0

Pulumi Supercharges Its Code Bridge

The vendor's 2.0 update includes testing and infrastructure provisioning capabilities that its CEO...

Read More »

0

Designing On-Prem Kubernetes Networks for High Availability

Designing and maintaining networks is hard.  When deploying Kubernetes in your on-prem data center, you will need to answer a basic question: Should it be an overlay network on top of an existing network, or should it be part of an existing network? The Networking options table provides guidelines to choose the right type of networking based on various factors. If you decide to use native peering (pre-dominant option for on-prem), you will have to configure the network to ensure availability in the event of network outage (ex. Cable disconnected, TOR switch failure etc.). We cover a typical L3 highly-available network design in this post.

A cluster spans multiple racks. In an L3 deployment, these racks have different CIDR ranges. So the nodes in different racks should be able to talk to each other. Referring to the diagram below, that traffic goes through the network fabric. If you want to build out such a lab for your own learning, here is the example.

If you have a leaf-spine fabric with a single TOR (top-of-rack, or leaf switch), then that TOR becomes a point of failure for the entire rack. If all the master nodes are on the same Continue reading

0

SAP Axes 2-Headed CEO Structure

Long-time executive and short-time co-CEO Jennifer Morgan is set to leave the company on April 30....

Read More »

0

IBM Capped by COVID-19 Pandemic, Red Hat Helps

IBM CEO Arvind Krishna told financial analysts that “in the last few weeks we faced a shift in...

Read More »

0

Dell Combats COVID-19 With $9B Financing

The Payment Flexibility Program offers customers 0% interest financing with no down payment and up...

Read More »

0

Commvault Sues Cohesity, Rubrik for Patent Infringement

“The unauthorized use of our patented technology by Rubrik and Cohesity forces us to compete...

Read More »

0

Is enterprise security broken?

Deploying independent endpoint or network security separately is coming to a rapid – and much-needed -- end. If you want to stay secure longer-term, focus on unifying your security products now.

0

Full Stack Journey 041: Talos Builds An Open-Source OS For Kubernetes

Today's Full Stack Journey examines the Talos open source project, which is aimed at building a fit-for-purpose OS designed expressly for running Kubernetes. My guests are Tim Gerla and Andrew Rynhard of Talos Systems. We discuss the goals of this project, the problems they aim to solve, and more.

The post Full Stack Journey 041: Talos Builds An Open-Source OS For Kubernetes appeared first on Packet Pushers.

0

Full Stack Journey 041: Talos Builds An Open-Source OS For Kubernetes

Today's Full Stack Journey examines the Talos open source project, which is aimed at building a fit-for-purpose OS designed expressly for running Kubernetes. My guests are Tim Gerla and Andrew Rynhard of Talos Systems. We discuss the goals of this project, the problems they aim to solve, and more.

0

Thought for My Day: Personal Profit by Not Travelling to An Office

I earned about 5% by not working in an office

The post Thought for My Day: Personal Profit by Not Travelling to An Office appeared first on EtherealMind.

0

Deploying Gateway using a Raspberry Pi, DNS over HTTPS and Pi-hole

Like many who are able, I am working remotely and in this post, I describe some of the ways to deploy Cloudflare Gateway directly from your home. Gateway’s DNS filtering protects networks from malware, phishing, ransomware and other security threats. It’s not only for corporate environments - it can be deployed on your browser or laptop to protect your computer or your home WiFi. Below you will learn how to deploy Gateway, including, but not limited to, DNS over HTTPS (DoH) using a Raspberry Pi, Pi-hole and DNSCrypt.

We recently launched Cloudflare Gateway and shortly thereafter, offered it for free until at least September to any company in need. Cloudflare leadership asked the global Solutions Engineering (SE) team, amongst others, to assist with the incoming onboarding calls. As an SE at Cloudflare, our role is to learn new products, such as Gateway, to educate, and to ensure the success of our prospects and customers. We talk to our customers daily, understand the challenges they face and consult on best practices. We were ready to help!

One way we stay on top of all the services that Cloudflare provides, is by using them ourselves. In this blog, I'll talk about Continue reading

0

8 video chat apps compared: Which is best for security?

Zoom, Microsoft Teams, Google Duo, Cisco Webex, FaceTime, Jitsi, Signal and WhatsApp. What does their encryption look like? What are the trade-offs?(Insider Story)

0

Can We Trust BGP Next Hops (Part 2)?

Two weeks ago I started with a seemingly simple question:

If a BGP speaker R is advertising a prefix A with next hop N, how does the network know that N is actually alive and can be used to reach A?

… and answered it for the case of directly-connected BGP neighbors (TL&DR: Hope for the best).

Jeff Tantsura provided an EVPN perspective, starting with “the common non-arguable logic is reachability != functionality".

Now let’s see what happens when we add route reflectors to the mix. Here’s a simple scenario:

0

How underwater Internet of Things will work

More than two-thirds of the world's surface is covered by water. It plays an important role in our economic existence, including in major verticals such as oil and gas, shipping and tourism.As the Internet of Things proliferates, questions arise as to how IoT will manifest itself underwater given that radio waves degrade over distance in seawater, and underwater acoustic communication (which does actually work okay) is easily eavesdropped on and isn't stealthy.To make the underwater Internet of Things happen, light is the answer, some say. Researchers at King Abdullah University of Science and Technology (KAUST) in Thuwal, Saudi Arabia, are proposing underwater optical communications. They're investigating simultaneous lightwave information and power transfer (SLIPT) configurations, which they're using to transmit energy and data to underwater electronic devices. Recently, the researchers announced a breakthrough experiment in which they were able to achieve an underwater, two-way transmission of data and power over 1.5 yards between a solar panel-equipped sensor and a receiver.To read this article in full, please click here

0

NSX Distributed IDS/IPS is Generally Available

Most readers are already familiar with VMware NSX as a natural platform for intrinsic security in the data center. They understand that NSX’s service-defined firewall is enabling network and security operators to use a distributed software-based solution to replace centralized hardware-based deployments.

The intrusion detection and prevention system (IDS/IPS) functionality released with NSX-T 3.0 enhances the security capabilities of the service-defined firewall, enabling operators to address several additional use cases.

Top Use Cases for NSX Distributed IDS/IPS

• Quickly Achieve Regulatory Compliance: Many data centers host sensitive applications that are required to meet HIPAA[1], PCI-DSS[2], or SOX[3] . Using NSX, network and security operators can now achieve compliance by enabling IDS/IPS, in addition to the firewall for any workload that needs to meet compliance.
• Replace Discrete IDS/IPS Appliances: Operators virtualizing their data center networks can now replace discrete, centralized IDS/IPS appliances with NSX’s distributed implementation. In the process, with NSX they also consolidate firewall and IDS/IPS management.  Since NSX’s security capabilities are in the hypervisor isolated from the workloads, attackers can’t tamper with them.
• Implement Virtual Security zones: Some organizations need to establish direct network connections with partners or treat business units and subsidiaries as Continue reading

0

RPKI and Trust Anchors

I've been asked a number of times: "Why are we using as distributed trust framework where each of the RIRs are publishing a trust anchor that claims the entire Internet number space?"" I suspect that the question will arise again the future so it may be useful to record the design considerations here in the hope that this may be useful to those who stumble upon the same question in the future.

0

Daily Roundup: Google Rolls Out Enterprise BeyondCorp

Google brought BeyondCorp zero-trust security to the masses; Alibaba injected $28B into the cloud;...

Read More »

0

As networks grow, web-scale automation is the only way to keep up

Networks just keep growing, don’t they? They’ve evolved from a few machines on a LAN to the introduction of Wi-Fi—and with the Internet of Things (IoT), we’ve now got a whole new class of devices. Throw in the rise of smartphones and tablets, cloud and edge computing, and network management starts to get a little unwieldy. Managing a network with 300 devices manually might be possible—300,000 devices, not so much.

What is web-scale automation?

Network automation has been around awhile now, in various names from various vendors, using a number of proprietary protocols. The key word being “proprietary.” Many traditional network vendors design a well-functioning network automation system, but participate in vendor lock-in by ensuring that the associated automation stack, and its requisite protocols, only run on their hardware.

Web-scale automation is different. It relies on open, extendable standards like HTTPS, JSON, and netconf, among an ever-increasing number of systems and solutions. With web-scale automation in your organization, network management can over time become a background function; something that only notifies you in exceptional circumstances.

This does not, in any way, reduce the need for those who know networks to be employed at your organization—it simply reduces the amount Continue reading

0

Tech Bytes: Network Verification – Smarter Network Ops With Forward Networks (Sponsored)

Forward Networks builds a real-time software model of your data center network that you can use to verify intent, test changes, and speed troubleshooting. Forward is sponsoring this Tech Bytes episode. Our guest is Nikhil Handigol, co-founder of Forward, and we’re going to talk about the state of network verification and where the technology is heading.

0

Tech Bytes: Network Verification – Smarter Network Ops With Forward Networks (Sponsored)

Forward Networks builds a real-time software model of your data center network that you can use to verify intent, test changes, and speed troubleshooting. Forward is sponsoring this Tech Bytes episode. Our guest is Nikhil Handigol, co-founder of Forward, and we’re going to talk about the state of network verification and where the technology is heading.

The post Tech Bytes: Network Verification – Smarter Network Ops With Forward Networks (Sponsored) appeared first on Packet Pushers.