Network Break 273: Fortinet Pits Deep Learning Appliance Against Malware; Nokia ‘Reviews Options’ As Earnings Struggle
Take a Network Break. This week's IT news analysis covers a new anti-malware appliance from Fortinet, VMware security software for data centers and clouds, Nokia's efforts to buy time as it gets its 5G house in order, and financial results from multiple vendors.
The post Network Break 273: Fortinet Pits Deep Learning Appliance Against Malware; Nokia ‘Reviews Options’ As Earnings Struggle appeared first on Packet Pushers.
Similarities Between AWS VPC and Cisco SDA – Intra-Subnet Communication
Update March 6, 2020: This post will be obsolete soon by a new version
Forewords
This article explains the similarities between a LISP/VXLAN based Campus Fabric and AWS Virtual Private Cloud (VPC) from the Intra-Subnet Control-Plane and Data-Plane operation perspective. The AWS VPC solution details are not publicly available and the information included in this article is based on the author's own study using publically available AWS VPC documentation.
There are two main reasons for writing this document:
First, Cisco SDA is an on-prem LAN model while the AWS VPC is an off-prem DC solution. I wanted to point out that these two solutions, even though used for very different purposes, use the same kind of Control-Plane operation and Data-Plane encapsulation and are managed via QUI. This is kind of my answer to ever going discussion about is there DC-networks, Campus-networks and so on, or is there just networks.
Second, my own curiosity to understand the operation of AWS VPC.
I usually start by introducing the example environment and then explaining the configuration, moving to Control-Plane operation and then to Data-Plane operation. However, this time I take a different approach. This article first introduces the example environment but then the Data-Plane operation is discussed before Control-Plane operation. This way it is easier to understand what information is needed and how that information is gathered.
There are two main reasons for writing this document:
First, Cisco SDA is an on-prem LAN model while the AWS VPC is an off-prem DC solution. I wanted to point out that these two solutions, even though used for very different purposes, use the same kind of Control-Plane operation and Data-Plane encapsulation and are managed via QUI. This is kind of my answer to ever going discussion about is there DC-networks, Campus-networks and so on, or is there just networks.
Second, my own curiosity to understand the operation of AWS VPC.
I usually start by introducing the example environment and then explaining the configuration, moving to Control-Plane operation and then to Data-Plane operation. However, this time I take a different approach. This article first introduces the example environment but then the Data-Plane operation is discussed before Control-Plane operation. This way it is easier to understand what information is needed and how that information is gathered.
Continue reading
Cisco’s Wendy Nather: Never Say This to a CISO
When Cisco acquired Duo Security, Nather’s was the only CISO advisory team. Cisco quickly saw the...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Marvell Injects New Life Into Infrastructure Chips
The chips are designed to power networking equipment like switches, routers, secure gateways,...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Nokia Taps New Captain After Missing 5G Boat
Pekka Lundmark, who currently serves as president and CEO of Fortum, an energy company also...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Heavy Networking 504: The State Of Optical Networking In 2020
If you're new to DWDM and optical networking, this Heavy Networking episode aims to peel back some of the layers of these technologies to help you understand how they work, and whether you have business applications that could use DWDM. My guest is Chris Tracy, a network and systems engineer at ESnet.
The post Heavy Networking 504: The State Of Optical Networking In 2020 appeared first on Packet Pushers.
Heavy Networking 504: The State Of Optical Networking In 2020
If you're new to DWDM and optical networking, this Heavy Networking episode aims to peel back some of the layers of these technologies to help you understand how they work, and whether you have business applications that could use DWDM. My guest is Chris Tracy, a network and systems engineer at ESnet.Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored)
On today's Tech Bytes podast we talk with sponsor CodiLime about the benefits of SDN, how SDN works, and CodiLime's network engineering services that help organizations of all sizes migrate to SDN. Our guest Monika Antoniak, head of R&D at CodiLime.Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored)
On today's Tech Bytes podast we talk with sponsor CodiLime about the benefits of SDN, how SDN works, and CodiLime's network engineering services that help organizations of all sizes migrate to SDN. Our guest Monika Antoniak, head of R&D at CodiLime.
The post Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored) appeared first on Packet Pushers.
The Week in Internet News: Let’s Encrypt Hits One Billion Certificates
Encryption wave: Let’s Encrypt, the website encryption project supported by the Internet Society, has issued 1 billion web security certificate, ZDNet reports. About 81 percent of the world’s websites now are secured with Transport Layer Security (TLS) encryption, and Let’s Encrypt, which offers free TLS certificates, now serves nearly 200 million websites.
Even more encryption: In other encryption news, the Firefox browser has begun turning on DNS over HTTPS (DoH) by default for users in the U.S., The Verge says. The encryption tool secures Internet traffic, including browsing histories.
No more WiFi: Google is shutting down a free Wi-Fi service called Station that has served parts of India, Indonesia, South Africa, Mexico, Thailand, Nigeria, Philippines, Brazil and Vietnam. TechCrunch reports. Google says the service is no longer needed because of falling prices for mobile broadband service. Google also struggled to find a business model.
Keep your hands off the network: Employees are increasingly connecting their personal Internet of Things devices, like smart watches and fitness trackers, to corporate networks, according to research by Zscaler, detailed at ZDNet. These unauthorized connections undermine network security. The most connected personal devices included digital home assistants, TV set-top boxes, video cameras, smart-home Continue reading
When Bloom filters don’t bloom
I've known about Bloom filters (named after Burton Bloom) since university, but I haven't had an opportunity to use them in anger. Last month this changed - I became fascinated with the promise of this data structure, but I quickly realized it had some drawbacks. This blog post is the tale of my brief love affair with Bloom filters.
While doing research about IP spoofing, I needed to examine whether the source IP addresses extracted from packets reaching our servers were legitimate, depending on the geographical location of our data centers. For example, source IPs belonging to a legitimate Italian ISP should not arrive in a Brazilian datacenter. This problem might sound simple, but in the ever-evolving landscape of the internet this is far from easy. Suffice it to say I ended up with many large text files with data like this:
This reads as: the IP 192.0.2.1 was recorded reaching Cloudflare data center number 107 with a legitimate request. This data came from many sources, including our active and passive probes, logs of certain domains we own (like cloudflare.com), public sources (like BGP table), etc. The same line would usually be repeated across multiple Continue reading
My Cisco Certified DevNet Associate Journey by Nick Russo
On 27 February 2020, I took and passed the Cisco Certified DevNet Associate (DEVASC) exam on my first attempt. TLDR; it was a well-structured and fair exam. I think it was my favorite Cisco exam of all time. It had clear questions, good depth, no off-blueprint curveballs, and a great measure of candidate skill. The distribution of questions was also in accordance with the blueprint topic weights.
I’m known for being a concise and high signal-to-noise blogger, so I won’t turn this into a blueprint exploration article. You can learn more about the official certification here. Instead, I’ll focus on how I prepared for this exam.
Above all else, you need to sign up for an account at Cisco DevNet. It’s 100% free and contains many excellent resources to help you learn software-related topics. This is more than just “network automation” as you’ll be exposed to software development techniques and strategies, too. While everything on DevNet is useful, I believe the following three resources are the most important for this exam. Learning the content and passing any DevNet exam would be almost impossible without them:
- Sandboxes: These are demo environments that learners can use for testing specific products and Continue reading
Automation Story: Network Diagrams
Anne Baretta got pretty far in his automation story: after starting with configuration templates and storing network inventory into a database, he tackled the web UI. What’s next? How about a few auto-generated network diagrams?
Notes
- We covered the magic behind network diagrams in our network automation course.
- For whatever reason, I see numerous networking engineers focusing on generating useful network diagrams. Wasn’t that problem solved ages ago with miraculous single-pane-of-glass network management software?
Automation Story: Network Diagrams
Anne Baretta got pretty far in his automation story: after starting with configuration templates and storing network inventory into a database, he tackled the web UI. What’s next? How about a few auto-generated network diagrams?
Notes
- We covered the magic behind network diagrams in our network automation course.
- For whatever reason, I see numerous networking engineers focusing on generating useful network diagrams. Wasn’t that problem solved ages ago with miraculous single-pane-of-glass network management software?
Why edge computing needs open networking
Edge computing deployments need to be compact, efficient, and easy to administer. Hyperconverged infrastructure (HCI) has proven to be a natural choice for handling compute and storage at the edge, but what considerations are there for networking?
To talk about edge computing it helps to define it. Edge computing is currently in a state very similar to “cloud computing” in 2009: If you asked five different technologists to define it, you’d get back eight different answers. Just as cloud computing incorporated both emerging technologies and a limited set of established practices, edge computing does the same.
The broadest definition of edge computing is that it’s any situation in which an organization places workloads inside someone else’s infrastructure, but isn’t at one of the major public clouds. This comes with the caveat that the major public cloud providers are, of course, heavily investing in edge computing offerings of their own, muddying the waters.
Traditional IT practices that fall into the realm of edge computing today include colocation, content delivery networks (CDNs), most things involving geographically remote locations and so forth—the “edge” of modern networks. But edge computing also covers the emerging practices of using mobile networks (among others) for Internet of Continue reading
CEX (Code EXpress) 05. From lists to separate variables and back.
Hello my friend,
So far, we have covered the separate variables and the list variables in the Python 3.8. Before we go further, it makes sense how you can convert one type of the variables to another. Therefore, we discuss this topic today.
Network automation training – boost your career
Don’t wait to be kicked out of IT business. Join our network automation training to secure your job in future. Come to NetDevOps side.
How does the training differ from this blog post series? Here you get the basics and learn some programming concepts in general, whereas in the training you get comprehensive set of knowledge with the detailed examples how to use Python for the network and IT automation. You need both.
What are we going to do today?
Working with variables is an essential part of any programming language including Python. Part of such a work is a conversion of a variable of one type to another and back. That’s why we will explore today the following functions:
- split() function, which transforms a string value into a list of variables based on a defined separator;
- join() function, which transforms a list into a string value using Continue reading
SDxCentral’s Top 10 Articles — February 2020
SAP revamps organizational structure, exits 2 board members; coronavirus kills MWC Barcelona; and...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Technical Details of Why Cloudflare Chose AMD EPYC for Gen X Servers
From the very beginning Cloudflare used Intel CPU-based servers (and, also, Intel components for things like NICs and SSDs). But we're always interested in optimizing the cost of running our service so that we can provide products at a low cost and high gross margin.
We're also mindful of events like the Spectre and Meltdown vulnerabilities and have been working with outside parties on research into mitigation and exploitation which we hope to publish later this year.
We looked very seriously at ARM-based CPUs and continue to keep our software up to date for the ARM architecture so that we can use ARM-based CPUs when the requests per watt is interesting to us.
In the meantime, we've deployed AMD's EPYC processors as part of Gen X server platform and for the first time are not using any Intel components at all. This week, we announced details of this tenth generation of servers. Below is a recap of why we're excited about the design, specifications, and performance of our newest hardware.
Servers for an Accelerated Future
Every server can run every service. This architectural decision has helped us achieve higher efficiency across the Cloudflare network. It has also given us more Continue reading