Headcount: Firings, Hirings, and Retirings — September 2019

Segment Routing (SR) And Traffic Engineering (TE): Part Two

Adtran Somersaults Into SD-WAN Market

IDG Contributor Network: Secure Access Service Edge (SASE): A reflection of our times

There’s a buzz in the industry about a new type of product that promises to change the way we secure and network our organizations. It is called the Secure Access Service Edge (SASE). It was first mentioned by Gartner, Inc. in its hype cycle for networking. Since then Barracuda highlighted SASE in a recent PR update and Zscaler also discussed it in their earnings call. Most recently, Cato Networks announced that it was mentioned by Gartner as a “sample vendor” in the hype cycle.To read this article in full, please click here

The “Easy Button” for SDN Control of Physical and Virtual Data Center Networks

Ciena Pulls Centina Into Blue Planet’s Orbit

Equinix Bids $200M for Mexico Data Centers, Bloomberg Reports

DARPA looks for new NICs to speed up networks

The government agency that gave us the Internet 50 years ago is now looking to drastically increase network speed to address bottlenecks and chokepoints for compute-intensive applications.The Defense Advanced Research Projects Agency (DARPA), an arm of the Pentagon, has unveiled a computing initiative, one of many, that will attempt to overhaul the network stack and interfaces that cannot keep up with high-end processors and are often the choke point for data-driven applications.[Get regularly scheduled insights by signing up for Network World newsletters. ] The DARPA initiative, Fast Network Interface Cards, or FastNICs, aims to boost network performance by a factor of 100 through a clean-slate transformation of the network stack from the application to the system software layers running on top of steadily faster hardware. DARPA is soliciting proposals from networking vendors. .To read this article in full, please click here

ETSI Sharpens AI Security Focus

IPv6 Buzz 036: IPv4 Special Addresses And IPv6 Adoption

IPv6 Buzz 036: IPv4 Special Addresses And IPv6 Adoption

In this IPv6 Buzz episode we discuss IPv4 special address ranges, the reasons behind efforts to make them globally routable, and what impact this is likely to have on IPv6 adoption.

The post IPv6 Buzz 036: IPv4 Special Addresses And IPv6 Adoption appeared first on Packet Pushers.

Is hybrid cloud certification right for you?

After years of shifting applications to the public cloud, enterprises realize it’s not the right fit for every app and are pulling some of them back to private clouds, forcing the businesses to adopt a hybrid strategy. But it’s not an easy process and one that may require formal training and certifications for the  IT pros tasked with this important transition.“A huge desire to move to the cloud, and pressure from lines of business to move to the cloud, have created an experience gap that has led to serious missteps and forced IT teams to repatriate workloads they had put in the cloud back into the data center,” says Scott Sinclair, senior analyst at IT research firm ESG. “IT’s level of competence, experience, and education in how to integrate with the cloud is woefully inadequate.”To read this article in full, please click here

DC 15. Segment-routing/MPLS on the data centre white box switch and VNF/PNF networking (Nokia, Cisco and Mellanox/Cumulus).

Hello my friend,

the article today would be very special because of three following points. First of all, we’ll talk about the segment routing, which is the leading technology today for building service providers and emerging for DC. Second, you will learn how to connect VNFs with the real network devices. Third, we will fork Cumulus Linux with modified FRR. Thrilled? Let’s go!

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests. Additional thank to Anton Degtyarev from Cumulus for consulting me on FRR details.

Disclaimer

This blogpost is the continuation of the previous, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.

Continue reading

Network Automation Beyond Configuration Templating

Remember Nicky Davey describing how he got large DMVPN deployment back on track with configuration templating? In his own words…:

Configuration templating is still as big win a win for us as it was a year ago. We have since expanded the automation solution, and reading the old blog post makes me realise how far we have come. I began working with this particular customer in May 2017, so 2 years now. At that time the new WAN project was on the horizon and the approach to network configuration was entirely manual.

Here’s how far he got in the meantime:

Cloud-First Networking Delivers Zero-touch Networking for DCs

Silver Peak Surpasses 1,500 SD-WAN Deployments

3 Layers to Defend Your Kubernetes Workloads

Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid HTTP/2 traffic. While HTTP/2 is a relatively new protocol it should be noted that even after several years of hardening we still see vulnerabilities for the TCP protocol like the recently reported SACK vulnerability.

Vulnerability Scanning and Patching

So how do we ensure that Kubernetes workloads are protected from these types of vulnerabilities? 

Security researchers work to identify new vulnerabilities and then help developers develop security patches. You can apply those patches to keep your software secure from the lastest known vulnerabilities.

The simple answer then is to scan workload images and patch your software and update your software to use the latest patches. However, that approach essentially means you have to wait for the next attack and then will need to repeat the cycle. While this works, it is not sufficient and quite disruptive to implement as we play into the hands of the adversaries where they are working on the next vulnerability while Continue reading

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

Single Sign-On for Kubernetes: Dashboard Experience

Over my last two posts (part 1 and part 2), I have investigated user authentication in Kubernetes and how to create a single sign-on experience within the Kubernetes ecosystem. So far I have explained how Open ID Connect (OIDC) works, how to get started with OIDC and how to perform a login from the command line.

The final piece of this puzzle is the Kubernetes dashboard, often used by our engineers alongside kubectl. To complete our move to SSO, we wanted to ensure that, when using the Dashboard, our engineers logged in to the same account they used for kubectl.

Since Kubernetes version 1.7.0, the dashboard has had a login page. It allows users to upload a kubeconfig file or enter a bearer token. If you have already logged into the command line, this allows you to copy the OIDC id-token from your kubeconfig file into the bearer token field and login. There are, however, a couple of problems with this:

• The login page has a skip button — If you aren’t using any authorization (RBAC) then this would permit anyone to access the dashboard with effective admin rights.
• Copy and pasting a token from a Continue reading