Networking Archives - Page 810 of 3455

SONiC and White Box switches in the Enterprise DC! – Part 3

After discussing the architecture of our design during part 1, and the underlay configuration during part 2, today i’ll show how the overlay it’s configured and hopefully we will be able to draw our conclusions to the question: Are SONiC and White Box switches ready to be used in the enterprise DC?

Our two servers will be connected with LACP and trunk interfaces. 1 VLAN will be bridged (no SVI) and both servers will have an interface into such vlan so that layer 2 can be tested.
Other 2 vlans instead will each be configured on a different pair of switches together with an SVI so that Layer 3 symmetric IRB can be tested.

VRF Configuration

First of all, let’s create a VRF. This vrf requires an VLAN and a Layer 3 VNI for symmetric IRB to function. Configuration is really simple, but a small caveat must be overlooked, specifically every vrf must contain the prefix Vrf- in the name.

From a configuration point of view, we have to follow the usual steps:

Create a VRF
Create a Vlan and allow it to the peer-link port channel
Create a SVI interface and assign it to the VRF itself
Continue reading

MUST READ: Attracting and Retaining Talent

If you treat your engineers like interchangeable human resources you’ll get the results you deserve ;)… but if you wonder how to make them keep them happy and production, there’s no better place to start than the Key Factors in Attracting and Retaining Talent by Daniel Dib.

Growing a Beard

The eternal struggle of a beard leper.

Wireguard Server and QR Code scan in the mobile app – It’s that simple to set-up a VPN

Fancy a VPN build in under 10 minutes? , there are many vendors outside who offer mobile App and connectivity all through the world, most of the times ofcourse they under perform. Be it for beating Apps which impose Geographical restrictions etc.

What is wireguard ?

https://www.wireguard.com/ – you can read all about it

Why do you need it ?

Simple and easy to build your own VPN service plus Pay as you Go by turning off the cloud instance and Wire-guard has some cutting edge encryption at the software level, which makes it performs better even in cloud instances.

Do i need to Install anything?

All you need is to run a docker image.

https://hub.docker.com/r/linuxserver/wireguard – and you will have all install instructions

Ok i have installed whats Next?

Get your Mobile App, and scan the QR code generated by the system.

Next ?

Nothing, download the app and you are good to by scanning this and you are on your way to your own VPN

How do i verify my traffic stats ?

Log into docker and execute wg, all stats will be readily available

-Rakesh

Weekend Reads 041520

Even before it announced that it would seek Chapter 11 bankruptcy, Frontier had a well-deserved reputation for mismanagement and abusive conduct. In an industry that routinely enrages its customers, Frontier was the literal poster-child for underinvestment and neglect, an industry leader in outages and poor quality of service, and the inventor of the industry’s most outrageous and absurd billing practices. —EFF

Observability matters. You should care about it. And vendors need to stop trying to confuse people into buying the same old bullshit tools by smooshing them together and slapping on a new label. Exactly how long do they expect to fool people for, anyway? —Charity

As we all know, RPKI is getting a lot of attention and traction nowadays. At the RIPE NCC, we operate one of the five Trust Anchors, a hosted RPKI service, and one of the Validator software packages. A big responsibility that we don’t take lightly. We’re constantly improving code and procedures to ensure we’re following the latest RFC and best practices. Also, security is of key(!) importance. —Nathalie Trenama

Technology always evolves and I’ve been reading about where scientists envision the evolution of 5G. The first generation of 5G, which will be rolled Continue reading

Heavy Networking 517: DriveNets Disaggregates SP And Cloud Networks To Boost Capacity, Control Costs(Sponsored)

Heavy Networking gets nerdy about disaggregation with sponsor DriveNets. The company's Network Cloud routing software runs on whitebox hardware and enables service providers and telcos to quickly scale capacity, control capital outlay, and support automation. Our guests are Amir Krayden, VP R&D Customers; and Yuval Moshe, VP of Products.

The post Heavy Networking 517: DriveNets Disaggregates SP And Cloud Networks To Boost Capacity, Control Costs(Sponsored) appeared first on Packet Pushers.

Heavy Networking 517: DriveNets Disaggregates SP And Cloud Networks To Boost Capacity, Control Costs(Sponsored)

Anthology Product Marketing

I’m a storyteller. I realize this based on the fact that I tell them a lot. I’ve been told by a lot of people that I tell stories all the time. I’m okay with this. And a lot of the time I’m totally good at it. But one of the side effects of being someone that enjoys telling stories is that you recognize them in others and you start critiquing.

One of the more recent trends I’ve seen in product marketing revolves around stories. We’ve seen people telling all kinds of narratives about how disparate pieces of the puzzle fit together. It’s important because it frames the discussion for everyone. But I’ve also noticed some companies focus less on the framing story and more on the pieces. And it made me realize that’s a different kind of story.

Pieces and Parts

Merriam-Webster defines an anthology as a collection of selected literary pieces or passages or works of art or music. When I think of an anthology movie or video series, I think of a collection of disconnected stories around a framing device. Sometimes that device is as tenuous as a shared narrator, such as the Twilight Zone or Tales from Continue reading

BIER – Bit Indexed Explicit Replication

BIER is Bit Indexed Explicit Replication which is a newest proposal for IP Multicast.

Although I say IP Multicast, of course it works on MPLS networks as well.

BIER works by assigning every edge device a Bit Mask position. Then, instead of sending Multicast packet to each destination IP address (Receiver IP address), basically it sets the Bit positions and save the amount of data plane state.

It uses Unicast transport as underlay reachability, and Bit Mask is advertised through IGP control plane.

So, OSPF and IS-IS newly assigned TLVs handle the BitMask to Edge device (BFER – Bit Forwarding Edge Router in BIER terminology) assignment and distribution.

It is in theory can be used not only for multicast but also for Unicast traffic as well.

When we use it, we don’t need to have mLDP, RSVP P2MP LSPs, or PIM in the Core Network (Of course at the Edge, you can still have towards the customer in mVPN scenarios).

So basically, by removing those protocols from the network, in theory, simpler network design you should have. I am saying in theory, because having less protocol doesn’t always mean, having simpler design.

Because we would be throwing the complexity to Continue reading

For Tribal Lands Ravaged by COVID-19, Broadband Access Is a Matter of Life and Death

This opinion piece was originally published in Arizona Central.

If anyone doubted the importance of the Internet before the COVID-19 pandemic, those doubts have vanished like toilet paper at Kroger. During this time, the Internet has proved to be a lifeline, delivering the latest coronavirus health and emergency updates, connecting people to coworkers and bosses, and facilitating online classes.

But this is only the case for those lucky enough to have access. The American Library Association says seven in 10 residents on rural tribal lands remain without access to fixed high-capacity broadband. Making matters worse, massive swaths of tribal land don’t even have a cellphone signal, much less a broadband Internet connection.

No Internet access means no access to the economic opportunities the Internet holds. In 2018 alone, the Internet sector accounted for $2.1 trillion of the U.S. economy. But during this pandemic, many residents of rural Indian Country don’t have the luxury of dreaming up online business plans.

They are instead fearful for their lives and the lives of their loved ones who lack access to solutions like telehealth or online counseling during this time of isolation.

A lack of access leaves us behind

The Internet was always Continue reading

Use Layer 7 Application Identity in Your Segmentation Policies

With the launch of VMware NSX in 2013, VMware pioneered micro-segmentation. Back then our solution was based on stateful Layer 4 filtering. We’ve added in dynamic grouping, enabling policies based on VM context such as VM Name, Operating System or Security Tags. Using dynamic grouping, the life cycle of a Service-defined Firewall policy is directly tied to the life cycle of the workloads/application it’s protecting. This is radically different from traditional firewalls which use IP-address based policies.

Another addition to our Service-defined firewall is Layer 7 Application Identity. You may be familiar with the concept from the perspective of a perimeter firewall where it can be used to allow access to Facebook chat but block access to Facebook games. The data center is different and so are the use cases for layer 7 Application Identity.

In this blog I will cover why organizations should use Layer 7 Application Identity in their data center segmentation policies.

What Are the Problems with Port-Based Rules?

While stateful Layer 4 firewalls have significantly reduced both the complexity and security gaps that come with configuring stateless Access Control Continue reading

Network-Layer DDoS Attack Trends for Q1 2020

As we wrapped up the first quarter of 2020, we set out to understand if and how DDoS attack trends have shifted during this unprecedented time of global shelter in place. Since then, traffic levels have increased by over 50% in many countries, but have DDoS attacks increased as well?

Traffic increases are often observed during holiday seasons. During holidays, people may spend more time online; whether shopping, ordering food, playing online games or a myriad of other online activities. This higher usage translates into higher revenue per minute for the companies that provide those various online services.

Downtime or service degradation during these peak times could result in user churn and loss of significant revenue in a very short time. ITIC estimates that the average cost of an outage is $5,600 per minute, which extrapolates to well over $300K per hour. It is therefore no surprise that attackers capitalize on the opportunity by launching a higher number of DDoS attacks during the holiday seasons.

The current pandemic has a similar cause and effect. People are forced to stay home. They have become more reliant on online services to accomplish their daily tasks which has generated a surge in the Continue reading

Smart NICs with Silvano Gai on Software Gone Wild

A while ago we discussed a software-focused view of Network Interface Cards (NICs) with Luke Gorrie, and a hardware-focused view of them with Or Gerlitz (Mellanox), Andy Gospodarek (Broadcom) and Jiri Pirko (Mellanox).

Why would anyone want to implement features in hardware and not in software, and what would be the best hardware implementation? We discussed these dilemmas with Silvano Gai in Episode 110 of Software Gone Wild podcast.

Growing a Beard

It's 2020 and the world is coming to an end. Everyone is in lock down due to some kind of killer bat virus. I have always wanted to grow a beard and seeing every one with their awesome lock down beards has inspired me to grow one of my own. The Problem I'll be 41 this year. I was...

Growing a Beard

« Previous 1 … 808 809 810 811 812 … 3,455 Next »