Archive

Category Archives for "Networking"

Calico & Calico Enterprise: Now Available as AWS Quick Starts

As an AWS Advanced Technology Partner with AWS Containers Competency, Tigera is thrilled to announce that Calico and Calico Enterprise are both now available as AWS Quick Starts. If you’re unfamiliar with the concept, an AWS Quick Start is a ready-to-use accelerator that fast-tracks deployments of key cloud workloads for AWS customers. Described as “gold-standard deployments in the AWS Cloud”, Quick Starts are designed to reduce hundreds of manual procedures into an automated, workflow-based reference deployment.

With Calico network policy enforcement, you can implement network segmentation and tenant isolation, which is especially useful when you want to create separate environments for development, staging, and production. Calico Enterprise builds on top of open source Calico to provide additional higher-level features and capabilities, and integrates with your existing AWS tools including security groups, Amazon CloudWatch, and AWS Security Hub so you can leverage existing processes and workflows in your EKS or Kubernetes infrastructure.

Everything you need to take advantage of Calico and Calico Enterprise in these Quick Starts is installed and configured in your Amazon Elastic Kubernetes (Amazon EKS) cluster, enabling you to take advantage of a rich set of Kubernetes security, observability, and networking features that Tigera provides in these Continue reading

Ansible Network Resource Modules: Deep Dive on Return Values

The Red Hat Ansible Network Automation engineering team is continually adding new resource modules to its supported network platforms.  Ansible Network Automation resource modules are opinionated network modules that make network automation easier to manage and more consistent for those automating various network platforms in production. The goal for resource modules is to avoid creating and maintaining overly complex jinja2 templates for rendering and pushing network configuration, as well as having to maintain complex fact gathering and parsing methodologies.  For this blog post, we will cover standard return values that are the same across all supported network platforms (e.g. Arista EOS, Cisco IOS, NXOS, IOS-XR, and Juniper Junos) and all resource modules. 

Before we get started, I wanted to call out three previous blog posts covering resource modules. If you are unfamiliar with resource modules, check any of these out:

Technologies that Didn’t: ARCnet

In the late 1980’s, I worked at a small value added reseller (VAR) around New York City. While we deployed a lot of thinnet (RG58 coax based Ethernet for those who don’t know what thinnet is), we also had multiple customers who used ARCnet.

Back in the early days of personal computers like the Amiga 500, the 8086 based XT (running at 4.77MHz), and the 8088 based AT, all networks were effectively wide area, used to connect PDP-11’s and similar gear between college campuses and research institutions. ARCnet was developed in 1976, and became popular in the early 1980’s, because it was, at that point, the only available local area networking solution for personal computers.

ARCnet was not an accidental choice in the networks I supported at the time. While thinnet was widely available, it required running coax cable. The only twisted pair Ethernet standard available at the time required new cables to be run through buildings, which could often be an expensive proposition. For instance, one of the places that relied heavily on ARCnet was a legal office in a small town in north-central New Jersey. This law office had started out in an older home over a Continue reading

Master Class: DC Fabrics

I’m teaching another master class over at Juniper on the 13th at 9AM PT:

Spine-and-leaf fabric is the “new standard,” but how much do you know about this topology, its origins, and its properties? This session will consider the history of the Clos, explain the butterfly and Benes, look at why a fabric is a fabric and why “normal networks” are not, and cover some key design considerations when building a fabric.

You can register here.

Cloudflare Radar’s 2020 Year In Review

Cloudflare Radar's 2020 Year In Review
Cloudflare Radar's 2020 Year In Review

Throughout 2020, we tracked changing Internet trends as the SARS-Cov-2 pandemic forced us all to change the way we were living, working, exercising and learning. In early April, we created a dedicated website https://builtforthis.net/ that showed some of the ways in which Internet use had changed, suddenly, because of the crisis.

On that website, we showed how traffic patterns had changed; for example, where people accessed the Internet from, how usage had jumped up dramatically, and how Internet attacks continued unabated and ultimately increased.

Today we are launching a dedicated Year In Review page with interactive maps and charts you can use to explore what changed on the Internet in 2020. Year In Review is part of Cloudflare Radar. We launched Radar in September 2020 to give anyone access to Internet use and abuse trends that Cloudflare normally had reserved only for employees.

Where people accessed the Internet

To get a sense for the Year In Review, let’s zoom in on London (you can do the same with any city from a long list of locations that we’ve analyzed). Here’s a map showing the change in Internet use comparing April (post-lockdown) and February (pre-lockdown). This map compares working hours Continue reading

The Attention Economy And The IT Talent Dearth

In IT operations, finding talent is difficult. For years, there has been a shortage of folks who are capable of maintaining complex infrastructure. To be sure, some of this is geographical. And certainly, the rate of technology change makes it difficult to find people with specific product skills. Hard to find a Kubernetes expert with ten years of experience. ?

But I suspect there’s a couple of other things going on that, when combined, make the talent dearth even worse.

The Brutality Of Complexity

When I was studying for Novell Netware 3 (before directory services) certifications decades ago, there was a lot to know. Networking with IPX. Architecture of x86 servers. NLMs. Storage strategies. Mail systems. Whatever else was in those red books many of us had on our shelves.

Pre-AD Microsoft certifications were similarly challenging. Domain controllers. Backup domain controllers. File & print systems. User permissions and design strategies. The GINA. Networking with IP, IPX, and NetBEUI. Mail systems. IIS. So much more.

That was before the addition of directory services to Novell and Microsoft operating systems. Directory services changed the game for file, print, email, and more back in the day, and it put a major burden on IT Continue reading

Build Resilient, Secure Microservices with Microsegmentation

About 10 to 12 years ago, the world of software experienced a shift in the architectural aspects of enterprise applications. Architects and software builders started moving away from the giant, tightly coupled, monolithic applications deployed in the private data centers to a more microservices-oriented architecture hosted in public cloud infrastructure. The inherent distributed nature of microservices is a new security challenge in the public cloud. Over the last decade, despite the growing adoption of microservices-oriented architecture for building scalable, autonomous, and robust enterprise applications, organizations often struggle to protect against this new attack surface in the cloud compared to the traditional data centers. It includes concerns around multitenancy and lack of visibility and control over the infrastructure, as well as the operational environment. This architectural shift makes meeting security goals harder, especially with the paramount emphasis placed on faster container-based deployments. The purpose of this article is to understand what microsegmentation is and how it can empower software architects, DevOps engineers, and IT security architects to build secure and resilient microservices. Specifically, I’ll discuss the network security challenges associated with the popular container orchestration mechanism Kubernetes, and I will illustrate the value of microsegmentation to prevent lateral movement when a Continue reading

Interconnecting GNS3 Virtual Machines – Video

GNS3 co-founder and developer Jeremy Grossman and networking instructor David Bombal talk with Ethan Banks about how separate GNS3 VMs communicate. You can listen to the full episode, “Heavy Networking 556: The State Of GNS3 For Network Labs,” by clicking this link. Heavy Networking is part of the Packet Pushers network of technical podcasts, including […]

The post Interconnecting GNS3 Virtual Machines – Video appeared first on Packet Pushers.

Automation Win: Chatops-Based Security

It’s amazing how quickly you can deploy new functionality once you have a solid foundation in place. In his latest blog post Adrian Giacometti described how he implemented a security solution that allows network operators to block source IP addresses (identified by security tools) across dozens of firewalls using a bot listening to a Slack channel.

Would you be surprised if I told you we covered similar topics in our automation course? ?

Keep reading

Automation Win: Chatops-Based Security

It’s amazing how quickly you can deploy new functionality once you have a solid foundation in place. In his latest blog post Adrian Giacometti described how he implemented a security solution that allows network operators to block source IP addresses (identified by security tools) across dozens of firewalls using a bot listening to a Slack channel.

Would you be surprised if I told you we covered similar topics in our automation course? 😇

Keep reading

Automating responses to scripts on Linux using expect and autoexpect

The Linux expect command takes script writing to an entirely new level. Instead of automating processes, it automates running and responding to other scripts. In other words, you can write a script that asks how you are and then create an expect script that both runs it and tells it that you're ok.Here's the bash script:#!/bin/bash echo "How are you doing?" read ans [Get regularly scheduled insights by signing up for Network World newsletters.] Here's the expect script that provides the response to the query:#!/usr/bin/expect set timeout -1 spawn ./ask # ask is name of script to be run expect "How are you doing?\r" send -- "ok\r" expect eof When you run the script, you should see this:To read this article in full, please click here

Network Break 315: Pluralsight Sold For $3.5 Billion; Dent NOS Hitchhikes To The Edge

This week's Network Break discusses the jaw-dropping $3.5 billion purchase of Pluralsight; welcomes a new network OS to life, the universe, and everything; debates whether ICANN was cautious or tardy in implementing DNSSEC for gTLD name servers, catches up on the SolarWinds hack, and more tech conversation.

The post Network Break 315: Pluralsight Sold For $3.5 Billion; Dent NOS Hitchhikes To The Edge appeared first on Packet Pushers.

Protecting Workloads with Global Network Backing Using Site Recovery Manager

Many thanks to Dimitri Desmidt from VMware, NSBU for providing the Design details of Multi-Location and Federation.

Preface

Starting NSX-T version 3.0.2 workloads with NSX-T global network backing (L2 stretched segment) can be protected and recovered using Site Recovery Manager (SRM). More details on Multi-Locations with Federation are available here.

Note: This post does not contain the installation and configuration details of NSX-T federation, vSphere Replication and Site Recovery Manager. Hence, it is necessary to meet the following pre-requisite to achieve the goal of protecting workloads with global segments using SRM.

Pre-requisite

  • Understanding of NSX-T Federation and its configuration is necessary.
  • Understanding the installation and configuration of vSphere Replication and Site Recovery Manager (SRM) is necessary.

Limitations

SRM is not currently supported with Federation with VM Tags, Segment Ports, or Segment Ports Tags. As mentioned in the Design Guide for Multi-Locations here:

  • Currently recovered VMs via SRM does not recover their NSX VM Tags.
  • Recovered VMs will receive new Segment Ports on the new LM.
  • If the Federation Security is based on VM Tags, Segment Ports or Segment Ports Tags then the recovered compute VMs in another location (London in our example here) do not have their Continue reading

Give The Network Designer That Came Before You A Break

When you take over a network as a technical lead, you often run into design elements that make you do a spit-take. They did WHAT? Really? Were they...stupid? Clueless? Stupid AND clueless? Maybe they were, but I argue that you should give those humans that came before you a break. You weren't there. You don't know what constraints they were operating under. Since you don't know those things, it's hard to pass fair judgement. Unfair judgement? Oh, yeah. All day long, and you can even feel righteous while doing so. Super smug.

The post Give The Network Designer That Came Before You A Break appeared first on Packet Pushers.

Understanding GNS3 Appliances – Video

The labbing tool GNS3 has a capability called “appliances” but it may not mean what you think it means. GNS3 co-founder and developer Jeremy Grossman and networking instructor David Bombal talk with Ethan Banks about what appliances mean in the context of this software. You can listen to the full episode, “Heavy Networking 556: The […]

The post Understanding GNS3 Appliances – Video appeared first on Packet Pushers.

Tech Bytes: SD-WAN Helps Medical Imaging Company Get The Picture Faster (Sponsored)

This Tech Bytes podcast explores how SimonMed, a medical imaging company, turned to an SD-WAN deployment from Silver Peak to reduce image delivery time from minutes to seconds, improve performance of VoIP, and begin a migration from expensive MPLS circuits.

The post Tech Bytes: SD-WAN Helps Medical Imaging Company Get The Picture Faster (Sponsored) appeared first on Packet Pushers.

1 687 688 689 690 691 3,455