Most packet processing in Linux “wants” to be in the kernel. The problem is that adding code to the kernel is a painstaking process because a single line of bad code can cause havoc for millions of Linux hosts. How, then, can new functionality be pushed into the kernel, particularly for packet processing, with reduced risk? Enter eBPF, which allows functions to be inserted into the kernel through a sort of “lightweight container.”
Michael Kehoe joins Tom Ammon and Russ White to discuss eBPF technology and its importance.
Today's Tech Bytes welcomes sponsor VMware to talk about how artificial intelligence and machine learning are being put to use to optimize vSAN clusters as part of the vRealize AI Cloud service. Our guest is Mike Wookey, CTO and VP or Cloud Management.
The post Tech Bytes: How VMware Uses Machine Learning To Optimize vSAN (Sponsored) appeared first on Packet Pushers.
Today's Day Two Cloud covers the most interesting announcements and presentations from VMworld 2020, including Project Monterey and partnerships with nVidia and Pensando, an an announcement from analysis tool vendor Runecast, and highlights from Pure Storage.
The post Day Two Cloud 072: VMworld 2020 Analysis And Roundup – Project Monterey And More appeared first on Packet Pushers.
Every few years the industry takes a significant step towards a more holistic and capable security model. At the beginning, everything and everyone was trusted, and for good reason. You knew every operator and every machine that was connected to the network. But as networks have become ubiquitous, that level of trust is simply unreasonable. So we’ve built firewalls, and differing levels of inspection, but all of these tools still allow for some implicit level of trust between a machine and those machines closest to them. That is changing and that is what we’re here to talk about today. The newest trend in security is the concept of zero trust, and while it’s suffering the common plight of any new trend with multiple vendors trying to shape the definition, removing implicit trust in our networks is the next logical step towards a truly secure infrastructure.
We’re excited to announce the release of NFA v 20.10 today. This version comes with support for the IPFIX variable length information
The post Announcing NFA v 20.10 with support for Custom IP Groups appeared first on Noction.
The post Introducing NFA Custom Groups appeared first on Noction.
One of my readers is designing a layer-2-only data center fabric (no SVI interfaces on switches) with stringent security requirements using Cisco Nexus switches, and he wondered whether a host connected to such a fabric could attack a switch, and whether it would be possible to reach the management network in that way.
Do you think it’s possible to reach the MANAGEMENT PLANE from the DATA PLANE? Is it valid to think that there is a potential attack vector that someone can compromise to source traffic from the front of the device (ASIC) through the PCI bus across the CPU to the across the PCI bus to the Platform Controller Hub through the I/O card to spew out the Management Port onto that out-of-band network?
My initial answer was “of course there’s always a conduit from the switching ASIC to the CPU, how would you handle STP/CDP/LLDP otherwise”. I also asked Lukas Krattiger for more details; here’s what he sent me: