MACsec over WAN
MACsec is an interesting alternative to existing tunneling solutions, that protects Layer 2 by performing integrity, origin authentication and, optionally, encryption. Normal use-case is to use MACsec between hosts and access switches, between two hosts or between two switches. This article is a leftover from MACsec on Linux that I first tested in 2016 when support for MACsec was just included in the kernel. I will describe how MACsec is used together with a Layer 2 GRE tunnel to protect the traffic between two remote sites, over WAN or Internet, like a site-to-site VPN at Layer 2.
Money Moves: September 2019
Datadog Barks Back to Cisco’s $7B Offer, Fetches $648M in IPO: GitLab Inhales $268M Series E,...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
The Week in Internet News: Governments Pressure Facebook to Halt Encryption Plans
Anti-encryption demands: Government officials from the U.S., U.K., and Australia have asked Facebook to put a hold on its plans to expand encryption on services like Messenger, CNet reports. “We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens,” says a letter signed by U.S. Attorney General William Barr and other officials.
This law is not fake: A new fake news law in Singapore has taken effect, SPDP Radio says. The law includes penalties of up to US $60,000 and 10 years in prison for people found guilty of spreading what the government considers to be fake news. Web sites could face fines of more than $720,000 for not taking down so-called fake news after being ordered to do so. Free speech advocates have major problems with the law, as you might expect.
The lines are cut: Internet access in most of Iraq was shut down after violent protest in the country, CNet says. Some people were Continue reading
ONUG, MEF Want to Clarify SD-WAN Decisions
The partnership is focused on ensuring that SD-WAN vendors are developing products that meet the...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Tech Bytes: MidSouth Bank Invests In Network Performance, Visibility With Silver Peak SD-WAN (Sponsored)
On today's sponsored Tech Bytes episode we talk with MidSouth Bank CIO Daniel Hereford about how he's using SD-WAN from Silver Peak to support the bank's transformation to a hybrid cloud model, while also improving network visibility and performance for mission-critical applications.Tech Bytes: MidSouth Bank Invests In Network Performance, Visibility With Silver Peak SD-WAN (Sponsored)
On today's sponsored Tech Bytes episode we talk with MidSouth Bank CIO Daniel Hereford about how he's using SD-WAN from Silver Peak to support the bank's transformation to a hybrid cloud model, while also improving network visibility and performance for mission-critical applications.
The post Tech Bytes: MidSouth Bank Invests In Network Performance, Visibility With Silver Peak SD-WAN (Sponsored) appeared first on Packet Pushers.
Vodafone Embraces OpenRAN on Home Turf
Vodafone, an early proponent of the Telecom Infra Project’s OpenRAN initiative, says it started...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Transform Your Career: Attend Open Source Summit + Embedded Linux Conference Europe
Register now for Attend Open Source Summit + Embedded Linux Conference Europe held October 28 - 30,...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Verizon and NEC Infuse AI Into Deployed Fiber
The technology cocktail can support smart city initiatives without having to rip up streets to...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Network Break 255: Adtran Gets Into SD-WAN; Google Preps Chrome To Block HTTP Mixed With HTTPS
Today's Network Break analyzes Adtran's entry into the SD-WAN market, a new IBN product from Lumina Networks, the latest software upgrade from NTOP, Google's timeline for blocking HTTP elements in HTTPS sessions in Chrome, plus a couple of detailed follow-ups, and a Tech Bytes show.
The post Network Break 255: Adtran Gets Into SD-WAN; Google Preps Chrome To Block HTTP Mixed With HTTPS appeared first on Packet Pushers.
Network Break 255: Adtran Gets Into SD-WAN; Google Preps Chrome To Block HTTP Mixed With HTTPS
Today's Network Break analyzes Adtran's entry into the SD-WAN market, a new IBN product from Lumina Networks, the latest software upgrade from NTOP, Google's timeline for blocking HTTP elements in HTTPS sessions in Chrome, plus a couple of detailed follow-ups, and a Tech Bytes show.Kill the restructure | The IT Skeptic
Don't underestimate engineers. They are smarter than people comprehend.
The post Kill the restructure | The IT Skeptic appeared first on EtherealMind.
Optimizing Environment Setup in Ansible Playbooks
Have you ever seen an Ansible playbook where 90% of the code prepares the environment, and then all the work is done in a few template and assemble modules? Here’s an alternative way of getting that done. Is it better? You tell me ;)
You might also want to explore similar Ansible articles and our Ansible for Networking Engineers content.
How you charge your mobile phone could compromise its battery lifespan
Convincing research that wireless chargers aren't good (yet)
The post How you charge your mobile phone could compromise its battery lifespan appeared first on EtherealMind.
Site-to-Site OpenVPN on VyOS
The tutorial discusses configuration of site-to-site VPN on VyOS using preshared-key. Static key configuration offers the simplest setup, and is ideal for point-to-point VPNs or proof-of-concept testing. The advantages of using static key are simple setup and no X509 PKI (Public Key Infrastructure) to maintain. The disadvantages are limited scalability - one client, one server setup and the lack of perfect forward secrecy - key compromise results in a total disclosure of previous sessions. Also, a secret key must exist in plain-text form on each VPN peer and it must be exchanged using a pre-existing secure channel.
Our lab consists of two remote sites (Picture 1). The router running network OS - VyOS is presented on each side, connecting computers PC and PC2 to to a particular LAN network. The both VyOS routers are configured forOpenVPN site-to-site mode and the routers also perform NAT (PAT) and firewall services.
Picture 1 - Network Topology
1. VyOS Site1 Configuration
1.1 Hostname, IP addresses, SSH
vyos@vyos:~$ configure
vyos@vyos# set system host-name Site1
yos@vyos# commit
vyos@vyos# save
vyos@Site1# set interfaces ethernet eth1 address 10.0.0.254/24
vyos@Site1# set interfaces ethernet eth0 address 11.0.2.1/24
vyos@Site1# set service ssh
vyos@Site1# commit
Continue reading
BlueShore Taps HPE Primera: ‘Way Easier, Way Less Waste’
Primera storage will help the financial firm to reduce its data center footprint and improve its...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Worth Reading: Anycast DNS in Enterprise Networks
Anycast (advertising the same IP address from multiple servers/locations) has long been used to implement scale-out public DNS services (the whole root DNS system runs on massive anycast), but it’s not as common in enterprise networks.
The blog posts written by Tom Bowles should get you there. He started with the idea and described his implementation using Infoblox DNS.
Want to know even more? I covered numerous load balancing mechanisms including anycast in Data Centers Infrastructure for Networking Engineers webinar.