0

DC 15. Segment-routing/MPLS on the data centre white box switch and VNF/PNF networking (Nokia, Cisco and Mellanox/Cumulus).

Hello my friend,

the article today would be very special because of three following points. First of all, we’ll talk about the segment routing, which is the leading technology today for building service providers and emerging for DC. Second, you will learn how to connect VNFs with the real network devices. Third, we will fork Cumulus Linux with modified FRR. Thrilled? Let’s go!

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests. Additional thank to Anton Degtyarev from Cumulus for consulting me on FRR details.

Disclaimer

This blogpost is the continuation of the previous, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.

Continue reading

0

Network Automation Beyond Configuration Templating

Remember Nicky Davey describing how he got large DMVPN deployment back on track with configuration templating? In his own words…:

Configuration templating is still as big win a win for us as it was a year ago. We have since expanded the automation solution, and reading the old blog post makes me realise how far we have come. I began working with this particular customer in May 2017, so 2 years now. At that time the new WAN project was on the horizon and the approach to network configuration was entirely manual.

Here’s how far he got in the meantime:

Read more ...

0

Cloud-First Networking Delivers Zero-touch Networking for DCs

0

Silver Peak Surpasses 1,500 SD-WAN Deployments

Silver Peak’s EdgeConnect SD-WAN platform this week surpassed 1,500 customer deployments just...

Read More »

0

3 Layers to Defend Your Kubernetes Workloads

Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid HTTP/2 traffic. While HTTP/2 is a relatively new protocol it should be noted that even after several years of hardening we still see vulnerabilities for the TCP protocol like the recently reported SACK vulnerability.

 

Vulnerability Scanning and Patching

So how do we ensure that Kubernetes workloads are protected from these types of vulnerabilities? 

Security researchers work to identify new vulnerabilities and then help developers develop security patches. You can apply those patches to keep your software secure from the lastest known vulnerabilities.

The simple answer then is to scan workload images and patch your software and update your software to use the latest patches. However, that approach essentially means you have to wait for the next attack and then will need to repeat the cycle. While this works, it is not sufficient and quite disruptive to implement as we play into the hands of the adversaries where they are working on the next vulnerability while Continue reading

0

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

0

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

0

Single Sign-On for Kubernetes: Dashboard Experience

Over my last two posts (part 1 and part 2), I have investigated user authentication in Kubernetes and how to create a single sign-on experience within the Kubernetes ecosystem. So far I have explained how Open ID Connect (OIDC) works, how to get started with OIDC and how to perform a login from the command line.

The final piece of this puzzle is the Kubernetes dashboard, often used by our engineers alongside kubectl. To complete our move to SSO, we wanted to ensure that, when using the Dashboard, our engineers logged in to the same account they used for kubectl.

Since Kubernetes version 1.7.0, the dashboard has had a login page. It allows users to upload a kubeconfig file or enter a bearer token. If you have already logged into the command line, this allows you to copy the OIDC id-token from your kubeconfig file into the bearer token field and login. There are, however, a couple of problems with this:

• The login page has a skip button — If you aren’t using any authorization (RBAC) then this would permit anyone to access the dashboard with effective admin rights.
• Copy and pasting a token from a Continue reading

0

Day Two Cloud 019: Building Your First CI/CD Pipeline

CI/CD. You’ve got a vague notion of what it might be. Then you're asked to help the dev team put together an automated delivery process for a cloud app. How you do get from CI/CD as a concept to making it a reality? That's the subject of today's Day Two Cloud podcast with guest Nathaniel Avery.

0

Day Two Cloud 019: Building Your First CI/CD Pipeline

CI/CD. You’ve got a vague notion of what it might be. Then you're asked to help the dev team put together an automated delivery process for a cloud app. How you do get from CI/CD as a concept to making it a reality? That's the subject of today's Day Two Cloud podcast with guest Nathaniel Avery.

The post Day Two Cloud 019: Building Your First CI/CD Pipeline appeared first on Packet Pushers.

0

Scripting is the Wrong Approach to Automating Networks

Olivier Huynh Van Olivier Huynh Van is the CTO and co-founder of Gluware and leads the Gluware R&D team. Olivier has spent 20+ years designing and managing mission-critical global networks for such organizations as ADM Investor Services, Groupe ODDO & Cie, Natixis, Oxoid and Deutsche Bank. He holds a Master’s Degree in Electronics, Robotics and Information Technology from ESIEA in Paris, France. In the race to keep up with swiftly moving digital currents, enterprises are in search of ways to automate their networks. They want to remove complexity and make changes to their networks quickly and effectively. Vendors are offering a variety of scripting approaches to network management that are open-source. The use of scripts in DevOps has been effective since they are generally run on consistent operating systems and compute platforms. The industry is now trying to push scripting on NetOps, but it is much harder due to the variation of vendors, operating systems and hardware platforms used in the networking layer. Scripts may provide a quick fix, but they are not reliable over time and not a long-term strategic solution. In addition, these approaches may be risky, as they could lead to costly errors and network outages. For Continue reading

0

Can McAfee Sell Its Security Story In a World Without Firewalls?

The vendor kicked off its annual Mpower Cybersecurity Summit with a new analytics tool that aims to...

Read More »

0

Kubernetes Latest Flaw a ‘Billion Laughs’ … Not

The vulnerability can allow someone to launch a denial-of-service attack against a Kubernetes API...

Read More »

0

Rubrik CEO: ‘We’re Not for Sale’

"I want to make it unequivocally clear that Rubrik is not for sale," wrote Rubrik CEO Bipul Sinha...

Read More »

0

SDxCentral’s Top 10 Articles — September 2019

VMware CEO: IBM Paid Too Much for Red Hat; AT&T, Sprint, & Cisco Execs Dump Cold Water on...

Read More »

0

U.S. Cellular Sparks 5G Plans

The nation’s fifth-largest mobile operator says parts of Iowa and Wisconsin will gain access to...

Read More »

0

Serverlist Sept. Wrap-up: Static sites, serverless costs, and more

Check out our eighth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

0

BrandPost: Westcon-Comstor Builds a more Visible WAN

For Michael Soler, a senior infrastructure manager at Westcon-Comstor, a major IT distributor, moving to a software-defined wide-area network (SD-WAN) was as much about taking control of the network as it was about saving money.The move accomplished both, according to Soler. “It’s been a very successful story,” says Soler. “We have gained visibility, and this means control. I can see which users are using which applications, and we can look at bandwidth. We wanted to save money and we greatly succeeded.”Of course, there is more to the story than that. Soler says moving to an SD-WAN platform, built by Silver Peak, accomplished many goals at once. These included:To read this article in full, please click here

0

Celebrating National Cybersecurity Awareness Month

Every October, we mark National Cybersecurity Awareness Month. From the U.S. Department of Homeland Security website, “Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.”

We believe in an Internet that is open, globally connected, secure, and trustworthy. Our work includes improving the security posture of producers of Internet of Things (IoT) devices, ensuring encryption is available for everyone and is deployed as the default, working on time security, routing security through the MANRS initiative, and fostering collaborative security.

The Online Trust Alliance’s IoT Trust Framework identifies the core requirements manufacturers, service providers, distributors/purchasers, and policymakers need to understand, assess, and embrace for effective security and privacy as part of the Internet of Things. Also check out our Get IoT Smart pages for get more consumer-friendly advice on IoT devices.

Much of OTA’s work culminates in the Online Trust Audit & Honor Roll, which recognizes excellence in online consumer protection, data security, and responsible privacy practices. Since that report’s release in April Continue reading

0

Juniper vLabs

A little over a year ago Juniper released Juniper vLabs. What vLabs is, is a place where you can safely …

Continue reading →

The post Juniper vLabs appeared first on Fryguy's Blog.