Archive

Category Archives for "Networking"

How synthetic full backup works and why you might need it

The invention of synthetic full backups is one of the most important advancements in backup technology in the last few decades, right up there witih disk-based backups, deduplication, continuous data protection (CDP), and the cloud.Here’s how they came to be and an explanation of what benefits they might offer.[Get regularly scheduled insights by signing up for Network World newsletters.] Traditional backup options There are essentially two very broad categories of what the backup industry calls backup levels;you are either backing up everything (full backup) or you are backing up only what has changed (incremental backup). There are different types of incremental backups, but that's really not relevant to this particular discussion. A typical set up runs incremental backups every night and full backups every week – or even less often than that.To read this article in full, please click here

Cisco, others, shine a light on VPN split-tunneling

As work-from-home becomes the norm due to the COVID-19 pandemic, the need for secure access to enterprise resources continues to grow and with it the demand for ever-more VPN.For example demand for commercial virtual private networks in the U.S. jumped by 41% between March 13 and March 23, according to research from Top10VPN.com, a VPN research and testing company in the U.K. The VPN market will hit $70 billion by 2026, according to market research and management consulting company Global Market Insights. In an April blog AT&T pointed to a 700% increase in connections to its cloud-based SD-WAN Static Network Based (ANIRA) VPN service.To read this article in full, please click here

Encryption: The Digital PPE We All Need

In the midst of a global pandemic, Internet security can be a matter of life and death.

Think of how critical the Internet has been to address the COVID-19 public health crisis. It has allowed half the world fortunate enough to have access to stay on top of critical public health updates and stay in touch with loved ones at a safe distance. Some can even continue activities like distance education, work from home, and access vital telehealth services.

But what if it weren’t safe to do these things?  Would the world be as willing to follow social isolation measures?

Encryption keeps billions of people and countries secure online every day. It protects the integrity of news online, keeps your banking information out of the hands of criminals, and allows communications over messaging and videoconference platforms to stay confidential.

That’s a good thing. With people spending more time online than ever, cyber criminals are targeting the increasing amount of private data and commercially or government sensitive information traveling across the Internet. We’ve already seen proof in the corresponding rise in criminal activity over the last few months. The United States Federal Bureau of investigation, for instance, said cybercrime reports Continue reading

May Customer Newsletter

Welcome to the May 2020 edition of Calicomm! – our monthly newsletter for customers and partners. In the April edition, we discussed audit logs. This edition covers egress access control, which is an important aspect of micro-segmentation.

What problems are we solving?

Consider an enterprise datacenter deployment with hundreds of nodes and thousands of pods. These systems are running business applications with different levels of security requirements. A first-order security and compliance requirement in such a scenario is to ensure that a pod or host is only allowed to talk to authorized destinations. Now consider the real life scenario where there’s a churn rate (pods/hosts being added/removed) of hundreds of pods/minute. The challenge is to continue enforcing the microsegmentation in near real time despite a high churn rate.

An efficient mechanism for micro-segmentation has a direct impact on productivity. Ideally, you do not want to wait days for an access policy to be granted through a ticketing process, nor do you want to wait precious minutes for a policy change to take effect.

Micro-segmentation has two broad categories, East-West (E-W) and North-South (N-S). The following are typical use cases of egress access control within the N-S category:

Security Field Day #XFD3 with the VMware NSX Security Team

#SFD

The Gestalt IT team is back with another exciting set of  Field Day presentations. Multiple IT product vendors, including VMware, and independent thought leaders will share information and opinions in a presentation and discussion format. The complete VMware agenda and speaker lineup for the morning of the 14th is listed in detail below.

In summary, VMware’s focus for #XFD3 is why a new approach to security is required in the modern era. This security vision is present across all of the solutions, technologies, and bundles that we are bringing to the market. The VMware speakers, Dhruv, Stijn, Ray, and Ashish are planning to cover diverse topics ranging across Service-defined Firewall (SDFW), IDS/IPS, NSX Intelligence, DDoS, and WAF.

We will live-stream the virtual event this Thursday, May 14th from 8-10am PST. Don’t worry if you are unable to make it live, all videos will be posted here,  for On-Demand viewing post-event.
Live streaming now complete. The OnDemand videos follow.  Please see the full agenda with the detailed description of each presentation below. 
Video 1: Dhruv and Stijn discuss the  VMware Service-defined Firewall is an innovative approach to internal firewalling

 

Video 2: Dhruv Continue reading

Real-time network and system metrics as a service

The sFlow-RT real-time analytics engine receives industry standard sFlow telemetry as a continuous stream from network and host devices and coverts the raw data into useful measurements that can be be queried through a REST API. A single sFlow-RT instance can monitor the entire data center, providing a comprehensive view of performance, not just of the individual components, but of the data center as a whole.

This article is an interactive tutorial intended to familiarize the reader with the REST API. The examples can be run on a laptop using recorded data so that access to a live network is not required.

The data was captured from the leaf and spine test network shown above (described in Fabric View).
curl -O https://raw.githubusercontent.com/sflow-rt/fabric-view/master/demo/ecmp.pcap
First, download the captured sFlow data.

You will need to have a system with Java or Docker to run the sFlow-RT software.
curl -O https://inmon.com/products/sFlow-RT/sflow-rt.tar.gz
tar -xzf sflow-rt.tar.gz
./sflow-rt/get-app.sh sflow-rt browse-metrics
./sflow-rt/get-app.sh sflow-rt browse-flows
./sflow-rt/get-app.sh sflow-rt prometheus
./sflow-rt/start.sh -Dsflow.file=$PWD/ecmp.pcap
The above commands download and run sFlow-RT, with browse-metrics, browse-flows, and prometheus applications on a system with Java 1.8+ installed.
docker  Continue reading

SONiC and White Box switches in the Enterprise DC! – Part 2

As discussed during our part 1, we are trying to configure a VXLAN-EVPN fabric using SONiC on white box switches in order to determine if Open Networking is ready to be deployed in most enterprise DCs.

As a small Recap, below is the topology we are trying to bring online:

Familiarise with the OS

The most interesting thing of SONiC is its architecture!
I’ll write a blog just about it because it’s a fascinating topic, but in short, every single process is living inside a dedicated container.

Linux SONIC-Leaf301 4.9.0-11-2-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64
You are on
  ____   ___  _   _ _  ____
 / ___| / _ \| \ | (_)/ ___|
 \___ \| | | |  \| | | |
  ___) | |_| | |\  | | |___
 |____/ \___/|_| \_|_|\____|

-- Software for Open Networking in the Cloud --

Unauthorized access and/or use are prohibited.
All access and/or use are subject to monitoring.

Help:    http://azure.github.io/SONiC/

Last login: Thu Apr 20 12:52:21 2017 from 192.168.0.31
admin@SONIC-Leaf301:~$ show version 

SONiC Software Version: SONiC-OS-3.0.1-Enterprise_Advanced
Product: Enterprise Advanced SONiC OS - Powered by Broadcom
Distribution: Debian 9.12
Kernel:  Continue reading

Making Video Intuitive: An Explainer

Making Video Intuitive: An Explainer

On the Stream team at Cloudflare, we work to provide a great viewing experience while keeping our service affordable. That involves a lot of small tweaks to our video pipeline that can be difficult to discern by most people. And that makes the results of those tweaks less intuitive.

In this post, let's have some fun. Instead of fine-grained optimization work, we’ll do the opposite. Today we’ll make it easy to see changes between different versions of a video: we’ll start with a high-quality video and ruin it. Instead of aiming for perfection, let’s see the impact of various video coding settings. We’ll go on a deep dive on how to make some victim video look gloriously bad and learn on the way.

Everyone agrees that video on the Internet should look good, start playing fast, and never rebuffer regardless of the device they’re on. People can prefer one version of a video over another and say it looks better. Most people, though, would have difficulty elaborating on what ‘better’ means. That’s not an issue when you’re just consuming video. However, when you’re storing, encoding, and distributing it, how that video looks determines how happy your viewers are.

To determine Continue reading

Feedback: How Networks Really Work

In early April 2020 I ran another live session in my How Networks Really Work webinar. It was supposed to be an easy one, explaining the concepts of packet forwarding and routing protocols… but of course I decided to cover most solutions we’ve encountered in the last 50 years, ranging from Virtual Circuits and Source Route Bridging to Segment Routing (which, when you think about it, is just slightly better SRB over IPv6), so I never got to routing protocols.

That webinar was supposed to be an introductory one, but of course I got pulled down all sorts of rabbit trails, and even as I was explaining interesting stuff I realized a beginner would have a really hard time following along… but then I silently gave up. Obviously I’m not meant to create introduction-to-something material.

Kernel of Truth season 3 episode 6: Building modern campus networks

Subscribe to Kernel of Truth on iTunesGoogle PlaySpotifyCast Box and Sticher!

Click here for our previous episode.

In this episode we talk about trends, architectures and technologies for building modern Campus networks. Joining Kernel of Truth podcast hosts Brian O’Sullivan and Roopa Prabhu are two of our senior consultants, Eric Pulvino and David Marshall, who know what they’re talking about because they are in the field working with customers building these networks. They share their first hand knowledge here so be sure to take a listen!

Guest Bios

Brian O’Sullivan: Brian currently heads Product Management for Cumulus Linux. For 15 or so years he’s held software Product Management positions at Juniper Networks as well as other smaller companies. Once he saw the change that was happening in the networking space, he decided to join Cumulus Networks to be a part of the open networking innovation. When not working, Brian is a voracious reader and has held a variety of jobs, including bartending in three countries and working as an extra in a German soap opera. You can find him on Twitter at @bosullivan00.

Roopa Prabhu: Roopa Prabhu is Chief Linux Architect at Cumulus Networks. Continue reading

Tech Bytes: Accelerating Cloud Connectivity With Megaport (Sponsored)

Megaport provides global cloud connectivity, data center interconnect, and Internet exchange peering. On today's sponsored Tech Bytes podcast, we talk about the services Megaport offers, and how the company can support your remote-work needs. Our guest is Misha Cetrone, Sr. Global Director, Cloud Solutions.

The post Tech Bytes: Accelerating Cloud Connectivity With Megaport (Sponsored) appeared first on Packet Pushers.

Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC

Today's Network Break analyzes NVIDIA's purchase of Cumulus Networks, boggles at Innovium's announced 25.6Tbps ASIC, and parses why Arista will support the SONiC network OS on its switches. We also cover a new 5G lobbying organization, Zoom's Keybase acquisition, financial results, and more tech news.

The post Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC appeared first on Packet Pushers.

Daily Roundup: Ericsson Says Pandemic to Drive 5G

Ericsson anticipates the pandemic to drive 5G; McAfee, CrowdStrike, Palo Alto Networks tracked...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Simplicity and Security: What Commercial Providers Offer for the Service Mesh

“Open source is free like a puppy,” said Aspen Mesh, provider of an enterprise version of the open source Linkerd, that is the only reason to turn to William Morgan, CEO of Buoyant. “This is more of a philosophical stance. However, if you want to have a commercial relationship with us, we will make sure the service mesh works for you, with services and integration and all that stuff.”  Taming Complexity Service meshes are designed for very complex architectures. They only make sense for companies Continue reading

SONiC and White Box switches in the Enterprise DC! – Part 1

In recent years two buzz words began to arise: open-networking and white box switches. Those two words go often hand-in-hand with each other. They are often promoted by big names like Facebook or Microsoft.
From the software side, SONiC is maybe the biggest player out there as it powers Microsoft Azure’s cloud, while from the hardware side, Accton has arguably been one of the most important vendors.

The truth though, at least in my opinion, is that while this innovation is great it is not ready to be embraced by everyone yet. Only companies willing to make this “leap of faith” can take advantage of all of this, but what about us poor mortals? Are SONiC and white boxes ready to be widely deployed? Well let’s give it a look!

We will be deploying a simple VXLAN-EVPN Fabric like in the picture below and we will be checking how difficult is to configure and troubleshoot the fabric, but also and most importantly if this common Enterprise design actually works.

The Hardware

For our spines we’ll be using Edge-Core’s AS7816-64X, powered by Broadcom’s Tomahawk II chipset. This switch is a 2RU lean spine providing 64x 40/100 Gbps QSF28 ports.

For Continue reading