Archive

Category Archives for "Networking"

Sarantaporo.gr Community Network: Tending to Our Communities’ Needs with Care and Flexibility

At the beginning of May 2020, the Sarantaporo.gr community network team was approached by the Mayor of Elassona, a municipality in the Thessaly region in central Greece. He was asking for help with a very common problem that villages in our municipality face: lack of access to Internet connectivity. “Sykea” or “Sykia” is an isolated […]

The post Sarantaporo.gr Community Network: Tending to Our Communities’ Needs with Care and Flexibility appeared first on Internet Society.

Free Networking ArubaOS-CX Lab Image From Aruba Networks

This is a continuation of my post documenting hassle-free, virtualized network operating system images you can download for labbing and learning.

Aruba Networks (HPE) ArubaOS-CX

What is it?

While you probably think of wireless networking first when Aruba Networks comes up, ArubaOS-CX is a ground-up network operating system for switches built by the former HPE ProCurve team, if memory serves me correctly. Aruba has been a part of HPE for some time, and the networking folks within HPE fall under the Aruba hierarchy as I understand it.

I wrote an overview of ArubaOS-CX as part of a series on the Aruba 8400 switch launch back in October 2017.

Aruba offers a virtual version of ArubaOS-CX delivered as an OVA. You can use the OVA as-is, or extract the OVA tarball to get to the vmdk and convert the vmdk to a qcow2 image, all depending on what your hypervisor needs.

How do I obtain the image?

  1. Create an Aruba Support Portal account & log in via https://asp.arubanetworks.com/.
  2. Head to Software and Documents, currently https://asp.arubanetworks.com/downloads.
  3. In the left pane, filter on…
    1. File type: Software
    2. Product: Aruba Switches
    3. File Category: OVA
  4. Sort by: Version New To Old
  5. That Continue reading

Tom’s Corner and Turning Another Corner

Thanks to everyone that popped in for Tom’s Virtual Corner at Cisco Live Global 2021. It was a great time filled with chats about nothing in particular, crazy stories about unimportant things, and even the occasional funny picture. It was just was Tom’s Corner has always been. A way for the community to come together and be around each other in a relaxing and low-key environment. Maybe we couldn’t meet in person but we got together when we needed it the most.

There was also something else that Tom’s Corner has represented for me for the last year that I didn’t even catch until it was pointed out to me by my wonderful wife Kristin (@MrsNetwrkingNerd). Tom’s Corner was the start of something that made me feel better about everything.

Get On Up and Move

After Tom’s Virtual Corner in 2020, I was energized. I needed to get up and get things done after sitting in a chair for hours talking to all my absent friends and getting the energy I needed to feel after months of being locked away during a pandemic. I felt on top of the world for the first time in quite a while. Continue reading

Durable Objects, now in Open Beta

Durable Objects, now in Open Beta
Durable Objects, now in Open Beta

Back in September, we announced Durable Objects - a new paradigm for stateful serverless.

Since then, we’ve seen incredible demand and countless unlocked opportunities on our platform. We’ve watched large enterprises build applications from complex API features to real-time games in a matter of days from inception to launch. We’ve heard from developers that Durable Objects lets them spend time they used to waste configuring and deploying databases on building features for their apps. More than anything, we’ve heard that you want to start building with Durable Objects now.

As of today, Durable Objects beta access is available to anyone with a Cloudflare Workers® subscription - you can enable them now in the dashboard by navigating to “Workers” and then “Durable Objects”. You can also upgrade to the latest version of Wrangler to deploy Durable Objects!

Durable Objects are still in beta and are being made available to you for testing purposes. Storage is capped per-account at 10 GB of data, and there is no associated SLA for Object availability or durability.

Enable beta access now »

What are Durable Objects?

Durable Objects provide two things: coordination across multiple Workers and strongly consistent edge storage.

Normally Cloudflare’s network executes a Continue reading

Intermittent Terraform Authentication Failure Using AWS Provider in a Vagrant VM

TL&DR: Client clock skew could result in AWS authentication failure when running terraform apply

When I wanted to compare AWS and Azure orchestration speeds I encountered a crazy Terraform error message when running terraform apply:

module.network.aws_vpc.My_VPC: Creating...

Error: Error creating VPC: AuthFailure: 
AWS was not able to validate the provided access credentials
	status code: 401, request id: ...

Obviously I did all the usual stuff before googling for a solution:

Intermittent Terraform Authentication Failure Using AWS Provider in a Vagrant VM

TL&DR: Client clock skew could result in AWS authentication failure when running terraform apply

When I wanted to compare AWS and Azure orchestration speeds I encountered a crazy Terraform error message when running terraform apply:

module.network.aws_vpc.My_VPC: Creating...

Error: Error creating VPC: AuthFailure: 
AWS was not able to validate the provided access credentials
	status code: 401, request id: ...

Obviously I did all the usual stuff before googling for a solution:

DNS at IETF 110

The amount of activity in the DNS in the IETF seems to be growing every meeting. I thought that the best way to illustrate to considerably body of DNS working being undertaken at the IETF these days would be to take a snapshot of DNS activity that was reported to the DNS-related Working Group meetings at IETF 110.

Free Networking Lab Images From Arista, Cisco, nVidia (Cumulus)

Here’s my current list of no cost, minimal headache, easily obtainable networking images that work in a virtual lab environment such as EVE-NG or GNS3. My goal is to clearly document what these images are and how to obtain them, as this data is less obvious than I’d like.

I missed some. Probably a bunch. Let me know on the Packet Pushers Slack channel or Twitter DM, and I’ll do additional posts or update this list over time. Make sure your recommendations are for images which are freely available from the vendor for lab use with no licensing requirements or other strings attached. Use those same channels if you just want to tell me I’m wrong about whatever you come across in this post that’s…you know…wrong. I’m all about fixing the wrong stuff.

The list is vendor-neutral, sorted alphabetically. I have no personal allegiance to any of these operating systems. I’ve worked with both EOS and NX-OS in production environments. JUNOS, too, although I don’t have a Juniper virtual device on this list currently. I haven’t worked with Cumulus in production, although it’s been a passive interest for a while now.

Remember–configuration is the boring part. Select a NOS Continue reading

Cisco brings network intelligence skills to Catalyst switches, app performance management

Cisco says upgrades to its Catalyst switch and AppDynamics application-monitoring package will let enterprises more easily see and fix network and applciation problems.The company has added network intelligence-monitoring capabilities it bought from ThousandEyes in May 2020 to its Catalyst 9300 and 9400 Series boxes and its AppDynamics Dash Studio application-management dashboard.More Cisco Live! News: Cisco takes its first steps toward network-as-a-serviceTo read this article in full, please click here

Cisco brings net intelligence to Catalyst switches, app-performance management

Cisco says upgrades to its Catalyst switch and AppDynamics application-monitoring package will let enterprises more easily see and fix network and applciation problems.The company has added network intelligence-monitoring capabilities it bought from ThousandEyes in May 2020 to its Catalyst 9300 and 9400 Series boxes and its AppDynamics Dash Studio application-management dashboard.More Cisco Live! News: Cisco takes its first steps toward network-as-a-serviceTo read this article in full, please click here

Intel’s $20 billion bet on advanced fabrication

No one ever said Pat Gelsinger was timid. A month into his stint as Intel’s CEO, he has announced an ambitious plan to drive ahead with Intel’s chip-manufacturing efforts rather than give up on it.Naysayers and pundits had been saying Intel should dump its fabrication business, similar to what AMD did more than a decade ago when it spun out its fabs into what became GlobalFoundries. Intel’s fabs had fallen behind the bleeding edge, and while the TSMC foundry was making 7nm chips for AMD, Intel was struggling to get to 10nm.Well bleep that, said Gelsinger (OK, maybe not). Rather than spin off the foundry business, Intel is setting it up as a separate unit within the company called Intel Foundry Services with its own profit and loss statements like the other Intel divisions. So in addition to making Intel chips, Intel Foundry Services will make chips for other semiconductor companies.To read this article in full, please click here

Cisco takes its first steps toward network-as-a-service

Cisco has taken a big step forward with its first network-as-a-service offering that ultimately will let customers buy enterprise-network hardware and software components on an as-needed basis.The company announced the service, called Cisco Plus,  at its virtual Cisco Live 2021! conference, telling customers its NaaS will offer best-in-class networking, security, compute, storage, and applications with unified subscriptions that promise to be simple to use.Now see: Who’s selling SASE, and what do you get?“Network-as-a-service delivery is a great option for businesses wanting to shift to a cloud operating model that makes its easy and simple to buy and consume the necessary components to improve and grow their businesses,” said James Mobley, senior vice president and general manager of Cisco’s Network Services Business Unit.To read this article in full, please click here

Cloudflare’s WAF is recognized as customers’ choice for 2021

Cloudflare’s WAF is recognized as customers’ choice for 2021
Cloudflare’s WAF is recognized as customers’ choice for 2021

The team at Cloudflare building our Web Application Firewall (WAF) has continued to innovate over the past year. Today, we received public recognition of our work.

The ease of use, scale, and innovative controls provided by the Cloudflare WAF has translated into positive customer reviews, earning us the Gartner Peer Insights Customers' Choice Distinction for WAF for 2021. You can download a complimentary copy of the report here.

Cloudflare’s WAF is recognized as customers’ choice for 2021

Gartner Peer Insights Customers’ Choice distinctions recognize vendors and products that are highly rated by their customers. The data collected represents a top-level synthesis of vendor software products most valued by IT Enterprise professionals.

The positive feedback we have received is consistent and leads back to Cloudflare’s product principles. Customers find that Cloudflare’s WAF is:

  • “An excellent hosted WAF, and a company that acts more like a partner than a vendor” Principal Site Reliability Architect in the Services Industry [Full Review];
  • “A straightforward yet highly effective WAF solution” — VP in the Finance Industry [Full Review];
  • “Easy and Powerful with Outstanding Support” — VP Technology in the Retail Industry [Full Review];
  • “Secure, Intuitive and a Delight for web security and accelerations” — Sr Director-Technical Product Continue reading

SONiC’s Next Home: The SmartNIC Data Processing Unit (DPU)

This guest post is by Ihab Tarazi, Sr. VP and Networking CTO at Dell Technologies. We thank Dell Technologies for being a sponsor. It’s an exciting time to be a part of today’s networking evolution where all the pieces are finally falling into place to help us truly realize a software-defined network. SONiC is an […]

The post SONiC’s Next Home: The SmartNIC Data Processing Unit (DPU) appeared first on Packet Pushers.

Heavy Networking 570: Dell Brings The SONiC NOS To SmartNICs And DPUs (Sponsored)

On today's sponsored Heavy Networking podcast we examine the use of SmartNICs and DPUs to offload networking and security processes. We also discuss the use of the SONiC network OS to run on SmartNICs and DPUs, with P4 as a programming layer. Dell Technologies is our sponsor, and our guest from Dell is Ihab Tarazi, Sr. VP and Networking CTO.

The post Heavy Networking 570: Dell Brings The SONiC NOS To SmartNICs And DPUs (Sponsored) appeared first on Packet Pushers.

Enough Is Enough: What Happens When Law Enforcement Bends Laws to Access Data

Tutanota co-founder Matthias Pfau explains how a recent court order is a wake-up call to end the encryption debate once and for all In a world increasingly reliant on the Internet in our day-to-day lives, there’s no turning back on encryption. Encryption is a critical security tool for citizens, businesses, and governments to communicate confidentially […]

The post Enough Is Enough: What Happens When Law Enforcement Bends Laws to Access Data appeared first on Internet Society.

Build Zero Trust rules with managed devices

Build Zero Trust rules with managed devices
Build Zero Trust rules with managed devices

Starting today, your team can use Cloudflare Access to build rules that only allow users to connect to applications from a device that your enterprise manages. You can combine this requirement with any other rule in Cloudflare’s Zero Trust platform, including identity, multifactor method, and geography.

As more organizations adopt a Zero Trust security model with Cloudflare Access, we hear from customers who want to prevent connections from devices they do not own or manage. For some businesses, a fully remote workforce increases the risk of data loss when any user can login to sensitive applications from an unmanaged tablet. Other enterprises need to meet new compliance requirements that restrict work to corporate devices.

We’re excited to help teams of any size apply this security model, even if your organization does not have a device management platform or mobile device manager (MDM) today. Keep reading to learn how Cloudflare Access solves this problem and how you can get started.

Build Zero Trust rules with managed devices

The challenge of unmanaged devices

An enterprise that owns corporate devices has some level of control over them. Administrators can assign, revoke, inspect and manage devices in their inventory. Whether teams rely on management platforms or a simple spreadsheet, businesses can Continue reading

Inside Cloudflare: Preventing Account Takeovers

Inside Cloudflare: Preventing Account Takeovers
Inside Cloudflare: Preventing Account Takeovers

Over the last week, Cloudflare has published blog posts on products created to secure our customers from credential stuffing bots, detect users with compromised credentials, and block users from proxy services. But what do we do inside Cloudflare to prevent account takeovers on our own applications? The Security Team uses Cloudflare products to proactively prevent account compromises. In addition, we build detections and automations as a second layer to alert us if an employee account is compromised. This ensures we can catch suspicious behavior, investigate it, and quickly remediate.

Our goal is to prevent automated and targeted attackers regardless of the account takeover technique: brute force attack, credential stuffing, botnets, social engineering, or phishing.

Classic Account Takeover Lifecycle

First, let's walk through a common lifecycle for a compromised account.

In a typical scenario, a set of passwords and email addresses have been breached. These credentials are reused through credential stuffing in an attempt to gain access to any account (on any platform) where the user may have reused that combination. Once the attacker has initial access, which means the combination worked, they can gain information on that system and pivot to other systems through methods. This is classified Continue reading