Archive

Category Archives for "Networking"

What is SASE? A cloud service that marries SD-WAN with security

Secure access service edge (SASE) is a network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application.Because it’s a cloud service, SASE (pronounced “sassy”) can be readily scaled up and scaled down and billed based on usage. As a result, it can be an attractive option in a time of rapid change.[Get regularly scheduled insights by signing up for Network World newsletters.] While some vendors in this space offer hardware devices to connect at-home employees and corporate data centers to their SASE networks, most vendors handle the connections through software clients or virtual appliances.To read this article in full, please click here

What is SASE? A cloud service that marries SD-WAN with security

Secure access service edge (SASE) is a network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application.Because it’s a cloud service, SASE (pronounced “sassy”) can be readily scaled up and scaled down and billed based on usage. As a result, it can be an attractive option in a time of rapid change.[Get regularly scheduled insights by signing up for Network World newsletters.] While some vendors in this space offer hardware devices to connect at-home employees and corporate data centers to their SASE networks, most vendors handle the connections through software clients or virtual appliances.To read this article in full, please click here

What is SASE? A cloud service that marries SD-WAN with security

Secure access service edge (SASE) is a network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application.Because it’s a cloud service, SASE (pronounced “sassy”) can be readily scaled up and scaled down and billed based on usage. As a result, it can be an attractive option in a time of rapid change.[Get regularly scheduled insights by signing up for Network World newsletters.] While some vendors in this space offer hardware devices to connect at-home employees and corporate data centers to their SASE networks, most vendors handle the connections through software clients or virtual appliances.To read this article in full, please click here

Understandability

According to Maor Rudick, in a recent post over at Cloud Native, programming is 10% writing code and 90% understanding why it doesn’t work. This expresses the art of deploying network protocols, security, or anything that needs thought about where and how. I’m not just talking about the configuration, either—why was this filter deployed here rather than there? Why was this BGP community used rather than that one? Why was this aggregation range used rather than some other? Even in a fully automated world, the saying holds true.

So how can you improve the understandability of your network design? Maor defines understandability as “the dev who creates the software is to effortlessly … comprehend what is happening in it.” Continuing—“the more understandable a system is, the easier it becomes for the developers who created it to change it in a way that is safe and predictable.” What are the elements of understandability?

Documentation must be complete, clear, concise, and organized. The two primary failings I encounter in documentation are completeness and organization. Why something is done, when it was last changed, and why it was changed are often missing. The person making the change just assumes “I’ll remember Continue reading

DHCP Relay Issues With Microsoft Surface Pro Docks and Junos

After deploying some new Juniper EX4600 core switches, my customer complained that he was experiencing about 45 seconds of delay in getting an IP address on a Surface Pro connected to a dock. The second time of connecting, it took about 8 seconds which was more acceptable. The 45 second delay came back every time they moved the Surface Pro to a new dock.

After ruling out a few things like Spanning Tree and LLDP, we isolated it down to the core switch. An older core switch elsewhere was configured for BootP Helper rather than DHCP relay, and clients connected to that did not have the problem.

Other devices didn’t exhibit the problem either – a Macbook was given an IP in the region of 4 seconds after connecting. The Surface Pro took 8 seconds consistently to connect when using a USB dongle. So the issue seemed to centre around the dock.

If you haven’t seen one of these before, they look like this – a black brick with some ports on it, supplied with power by another black brick:

The wire to the right of the image above ends in an edge connector that is plugged on to the Continue reading

Tech Bytes: Balancing Remote Access Security And User Experience (Sponsored)

Today’s Tech Bytes sponsor is secure remote access company NetMotion Software, and we’re going to talk about how to achieve secure remote access without compromising on user experience. Our guest is Chris Edgmon, Systems Engineer at NetMotion.

The post Tech Bytes: Balancing Remote Access Security And User Experience (Sponsored) appeared first on Packet Pushers.

This Week in Internet News: India Bans 118 Apps From Chinese Companies

"In the news" text on yellow background

Eyes on you: A U.S. appeals court has ruled that a National Security Agency program that collected call data from millions of U.S. residents was illegal, The Hill reports. The call metadata collection program, exposed by Edward Snowden, was suspended in 2015. The court ruled that the bulk collection of phone records violated laws requiring agencies to seek court orders when collecting investigation-related information from private businesses.

Ban hammer strikes again: The Indian government has banned 118 apps from Chinese companies, including the popular PUBG Mobile shooter game, Indian Express says. The Indian IT ministry says the blocked apps are potential security threats. “In view of the emergent nature of threats [the ministry] has decided to block 118 mobile apps since in view of the information available they are engaged in activities which is prejudicial to sovereignty and integrity of India, defense of India, security of the state and public order,” the ministry said.

Privacy delayed: Apple has delayed a release of anti-tracking software in an iPhone operating system update after app developers raised concerns that the tool would destroy their ability to deliver targeted advertising, the Los Angeles Times reports. The new tool would have automatically blocked Continue reading

Networking, Engineering and Safety

You might remember my occasional rants about lack of engineering in networking. A long while ago David Barroso nicely summarized the situation in a tweet responding to my BGP and Car Safety blog post:

If we were in a proper engineering we’d be discussing how to regulate and add safeties to an important tech that is unsafe and hard to operate. Instead, we blog about how to do crazy shit to it or how it’s a hot mess. Let’s be honest, if BGP was a car it’d be one pulled by horses.

VXLAN Fabric with BGP EVPN Control-Plane: Design Considerations – Book Description and ToC





About this book

 

The intent of this book is to explain various design models for Overlay Network and Underlay Network used in VXLAN Fabric with BGP EVPN Control-Plane. The first two chapters are focusing on the Underlay Network solution. The OSPF is introduced first. Among other things, the book explains how OSPF flooding can be minimized with area design. After OSPF there is a chapter about BGP in the Underlay network. Both OSPF and BGP are covered deeply and things like convergence are discussed. After the Underlay Network part, the book focuses on BGP design. It explains the following models: (a) BGP Multi-AS with OSPF Underlay, this chapter discusses two design models – Shared Spine ASN and Unique Spien ASN, (b) BGP-Only Multi-ASN where both direct and loopback overlay BGP peering models are explained, (c) Single-ASN with OSPF Underlay, (d) Hybrid-ASN with OSPF Underlay – Pod-specific shared ASN connected via Super-Spine layer using eBGP peering, (e) Dual-ASN model where leafs share the same ASN, and spines share their ASN. Each of the design model chapters includes a “Complexity Map” that should help readers to understand the complexity of each solution. This book also explains BGP ECMP and related to Continue reading

MUST READ: Lessons from load balancers and multicast

Justin Pietsch published another must-read article, this time dealing with operational complexity of load balancers and IP multicast. Here are just a few choice quotes to get you started:

  • A critical lesson I learned is that running out of capacity is the worst thing you can do in networking
  • You can prevent a lot of problems if you can deep dive into an architecture and understand it’s tradeoffs and limitations
  • Magic infrastructure is often extremely hard to troubleshoot and debug

You might find what he learned useful the next time you’re facing a unicorn-colored slide deck from your favorite software-defined or intent-based vendor ;))

Fast Friday- Labor Day Eve Edition

It’s a long weekend in the US thanks to Labor Day. Which is basically signaling the end of the summer months. Or maybe the end of March depending on how you look at it. The rest of the year is packed full of more virtual Zoom calls, conferences, Tech Field Day events, and all the fun you can have looking at virtual leaves turning colors.

It’s been an interesting news week for some things. And if you take out all the speculation about who is going to end up watching TikTok you are left with not much else. So I’ve been wondering out loud about a few things that I thought I would share.

  • You need a backup video conferencing platform. If Zoom isn’t crashing on you then someone is deleting WebEx VMs. Or maybe your callers can’t get the hang of the interface. Treat it like a failing demo during a presentation: if it doesn’t work in five minutes, go to plan B. Don’t leave your people waiting for something that may not happen.
  • If you work in the backbone service provider market, you need to do two things next week. First, you need to make sure all your Continue reading

Evolution of Excel 4.0 (XL4) Macro Weaponization Presentation

What is Virus Bulletin?

Virus Bulletin (often abbreviated as “VB”) is a magazine devoted to the discussion of malware and spam and has been around over 30 years. It is the forum in which security researchers and professionals discuss and share new directions in both the development of and protection against malware and spam. VB’s annual conference is almost as old as the magazine and has traditionally takes place in late September or early October each year.

VB2020 localhost

Why Attend VB2020?

As always, this year’s VB conference covers a broad spectrum of topics by some of the most talented security researchers in the world. Included in the agenda is a paper published by three members of our VMware Threat Analysis Unit discussing how the weaponization of XL4 macros in Excel has evolved.

Excel 4.0 (XL4) macros have become increasingly popular for attackers, as many security vendors struggle to play catchup and detect them properly. This technique provides attackers with a simple and reliable method to get a foothold on a target network, as it simply represents an abuse of a legitimate 30-year-old feature of Excel and does not rely on any vulnerability or exploit to be successful.

Register to attend Continue reading

VMware certifications, virtualization skills get a boost from pandemic

CEO Yves Sandfort is bullish on certifications. His company, Comdivision Consulting, uses VMware's NSX network virtualization and security platform on its own network and implements NSX for its clients. He not only encourages all employees to get VMware certs, but he also earned his own VCDX-NV, the Ph.D. of VMware certifications, in April."We see a constant demand [for networking skills]. Most of our people were certified on NSX-V and have in the last 12 months also recertified on NSX-T as we see constant, growing need for highly qualified resources," Sandfort says. "For me, certification is one level to prove my skillset and experience with the product."To read this article in full, please click here