Archive

Category Archives for "Networking"

Day Two Cloud 092: What AWS Lambda Is Good For

Today's Day Two Cloud podcast is a thorough introduction to AWS Lambda, which is AWS's serverless compute service. We discuss how Lamdba works, what it can do, use cases, and more. Our guide for today's conversation is Julian Wood, Senior Developer Advocate for the Serverless Product Group at AWS. This is not a sponsored show.

The Client to Cloud Enterprise

Every CIO needs to adopt a cloud strategy typically moving some e-commerce workloads to the public cloud. Yet, the migration path for the modern enterprise can be constrained by legacy barriers. With mission-critical applications that run in a diverse suite of legacy mainframe to helpdesk to IoT devices, how does one get started and what does this entail?

The reality for any enterprise whose core business is driven by a reliance on corporate-owned technology structure with strict ownership of critical assets is that it operates with many constraints. The cloudification and multi-cloud strategy requires a more pragmatic and systematic approach balancing workloads in the cloud and on-premise enterprise networks.

The Client to Cloud Enterprise

Every CIO needs to adopt a cloud strategy typically moving some e-commerce workloads to the public cloud. Yet, the migration path for the modern enterprise can be constrained by legacy barriers. With mission-critical applications that run in a diverse suite of legacy mainframe to helpdesk to IoT devices, how does one get started and what does this entail?

The reality for any enterprise whose core business is driven by a reliance on corporate-owned technology structure with strict ownership of critical assets is that it operates with many constraints. The cloudification and multi-cloud strategy requires a more pragmatic and systematic approach balancing workloads in the cloud and on-premise enterprise networks.

Reader Question: What Networking Blogs Would You Recommend?

A junior networking engineer asked me for a list of recommended entry-level networking blogs. I have no idea (I haven’t been in that position for ages); the best I can do is to share my list of networking-related RSS feeds and the process I’m using to collect interesting blogs:

Infrastructure

  • RSS is your friend. Find a decent RSS reader. I’m using Feedly – natively in a web browser and with various front-ends on my tablet and phone (note to Google: we haven’t forgotten you killed Reader because you weren’t making enough money with it).
  • If a blog doesn’t have an RSS feed I’m not interested.

Reader Question: What Networking Blogs Would You Recommend?

A junior networking engineer asked me for a list of recommended entry-level networking blogs. I have no idea (I haven’t been in that position for ages); the best I can do is to share my list of networking-related RSS feeds and the process I’m using to collect interesting blogs:

Infrastructure

  • RSS is your friend. Find a decent RSS reader. I’m using Feedly – natively in a web browser and with various front-ends on my tablet and phone (note to Google: we haven’t forgotten you killed Reader because you weren’t making enough money with it).
  • If a blog doesn’t have an RSS feed I’m not interested.

Intel releases 3rd-gen Xeon Scalable processor

Intel today launched the third generation of its Xeon Scalable server-processor line with more than three dozen new chips built on its long-overdue 10-nanometer manufacturing process and featuring a host of specialized features for security and AI.The new chips were developed under the codename Ice Lake and were long in coming, due to the delays Intel had getting its manufacturing process down to 10nm. AMD, through its TSMC manufacturing partner, is at 7nm and its Epyc processors are slowly but increasingly taking market share from Intel.Now see "How to manage your power bill while adopting AI" Intel says the Ice Lake series has a 20% improvement in the number of instructions that can be carried out per clock cycle over the prior generation, thanks to the smaller process node letting them cram more transistors into the package.To read this article in full, please click here

Intel releases 3rd-gen Xeon Scalable processor

Intel today launched the third generation of its Xeon Scalable server-processor line with more than three dozen new chips built on its long-overdue 10-nanometer manufacturing process and featuring a host of specialized features for security and AI.The new chips were developed under the codename Ice Lake and were long in coming, due to the delays Intel had getting its manufacturing process down to 10nm. AMD, through its TSMC manufacturing partner, is at 7nm and its Epyc processors are slowly but increasingly taking market share from Intel.Now see "How to manage your power bill while adopting AI" Intel says the Ice Lake series has a 20% improvement in the number of instructions that can be carried out per clock cycle over the prior generation, thanks to the smaller process node letting them cram more transistors into the package.To read this article in full, please click here

How Calico Cloud’s runtime defense mitigates Kubernetes MITM vulnerability CVE-2020-8554

Since the release of CVE-2020-8554 on GitHub this past December, the vulnerability has received widespread attention from industry media and the cloud security community. This man-in-the-middle (MITM) vulnerability affects Kubernetes pods and underlying hosts, and all Kubernetes versions—including future releases—are vulnerable.

Despite this, there is currently no patch for the issue. While Kubernetes did suggest a fix, it only applies to external IPs using an admission webhook controller or an OPA gatekeeper integration, leaving the door open for attackers to exploit other attack vectors (e.g. internet, same VPC cluster, within the cluster). We previously outlined these in this post.

Suggested fixes currently on the market

Looking at the Kubernetes security market, there are currently a few security solutions that attempt to address CVE-2020-8554. Most of these solutions fall into one or two of three categories:

  1. Detection (using Kubernetes audit logs)
  2. Prevention (using admission webhook controller)
  3. Runtime defense (inline defense)

A few of the solutions rely on preventing vulnerable deployments using an OPA gatekeeper integration; these solutions alert users when externalIP (possibly loadBalancerIP) is deployed in their cluster configurations. Most solutions, however, present a dual strategy with a focus on prevention and detection. They use an admission controller for Continue reading

History of Internet 2: Dale Finkelsen

The Internet was originally designed as a research network, but eventually morphed into a primarily commercial system. While “Internet 2” sounds like it might be a replacement for the Internet, it was really started as a way to interconnect high speed computing systems for researchers—a goal the Internet doesn’t really provide any longer. Dale Finkelsen joins Donald Sharp and Russ White for this episode of the History of Networking to discuss the origins of Internet 2.

download

Nokia Lab | LAB 2 OSPF |


Introduction

Hello everyone!

It's my second Nokia lab. I've tried to cover the main scope of OSPF questions. Lets lab!
Please check my first lab for input information.

Topology example



Lab tasks and questions:
  • Basic OSPF (Backbone area)
  • configure OSPF area 0 (R1 and R2, use P2P interface type, add “system” interface to OSPF)
  • configure BFD and authentication on interfaces
  • examine BFD session
  • check neighbors state
    • examine the connection between OSPF adjacency and BFD session
    • How can you break adjacency? Try it. What factors can influence adjacency? 
  • examine LSDB
    • What LSA types do you see?
    • examine every LSA in detail
  • examine route table
    • What is the default preference of OSPF routes?
    • Multi-area OSPF(Area 0, Area 1 TNSSA, Area 2 Normal,  Area 3 Totally Stub)
    • configure area 1 as a Totally NSSA area
    • run debug OSPF hello packets between R1 and R3
    • examine hello packets
    • Does it contain special bits?
  • What is the difference between NSSA and Totally NSSA areas?
  • create additional loopback interface on R3
    • export it to OSPF by policy
    • What router type is R3?
    • examine LSDB on R3 - especially check NSSA external LSA
    • Does it contain special bits? Describe purpose of them
  • examine LSDB on Continue reading
  • Free Exercise: Build Network Automation Lab

    A while ago, someone made a remark on my suggestions that networking engineers should focus on getting fluent with cloud networking and automation:

    The running thing is, we can all learn this stuff, but not without having an opportunity.

    I tend to forcefully disagree with that assertion. What opportunity do you need to test open-source tools or create a free cloud account? My response was thus correspondingly gruff:

    Free Exercise: Build Network Automation Lab

    A while ago, someone made a remark on my suggestions that networking engineers should focus on getting fluent with cloud networking and automation:

    The running thing is, we can all learn this stuff, but not without having an opportunity.

    I tend to forcefully disagree with that assertion. What opportunity do you need to test open-source tools or create a free cloud account? My response was thus correspondingly gruff:

    Immersion cooling firm LiquidStack launches as a stand-alone company

    Ever since Bitcoin was introduced back in 2009, this cryptocurrency has had the distinction of being something you could mine with your computer—putting your hardware to use helping the blockchain technology Bitcoin is based on record and verify transactions by solving complex math problems.As a reward, you’d get Bitcoins. But it was a very slow process for a single PC, and the necessary component for success was a high-end GPU. One GPU brought to bear on Bitcoin could take years to find one coin, so miners started building massive farms akin to data centers but without enclosures. The result was that Bitcoin farms bought up all the GPUs, causing severe shortages and infuriating gamers.To read this article in full, please click here

    Immersion cooling firm LiquidStack launches as a stand-alone company

    Ever since Bitcoin was introduced back in 2009, this cryptocurrency has had the distinction of being something you could mine with your computer—putting your hardware to use helping the blockchain technology Bitcoin is based on record and verify transactions by solving complex math problems.As a reward, you’d get Bitcoins. But it was a very slow process for a single PC, and the necessary component for success was a high-end GPU. One GPU brought to bear on Bitcoin could take years to find one coin, so miners started building massive farms akin to data centers but without enclosures. The result was that Bitcoin farms bought up all the GPUs, causing severe shortages and infuriating gamers.To read this article in full, please click here

    Service Meshes in the Cloud Native World

    Microservices have taken center stage in the software industry. Transitioning from a monolith to a microservices-based architecture empowers companies to deploy their application more frequently, reliably, independently, and with scale without any hassle. This doesn’t mean everything is green in Microservice architecture; there are some problems that need to be addressed, just like while designing distributed systems. This is where the “Service Mesh” concept is getting pretty popular. We have been thinking about breaking big monolithic applications into smaller applications for quite some time to ease software development and deployment. This chart below, borrowed from Burr Sutter’s talk titled “Burr Sutter at Devoxx The introduction of the service mesh was mainly due to a perfect storm within the IT scene. When developers began developing distributed systems using a multi-language (polyglot) approach, they needed dynamic service discovery. Operations were required to handle the inevitable communication failures smoothly and enforce network policies. Platform teams started adopting container orchestration systems like Envoy. What Is a Service Mesh? Pavan Belagatti Pavan Belagatti is one Continue reading

    Tech Bytes: Prioritizing Identity And Zero Trust Across The Network With Aruba (Sponsored)

    On today's Tech Bytes, sponsored by Aruba Networks, we discuss the role of identity in security and why identity is a critical component of a zero-trust approach to network access. Our guest from Aruba is Jon Green, Chief Security Technologist.

    The post Tech Bytes: Prioritizing Identity And Zero Trust Across The Network With Aruba (Sponsored) appeared first on Packet Pushers.