Karen Walker joined Intel as SVP and CMO; Equinix welcomed Justin Dustzadeh as CTO; plus the latest...
In this blog, Juniper Networks will follow the typical service provider through the stages of...
The company, best known for its networking hardware and monitoring technology, launched its SD-WAN...
Ciena is acquiring Centina, a network performance management provider, in a bid to bolster its Blue...
The deal would mark Equinix’s first data centers in Mexico.
ETSI’s latest specification group takes on AI security with founding members BT, Huawei, and...
In this IPv6 Buzz episode we discuss IPv4 special address ranges, the reasons behind efforts to make them globally routable, and what impact this is likely to have on IPv6 adoption.
The post IPv6 Buzz 036: IPv4 Special Addresses And IPv6 Adoption appeared first on Packet Pushers.
Hello my friend,
the article today would be very special because of three following points. First of all, we’ll talk about the segment routing, which is the leading technology today for building service providers and emerging for DC. Second, you will learn how to connect VNFs with the real network devices. Third, we will fork Cumulus Linux with modified FRR. Thrilled? Let’s go!
1
2
3
4
5 No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests. Additional thank to Anton Degtyarev from Cumulus for consulting me on FRR details.
This blogpost is the continuation of the previous, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.
Remember Nicky Davey describing how he got large DMVPN deployment back on track with configuration templating? In his own words…:
Configuration templating is still as big win a win for us as it was a year ago. We have since expanded the automation solution, and reading the old blog post makes me realise how far we have come. I began working with this particular customer in May 2017, so 2 years now. At that time the new WAN project was on the horizon and the approach to network configuration was entirely manual.
Here’s how far he got in the meantime:
Read more ...Silver Peak’s EdgeConnect SD-WAN platform this week surpassed 1,500 customer deployments just...
Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid HTTP/2 traffic. While HTTP/2 is a relatively new protocol it should be noted that even after several years of hardening we still see vulnerabilities for the TCP protocol like the recently reported SACK vulnerability.
So how do we ensure that Kubernetes workloads are protected from these types of vulnerabilities?
Security researchers work to identify new vulnerabilities and then help developers develop security patches. You can apply those patches to keep your software secure from the lastest known vulnerabilities.
The simple answer then is to scan workload images and patch your software and update your software to use the latest patches. However, that approach essentially means you have to wait for the next attack and then will need to repeat the cycle. While this works, it is not sufficient and quite disruptive to implement as we play into the hands of the adversaries where they are working on the next vulnerability while Continue reading
Over my last two posts (part 1 and part 2), I have investigated user authentication in Kubernetes and how to create a single sign-on experience within the Kubernetes ecosystem. So far I have explained how Open ID Connect (OIDC) works, how to get started with OIDC and how to perform a login from the command line.
The final piece of this puzzle is the Kubernetes dashboard, often used by our engineers alongside kubectl. To complete our move to SSO, we wanted to ensure that, when using the Dashboard, our engineers logged in to the same account they used for kubectl.
Since Kubernetes version 1.7.0, the dashboard has had a login page. It allows users to upload a kubeconfig file or enter a bearer token. If you have already logged into the command line, this allows you to copy the OIDC id-token from your kubeconfig file into the bearer token field and login. There are, however, a couple of problems with this: