DNS Flag Day 2020
One of the outcomes of the 'stacked' architecture of network protocol design is that upper level protocols should not try to do the job of the lower layers. Packet adaptation through fragmentation is a IP layer 'problem' and applications do not have to concern themselves with this. We've come some distance from this position and these days many applications need to be highly aware of transport layer and IP layer properties, and the DNS is no exception. There have been some recent steps in the DNS with the DNS Flag Day 2020 to try and tune the DNS to avoid packet fragmentation. How bad is the problem with packet fragmentation and do the DNS Flag Day measures address the issue?How Long Should You Practice
A reporter once asked boxing legend Muhammad Ali how many sit-ups he did each day. I’m sure the reporter wasn’t expecting Ali’s answer. Ali replied with:
I don’t know. I don’t start counting them until it hurts. Those are the only ones that count. That’s what makes you a champion.”
Ali knew that counting things is just a numbers game. Five hundred poor sit-ups don’t count as much a fifty done the right way. With any practice that you do the only things that count are the things that teach your something or that push you to be better.
Don’t Practice Until It’s Right
People used to ask me how long I would spend at night studying for the CCIE lab. I told them I usually spent between five and seven hours depending on what I was studying. Sometimes those people would say things like “I’m not talking about setup time. I’m talking about actual lab work.” I always countered by making them explain why the setup isn’t part of the “real” work. That’s usually when they went quiet.
It’s far too easy to fall into the trap of overlooking things that you think are unimportant. A task Continue reading
Heavy Networking 554: Mistaking Commercial Software For A Security Blanket
Today's Heavy Networking talks about the tradeoffs between commercial and open source software. While open source takes time and effort to make work, is commercial software any better? Guest Daniel Teycheney is here for the debate.Heavy Networking 554: Mistaking Commercial Software For A Security Blanket
Today's Heavy Networking talks about the tradeoffs between commercial and open source software. While open source takes time and effort to make work, is commercial software any better? Guest Daniel Teycheney is here for the debate.
The post Heavy Networking 554: Mistaking Commercial Software For A Security Blanket appeared first on Packet Pushers.
JUNOS | Layer 2 Circuit | MPLS-TE | PSN-Tunnel Endpoint
In this post we’re going to explore a technique for steering Layer 2 Circuit traffic onto a dedicated MPLS-TE LSP using JUNOS. The use case is fairly popular amongst Service Providers where special treatment is desired for certain Layer 2 Circuits. This special treatment could be the need for the traffic to follow a certain explicit path through the network, or perhaps there are other traffic-engineering constraints that are required. A good example of this is to create a deterministic state through the network in order to guarantee path diversity or a low latency path. This technique can be used alongside LDP, RSVP or SR.
Requirements
– Layer 2 Circuit traffic between CE4 and CE1 must use a dedicated traffic-engineered LSP via the P routers.
– No other traffic is permitted to use the LSP.
– All other traffic must continue to use LDP to reach the egress PE.
Lab Overview
The IGP is based on OSPF and LDP is used as the default label distribution protocol.
PE1 vSRX1 (Ingress PE): 20.1R1.11
PE2 CSR1000V1 (Egress PE): 16.11.01b
Layer 2 Circuit
Firstly, let’s create Layer 2 Circuits between PE1 and PE2 and observe the normal default behaviour.
Is LinkedIn Still Relevant to Your Career?
We all know LinkedIn has been available since the year 2002. It is popularly known as a place where professionals in every and any aspect of life can be found. People these days wonder if joining this social media platform is still important. If you don’t make use of LinkedIn properly, your messages, resumes, and all other activities on the website could take lots of hours, and it could waste important time you could use to be productive in other ways.
Do You Need a LinkedIn Profile for Your Career?
The simple answer to this question is “yes.” Even if you don’t make use of it often or at all, it’ll be nice to simply create the account. It doesn’t take anything but time to create this. You can then make an appointment on your calendar to check the site every 6 months or so. Whenever you have anything to add, you can do so. Make sure you add in huge accomplishments over your career span. Also from these scheduled checks of your profile, you should change your current job listing on LinkedIn whenever you have an occupational switch.
Hiring managers and recruiters make use of LinkedIn to look Continue reading
Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)
The Cloudflare Web Application Firewall (WAF) blocks more than 72B malicious requests per day from reaching our customers’ applications. Typically, our users can easily confirm these requests were not legitimate by checking the URL, the query parameters, or other metadata that Cloudflare provides as part of the security event log in the dashboard.
Sometimes investigating a WAF event requires a bit more research and a trial and error approach, as the WAF may have matched against a field that is not logged by default.
Not logging all parts of a request is intentional: HTTP headers and payloads often contain sensitive data, including personally identifiable information, which we consider a toxic asset. Request headers may contain cookies and POST payloads may contain username and password pairs submitted during a login attempt among other sensitive data.
We recognize that providing clear visibility in any security event is a core feature of a firewall, as this allows users to better fine tune their rules. To accomplish this, while ensuring end-user privacy, we built encrypted WAF matched payload logging. This feature will log only the specific component of the request the WAF has deemed malicious — and it is encrypted using a customer-provided key Continue reading
Developing NetBox Plugin – Part 1 – Setup and initial build
This is first post in my series showing how to develop NetBox plugin. We'll talk about what NetBox plugins are and why would you want one. Then I'll show you how to set up development environment. We'll finish by building base version of our custom plugin.
Developing NetBox Plugin tutorial series
- Developing NetBox Plugin - Part 1 - Setup and initial build
- Developing NetBox Plugin - Part 2 - Adding web UI pages
- Developing NetBox Plugin - Part 3 - Adding search panel
- Developing NetBox Plugin - Part 4 - Small improvements
- Developing NetBox Plugin - Part 5 - Permissions and API
Contents
- What are NetBox plugins?
- Why plugins?
- Development environment set-up
- Our plugin - BGP Peering
- Adding menu entry
- Data model
- Model Migrations
- Conclusion
- Resources
- BGP Peering Plugin repository
What are NetBox plugins?
NetBox plugins are small, self-contained, applications that add new functionality. This could range from adding new API endpoint to fully fledged apps. These apps can provide their own data models, views, background tasks and more. We can also inject content Continue reading
How to Build a Global Network that Complies with Local Law
We’ve spent a lot of time over the course of this week talking about Cloudflare engineers building technical solutions to improve privacy, increase control over data, and thereby, help our customers address regulatory challenges. But not all challenges can be solved with engineering. We sometimes have to build policies and procedures that anticipate our customers’ concerns. That has been an approach we’ve used to address government and other legal requests for data throughout the years.
Governments around the world have long had an interest in getting access to online records. Sometimes law enforcement is looking for evidence relevant to criminal investigations. Sometimes intelligence agencies are looking to learn more about what foreign governments or actors are doing. And online service providers of all kinds often serve as an access point for those electronic records.
For service providers like Cloudflare, though, those requests can be fraught. The work that law enforcement and other government authorities do is important. At the same time, the data that law enforcement and other government authorities are seeking does not belong to us. By using our services, our customers have put us in a position of trust over that data. Maintaining that trust is fundamental to Continue reading
Securing the post-quantum world
Quantum computing is inevitable; cryptography prepares for the future
Quantum computing began in the early 1980s. It operates on principles of quantum physics rather than the limitations of circuits and electricity, which is why it is capable of processing highly complex mathematical problems so efficiently. Quantum computing could one day achieve things that classical computing simply cannot.
The evolution of quantum computers has been slow. Still, work is accelerating, thanks to the efforts of academic institutions such as Oxford, MIT, and the University of Waterloo, as well as companies like IBM, Microsoft, Google, and Honeywell. IBM has held a leadership role in this innovation push and has named optimization the most likely application for consumers and organizations alike. Honeywell expects to release what it calls the “world’s most powerful quantum computer” for applications like fraud detection, optimization for trading strategies, security, machine learning, and chemistry and materials science.
In 2019, the Google Quantum Artificial Intelligence (AI) team announced that their 53-qubit (analogous to bits in classical computing) machine had achieved “quantum supremacy.” This was the first time a quantum computer was able to solve a problem faster than any classical computer in existence. This was considered a significant milestone.
VMware TKGI – Deployment of Harbor Container Registry fails with error
This is an article from the VMware from Scratch series During the process of preparation to Install Tanzu Kubernetes Grid Integrated Edition (TKGI v1.8) on vSphere with NSX-T Data Center (v3.0.2) one of the steps is to use Ops Manager to deploy Harbor Container Registry (in this case v2.1.0). The process of deployment ended with Harbor error several times so I’m sharing here my solution in order to ease things out for you giving the fact that I didn’t come across any solution googling around. In the process, the Harbor Registry product tile is downloaded from the VMware Tanzu network portal, imported
The post VMware TKGI – Deployment of Harbor Container Registry fails with error appeared first on How Does Internet Work.
Better Together: Apstra & Juniper – Jeff Tantsura, Head of Networking Strategy @ Apstra
Hear from Jeff Tantsura what Apstra is and why they are joining forces with Juniper. Jeff is an industry veteran who is also very active in IETF and other standards bodies. In this episode we discuss EVPN, BGP, IP fabric, Intend Based Networking, fabric orchestration and RIFT is also mentioned.
The links mentioned in this episode:
https://techfieldday.com/companies/apstra/
https://datatracker.ietf.org/doc/draft-irtf-nmrg-ibn-concepts-definitions/
https://academy.apstra.com/
Reviving Old Content, Part 2
Continuing my archeological explorations, I found a dusty bag of old QoS content:
- Queuing Principles
- QoS Policing
- Traffic Shaping
- Impact of Transmit Ring Size (tx-ring-limit)
- FIFO Queuing
- Fair Queuing in Cisco IOS
I kept digging and turned out a few MPLS, BGP and ADSL nuggets worth saving:
Reviving Old Content, Part 2
Continuing my archeological explorations, I found a dusty bag of old QoS content:
- Queuing Principles
- QoS Policing
- Traffic Shaping
- Impact of Transmit Ring Size (tx-ring-limit)
- FIFO Queuing
- Fair Queuing in Cisco IOS
I kept digging and turned out a few MPLS, BGP, and ADSL nuggets worth saving:
Quotes To Remember
A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you must go...Quotes To Remember
A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading
Quotes To Remember
A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading
Quotes To Remember
A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading