Understanding the Network Impact of SASE
While SASE seemingly negates the importance of on-premises security tools, it’s likely that most enterprise organizations will still require them as part of a hybrid cloud security architecture.The Week in Internet News: Backlash after WhatsApp Plan to Share Data
Don’t share me: After WhatsApp announced plans to share user data with owner Facebook, many users have started to move on to other secure messaging apps, the Independent reports. Rival Telegram reported a 500 percent increase in new users after the change was announced. Meanwhile, WhatsApp and Facebook are launching advertising in an effort to keep users, with the companies taking out full-page advertisements in 10 Indian newspapers, Reuters says. India is WhatsApp’s largest market, with 400 million users.
Defending the ban hammer: Twitter CEO Jack Dorsey has defended the company’s decision to permanently ban outgoing U.S. President Donald Trump, after Trump supports attacked the U.S. Capitol, the BBC says. The decision was difficult, however, Dorsey said. “I do not celebrate or feel pride,” he tweeted. “After a clear warning we’d take this action, we made a decision with the best information we had based on threats to physical safety both on and off Twitter.”
Parler goes to court: In related news, Amazon Web Services ended its web hosting arrangement with right-wing Twitter competitor Parler after the Capitol riots, effectively shutting the microblogging site down. AWS pointed to a series of posts on Parler threatening violence, including Continue reading
Scaling Beyond the CDN – Jake Holland, Principal Architect @ Akamai
How to scale beyond the CDN with 8k video, millions of simultaneous download and streams, local caches and multicast. This episode is the last in the series of 3 in which we discuss scaling the internet.
The main links discussed in this episode are:
https://github.com/GrumpyOldTroll/multicast-ingest-platform
https://github.com/GrumpyOldTroll/wicg-multicast-receiver-api/blob/master/explainer.md
Other main things we referenced:
https://blog.apnic.net/2020/07/28/why-inter-domain-multicast-now-makes-sense/
https://tools.ietf.org/html/rfc6726 (FLUTE)
https://tools.ietf.org/html/rfc8777 (DRIAD)
https://datatracker.ietf.org/doc/draft-ietf-mboned-dorms/
https://datatracker.ietf.org/doc/draft-ietf-mboned-cbacc/
https://datatracker.ietf.org/doc/draft-ietf-mboned-ambi/
https://github.com/GrumpyOldTroll/chromium/tree/multicast_new
Build Virtual Lab Topology: Dual Stack Addressing, ArcOS and Junos Support
In mid-December I announced a set of tools that will help you build Vagrant-based remote labs much faster than writing Vagrantfiles and Ansible inventories by hand.
In early January I received a nice surprise: Dave Thelen not only decided to use the tool, he submitted a pull request with full-blown (and correctly implemented) ArcOS support. A few days later I managed to figure out what needs to be configured on vSRX to make it work, added Junos support, and thus increased the number of supported platforms to six (spanning five different operating systems).
Build Virtual Lab Topology: Dual Stack Addressing, ArcOS and Junos Support
In mid-December I announced a set of tools that will help you build Vagrant-based remote labs much faster than writing Vagrantfiles and Ansible inventories by hand.
In early January I received a nice surprise: Dave Thelen not only decided to use the tool, he submitted a pull request with full-blown (and correctly implemented) ArcOS support. A few days later I managed to figure out what needs to be configured on vSRX to make it work, added Junos support, and thus increased the number of supported platforms to six (spanning five different operating systems).
Rails 6 Has and Belongs To Many Gotchas
Some gotchas when using a has_and_belongs_to_many relationship with rails 6.Rails 6 Has and Belongs To Many Gotchas
I recently came across a couple of caveates when working with has_and_belongs_to_many relationships with Rails. This post covers them and how to solve or work around them. Software Versions Rails - 6.0.3.4 Many to Many Relationship Type When creating a many to many relationship, you...Five Number Summary for Network Topologies
Introduction
You may or may not have already heard about the Five Number summary for a dataset. It’s basically a set of descriptive statistics for a given dataset, which provides an idea about the dataset. Those are:
- Minimum
- First quartile
- Median
- Third quartile
- Maximum
Similarly, there are specific statistics about topology, which gives an idea about any network topology. The ones which I think the most essential are:
- Density and Sparsity
- Average Degree
- Assortativity
- Average Path Length
- Clustering Coefficient
Sample Topology
We will be using Cogent topology, which is publicly available here to follow along with our examples. The map represents the nodes in US + Mexico, and European countries.Each node color represents a specific country.
Graphml version
You may have already noticed that in the graph, each city is represented as a Node. In reality, any city will have many routers, which will make the topology a lot bigger and more attractive. For our purposes, the current topology abstraction provides the right balance where it’s not huge to overwhelm the reader but big enough to keep things interesting.
Five Number Summary
Density and Sparsity
A Graph consists of nodes and links connecting those nodes. An obvious thing to Continue reading
Networking and Infrastructure News Roundup: January 15 Edition
Intel announced the next generation of its Intel vPro platform, and multiple companies introduced solutions that aim to make the transition to cloud easier.AAA Deep Dive on Cisco Devices
I’ve been working on some AAA configuration lately and I went through some of my older templates and realized that I didn’t want to simply use them without verifying first if I still believed that this was the best way of configuring AAA. I started by reading some of the official docs but quickly realized they were a bit shallow and lacked any real detail of some different scenarios such as what happens when the AAA server is not available. I then realized that there also is a lack of blogs that dive into this into any detail. Being curious, I thought I would lab it out as I have recently built an ISE lab.
The goal of this post is to start with a very simple AAA configuration, expand on it, verify each step what happens when the AAA server is available and when it is not. I will give you relevant debug outputs as well as my thoughts on different parameters in the configuration. Buckle up! because this is going to be a super deep dive!
We start out by applying a simple AAA configuration, where I have specified my ISE server, which is at 192.168.128. Continue reading
Ben Pfaff | Creating Open vSwitch
Join co-hosts Derick and Brandon as they sit down with Ben Pfaff, one of the original and core contributors of Open vSwitch, the virtual network switch for Linux.
Uganda’s January 13, 2021 Internet Shut Down
Two days ago, through its communications regulator, Uganda's government ordered the "Suspension Of The Operation Of Internet Gateways" the day before the country's general election. This action was confirmed by several users and journalists who got access to the letter sent to Internet providers. In other words, the government effectively cut off Internet access from the population to the rest of the world.
Ahead of tomorrow’s election the Internet has been shutdown in Uganda (confirmed by a few friends in Kampala).
— Samira Sawlani (@samirasawlani) January 13, 2021
Letter from communications commission below: pic.twitter.com/tRpTIXTPcW
On Cloudflare Radar, we want to help anyone understand what happens on the Internet. We are continually monitoring our network and exposing insights, threats, and trends based on the aggregated data that we see.
Uganda's unusual traffic patterns quickly popped up in our charts. Our 7-day change in Internet Traffic chart in Uganda shows a clear drop to near zero starting around 1900 local time, when the providers received the letter.
This is also obvious in the Application-level Attacks chart.
The traffic drop was also confirmed by the Uganda Internet eXchange point, a place where many providers exchange their data traffic, on their Continue reading
Heavy Networking 557: User Experience Is A Full-Stack Responsibility (Sponsored)
Digital Experience Monitoring (DEM) is the topic on today's Heavy Networking. IT folks tend to view user experience from their own particular area of responsibility--networking, security, app development--but the reality is there's a common set of data that IT should consume and understand. Sponsor Catchpoint joins us to discuss its DEM platform and how it measures user experience using metrics that are relevant across the IT stack. Our guest is JP Blaho, Director, Product Marketing at Catchpoint.Heavy Networking 557: User Experience Is A Full-Stack Responsibility (Sponsored)
Digital Experience Monitoring (DEM) is the topic on today's Heavy Networking. IT folks tend to view user experience from their own particular area of responsibility--networking, security, app development--but the reality is there's a common set of data that IT should consume and understand. Sponsor Catchpoint joins us to discuss its DEM platform and how it measures user experience using metrics that are relevant across the IT stack. Our guest is JP Blaho, Director, Product Marketing at Catchpoint.
The post Heavy Networking 557: User Experience Is A Full-Stack Responsibility (Sponsored) appeared first on Packet Pushers.
Managing Leaders, Or Why Pat Gelsinger Is Awesome
In case you missed it, Intel CEO Bob Swan is stepping down from his role effective February 15 and will be replaced by current VMware CEO Pat Gelsinger. Gelsinger was the former CTO at Intel for a number of years before leaving to run EMC and VMware. His return is a bright spot in an otherwise dismal past few months for the chip giant.
Why is Gelsinger’s return such a cause for celebration? The analysts that have been interviewed say that Intel has been in need of a technical leader for a while now. Swan came from the office of the CFO to run Intel on an interim basis after the resignation of Brian Krzanich. The past year has been a rough one for Intel, with delays in their new smaller chip manufacturing process and competition heating up from long-time rival AMD but also from new threats like ARM being potentially sold to NVIDIA. It’s a challenging course for any company captain to sail. However, I think one key thing makes is nigh impossible for Swan.
Management Mentality
Swan is a manager. That’s not meant as a slight inasmuch as an accurate label. Managers are people that have things and Continue reading
KEMTLS: Post-quantum TLS without signatures
The Transport Layer Security protocol (TLS), which secures most Internet connections, has mainly been a protocol consisting of a key exchange authenticated by digital signatures used to encrypt data at transport[1]. Even though it has undergone major changes since 1994, when SSL 1.0 was introduced by Netscape, its main mechanism has remained the same. The key exchange was first based on RSA, and later on traditional Diffie-Hellman (DH) and Elliptic-curve Diffie-Hellman (ECDH). The signatures used for authentication have almost always been RSA-based, though in recent years other kinds of signatures have been adopted, mainly ECDSA and Ed25519. This recent change to elliptic curve cryptography in both at the key exchange and at the signature level has resulted in considerable speed and bandwidth benefits in comparison to traditional Diffie-Hellman and RSA.
TLS is the main protocol that protects the connections we use everyday. It’s everywhere: we use it when we buy products online, when we register for a newsletter — when we access any kind of website, IoT device, API for mobile apps and more, really. But with the imminent threat of the arrival of quantum computers (a threat that seems to be getting closer and closer), we need Continue reading