Archive

Category Archives for "Networking"

Security Power Block Series: Secure Your Data Center with NSX Firewall

We get it. The world of network security is changing, and it’s hard to keep up. Between your regular duties, pressure to adapt to changing realities, and pandemic stress on both your work and home life, ita challenge to find the time to build new skills.  

Understanding that your time is precious, we’ve created a series of succinct, 30-minute, security-focused webinars that take a deep dive into the topics, strategies, and techniques you need to know. The four sessions in our Security Power Block Series will explore the new security landscape, how our unique architecture is ideal for protecting East-West traffic from modern security threats, and real-world use cases you can use to operationalize your data center security at scale.   

You can register for one, two, three, or all sessions at once and you’ll automatically receive invitations with session links that you can add directly to your calendar. Staying informed — and learning new skills — couldn’t be easier. 

Network Segmentation Made Easy  

April 14, 2021 
10:00 a.m. PT  

Zoning or segmenting data center networks into manageable chunks Continue reading

Taking control of your Ubuntu desktop

You may have a lot more control over your Ubuntu desktop than you know. In this post, we'll look into what you should expect to see by default and how you can change that.Most Linux desktops start out charmingly uncluttered. They display a handful of icons on an attractive background. These include shortcuts for launching applications, generally along the left side or bottom of the screen, and maybe another icon or two in the otherwise open area.The uncluttered desktop is generally a good thing. You can open folders using your file manager and move around to any group of files that you need to use or update. By changing a setting on Ubuntu (and related distributions), however, you can also set up your system to open with a specified set of files in view – and you don't have to move them into your Desktop folder to do so.To read this article in full, please click here

Netsim-tools Release 0.5 Work with Containerlab

TL&DR: If you happen to like working with containers, you could use netsim-tools release 0.5 to provision your container-based Arista EOS labs.

Why does it matter? Lab setup is blindingly fast, and it’s easier to integrate your network devices with other containers, not to mention the crazy idea of running your network automation CI pipeline on Gitlab CPU cycles. Also, you could use the same netsim-tools topology file and provisioning scripts to set up container-based or VM-based lab.

What is containerlab? A cool project that builds realistic virtual network topologies with containers. More details…

Netsim-tools Release 0.5 Work with Containerlab

TL&DR: If you happen to like working with containers, you could use netsim-tools release 0.5 to provision your container-based Arista EOS labs.

Why does it matter? Lab setup is blindingly fast, and it’s easier to integrate your network devices with other containers, not to mention the crazy idea of running your network automation CI pipeline on Gitlab CPU cycles. Also, you could use the same netsim-tools topology file and provisioning scripts to set up container-based or VM-based lab.

What is containerlab? A cool project that builds realistic virtual network topologies with containers. More details…

In Defense Of EIGRP With Zig Zsiga And Ethan Banks – Video

Zig Zsiga and Ethan Banks talk through use cases for the sometimes maligned EIGRP, a popular choice in Cisco networks for decades. The conversation covers EIGRP design basics, the stuck-in-active problem, stub routing, and RFC7868. Comparisons are made to how OSPF design differs to accomplish similar goals. This was originally published as an audio-only podcast […]

The post In Defense Of EIGRP With Zig Zsiga And Ethan Banks – Video appeared first on Packet Pushers.

Defense in Depth: The First Step to Security Certainty

Allen McNaughton Allen is the Director of Technical Sales, Public Sector at InfoBlox. He has over 20 years of experience in developing security solutions for service providers, public sector and enterprise customers. Bad actors are constantly coming up with ways to evade defensive techniques put in place by government agencies, educational institutions, healthcare providers, companies and other organizations. To keep up, network security needs what’s known as “defense in depth” — a strategy that leverages different security solutions to provide robust and comprehensive security against unauthorized intruders. Think about securing your house — locks on your doors only protect your doors. But if you have locks on your doors and windows, a high fence, security cameras, an alarm system and two highly trained guard dogs, you have what we call “defense in depth.” The same goes for networks. When it comes to building a defense-in-depth strategy for your network, the first and most important feature is visibility — knowing what is on your network. Why Visibility? Because You Can’t Protect What You Can’t See If you can’t see it, you can’t protect it — it’s obvious if you think about it. Without understanding the devices, hardware, software and traffic Continue reading

Bringing AI to the edge with NVIDIA GPUs

Bringing AI to the edge with NVIDIA GPUs
Bringing AI to the edge with NVIDIA GPUs

Cloudflare has long used machine learning for bot detection, identifying anomalies, customer support and business intelligence.  And internally we have a cluster of GPUs used for model training and inference.

For even longer we’ve been running code “at the edge” in more than 200 cities worldwide. Initially, that was code that we wrote and any customization was done through our UI or API. About seven years ago we started deploying custom code, written in Lua, for our enterprise customers.

But it’s quite obvious that using a language that isn’t widely understood, and going through an account executive to get code written, isn’t a viable solution and so four years ago we announced Cloudflare Workers. Workers allows anyone, on any plan, to write code that gets deployed to our edge network. And they can do it in the language they choose.

After launching Workers we added storage through Workers KV as programs need algorithms plus data. And we’ve continued to add to the Workers platform with Workers Unbound, Durable Objects, Jurisdictional Restrictions and more.

But many of today’s applications need access to the latest machine learning and deep learning methods. Those applications need three things: to scale easily, Continue reading

What’s In A Title? Network Engineer Vs. Professional Or Licensed Engineer

In the US, do not call yourself a "Professional Engineer" or "Licensed Engineer" as your title. Those are specially reserved titles for those who actually ARE licensed. However, calling yourself a "Network Engineer" is okay. If you want to know more details, read on.

The post What’s In A Title? Network Engineer Vs. Professional Or Licensed Engineer appeared first on Packet Pushers.

Don’t Poke Holes in Our Digital Security Shield

In only a few days the European Union will close the doors on our chance to provide feedback on an initiative which could grant law enforcement agencies backdoor access to encrypted messaging services. Doing this would poke holes in our most important digital security shield. It misleadingly claims it to protect kids’ safety online. As […]

The post Don’t Poke Holes in Our Digital Security Shield appeared first on Internet Society.

Finally! Local Traffic Remained Local

During a recent broadcast of an Italian Series A Championship football match, something extraordinary was happening behind the scenes. Local Internet traffic remained local. Cristiano Zanforlin, Chief Commercial Officer of Milan Internet Exchange (MIX), Flavio Luciani, Chief Technology Officer of Consorzio Namex, and Luca Cicchelli, Interconnection Manager of Consorzio TOP-IX, explain how Italian IXPs helped […]

The post Finally! Local Traffic Remained Local appeared first on Internet Society.

Expanding the Cloudflare Workers Observability Ecosystem

Expanding the Cloudflare Workers Observability Ecosystem
Expanding the Cloudflare Workers Observability Ecosystem

One of the themes of Developer Week is “it takes a village”, and observability is one area where that is especially true. Cloudflare Workers lets you quickly write code that is infinitely scalable — no availability regions, no scaling policies. Your code runs in every one of our data centers by default: region Earth, as we like to say. While fast time to market and effortless scale are amazing benefits, seasoned developers know that as soon as your code is in the wild… stuff happens, and you need the tools in place to investigate, diagnose, fix and monitor those issues.

Today we’re delighted to add to our existing analytics partners. We’re announcing new partnerships with six observability-focused companies that are deeply integrated into the Cloudflare Workers ecosystem. We’re confident these partnerships will provide immediate value in building the operational muscle to maintain and make your next generation of applications fast, secure and bullet-proof in production.

Expanding the Cloudflare Workers Observability Ecosystem

console.log(`Got request. Extracted name=${name}. Saving…`);

Cloudflare wrangler gives you the ability to generate, configure, build, preview and publish your projects, from the comfort of your dev environment. Writing code in your favorite IDE with a fully-fledged CLI tool that also allows you to simulate Continue reading

Location-based personalization at the edge with Cloudflare Workers

Location-based personalization at the edge with Cloudflare Workers
Location-based personalization at the edge with Cloudflare Workers

We’re excited to announce an update to Cloudflare Workers, our serverless code platform built on our global network. Geolocation data is now accessible and free for all developers on our Workers platform, including users on the free plan!

You can now serve personalized experiences for users based on their location using Workers. Personalization is critical to building intuitive apps for users and it unlocks new possibilities for what you can build on our platform. Whether you’re building a social networking app or an automatic shipping cost estimator for an e-commerce site, a one-size-fits-all experience doesn’t cut it. Location-based personalization helps you show what’s most relevant to your users, be it tickets for movies in their area or content in their local language.

With geolocation data available on the server side, there’s no configuration needed for users to set their location.

Each request to a Worker includes the user’s (example data shown):

  • Country: “US”
  • City: “Austin”
  • Continent: “NA”
  • Latitude: "30.27130"
  • Longitude: “-97.74260”
  • Postal code: "78701"
  • Metro code(dma): “635”
  • Region: “Texas”
  • Timezone: “America/Chicago”

Geolocation data on Workers makes it even easier to build server rendered apps and customized services.

Refer to the documentation to learn more.

In case you need Continue reading

10 of the best ways to get help on Linux

Just because Linux appeals to the nerdiest of nerds doesn't mean that it can't be extremely helpful for those who don't want to spend a lot of time delving into the technical details of how to use various commands. In fact, Linux provides a series of tools that can help anyone master the command line or just get the task at hand done more quickly and efficiently. This post covers 10 of the best options.man pages You can always go to the man pages to answer usage and syntax questions you might have on a Linux command. Just type "man" followed by the name of the command (e.g., man ps), and you'll get a lot of descriptive information. On the other hand, if you really just want to see some examples of how to use a particular command, the content of a man page might be a lot more than you want to comb through. In the remainder of this post, I'll explain some other options for finding the command that you need and learning how to use it.To read this article in full, please click here

10 of the best ways to get help on Linux

Just because Linux appeals to the nerdiest of nerds doesn't mean that it can't be extremely helpful for those who don't want to spend a lot of time delving into the technical details of how to use various commands. In fact, Linux provides a series of tools that can help anyone master the command line or just get the task at hand done more quickly and efficiently. This post covers 10 of the best options.man pages You can always go to the man pages to answer usage and syntax questions you might have on a Linux command. Just type "man" followed by the name of the command (e.g., man ps), and you'll get a lot of descriptive information. On the other hand, if you really just want to see some examples of how to use a particular command, the content of a man page might be a lot more than you want to comb through. In the remainder of this post, I'll explain some other options for finding the command that you need and learning how to use it.To read this article in full, please click here

AT&T picked as top managed-SD-WAN provider for the third year

AT&T, Hughes, and Verizon were selected as the top three SD-WAN providers for the third year in a row in the latest Vertical Systems Group rankings for year-end 2020. Comcast jumped to fourth place.Despite the pandemic, expansion of carrier-managed SD-WAN services in the U.S. increased 39% in 2020. Demand was resilient across bandwidth-intensive markets, but vulnerable for verticals like retail and travel.Vertical Systems Group is an independent market research firm focused on network services. Each year it issues its Carrier Managed SD-WAN Services Leaderboard.The one notable change was Comcast has replaced Lumen Technologies in fourth place, moving up from seventh position in 2019. Lumen is now in sixth, Windstream remains in fifth and Aryaka dipped from sixth to seventh.To read this article in full, please click here

Nokia Lab | LAB 3 IS-IS |


Hello everyone!

It's the next Nokia lab. Today we will review routing protocol widely spread across service providers networks. 
Please check my first lab for input information.

Topology example



















Lab tasks and questions:
  • Basic IS-IS
  • configure IS-IS between R1 and R2 (use P2P interface type, Level 2 only, "system" interface as passive, area 49.01)
  • check neighbors state
  • examine IS-IS control plane PDUs (You can use debug or packet capture)
  • describe all IS-IS PDU and their purpose
  • What transport does IS-IS use for control plane PDU delivery? Any difference with OSPF?
  • Examine destination MAC address of control plane PDU
  • examine LSDB
    • examine LSP in detail
    • What TLV types does it contain? Examine every TLV
  • examine route table
    • What is the default preference of IS-IS routes?
    • What is max-metric of IS-IS routes (default configuration)?
    • How to change behavior? How to take into account link bandwidth? 
    • Multi-area IS-IS
    • configure R3 and R4 as L1/L2 IS-IS routers (use P2P interface type, area 49.02)
    • configure R5 and R6 as L1-only IS-IS routers (use P2P interface type, area 49.02)
    • check IS-IS adjacency on R3
    • What adjacency types do you see?
  • examine LSDB on R3
    • make attention to LSP attributes

    Must Read: Automate Nexus-OS Fabric Deployment

    Some networking engineers breeze through our Network Automation online course, others disappear after a while… and a few of those come back years later with a spectacular production-grade solution.

    Stephen Harding is one of those. He attended the automation course in spring 2019 and I haven’t heard from him in almost two years… until he submitted one of the most mature data center fabric automation solutions I’ve seen.

    Not only that, he documented the solution in a long series of must-read blog posts. Hope you’ll find them useful; I liked them so much I immediately saved them to Internet Archive (just in case).

    Must Read: Automate Nexus-OS Fabric Deployment

    Some networking engineers breeze through our Network Automation online course, others disappear after a while… and a few of those come back years later with a spectacular production-grade solution.

    Stephen Harding is one of those. He attended the automation course in spring 2019 and I haven’t heard from him in almost two years… until he submitted one of the most mature data center fabric automation solutions I’ve seen.

    Not only that, he documented the solution in a long series of must-read blog posts. Hope you’ll find them useful; I liked them so much I immediately saved them to Internet Archive (just in case).

    Cisco DevNet certifications: 10k awarded in first year

    In the year since Cisco revamped its DevNet certification portfolio to focus more on network programing, automation and application development, the need for those software-based skillsets has never been more important. IT Salary Survey on Insider Pro IT Salary Survey 2021: The results are in IT Salary Survey 2021: Compensation holds steady despite pandemic IT Salary Survey 2021: Hiring rate expected to increase but priorities will shift IT Salary Survey 2021: Over half of IT pros are satisfied at work – but nearly half are job hunting IT Salary Survey 2021: Security and cloud computing certifications on the up The requirement for software skills in the networking environment is being driven by a number of factors including the tremendous increase in the use of automation, the need to have an intelligent pipeline to remote users, and the growing necessity to efficiently network and secure multicloud resources. Many of these changes were already underway of course, but tons more are being driven by the COVID-19 pandemic’s impact on many enterprise data-center, campus and wide area network operations.To read this article in full, please click here