The vendor's 2.0 update includes testing and infrastructure provisioning capabilities that its CEO...
Designing and maintaining networks is hard. When deploying Kubernetes in your on-prem data center, you will need to answer a basic question: Should it be an overlay network on top of an existing network, or should it be part of an existing network? The Networking options table provides guidelines to choose the right type of networking based on various factors. If you decide to use native peering (pre-dominant option for on-prem), you will have to configure the network to ensure availability in the event of network outage (ex. Cable disconnected, TOR switch failure etc.). We cover a typical L3 highly-available network design in this post.
A cluster spans multiple racks. In an L3 deployment, these racks have different CIDR ranges. So the nodes in different racks should be able to talk to each other. Referring to the diagram below, that traffic goes through the network fabric. If you want to build out such a lab for your own learning, here is the example.
If you have a leaf-spine fabric with a single TOR (top-of-rack, or leaf switch), then that TOR becomes a point of failure for the entire rack. If all the master nodes are on the same Continue reading
Long-time executive and short-time co-CEO Jennifer Morgan is set to leave the company on April 30....
IBM CEO Arvind Krishna told financial analysts that “in the last few weeks we faced a shift in...
The Payment Flexibility Program offers customers 0% interest financing with no down payment and up...
“The unauthorized use of our patented technology by Rubrik and Cohesity forces us to compete...
Today's Full Stack Journey examines the Talos open source project, which is aimed at building a fit-for-purpose OS designed expressly for running Kubernetes. My guests are Tim Gerla and Andrew Rynhard of Talos Systems. We discuss the goals of this project, the problems they aim to solve, and more.
The post Full Stack Journey 041: Talos Builds An Open-Source OS For Kubernetes appeared first on Packet Pushers.
I earned about 5% by not working in an office
The post Thought for My Day: Personal Profit by Not Travelling to An Office appeared first on EtherealMind.
Like many who are able, I am working remotely and in this post, I describe some of the ways to deploy Cloudflare Gateway directly from your home. Gateway’s DNS filtering protects networks from malware, phishing, ransomware and other security threats. It’s not only for corporate environments - it can be deployed on your browser or laptop to protect your computer or your home WiFi. Below you will learn how to deploy Gateway, including, but not limited to, DNS over HTTPS (DoH) using a Raspberry Pi, Pi-hole and DNSCrypt.
We recently launched Cloudflare Gateway and shortly thereafter, offered it for free until at least September to any company in need. Cloudflare leadership asked the global Solutions Engineering (SE) team, amongst others, to assist with the incoming onboarding calls. As an SE at Cloudflare, our role is to learn new products, such as Gateway, to educate, and to ensure the success of our prospects and customers. We talk to our customers daily, understand the challenges they face and consult on best practices. We were ready to help!
One way we stay on top of all the services that Cloudflare provides, is by using them ourselves. In this blog, I'll talk about Continue reading
Two weeks ago I started with a seemingly simple question:
If a BGP speaker R is advertising a prefix A with next hop N, how does the network know that N is actually alive and can be used to reach A?
… and answered it for the case of directly-connected BGP neighbors (TL&DR: Hope for the best).
Jeff Tantsura provided an EVPN perspective, starting with “the common non-arguable logic is reachability != functionality".
Now let’s see what happens when we add route reflectors to the mix. Here’s a simple scenario:
Most readers are already familiar with VMware NSX as a natural platform for intrinsic security in the data center. They understand that NSX’s service-defined firewall is enabling network and security operators to use a distributed software-based solution to replace centralized hardware-based deployments.
The intrusion detection and prevention system (IDS/IPS) functionality released with NSX-T 3.0 enhances the security capabilities of the service-defined firewall, enabling operators to address several additional use cases.
Google brought BeyondCorp zero-trust security to the masses; Alibaba injected $28B into the cloud;...
Networks just keep growing, don’t they? They’ve evolved from a few machines on a LAN to the introduction of Wi-Fi—and with the Internet of Things (IoT), we’ve now got a whole new class of devices. Throw in the rise of smartphones and tablets, cloud and edge computing, and network management starts to get a little unwieldy. Managing a network with 300 devices manually might be possible—300,000 devices, not so much.
Network automation has been around awhile now, in various names from various vendors, using a number of proprietary protocols. The key word being “proprietary.” Many traditional network vendors design a well-functioning network automation system, but participate in vendor lock-in by ensuring that the associated automation stack, and its requisite protocols, only run on their hardware.
Web-scale automation is different. It relies on open, extendable standards like HTTPS, JSON, and netconf, among an ever-increasing number of systems and solutions. With web-scale automation in your organization, network management can over time become a background function; something that only notifies you in exceptional circumstances.
This does not, in any way, reduce the need for those who know networks to be employed at your organization—it simply reduces the amount Continue reading
Forward Networks builds a real-time software model of your data center network that you can use to verify intent, test changes, and speed troubleshooting. Forward is sponsoring this Tech Bytes episode. Our guest is Nikhil Handigol, co-founder of Forward, and we’re going to talk about the state of network verification and where the technology is heading.
The post Tech Bytes: Network Verification – Smarter Network Ops With Forward Networks (Sponsored) appeared first on Packet Pushers.