Archive

Category Archives for "Networking"

Internet Society Joins Leading Internet Advocates to Call on ISPs to Commit to Basic User Privacy Protections

By Electronic Frontier FoundationMozilla, and The Internet Society

As people learn more about how companies like Google and Facebook track them online, they are taking steps to protect themselves. But there is one relatively unknown way that companies and bad actors can collect troves of data.

Internet Service Providers (ISPs) like Comcast, Verizon, and AT&T are your gateway to the Internet. These companies have complete, unfettered, and unregulated access to a constant stream of your browsing history that can build a profile that they can sell or otherwise use without your consent.

Last year, Comcast committed to a broad range of DNS privacy standards. Companies like Verizon, AT&T, and T-Mobile, which have a major market share of mobile broadband customers in the U.S., haven’t committed to the same basic protections, such as not tracking website traffic, deleting DNS logs, or refusing to sell users’ information. What’s more, these companies have a history of abusing customer data. AT&T,  Sprint, and T-Mobile, sold customer location data to bounty hunters, and Verizon injected trackers bypassing user control.

Every single ISP should have a responsibility to protect the privacy of its users – and as mobile internet access continues Continue reading

Storage startup Pliops aims to boost flash performance

Rivals Intel and Nvidia are on the same side when it comes to the funding of a startup that promises to make flash storage orders of magnitude faster.The two are among numerous investors in Pliops, which is developing a specialized storage processor that it says allows applications to access data kept in flash storage up to 100 times faster than with traditional approaches while using a fraction of the electricity required by traditional hardware. Read more: NVMe over Fabrics creates data-center storage disruptionTo read this article in full, please click here

Next-gen wireless options: Wi-Fi 6, 5G or private 5G?

One of the great debates in networking has been whether to use wired connectivity—which brings speed—or wireless—which delivers mobility. Recent versions of Wi-Fi deliver speeds comparable to wired, removing this debate. Wired connections are still faster, but for most user applications, including video, there is no experience difference. Looking ahead, next-generation wireless will be well North of 1Gbps, making it a no-brainer to use wireless.The next big decision: What kind of wireless?In the past, there was only one option, and that was Wi-Fi. Now there is another option coming into play, and that’s 5G. Not 5G like the kind one has attached to your mobile phone, but private 5G used within enterprise environments.To read this article in full, please click here

Storage startup Pliops aims to boost flash performance

Rivals Intel and Nvidia are on the same side when it comes to the funding of a startup that promises to make flash storage orders of magnitude faster.The two are among numerous investors in Pliops, which is developing a specialized storage processor that it says allows applications to access data kept in flash storage up to 100 times faster than with traditional approaches while using a fraction of the electricity required by traditional hardware. Read more: NVMe over Fabrics creates data-center storage disruptionTo read this article in full, please click here

Azure Route Server: The Challenge

Imagine you decided to deploy an SD-WAN (or DMVPN) network and make an Azure region one of the sites in the new network because you already deployed some workloads in that region and would like to replace the VPN connectivity you’re using today with the new shiny expensive gadget.

Everyone told you to deploy two SD-WAN instances in the public cloud virtual network to be redundant, so this is what you deploy:

Azure Route Server: The Challenge

Imagine you decided to deploy an SD-WAN (or DMVPN) network and make an Azure region one of the sites in the new network because you already deployed some workloads in that region and would like to replace the VPN connectivity you’re using today with the new shiny expensive gadget.

Everyone told you to deploy two SD-WAN instances in the public cloud virtual network to be redundant, so this is what you deploy:

5 free network-vulnerability scanners

Though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself.Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned but there are also those that offer broad IT security scanning.To read this article in full, please click here

5 free network-vulnerability scanners

Though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself.Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned but there are also those that offer broad IT security scanning.To read this article in full, please click here

You Can Always Add Another Layer of Indirection (RFC1925, Rule 6a)

Many within the network engineering community have heard of the OSI seven-layer model, and some may have heard of the Recursive Internet Architecture (RINA) model. The truth is, however, that while protocol designers may talk about these things and network designers study them, very few networks today are built using any of these models. What is often used instead is what might be called the Infinitely Layered Functional Indirection (ILFI) model of network engineering. In this model, nothing is solved at a particular layer of the network if it can be moved to another layer, whether successfully or not.

For instance, Ethernet is the physical and data link layer of choice over almost all types of physical medium, including optical and copper. No new type of physical transport layer (other than wireless) can succeed unless if can be described as “Ethernet” in some regard or another, much like almost no new networking software can success unless it has a Command Line Interface (CLI) similar to the one a particular vendor developed some twenty years ago. It’s not that these things are necessarily better, but they are well-known.

Ethernet, however, goes far beyond providing physical layer connectivity. Because many applications rely Continue reading

Applying a DevOps Approach to the Network Your App Runs On

ThousandEyes sponsored this post. Mike Hicks Mike is a principal solutions analyst at ThousandEyes, a part of Cisco, and a recognized expert with more than 30 years of experience in network and application performance. If you were to put application and network teams into a single room and ask them if ensuring optimal application performance and availability for their end users was critical to the success of their companies, you would undoubtedly have all heads shaking yes. The question, of course, is how? Many of us have lived through war rooms urgently called in response to degraded customer experiences, due to a performance or availability problem with a key application. Today’s modern applications are more distributed and modular than ever before, so not only has the number of stakeholders increased, but the lines of demarcation have also become blurred — causing confusion over responsibilities. Managing and optimizing application performance today is dependent on an increasingly complex underlying network and internet infrastructure that traditional application monitoring solutions fail to bridge, leaving visibility gaps for DevOps and NetOps to struggle with. These heterogeneous environments introduce changing conditions that are sparking new tactics to manage the application experience; and monitoring is one of Continue reading

InfluxDB 2.0 released


InfluxData advances possibilities of time series data with general availability of InfluxDB 2.0 announced the production release of InfluxDB 2.0. This article demonstrates how to import sFlow data into InfluxDB 2.0 using sFlow-RT in order to provide visibility into network traffic.

Real-time network and system metrics as a service describes how to use Docker Desktop to replay previously captured sFlow data. Follow the instructions in the article to start an instance of sFlow-RT.

Create a directory for InfluxDB to use to store data and configuration settings:
mkdir data
Now start InfluxDB using the pre-built influxdb image:
docker run --rm --name=influxdb -p 8086:8086 \
-v $PWD/data:/var/lib/influxdb2 influxdb:alpine \
--nats-max-payload-bytes=10000000

Note: sFlow-RT is collecting metrics for all the sFlow agents embedded in switches, routers, and servers. The default value of nats-max-payload-bytes (1048576) may be too small to hold all the metrics returned when sFlow-RT is queried. The error,  nats: maximum payload exceeded, in InfluxDB logs indicates that the limit needs to be increased. In this example, the value has been increased to 10000000.

Now access the InfluxDB web interface at http://localhost:8086/

The screen capture above shows three scrapers configured in InfluxDB 2.0:
  1. sflow-analyzer
    URL: http://host.docker.internal:8008/prometheus/analyzer/txt
  2. sflow-metrics
    Continue reading

Control web applications with two-clicks in Cloudflare Gateway

Control web applications with two-clicks in Cloudflare Gateway
Control web applications with two-clicks in Cloudflare Gateway

Nearly a year ago, we announced Cloudflare for Teams, Cloudflare’s platform for securing users, devices, and data. With Cloudflare for Teams, our global network becomes your team’s network, replacing on-premise appliances and security subscriptions with a single solution delivered closer to your users — wherever they work. Cloudflare for Teams centers around two core products: Cloudflare Access and Cloudflare Gateway.

Cloudflare Gateway protects employees from security threats on the Internet and enforces appropriate use policies. We built Gateway to help customers replace the pain of backhauling user traffic through centralized firewalls. With Gateway, users instead connect to one of Cloudflare’s data centers in 200 cities around the world where our network can apply consistent security policies for all of their Internet traffic.

Control web applications with two-clicks in Cloudflare Gateway

In March 2020, we launched Gateway’s first feature, a secure DNS filtering solution. With Gateway’s DNS filtering, administrators can click a single button to block known threats, like sources of malware or phishing sites. Policies can also be used to block specific risky categories, like gambling or social media. When users request a filtered site, Gateway stops the DNS query from resolving and prevents the device from connecting to a malicious destination or hostname with blocked material.

Continue reading

BrandPost: SD-WAN Is Made SASE-Ready with the Right Security Private Cloud

What is the ideal role of SD-WAN in a SASE architecture?Both SD-WAN and SASE hold great promise, sharing the common goal of securely connecting users to the data and applications critical to doing their jobs and demonstrating the tightening linkage between networking and security investments. Without the right security private cloud, however, SD-WAN lacks the necessary complement that will help organizations fully realize a SASE architecture, especially for addressing remote workers.SD-WAN’s RoleLeveraging the concept of a virtualized network overlay to connect branch offices, SD-WAN allows organizations to better tap the public Internet and low-cost broadband to save on expensive, legacy MPLS connections. Various analysts estimate SD-WAN can help enterprises cut costs by as much as 65% compared to traditional alternatives. SD-WAN benefits run deeper than just infrastructure savings, also including increased network availability, better traffic prioritization, and more intelligent path selection.To read this article in full, please click here

5 top Linux server distros: How to choose the right one

More and more networking pros need to familiarize themselves with Linux because the operating system underpins so many enterprise tools and platforms including software-defined networking and SD-WANs, cloud networking, network automation, and configuration management.And in the decades since it was first introduced, the number of distributions of Linux has blossomed as developers create versions that meet the needs of specific interest groups. While all the versions share a common core, they each have distinguishing characteristic suited to designated purposes.[ Also see Invaluable tips and tricks for troubleshooting Linux. ] This article takes a look at five of them – Debian, Fedora, CentOS, RHEL, and Ubuntu - how to acquire and install them, and an assessment of what they might best be suited for.To read this article in full, please click here