The Hedge 80: Ian Goetz and 5G
Although there are varying opinions 5G—is it real? Is it really going to have extremely low latency? Does the disaggregation of software and hardware really matter? Is it really going to provide a lot more bandwidth? Are existing backhaul networks going to be able to handle the additional load? For network engineers in particular, the world of 5G is a foreign country with its own language, expectations, and ways of doing things.
On this episode of the Hedge, Ian Goetz joins Tom Ammon and Russ White to provide a basic overview of 5G, and inject some reality into the discussion.
How to Implement Network Segmentation with Zero Changes to Your Network
Across industries, network segmentation is quickly becoming a critical capability for enterprises of all sizes. Why? First, network segmentation prevents the lateral spread of threats inside the network. Second, it separates dev, test, and production environments. And lastly, it meets increasingly complex compliance requirements while enabling a Zero Trust security strategy.
However, historically network segmentation has been fraught with operational challenges and limited by platform capabilities, leading to the perception that setting up and configuring segmentation policies requires massive changes to the physical network as well as a complex, bloated, and costly deployment of physical firewall appliances.
Not anymore. VMware takes a distributed, software-based approach to segmentation, eliminating the need to redesign your network in order to deploy security. Instead, segmentation policies are applied at the workload level through NSX Firewall, which is deployed on top of your existing VSphere 7 environments. This allows you to easily create zones in the data center where you can separate traffic by application or environment — providing the quickest and easiest way to achieve your data center segmentation Continue reading
Tech Bytes: Unifying Cloud Automation And Network Infrastructure With Gluware (Sponsored)
In this Tech Byte podcast, sponsored by Gluware, we explore the latest features and capabilities in the Gluware network automation and orchestration platform, including an API-based controller to work with SD-WAN, and Terraform integration to support infrastructure automation across public clouds.
The post Tech Bytes: Unifying Cloud Automation And Network Infrastructure With Gluware (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Unifying Cloud Automation And Network Infrastructure With Gluware (Sponsored)
In this Tech Byte podcast, sponsored by Gluware, we explore the latest features and capabilities in the Gluware network automation and orchestration platform, including an API-based controller to work with SD-WAN, and Terraform integration to support infrastructure automation across public clouds.How Fast Object Storage Enables a WFH Backup and DR Strategy
To manage backup needs in a work-from-home world, companies need a way for individuals to do backups without having to deal with centralized IT.Day Two Cloud 094: Essential Concepts Of Zero Trust
Today's Day Two Cloud episode aims to pick apart the marketing fluff around Zero Trust (there's a lot of it) to uncover a workable definition, discuss the rationale for this approach, and develop a framework for how to think about zero trust.
The post Day Two Cloud 094: Essential Concepts Of Zero Trust appeared first on Packet Pushers.
Day Two Cloud 094: Essential Concepts Of Zero Trust
Today's Day Two Cloud episode aims to pick apart the marketing fluff around Zero Trust (there's a lot of it) to uncover a workable definition, discuss the rationale for this approach, and develop a framework for how to think about zero trust.Cloudflare obtains new ISO/IEC 27701:2019 privacy certification and what that means for you
This post is also available in French and German.
Cloudflare is one of the first organisations in our industry to have achieved ISO/IEC 27701:2019 certification, and the first web performance & security company to be certified to the new ISO privacy standard as both a data processor and controller.
Providing transparency into our privacy practices has always been a priority for us. We think it is important that we do more than talk about our commitment to privacy — we are continually looking for ways to demonstrate that commitment. For example, after we launched the Internet's fastest, privacy-first public DNS resolver, 1.1.1.1, we didn’t just publish our commitments to our public resolver users, we engaged an independent firm to make sure we were meeting our commitments, and we blogged about it, publishing their report.
Following in that tradition, today we’re excited to announce that Cloudflare has been certified to a new international privacy standard for protecting and managing the processing of personal data — ISO/IEC 27701:2019. The standard is designed such that the requirements organizations must meet to become certified are very closely aligned to the requirements in the EU’s General Data Protection Regulation (“GDPR”). So Continue reading
Response: Hunting down the stuck BGP routes
BGP is not always good - Part 645
If You Haven’t Checked Your Backups, They Probably Aren’t Working
This is a pleasant reminder to check your backups. I don’t mean, “Hey, did the backup run last night? Yes? Then all is well.” That’s slightly better than nothing, but not really what you’re checking for. Instead, you’re determining your ability to return a system to a known state by verifying your backups regularly.
Backups are a key part of disaster recovery, where modern disasters include ransomware, catastrophic public cloud failures, and asset exposure by accidental secrets posting.
For folks in IT operations such as network engineers, systems to be concerned about include network devices such as routers, switches, firewalls, load balancers, and VPN concentrators. Public cloud network artifacts also matter. Automation systems matter, too. And don’t forget about special systems like policy engines, SDN controllers, wifi controllers, network monitoring, AAA, and…you get the idea.
Don’t confuse resiliency for backup.
When I talk about backups, I’m talking about having known good copies of crucial data that exist independently of the systems they normally live on.
- Distributed storage is not backup.
- A cluster is not backup.
- An active/active application delivery system spread over geographically diverse data centers is not backup.
The points above are examples of distributed computing. Distributed computing Continue reading
Hunting down the stuck BGP routes
Hunting down the stuck BGP routes
BGP is the glue between all of the thousands of border routers that make up the internet (you can find this post (battleships) and [this post (EvE)](https://blog.b
Response: Is Switching Latency Relevant?
Minh Ha left another extensive comment on my Is Switching Latency Relevant blog post. As is usual the case, it’s well worth reading, so I’m making sure it doesn’t stay in the small print (this time interspersed with a few comments of mine in gray boxes)
I found Cisco apparently manages to scale port-to-port latency down to 250ns for L3 switching, which is astonishing, and way less (sub 100ns) for L1 and L2.
I don’t know where FPGA fits into this ultra low-latency picture, because FPGA, compared to ASIC, is bigger, and a few times slower, due to the use of Lookup Table in place of gate arrays, and programmable interconnects.
Response: Is Switching Latency Relevant?
Minh Ha left another extensive comment on my Is Switching Latency Relevant blog post. As is usual the case, it’s well worth reading, so I’m making sure it doesn’t stay in the small print (this time interspersed with a few comments of mine in gray boxes)
I found Cisco apparently manages to scale port-to-port latency down to 250ns for L3 switching, which is astonishing, and way less (sub 100ns) for L1 and L2.
I don’t know where FPGA fits into this ultra low-latency picture, because FPGA, compared to ASIC, is bigger, and a few times slower, due to the use of Lookup Table in place of gate arrays, and programmable interconnects.
More FT8 propagation
Last month I graphed the distance to remote stations as a function of time of day.
Today I plotted the gridsquare locations on a world map:
Ignore the top right one. That’s “RR73”, and not a real grid square. The rest should be accurate.
More that can be done (more interesting with more data than I can get, though):
- also take into account the received signal strength
- …and number of unique callsigns per grid square
- create animations over time
If I had access to the data from pskreporter I could even, instead of using just a callsign as input data, use a grid square as input.
So for example I could create an animation to show what the propagation was over the last week from any given gridsquare, and generate them on-demand.
Like last time the scripts are pretty hacky proof of concepts. But they work.