Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored)
Today's Tech Bytes dives into Intent-Based Networking (IBN) as an evolution of network automation. Apstra is our sponsor for this episode and our guest is Mansour Karam, fouder and President. We discuss how IBN advances traditional automation, Apstra's support for open networking, customer use cases, and more.Holding Steady: How CDNs, IXPs, and Network Providers Help Keep us Online
Although the COVID-19 pandemic is, unfortunately, far from over, the Internet continues to be resilient, supporting the additional demands that we have placed on it, including the rapid growth in online learning, work videoconferences, e-commerce, streaming video entertainment, and more.
Because the Internet exists as a network of networks, this resilience is largely due to the planning, actions, and cooperation of all of the interconnected participants. These participants include, but are certainly not limited to, network providers, Internet Exchange Points (IXPs), and Content Delivery Networks (CDNs).
Expanding Infrastructure
On the network side, major providers such as Comcast have invested billions of dollars over the last several years in expanding fiber infrastructure and growing network capacity. In contrast, community network provider NYC Mesh is leveraging DIY customer installations to grow its own infrastructure during the pandemic. While there is still much work to be done, these efforts by both large and small network operators as well as similar operators all over the world, are making reliable broadband connectivity more widely available. Infrastructure expansion is vital as the current pandemic has shown that access to reliable Internet is now more important than ever before.
Fast and Reliable Content Delivery
CDN providers are also doing their Continue reading
Your Security Products Are Insecure, With Data
The video is queued on the section where the talk highlights the security software (firewalls, threat detection etc) is actually the weakest link. He then presents the data that security vendors have become the weakest link in the security landscape. The asymmetry of defence is highlighted by the fact that security appliances have 10MM lines […]
The post Your Security Products Are Insecure, With Data appeared first on EtherealMind.
Zero Trust and the Cookie Metaphor
In old presentations on network security (watch this space; I’m working on a new security course for Ignition in the next six months or so), I would use a pair of chocolate chip cookies as an illustration for network security. In the old days, I’d opine, network security was like a cookie that was baked to be crunchy on the outside and gooey on the inside. Now-a-days, however, I’d say network security needs to be more like a store-bought cookie—crunchy all the way through. I always used this illustration to make a point about defense-in-depth. You cannot assume the thin crunchy security layer at the edge of your network—generally in the form of stateful packet filters and the like (okay, firewalls, but let’s leave the appliance world behind for a moment)—is what you really need.
There are such things as insider attacks, after all. Further, once someone breaks through the thin crunchy layer at the edge, you really don’t want them being able to move laterally through your network.
The United States National Institute of Standards and Technology (NIST) has released a draft paper describing Zero Trust Architecture, which addresses many of the same concerns as the cookie that’s crunchy Continue reading
How to Create a Self-Organized Network of Vendors for Your Small Business
When you start a business, there are many things that you need to look into – from what brands you will allow being a part of your business to which vendors to use. These are all essential decisions that need to be taken by you so that you can decide on the future of your business.
The only way to get through to it is to do your research. By research, what is meant is to do your work on finding the perfect brands and perfect vendors that will help you and your business grow seamlessly and without any issues.
Hence, in this article, you will be told how to create a self-organized network and how you can incorporate vendors into it. Let’s begin.
How to Create a Self-Organised Network of Vendors
Now, this is where the article helps you fulfil the reason why you are here in the first place. We’ll briefly review how to create a good network of vendors that will help in increasing the outlook and the growth of your business.
The relationship that you have with your vendors will be key and will be the basis of your business doing good, so you need to Continue reading
From Micro-segmentation to Internal Firewalling
The Evolution of VMware NSX Service-defined Firewall
Today, many people take micro-segmentation for granted. It’s incredible to recall that just a few years ago, VMware introduced micro-segmentation to support the concept of Zero Trust — a security model that does not automatically trust entities within the security perimeter. Fast forward to the present, and many people have embraced that concept and made it their own. Meanwhile, VMware has extended its solution for micro-segmentation into a full-blown internal firewall. Let’s step back in time and see how VMware progressed from the initial micro-segmentation use case to today’s powerful Service-defined Firewall, deployed by thousands of organizations.
Pioneering the Market for Micro-segmentation
Back in 2013, VMware pioneered micro-segmentation with the release of VMware NSX, the VMware network virtualization and security platform, which propelled VMware into the world of software-defined network and security virtualization. This initial release enabled customers to run a complete Layer 2-Layer 4 stack in software. The guiding philosophy was to make world-class security easy to operationalize.
Some customers used NSX for network segmentation: they created virtual security zones in software where they had previously used hardware. Other customers adopted NSX for micro-segmentation: they were now able to provide Continue reading
The Week in Internet News: Balloon-Based Internet Comes to Kenya
Up, up and away: Google’s Project Loon, focused on providing Internet access with balloons floating in the stratosphere, has begun providing service in Kenya, CNN reports. The project will use about 35 balloons floating 20 kilometers above the ground to provide 4G LTE service covering 50,000 square kilometers in central and western Kenya.
Reach the sky: A broadband cooperative in rural Pennsylvania has built its own wireless network to provider faster Internet service, The Philadelphia Inquirer says. The Rural Broadband Cooperative, made up mostly of retirees, uses a 120-foot, former HAM radio tower that they erected on Stone Mountain. The service, with about 40 paying customers, offers speeds of up to 25 megabits per second.
The great divide: The COVID-19 pandemic has shown the seriousness of the digital divide in Pakistan, The Diplomat says. While the country has moved to online school, many areas lack broadband service, and in some areas, mobile services are shut down by the government because of security concerns. “Students across the country, from the former Federally Administered Tribal Areas to Balochistan, have been protesting against online classes, not only on social media but in front of various press clubs, universities, and on roads. They have Continue reading
Fast Friday Random Thoughts
It’s Friday and we’re technically halfway into the year now. Which means things should be going smoother soon, right? Here’s hoping, at least.
- I posted a new episode of Tomversations yesterday. This one is about end-to-end encryption. Here’s hoping the Department of Justice doesn’t find a way to screw this up. And here’s hoping the Senate stops helping.
- I saw a post that posits VMware may be looking to buy BitGlass. I know VMware’s NSX team pretty well. I also talked to the BitGlass team at RSA this year. I think this is something that VMware needs to pick up to be honest. They need to round out their SASE portfolio with a CASB. BitGlass is the best one out there to make that happen. I think we’re going to see a move here before we know it.
- There are a lot of other acquisitions going on in the market. VMware bought Datrium. Uber bought Postmates. It’s typical to see these kinds of acquisitions during downturns because it becomes way cheaper to snap up your competition. I expect Q3 is going to be full of consolidation in the networking space. Cisco won’t start doing anything until August at the earliest, Continue reading
Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored)
On today's Heavy Networking episode, sponsored by Cisco, we discuss reasons why automation isn't more pervasive, particularly in networking, and look at complications such as source of truth, getting state information, the need for orchestration, and user trust. Our guests are Omar Sultan, Leader, Product Management at Cisco; and Kevin Corbin, Sr. Solutions Engineer at HashiCorp.Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored)
On today's Heavy Networking episode, sponsored by Cisco, we discuss reasons why automation isn't more pervasive, particularly in networking, and look at complications such as source of truth, getting state information, the need for orchestration, and user trust. Our guests are Omar Sultan, Leader, Product Management at Cisco; and Kevin Corbin, Sr. Solutions Engineer at HashiCorp.
The post Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored) appeared first on Packet Pushers.
Chapter Training Program 2020: The Power of Us!
“Vulnerability is the birthplace of innovation, creativity and change.”
—Brené Brown
Three months ago, the Internet Society decided to face a new challenge. We took ourselves out of our comfort zone to move our community to the next level: empowerment through education. We began the Chapter Training Program, born to satisfy the increasing need of our Chapter leaders to engage their members in an impactful and informed way. The purpose was to identify and help form new leaders to work together to create local awareness, as part of our 2020 Action Plan .
This journey was not easy. However, our community embraced vulnerability and we overcame many obstacles, like change and uncertainty. In the end, we succeeded – because together our strength is bigger than our challenges. It’s part of our community’s DNA: having the conviction to build an Internet that enriches people’s lives and enables opportunities to all.We demonstrated that when we work together, we accomplish great things. Challenge becomes just a word… To be brave, first we need to be vulnerable and once we are brave, the sky is the limit!
I want to share the results of our work – and I hope we can Continue reading
Now GA: Data-in-Transit Encryption in Calico v3.15
We’re excited to announce that the latest release of Calico includes encryption for data-in-transit. Calico is the open source networking and network security solution for containers, virtual machines, and host-based workloads, offering connectivity and security for container workloads.
One of Calico’s best-known security features is its implementation of Kubernetes Network Policy, providing a way to secure container workloads by restricting traffic to and from trusted sources. This enables the traffic to be controlled, however, the traffic itself had previously remained vulnerable to interception.
A common solution to this problem is to encrypt traffic at the application layer using protocols like Transport Layer Security (TLS). Traffic can also be encrypted at a lower infrastructure level using IPsec. However, these approaches introduce an additional layer of complexity. Calico avoids that complexity by utilizing WireGuard to implement data-in-transit encryption.
WireGuard is run as a module inside the Linux kernel and provides better performance and lower power consumption than IPsec and OpenVPN tunneling protocols. The Linux version of WireGuard reached a stable production release in March and was introduced as a tech preview in the 3.14 release of Project Calico. We are pleased to announce that WireGuard encryption is now generally available with Continue reading
How Does Technology Affect the Generation Gap?
One of the biggest divisions between the generations today is technology. And with a huge disparity in attitudes towards technology as well as competence levels, there is a danger that each generation is becoming even more separated, settling into their own niche areas regarding the way that we all socialize, receive news, and communicate with each other. When asking how technology affects the generation gap, there is a lot more to it than having the ability to download a movie or app or do online shopping.
First up the most digital savvy group of adults are the Millennials. These people born between 1981 and 1996 cannot remember a time without email and the internet. Millennials are technically competent, and this generation tends to want to share their lives online in a way that would appeal to older people. There is an attitude that if it isn’t posted on social media, it just didn’t happen!
By contrast, Generation X , the people born in the early 1960s through to the ’70s are often technically able to use the internet and use online banking , shopping and to occasionally post on social media, but in most cases, technology is not a major Continue reading
IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston
We discuss the challenges and opportunities of IPv6 with Geoff Huston, APNIC's chief scientist and network analyst nonpareil. Topics include how dual-stack and Happy Eyeballs have papered over v6 deficiencies, why the address space may not be as vast as advertised, and why v6 is still the future.
The post IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston appeared first on Packet Pushers.
IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston
We discuss the challenges and opportunities of IPv6 with Geoff Huston, APNIC's chief scientist and network analyst nonpareil. Topics include how dual-stack and Happy Eyeballs have papered over v6 deficiencies, why the address space may not be as vast as advertised, and why v6 is still the future.HS. Part 6. First impression from Nokia SRLinux.
Hello my friend,
In this HS blog series we have covered so far the automated build of the network topology for hyper scale data centre using Microsoft Azure SONiC. Today Nokia has announced a new product for data centre, which is called SRLinux. In the next couple of articles we’ll review it from the architectural and automation standpoint.
2
3
4
5
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Thanks
We want to thank Nokia team for providing us the details and assisting in creating these materials. It won’t be possible without your help, dear partners.
Network automation training – now as a self-paced course as well
Following your asks we open a new format for the network automation training – self-paced format:
- It doesn’t matter what your timezone is.
- It doesn’t matter how much hours weekly do you have to study.
- It doesn’t matter how solid is your current background in automation, scripting and software development.
Because you decide on your own when, how often and Continue reading