Deploying Gateway using a Raspberry Pi, DNS over HTTPS and Pi-hole
Like many who are able, I am working remotely and in this post, I describe some of the ways to deploy Cloudflare Gateway directly from your home. Gateway’s DNS filtering protects networks from malware, phishing, ransomware and other security threats. It’s not only for corporate environments - it can be deployed on your browser or laptop to protect your computer or your home WiFi. Below you will learn how to deploy Gateway, including, but not limited to, DNS over HTTPS (DoH) using a Raspberry Pi, Pi-hole and DNSCrypt.
We recently launched Cloudflare Gateway and shortly thereafter, offered it for free until at least September to any company in need. Cloudflare leadership asked the global Solutions Engineering (SE) team, amongst others, to assist with the incoming onboarding calls. As an SE at Cloudflare, our role is to learn new products, such as Gateway, to educate, and to ensure the success of our prospects and customers. We talk to our customers daily, understand the challenges they face and consult on best practices. We were ready to help!
One way we stay on top of all the services that Cloudflare provides, is by using them ourselves. In this blog, I'll talk about Continue reading
Can We Trust BGP Next Hops (Part 2)?
Two weeks ago I started with a seemingly simple question:
If a BGP speaker R is advertising a prefix A with next hop N, how does the network know that N is actually alive and can be used to reach A?
… and answered it for the case of directly-connected BGP neighbors (TL&DR: Hope for the best).
Jeff Tantsura provided an EVPN perspective, starting with “the common non-arguable logic is reachability != functionality".
Now let’s see what happens when we add route reflectors to the mix. Here’s a simple scenario:
NSX Distributed IDS/IPS is Generally Available
Most readers are already familiar with VMware NSX as a natural platform for intrinsic security in the data center. They understand that NSX’s service-defined firewall is enabling network and security operators to use a distributed software-based solution to replace centralized hardware-based deployments.
The intrusion detection and prevention system (IDS/IPS) functionality released with NSX-T 3.0 enhances the security capabilities of the service-defined firewall, enabling operators to address several additional use cases.
Top Use Cases for NSX Distributed IDS/IPS
- Quickly Achieve Regulatory Compliance: Many data centers host sensitive applications that are required to meet HIPAA[1], PCI-DSS[2], or SOX[3] . Using NSX, network and security operators can now achieve compliance by enabling IDS/IPS, in addition to the firewall for any workload that needs to meet compliance.
- Replace Discrete IDS/IPS Appliances: Operators virtualizing their data center networks can now replace discrete, centralized IDS/IPS appliances with NSX’s distributed implementation. In the process, with NSX they also consolidate firewall and IDS/IPS management. Since NSX’s security capabilities are in the hypervisor isolated from the workloads, attackers can’t tamper with them.
- Implement Virtual Security zones: Some organizations need to establish direct network connections with partners or treat business units and subsidiaries as Continue reading
RPKI and Trust Anchors
I've been asked a number of times: "Why are we using as distributed trust framework where each of the RIRs are publishing a trust anchor that claims the entire Internet number space?"" I suspect that the question will arise again the future so it may be useful to record the design considerations here in the hope that this may be useful to those who stumble upon the same question in the future.Daily Roundup: Google Rolls Out Enterprise BeyondCorp
Google brought BeyondCorp zero-trust security to the masses; Alibaba injected $28B into the cloud;...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
As networks grow, web-scale automation is the only way to keep up
Networks just keep growing, don’t they? They’ve evolved from a few machines on a LAN to the introduction of Wi-Fi—and with the Internet of Things (IoT), we’ve now got a whole new class of devices. Throw in the rise of smartphones and tablets, cloud and edge computing, and network management starts to get a little unwieldy. Managing a network with 300 devices manually might be possible—300,000 devices, not so much.
What is web-scale automation?
Network automation has been around awhile now, in various names from various vendors, using a number of proprietary protocols. The key word being “proprietary.” Many traditional network vendors design a well-functioning network automation system, but participate in vendor lock-in by ensuring that the associated automation stack, and its requisite protocols, only run on their hardware.
Web-scale automation is different. It relies on open, extendable standards like HTTPS, JSON, and netconf, among an ever-increasing number of systems and solutions. With web-scale automation in your organization, network management can over time become a background function; something that only notifies you in exceptional circumstances.
This does not, in any way, reduce the need for those who know networks to be employed at your organization—it simply reduces the amount Continue reading
Tech Bytes: Network Verification – Smarter Network Ops With Forward Networks (Sponsored)
Forward Networks builds a real-time software model of your data center network that you can use to verify intent, test changes, and speed troubleshooting. Forward is sponsoring this Tech Bytes episode. Our guest is Nikhil Handigol, co-founder of Forward, and we’re going to talk about the state of network verification and where the technology is heading.Tech Bytes: Network Verification – Smarter Network Ops With Forward Networks (Sponsored)
Forward Networks builds a real-time software model of your data center network that you can use to verify intent, test changes, and speed troubleshooting. Forward is sponsoring this Tech Bytes episode. Our guest is Nikhil Handigol, co-founder of Forward, and we’re going to talk about the state of network verification and where the technology is heading.
The post Tech Bytes: Network Verification – Smarter Network Ops With Forward Networks (Sponsored) appeared first on Packet Pushers.
Rackspace Readies $10B IPO, Report Says
The move would mean Rackspace’s return to the public market. The managed services company went...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Ericsson 5G Gear Powers Alaska’s GCI Network
Regional operator GCI claims it has invested “tens of millions of dollars” in the Anchorage...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Alibaba Injects $28B Into Cloud
The China-based cloud giant linked the three-year investment plan to bolster support for services...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Google Brings BeyondCorp Zero-Trust Security to the Masses
Google had originally planned to release the product later this year. But then the COVID-19...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Network Break 280: Nvidia Advances Mellanox Acquisition; Startup Alkira Tackles Multi-Cloud Networking
Take a Network Break! We discuss Nvidia clearing a major hurdle to its Mellanox acquisition, GitHub changes its pricing, the startup Alkira tackles multi-cloud networking, and more tech news analysis. Our guest commentator is Stephen Foskett, founder of Tech Field Day and GestaltIT.Network Break 280: Nvidia Advances Mellanox Acquisition; Startup Alkira Tackles Multi-Cloud Networking
Take a Network Break! We discuss Nvidia clearing a major hurdle to its Mellanox acquisition, GitHub changes its pricing, the startup Alkira tackles multi-cloud networking, and more tech news analysis. Our guest commentator is Stephen Foskett, founder of Tech Field Day and GestaltIT.
The post Network Break 280: Nvidia Advances Mellanox Acquisition; Startup Alkira Tackles Multi-Cloud Networking appeared first on Packet Pushers.
Will COVID-19 Kill the Data Center?
COVID-19 may kill the data center, or at the very least forever change storage as we know it, says...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
The Week in Internet News: The Digital Divide During a Pandemic
The great divide: The continuing digital divide in the U.S. is hurting people as they try to shop, attend school, and work during the coronavirus pandemic lockdown, The Guardian says. Broadband Now estimates that 42 million U.S. residents don’t have Internet access, and M-Lab says that the majority of residents in 62 percent of the counties across the U.S. don’t have adequate broadband speeds.
The struggle is real: Meanwhile, students in rural Alabama are struggling to complete their schoolwork because a lack of Internet access, according to an Associated Press story at Enewscourier.com. In nine Alabama counties, less than 30 percent of the population has access. “We don’t want to leave 20 to 30 percent of our population behind just because of where they live,” said John Heard, school superintendent in Perry County.
The good news: Even with many people across the world working from home or attending school from home, the Internet is holding up, ZDNet reports. Fastly, an edge cloud computing provider, found that in the hard-hit New York and New Jersey area, Internet traffic jumped by nearly 45 percent in March, but download speeds decreased by less than 6 percent. In California, traffic Continue reading