to integrate Google Cloud's AI and machine learning technologies into its factory automation products.Google Cloud's AI/ML capabilities will be combined with Siemens Digital Industries' factory automation portfolio, allowing manufacturers to harmonize their factory data, run cloud-based AI/ML models on top of that data, and deploy algorithms at the network edge. This enables applications such as the visual inspection of products or predicting the wear-and-tear of machines on the assembly line.To read this article in full, please click here

0

Manipulating the Ubuntu dock to keep favorite apps handy

If you're a Linux user, you are undoubtedly familiar with the "dock"--that column of icons lined up on the side of your screen that includes important applications, your favorites. It allows you to open the applications simply by left clicking on one of the icons. Sandra Henry-Stocker / IDG But did you know that you can add or remove applications from your dock and sometimes even change the location of the dock on your screen? This post shows you how to make these changes on Ubuntu.To read this article in full, please click here

0

Manipulating the Ubuntu dock to keep favorite apps handy

If you're a Linux user, you are undoubtedly familiar with the "dock"--that column of icons lined up on the side of your screen that includes important applications, your favorites. It allows you to open the applications simply by left clicking on one of the icons. Sandra Henry-Stocker / IDG But did you know that you can add or remove applications from your dock and sometimes even change the location of the dock on your screen? This post shows you how to make these changes on Ubuntu.To read this article in full, please click here

0

Nokia Lab | LAB 4 LDP |

0

A Digital Dystopia: How Calls for Backdoors to Encryption Would Ruin the Internet for Everyone

A little over a year into the COVID-19 pandemic, our reliance on private, safe, and secure communication has become more critical than ever. So it’s no surprise that organizations across all sectors are increasingly adopting encryption. It’s our strongest digital security tool online, keeping the information we share in daily activities like online banking, working […]

The post A Digital Dystopia: How Calls for Backdoors to Encryption Would Ruin the Internet for Everyone appeared first on Internet Society.

0

MUST READ: Deploy AWS Security Rules in a GitOps World with AWS, Terraform, GitLab CI, Slack, and Python

I know the title sounds like a buzzword-bingo-winning clickbait, but it’s true. Adrian Giacometti decided to merge the topics of two ipSpace.net online courses and automated deployment of AWS security rules using Terraform within GitLab CI pipeline, with Slack messages serving as manual checks and approvals.

Not only did he do a great job mastering- and gluing together so many diverse bits and pieces, he also documented the solution and published the source code:

• Part 1: Cloud & Network automation challenge: Deploy Security Rules in a DevOps/GitOps world with AWS, Terraform, GitLab CI, Slack, and Python (special guest FastAPI)
• Part 2: AWS, Terraform and FastAPI
• Part 3: GitLab CI, Slack, and Python
• Source code: aegiacometti/devops_cloud_challenge · GitLab

Want to build something similar? Join our Network Automation and/or Public Cloud course and get started. Need something similar in your environment? Adrian is an independent consultant and ready to work on your projects.

0

MUST READ: Deploy AWS Security Rules in a GitOps World with Terraform, GitLab CI, Slack, and Python

I know the title sounds like a buzzword-bingo-winning clickbait, but it’s true. Adrian Giacometti decided to merge the topics of two ipSpace.net online courses and automated deployment of AWS security rules using Terraform within GitLab CI pipeline, with Slack messages serving as manual checks and approvals.

Not only did he do a great job mastering- and gluing together so many diverse bits and pieces, he also documented the solution and published the source code:

• Part 1: Cloud & Network automation challenge: Deploy Security Rules in a DevOps/GitOps world with AWS, Terraform, GitLab CI, Slack, and Python (special guest FastAPI)
• Part 2: AWS, Terraform and FastAPI
• Part 3: GitLab CI, Slack, and Python
• Source code: aegiacometti/devops_cloud_challenge · GitLab

Want to build something similar? Join our Network Automation and/or Public Cloud course and get started. Need something similar in your environment? Adrian is an independent consultant and ready to work on your projects.

0

IPv4 in the Headlines

The world of IPv4 addresses is a relatively obscure backwater of the Internet. All that drama of IPv4 address exhaustion happened with little in the way of mainstream media attention. So it came as a bit of a surprise to see a recent headline in the Washington Post about IPv4 addresses.

0

And Again, About 5G Network Security

The security of 5G networks should encompass joint efforts of mutually trusting parties including standards developers, regulators, vendors, and service providers.

0

Wi-Fi in 2025: It could be watching your every move

I consider myself a techno-optimist. Technology has improved life for humanity in countless ways, like the wheel, the printing press, selfie sticks—these marvels have enriched us all.So too has Wi-Fi. If not for Wi-Fi, no one could idly stream YouTube videos on company laptops through rogue hotspots at a busy-but-socially-distanced coffeeshop when we’re supposed to be doing our jobs. Which is to say none of us could fully leverage the remote network-connectivity tools that allow enterprise employees to be productive any time and from anywhere.To read this article in full, please click here

0

Wi-Fi in 2025: It could be watching your every move

I consider myself a techno-optimist. Technology has improved life for humanity in countless ways, like the wheel, the printing press, selfie sticks—these marvels have enriched us all.So too has Wi-Fi. If not for Wi-Fi, no one could idly stream YouTube videos on company laptops through rogue hotspots at a busy-but-socially-distanced coffeeshop when we’re supposed to be doing our jobs. Which is to say none of us could fully leverage the remote network-connectivity tools that allow enterprise employees to be productive any time and from anywhere.To read this article in full, please click here

0

If you haven’t found the tradeoffs …

One of the big movements in the networking world is disaggregation—splitting the control plane and other applications that make the network “go” from the hardware and the network operating system. This is, in fact, one of the movements I’ve been arguing in favor of for many years—and I’m not about to change my perspective on the topic. There are many different arguments in favor of breaking the software from the hardware. The arguments for splitting hardware from software and componentizing software are so strong that much of the 5G transition also involves the open RAN, which is a disaggregated stack for edge radio networks.

If you’ve been following my work for any amount of time, you know what comes next: If you haven’t found the tradeoffs, you haven’t looked hard enough.

This article on hardening Linux (you should go read it, I’ll wait ’til you get back) exposes some of the complexities and tradeoffs involved in disaggregation in the area of security. Some further thoughts on hardening Linux here, as well. Two points.

First, disaggregation has serious advantages, but disaggregation is also hard work. With a commercial implementation you wouldn’t necessarily think about these kinds of supply chain issues. Continue reading

0

Tech Bytes: Rethinking Network Automation Using Nokia Fabric Services System (Sponsored)

Operating a data center fabric is a substantial challenge. Nokia Fabric Services System embraces automation to manage your data center fabric. In today's episode, sponsored by Nokia, we dive into Fabric Services System and SR Linux to learn how they bring intent-based automation to your data center.

The post Tech Bytes: Rethinking Network Automation Using Nokia Fabric Services System (Sponsored) appeared first on Packet Pushers.

0

Tech Bytes: Rethinking Network Automation Using Nokia Fabric Services System (Sponsored)

Operating a data center fabric is a substantial challenge. Nokia Fabric Services System embraces automation to manage your data center fabric. In today's episode, sponsored by Nokia, we dive into Fabric Services System and SR Linux to learn how they bring intent-based automation to your data center.

0

Learning In Public Helps Everyone

I’m happy to coach through write about network architecture too. Learning in public helps everyone https://t.co/ckMdHUnwt4

— Matt Broberg (@mbbroberg) April 23, 2021

The tradition of technology blogging is built on the idea of learning in public, something Matt’s encouraging with Red Hat’s Enable Architect blog linked in his tweet above. We encourage it at Packet Pushers, too. We think everyone has at least one blog post in them worth sharing with the community. Let us know, and we’ll set you up with an author account.

Starting a blog, especially for the technically savvy, is not overly difficult, though. Maybe Matt and I are hoping to make it even easier to share by offering our platforms, but I don’t think the time it takes to stand up a blog is necessarily the barrier.

I think the biggest barrier is the “in public” part. Architects and engineers tend to be introverts who are at times unsure of themselves. We don’t want to be learning in public. We want to be left alone to figure it out. When we’ve figured it out, maybe then will we share, once we’re supremely confident that we’ve got it 110% right. We just don’t Continue reading