Encryption: The Digital PPE We All Need
In the midst of a global pandemic, Internet security can be a matter of life and death.
Think of how critical the Internet has been to address the COVID-19 public health crisis. It has allowed half the world fortunate enough to have access to stay on top of critical public health updates and stay in touch with loved ones at a safe distance. Some can even continue activities like distance education, work from home, and access vital telehealth services.
But what if it weren’t safe to do these things? Would the world be as willing to follow social isolation measures?
Encryption keeps billions of people and countries secure online every day. It protects the integrity of news online, keeps your banking information out of the hands of criminals, and allows communications over messaging and videoconference platforms to stay confidential.
That’s a good thing. With people spending more time online than ever, cyber criminals are targeting the increasing amount of private data and commercially or government sensitive information traveling across the Internet. We’ve already seen proof in the corresponding rise in criminal activity over the last few months. The United States Federal Bureau of investigation, for instance, said cybercrime reports Continue reading
May Customer Newsletter
Welcome to the May 2020 edition of Calicomm! – our monthly newsletter for customers and partners. In the April edition, we discussed audit logs. This edition covers egress access control, which is an important aspect of micro-segmentation.
What problems are we solving?
Consider an enterprise datacenter deployment with hundreds of nodes and thousands of pods. These systems are running business applications with different levels of security requirements. A first-order security and compliance requirement in such a scenario is to ensure that a pod or host is only allowed to talk to authorized destinations. Now consider the real life scenario where there’s a churn rate (pods/hosts being added/removed) of hundreds of pods/minute. The challenge is to continue enforcing the microsegmentation in near real time despite a high churn rate.
An efficient mechanism for micro-segmentation has a direct impact on productivity. Ideally, you do not want to wait days for an access policy to be granted through a ticketing process, nor do you want to wait precious minutes for a policy change to take effect.
Micro-segmentation has two broad categories, East-West (E-W) and North-South (N-S). The following are typical use cases of egress access control within the N-S category:
- Configure default-deny Continue reading
Security Field Day #XFD3 with the VMware NSX Security Team
The Gestalt IT team is back with another exciting set of Field Day presentations. Multiple IT product vendors, including VMware, and independent thought leaders will share information and opinions in a presentation and discussion format. The complete VMware agenda and speaker lineup for the morning of the 14th is listed in detail below.
In summary, VMware’s focus for #XFD3 is why a new approach to security is required in the modern era. This security vision is present across all of the solutions, technologies, and bundles that we are bringing to the market. The VMware speakers, Dhruv, Stijn, Ray, and Ashish are planning to cover diverse topics ranging across Service-defined Firewall (SDFW), IDS/IPS, NSX Intelligence, DDoS, and WAF.
We will live-stream the virtual event this Thursday, May 14th from 8-10am PST. Don’t worry if you are unable to make it live, all videos will be posted here, for On-Demand viewing post-event.
Live streaming now complete. The OnDemand videos follow. Please see the full agenda with the detailed description of each presentation below.
Video 1: Dhruv and Stijn discuss the VMware Service-defined Firewall is an innovative approach to internal firewalling
Video 2: Dhruv Continue reading
Real-time network and system metrics as a service
This article is an interactive tutorial intended to familiarize the reader with the REST API. The examples can be run on a laptop using recorded data so that access to a live network is not required.
The data was captured from the leaf and spine test network shown above (described in Fabric View).
curl -O https://raw.githubusercontent.com/sflow-rt/fabric-view/master/demo/ecmp.pcapFirst, download the captured sFlow data.
You will need to have a system with Java or Docker to run the sFlow-RT software.
curl -O https://inmon.com/products/sFlow-RT/sflow-rt.tar.gzThe above commands download and run sFlow-RT, with browse-metrics, browse-flows, and prometheus applications on a system with Java 1.8+ installed.
tar -xzf sflow-rt.tar.gz
./sflow-rt/get-app.sh sflow-rt browse-metrics
./sflow-rt/get-app.sh sflow-rt browse-flows
./sflow-rt/get-app.sh sflow-rt prometheus
./sflow-rt/start.sh -Dsflow.file=$PWD/ecmp.pcap
docker Continue reading
SONiC and White Box switches in the Enterprise DC! – Part 2
As discussed during our part 1, we are trying to configure a VXLAN-EVPN fabric using SONiC on white box switches in order to determine if Open Networking is ready to be deployed in most enterprise DCs.
As a small Recap, below is the topology we are trying to bring online:
Familiarise with the OS
The most interesting thing of SONiC is its architecture!
I’ll write a blog just about it because it’s a fascinating topic, but in short, every single process is living inside a dedicated container.
Linux SONIC-Leaf301 4.9.0-11-2-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 You are on ____ ___ _ _ _ ____ / ___| / _ \| \ | (_)/ ___| \___ \| | | | \| | | | ___) || |\ | | |___ |____/ \___/|_| \_|_|\____| -- Software for Open Networking in the Cloud -- Unauthorized access and/or use are prohibited. All access and/or use are subject to monitoring. Help: http://azure.github.io/SONiC/ Last login: Thu Apr 20 12:52:21 2017 from 192.168.0.31 admin@SONIC-Leaf301:~$ show version SONiC Software Version: SONiC-OS-3.0.1-Enterprise_Advanced Product: Enterprise Advanced SONiC OS - Powered by Broadcom Distribution: Debian 9.12 Kernel: Continue reading
| |\ | | |___
|____/ \___/|_| \_|_|\____|
-- Software for Open Networking in the Cloud --
Unauthorized access and/or use are prohibited.
All access and/or use are subject to monitoring.
Help: http://azure.github.io/SONiC/
Last login: Thu Apr 20 12:52:21 2017 from 192.168.0.31
admin@SONIC-Leaf301:~$ show version
SONiC Software Version: SONiC-OS-3.0.1-Enterprise_Advanced
Product: Enterprise Advanced SONiC OS - Powered by Broadcom
Distribution: Debian 9.12
Kernel: Making Video Intuitive: An Explainer
On the Stream team at Cloudflare, we work to provide a great viewing experience while keeping our service affordable. That involves a lot of small tweaks to our video pipeline that can be difficult to discern by most people. And that makes the results of those tweaks less intuitive.
In this post, let's have some fun. Instead of fine-grained optimization work, we’ll do the opposite. Today we’ll make it easy to see changes between different versions of a video: we’ll start with a high-quality video and ruin it. Instead of aiming for perfection, let’s see the impact of various video coding settings. We’ll go on a deep dive on how to make some victim video look gloriously bad and learn on the way.
Everyone agrees that video on the Internet should look good, start playing fast, and never rebuffer regardless of the device they’re on. People can prefer one version of a video over another and say it looks better. Most people, though, would have difficulty elaborating on what ‘better’ means. That’s not an issue when you’re just consuming video. However, when you’re storing, encoding, and distributing it, how that video looks determines how happy your viewers are.
To determine Continue reading
Journey Through Open Networking
Arista has a decade long history of collaboration in open networking. We have pushed the envelope, co-developed open platforms and deployed them to build the world’s largest cloud -scale networks.
Journey Through Open Networking
Arista has a decade long history of collaboration in open networking. We have pushed the envelope, co-developed open platforms and deployed them to build the world’s largest cloud -scale networks.
Feedback: How Networks Really Work
In early April 2020 I ran another live session in my How Networks Really Work webinar. It was supposed to be an easy one, explaining the concepts of packet forwarding and routing protocols… but of course I decided to cover most solutions we’ve encountered in the last 50 years, ranging from Virtual Circuits and Source Route Bridging to Segment Routing (which, when you think about it, is just slightly better SRB over IPv6), so I never got to routing protocols.
That webinar was supposed to be an introductory one, but of course I got pulled down all sorts of rabbit trails, and even as I was explaining interesting stuff I realized a beginner would have a really hard time following along… but then I silently gave up. Obviously I’m not meant to create introduction-to-something material.
Kernel of Truth season 3 episode 6: Building modern campus networks
Subscribe to Kernel of Truth on iTunes, Google Play, Spotify, Cast Box and Sticher!
Click here for our previous episode.
In this episode we talk about trends, architectures and technologies for building modern Campus networks. Joining Kernel of Truth podcast hosts Brian O’Sullivan and Roopa Prabhu are two of our senior consultants, Eric Pulvino and David Marshall, who know what they’re talking about because they are in the field working with customers building these networks. They share their first hand knowledge here so be sure to take a listen!
Guest Bios
Brian O’Sullivan: Brian currently heads Product Management for Cumulus Linux. For 15 or so years he’s held software Product Management positions at Juniper Networks as well as other smaller companies. Once he saw the change that was happening in the networking space, he decided to join Cumulus Networks to be a part of the open networking innovation. When not working, Brian is a voracious reader and has held a variety of jobs, including bartending in three countries and working as an extra in a German soap opera. You can find him on Twitter at @bosullivan00.
Roopa Prabhu: Roopa Prabhu is Chief Linux Architect at Cumulus Networks. Continue reading
Tech Bytes: Accelerating Cloud Connectivity With Megaport (Sponsored)
Megaport provides global cloud connectivity, data center interconnect, and Internet exchange peering. On today's sponsored Tech Bytes podcast, we talk about the services Megaport offers, and how the company can support your remote-work needs. Our guest is Misha Cetrone, Sr. Global Director, Cloud Solutions.Tech Bytes: Accelerating Cloud Connectivity With Megaport (Sponsored)
Megaport provides global cloud connectivity, data center interconnect, and Internet exchange peering. On today's sponsored Tech Bytes podcast, we talk about the services Megaport offers, and how the company can support your remote-work needs. Our guest is Misha Cetrone, Sr. Global Director, Cloud Solutions.
The post Tech Bytes: Accelerating Cloud Connectivity With Megaport (Sponsored) appeared first on Packet Pushers.
Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC
Today's Network Break analyzes NVIDIA's purchase of Cumulus Networks, boggles at Innovium's announced 25.6Tbps ASIC, and parses why Arista will support the SONiC network OS on its switches. We also cover a new 5G lobbying organization, Zoom's Keybase acquisition, financial results, and more tech news.
The post Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC appeared first on Packet Pushers.
Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC
Today's Network Break analyzes NVIDIA's purchase of Cumulus Networks, boggles at Innovium's announced 25.6Tbps ASIC, and parses why Arista will support the SONiC network OS on its switches. We also cover a new 5G lobbying organization, Zoom's Keybase acquisition, financial results, and more tech news.Daily Roundup: Ericsson Says Pandemic to Drive 5G
Ericsson anticipates the pandemic to drive 5G; McAfee, CrowdStrike, Palo Alto Networks tracked...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
SONiC and White Box switches in the Enterprise DC! – Part 1
In recent years two buzz words began to arise: open-networking and white box switches. Those two words go often hand-in-hand with each other. They are often promoted by big names like Facebook or Microsoft.
From the software side, SONiC is maybe the biggest player out there as it powers Microsoft Azure’s cloud, while from the hardware side, Accton has arguably been one of the most important vendors.
The truth though, at least in my opinion, is that while this innovation is great it is not ready to be embraced by everyone yet. Only companies willing to make this “leap of faith” can take advantage of all of this, but what about us poor mortals? Are SONiC and white boxes ready to be widely deployed? Well let’s give it a look!
We will be deploying a simple VXLAN-EVPN Fabric like in the picture below and we will be checking how difficult is to configure and troubleshoot the fabric, but also and most importantly if this common Enterprise design actually works.
The Hardware
For our spines we’ll be using Edge-Core’s AS7816-64X, powered by Broadcom’s Tomahawk II chipset. This switch is a 2RU lean spine providing 64x 40/100 Gbps QSF28 ports.
For Continue reading