0

Automation Story: Zero-Touch Provisioning

Zero-Touch Provisioning (ZTP) is a solved problem if you believe the networking vendors… and yet numerous network automation projects involve at least some ZTP functionality. It seems that smart organizations investing in premium people (instead of premium vendors) prefer the Unix way of solving problems: take a number of small versatile tools, and put them together to build a solution that fits your requirements.

Anne Baretta did exactly that and combined Oxidized, FreeZTP, Ansible and custom web UI to build a ZTP solution that addresses the needs of his organization.

Notes

• Patrick Ogenstad covered numerous ZTP details in our network automation course.

0

Postcard From San Francisco (RSAC 2020)

There was plenty to see and hear at this years RSA conference, not the least of which was the VMware announcement of a modern data center security solution for today’s private and public clouds

I can report there was brisk business at the the booth with plenty of questions on our solution. Booth duty is not everyone’s favorite but I always look forward to the opportunity to hear directly from customers. There are often questions we don’t have the answers to, but it helps us keep our focus in the areas that matter the most.

My colleague Vivek  has already done a fantastic job blogging on our intrinsic security story and our announcements at this year’s event. I wanted to share some great explainer videos from our executive team.

Unshackle Legacy Security Restrictions for 2020 and Beyond

In this 20 minute video, Part#1, Tom Gillis, VMware SVP/GM of Networking and Security, covers how new data center and branch security approaches can prevent attacks in the enterprise.

 

Part#2 is a live demonstration of how to protect lateral traffic in the DC

In this second of two 20 minute videos, Tom is joined onstage by Continue reading

0

Essential things to know about container networking

Containers have emerged over the past several years to provide an efficient method of storing and delivering applications reliably across different computing environments. By containerizing an application platform and its dependencies, differences in OS distributions and underlying infrastructures are abstracted away. Networking has emerged as a critical element within the container ecosystem, providing connectivity between containers running on the same host as well as on different hosts, says Michael Letourneau, an IT architect at Liberty Mutual Insurance. "Putting an application into a container automatically drives the need for network connectivity for that container," says Letourneau, whose primary focus is on building and operating Liberty Mutual's container platform. To read this article in full, please click here

0

Fixing a Thinkpad T420 battery problem on Linux

I upgraded my T420 because Ubuntu Mate 19.10 now supports the Nvidia Optimus drivers and includes a utility that lets me switch between Intel and Nvidia graphics cards. However, the upgrade seemed to break the power management on my laptop. When running on the battery, the laptop would suddenly lose power after only 10 minutes, even when the battery still shows ninety percent charge.

I installed Linux Advanced Power Management, TLP. TLP solved my problem. Also, for good measure, I upgraded the BIOS because, while troubleshooting this issue, I discovered is was very out of date.

In his post, I describe how to install and configure TLP and how to upgrade the BIOS on a Lenovo Thinkpad T420.

Install TLP

The Mate Power Management utility is part of the Mate desktop environment and provides basic configurations for power management. I don’t know why installing TLP solved my battery problem. I can only suggest that, if you are seeing a similar problem with your battery, try installing TLP before you spend money on a new battery.

TLP is in the Ubuntu repositories. Install TLP using the following command:

$ sudo apt update
$ sudo apt install tlp tlp-rdw
$ sudo  Continue reading

0

CEX (Code EXpress) 06. Look into your dictionary.

Hello my friend,

We have discussed so far ordinary variables in string, numeric and Boolean formats and list variables. Today we’ll close the review of the variables by covering the last, and definitely not least, type of variables called Python dictionary. In fact, this one of the most useful for us from the network automation perspective.

Network automation training – boost your career

Don’t wait to be kicked out of IT business. Join our network automation training to secure your job in future. Come to NetDevOps side.

How does the training differ from this blog post series? Here you get the basics and learn some programming concepts in general, whereas in the training you get comprehensive set of knowledge with the detailed examples how to use Python for the network and IT automation. You need both.

What are we going to do today?

The Python dictionary is a structured data. At a glance it might be similar to the list from the syntax prospective. However, it has a significant difference: in the list each element has an index (numerical value starting from 0), whereas in the dictionary each element has a key (string value you define based on your logic). Continue reading

0

Why the 100th Anniversary of Women’s Right to Vote in the U.S. is Important to Celebrate on International Women’s Day

Seven months ago, I joined Cloudflare to work on the Public Policy Team focusing on our democracy projects such as Project Galileo, Athenian Project and Cloudflare for Campaigns. Since I joined the team, I have learned a lot about how important cybersecurity protections are for organizations that are the target of sophisticated cyberattacks, while also learning about the complex election security environment in the United States and abroad.

It seems fitting that on International Women’s Day, a day people throughout the world are celebrating the achievements of women, we also celebrate the Centennial Anniversary of the Women’s Suffrage Movement which was the tipping point that gave many women voting rights in the United States.

Since I have been working on Cloudflare’s election security projects, this day means something extra special to me and many of my colleagues who believe that voting is the cornerstone of democracy and that having access to information regarding voting and elections is essential.

Here are five reflections that I want to share on International Women’s Day and the Centennial Anniversary of the Nineteenth Amendment which granted women the right to vote in the United States:

1. The Women’s Suffrage Movement in the United States was Continue reading

0

Microsoft, Intel, Fortanix Execs Get Confidential at RSA

“Confidential computing is one of the most important and relevant new paradigms that you folks...

Read More »

0

Daily Roundup: OCP Blesses AT&T’s Disaggregated Security

AT&T works with Palo Alto Networks and Broadcom on a Disaggregated Scalable Firewall; serious...

Read More »

0

OCP Blesses AT&T’s Disaggregated Security Architecture Push

This programmable fabric with embedded security functions will allow network operators to deploy...

Read More »

0

Intel Vulnerability Serious But Unlikely, Experts Say

The bug would allow an attacker to exploit a known vulnerability in Intel's CSME to gain access to...

Read More »

0

How Cloudflare keeps employees productive from any location

Cloudflare employs more than 1,200 people in 13 different offices and maintains a network that operates in 200 cities. To do that, we used to suffer through a traditional corporate VPN that backhauled traffic through a physical VPN appliance. It was, frankly, horrible to work with as a user or IT person.

With today’s mix of on-prem, public cloud and SaaS and a workforce that needs to work from anywhere, be it a coffee shop or home, that model is no longer sustainable. As we grew in headcount, we were spending too much time resolving VPN helpdesk tickets. As offices around the world opened, we could not ask our workforce to sit as every connection had to go back through a central location.

We also had to be ready to scale. Some organizations are currently scrambling to load test their own VPN in the event that their entire workforce needs to work remotely during the COVID-19 outbreak. We could not let a single physical appliance constrain our ability to deliver 26M Internet properties to audiences around the world.

To run a network like Cloudflare, we needed to use Cloudflare’s network to stay fast and secure.

We built Cloudflare Access, part Continue reading

0

SD-WAN Summit 2020 : Call for Proposals

The 5th SD-WAN Summit will take place from 22nd to 24th September 2020. The SD-WAN Summit will...

Read More »

0

Heavy Networking 505: Achieving Consistent Multi-Cloud Network Policy With VeloCloud (Sponsored)

Today's Heavy Networking dives into a multitude of topics with sponsor VeloCloud (a VMware company), including getting consistent network policies in a multi-cloud world, the emerging SASE category and what it means for SD-WAN and security, and how VeloCloud is incorporating analytics from Nyansa, which VMware recently acquired. Our guest is Craig Connors, Chief Architect at VeloCloud.

0

Heavy Networking 505: Achieving Consistent Multi-Cloud Network Policy With VeloCloud (Sponsored)

Today's Heavy Networking dives into a multitude of topics with sponsor VeloCloud (a VMware company), including getting consistent network policies in a multi-cloud world, the emerging SASE category and what it means for SD-WAN and security, and how VeloCloud is incorporating analytics from Nyansa, which VMware recently acquired. Our guest is Craig Connors, Chief Architect at VeloCloud.

The post Heavy Networking 505: Achieving Consistent Multi-Cloud Network Policy With VeloCloud (Sponsored) appeared first on Packet Pushers.

0

CentOS 8

CentOS 8 / RHEL 8 come with Linux kernel version 4.18. This version of the kernel includes efficient in-kernel packet sampling that can be used to provide network visibility for production servers running network heavy workloads, see Berkeley Packet Filter (BPF).
This article provides instructions for installing and configuring the open source Host sFlow agent to remotely monitor servers using the industry standard sFlow protocol. The sFlow-RT real-time analyzer is used to demonstrate the capabilities of sFlow telemetry.

Find the latest Host sFlow version on the Host sFlow download page.

wget https://github.com/sflow/host-sflow/releases/download/v2.0.26-3/hsflowd-centos8-2.0.26-3.x86_64.rpm
sudo rpm -i hsflowd-centos8-2.0.26-3.x86_64.rpm
sudo systemctl enable hsflowd

The above commands download and install the software.

sflow {
  collector { ip=10.0.0.30 }
  pcap { speed=1G-1T }
  tcp { }
  systemd { }
}

Edit the /etc/hsflowd.conf file. The above example sends sFlow to a collector at 10.0.0.30, enables packet sampling on all network adapters, adds TCP performance information, and exports metrics for Linux services. See Configuring Host sFlow for Linux for the complete set of configuration options.

sudo systemctl restart hsflowd

Restart the Host sFlow daemon to Continue reading

0

Weekly Wrap: AT&T Puts More Jobs on the Chopping Block

SDxCentral Weekly Wrap for March 6, 2020: The telecom giant cited "headcount rationalization" as a...

Read More »

0

There Are No More Green Fields

I’ve looked at quite a few pieces of technology in the past few years. Some have addressed massive issues that I had when I was a practicing network engineer. Others have shown me new ways to do things I never thought possible. But one category of technology still baffles me to this day: The technology that assumes greenfield deployment.

For those not familiar, “greenfield” is a term that refers to a project that is built on a site completely from scratch. It originally comes from a day when the project in question was a factory or other capital improvement that was literally being built in a field with green grass growing on top. The alternative to that project was one where something was being built in a location where there was existing infrastructure or other form of site pollution. And, of course because everyone in humanity never gets older than twelve, this is called a “brownfield” site.

Getting back to the technology side of things, let’s talk about greenfield deployments. When was the last time you walked into a building and found zero technology of any kind? Odds are good that’s not the case. Sure, there are some SMBs that Continue reading

0

Announcing the VMware NSX vExpert Program

The VMware NSX team is excited to announce the new NSX vExperts program. If you’re not familiar with vExperts, the program is designed to recognize individuals who are passionate about sharing their knowledge on VMware technologies with the broader community. While the vExpert program has been around for over 10 years, this is the first year we’re introducing the NSX vExpert subprogram and badge.

 

What is an NSX vExpert?

Individuals awarded NSX vExpert status are the crème of the crop when it comes to their knowledge in NSX use cases like micro-segmentation, network automation, multi-cloud networking, service mesh and modern apps. They’re advocates of VMware NSX and love “giving back” to the community by sharing their knowledge with their peers— whether it be through blogging or public speaking at events like VMworld and VMUG.

Benefits of the NSX vExpert Program

Becoming an NSX vExpert is not without its perks. In addition to bragging rights and the cool badge, VMware will provide great opportunities to give you the recognition you deserve.

Here’s what vExperts gain:

• Amplification of any articles you write
• Exposure at VMware physical and virtual events
• Opportunities to interface and provide feedback to the NSX product team
• Invite Continue reading

0

Minister Bains, Let’s Rethink Canada’s Spectrum Auction

Yesterday’s announcement by the Government of Canada to drive down cell phone prices will only end up costing Canada in the long run.

In a press conference held yesterday, Minister Navdeep Bains of Innovation Science and Economic Development Canada (ISED) laid out a plan that will not only allow the government to evoke further regulation to boost competition but allow it to sell off spectrum to the highest bidder.

It is a case of short-term gain that will lead to long-term pain.

It could have been an opportunity for ISED to bring many Canadians – particularly those living in rural and remote areas – closer to the government’s goal of universal broadband for all by 2030. Unfortunately, we believe that the auction rules announced yesterday by Minister Bains for this spectrum band are a step backward for innovative approaches to bring affordable access to the regions of Canada that most need it.

Currently, Canadians pay some of the highest prices in the world to come online and much of the country still does not have fiber needed for broadband.

There are solutions to affordable access in Canada. One of which is community networks.

The Internet Society has long championed community Continue reading

0

International Women’s Day 2020: Building a Modern Security Team

When we started at Cloudflare in the summer of 2018, we joined a small security team intent on helping it grow quickly. Cloudflare was already a successful “unicorn” startup and its profile was changing fast, providing cyber security protection for millions of Internet-facing properties and moving towards becoming a public company. We were excited to help build the team that would ensure the security of Cloudflare’s systems and the sensitive customer data that flows through them.

Competing for security talent in the tech industry - where every company is investing heavily on security - isn't easy. But, in 18 months, we have grown our team 400% from under 10 people to almost 50 (and still hiring). We are proud that 40% of our team are women and 25% are from an under-represented minority. We believe from experience, and the research shows, that more diverse teams drive better business results and can be a better place to work.

In honor of International Women’s Day this Sunday, we wanted to share some of our lessons learned on how to build a diverse team and inclusive culture on a modern security team.

Lessons Learned Building a Diverse Team

• Our effort to Continue reading