Network Break 273: Fortinet Pits Deep Learning Appliance Against Malware; Nokia ‘Reviews Options’ As Earnings Struggle
Take a Network Break. This week's IT news analysis covers a new anti-malware appliance from Fortinet, VMware security software for data centers and clouds, Nokia's efforts to buy time as it gets its 5G house in order, and financial results from multiple vendors.
The post Network Break 273: Fortinet Pits Deep Learning Appliance Against Malware; Nokia ‘Reviews Options’ As Earnings Struggle appeared first on Packet Pushers.
Similarities Between AWS VPC and Cisco SDA – Intra-Subnet Communication
Update March 6, 2020: This post will be obsolete soon by a new version
Forewords
This article explains the similarities between a LISP/VXLAN based Campus Fabric and AWS Virtual Private Cloud (VPC) from the Intra-Subnet Control-Plane and Data-Plane operation perspective. The AWS VPC solution details are not publicly available and the information included in this article is based on the author's own study using publically available AWS VPC documentation.
There are two main reasons for writing this document:
First, Cisco SDA is an on-prem LAN model while the AWS VPC is an off-prem DC solution. I wanted to point out that these two solutions, even though used for very different purposes, use the same kind of Control-Plane operation and Data-Plane encapsulation and are managed via QUI. This is kind of my answer to ever going discussion about is there DC-networks, Campus-networks and so on, or is there just networks.
Second, my own curiosity to understand the operation of AWS VPC.
I usually start by introducing the example environment and then explaining the configuration, moving to Control-Plane operation and then to Data-Plane operation. However, this time I take a different approach. This article first introduces the example environment but then the Data-Plane operation is discussed before Control-Plane operation. This way it is easier to understand what information is needed and how that information is gathered.
There are two main reasons for writing this document:
First, Cisco SDA is an on-prem LAN model while the AWS VPC is an off-prem DC solution. I wanted to point out that these two solutions, even though used for very different purposes, use the same kind of Control-Plane operation and Data-Plane encapsulation and are managed via QUI. This is kind of my answer to ever going discussion about is there DC-networks, Campus-networks and so on, or is there just networks.
Second, my own curiosity to understand the operation of AWS VPC.
I usually start by introducing the example environment and then explaining the configuration, moving to Control-Plane operation and then to Data-Plane operation. However, this time I take a different approach. This article first introduces the example environment but then the Data-Plane operation is discussed before Control-Plane operation. This way it is easier to understand what information is needed and how that information is gathered.
Continue reading
Cisco’s Wendy Nather: Never Say This to a CISO
When Cisco acquired Duo Security, Nather’s was the only CISO advisory team. Cisco quickly saw the...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Marvell Injects New Life Into Infrastructure Chips
The chips are designed to power networking equipment like switches, routers, secure gateways,...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Nokia Taps New Captain After Missing 5G Boat
Pekka Lundmark, who currently serves as president and CEO of Fortum, an energy company also...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Heavy Networking 504: The State Of Optical Networking In 2020
If you're new to DWDM and optical networking, this Heavy Networking episode aims to peel back some of the layers of these technologies to help you understand how they work, and whether you have business applications that could use DWDM. My guest is Chris Tracy, a network and systems engineer at ESnet.Heavy Networking 504: The State Of Optical Networking In 2020
If you're new to DWDM and optical networking, this Heavy Networking episode aims to peel back some of the layers of these technologies to help you understand how they work, and whether you have business applications that could use DWDM. My guest is Chris Tracy, a network and systems engineer at ESnet.
The post Heavy Networking 504: The State Of Optical Networking In 2020 appeared first on Packet Pushers.
Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored)
On today's Tech Bytes podast we talk with sponsor CodiLime about the benefits of SDN, how SDN works, and CodiLime's network engineering services that help organizations of all sizes migrate to SDN. Our guest Monika Antoniak, head of R&D at CodiLime.Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored)
On today's Tech Bytes podast we talk with sponsor CodiLime about the benefits of SDN, how SDN works, and CodiLime's network engineering services that help organizations of all sizes migrate to SDN. Our guest Monika Antoniak, head of R&D at CodiLime.
The post Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored) appeared first on Packet Pushers.
The Week in Internet News: Let’s Encrypt Hits One Billion Certificates
Encryption wave: Let’s Encrypt, the website encryption project supported by the Internet Society, has issued 1 billion web security certificate, ZDNet reports. About 81 percent of the world’s websites now are secured with Transport Layer Security (TLS) encryption, and Let’s Encrypt, which offers free TLS certificates, now serves nearly 200 million websites.
Even more encryption: In other encryption news, the Firefox browser has begun turning on DNS over HTTPS (DoH) by default for users in the U.S., The Verge says. The encryption tool secures Internet traffic, including browsing histories.
No more WiFi: Google is shutting down a free Wi-Fi service called Station that has served parts of India, Indonesia, South Africa, Mexico, Thailand, Nigeria, Philippines, Brazil and Vietnam. TechCrunch reports. Google says the service is no longer needed because of falling prices for mobile broadband service. Google also struggled to find a business model.
Keep your hands off the network: Employees are increasingly connecting their personal Internet of Things devices, like smart watches and fitness trackers, to corporate networks, according to research by Zscaler, detailed at ZDNet. These unauthorized connections undermine network security. The most connected personal devices included digital home assistants, TV set-top boxes, video cameras, smart-home Continue reading
Technology Short Take 124
Welcome to Technology Short Take #124! It seems like the natural progression of the Tech Short Takes is moving toward monthly articles, since it’s been about a month since my last one. In any case, here’s hoping that I’ve found something useful for you. Enjoy! (And yes, normally I’d publish this on a Friday, but I messed up and forgot. So, I decided to publish on Monday instead of waiting for Friday.)
Networking
- Said van de Klundert has a post on screen scraping basics for network engineers. For network engineers just getting started with network automation, I suspect that the information shared here may prove quite useful.
- Ronald de Jong takes readers through using the migration coordinator to migrate from NSX-v (NSX for vSphere) to NSX-T. Ronald’s post is fairly detailed, and worth a read if this is a migration you’re going to have to undertake.
- For readers who may be new to networking, Daniel Wray has a write-up on network cabling.
- Redpill Linpro talks to readers about their new routers running Cumulus Linux. That’s cool.
Servers/Hardware
- This article is about hardware, just not the hardware I’d typically talk about in this section—instead, it’s about Philips Hue light bulbs. Continue reading
How to deploy on remote Docker hosts with docker-compose
The docker-compose tool is pretty popular for running dockerized applications in a local development environment. All we need to do is write a Compose file containing the configuration for the application’s services and have a running Docker engine for deployment. From here, we can get the application running locally in a few seconds with a single `docker-compose up` command.
This was the initial scope but…
As developers look to have the same ease-of-deployment in CI pipelines/production environments as in their development environment, we find today docker-compose being used in different ways and beyond its initial scope. In such cases, the challenge is that docker-compose provided support for running on remote docker engines through the use of the DOCKER_HOST environment variable and -H, –host command line option. This is not very user friendly and managing deployments of Compose applications across multiple environments becomes a burden.
To address this issue, we rely on Docker Contexts to securely deploy Compose applications across different environments and manage them effortlessly from our localhost. The goal of this post is to show how to use contexts to target different environments for deployment and easily switch between them.
We’ll start defining a sample application to use Continue reading
When Bloom filters don’t bloom
I've known about Bloom filters (named after Burton Bloom) since university, but I haven't had an opportunity to use them in anger. Last month this changed - I became fascinated with the promise of this data structure, but I quickly realized it had some drawbacks. This blog post is the tale of my brief love affair with Bloom filters.
While doing research about IP spoofing, I needed to examine whether the source IP addresses extracted from packets reaching our servers were legitimate, depending on the geographical location of our data centers. For example, source IPs belonging to a legitimate Italian ISP should not arrive in a Brazilian datacenter. This problem might sound simple, but in the ever-evolving landscape of the internet this is far from easy. Suffice it to say I ended up with many large text files with data like this:
This reads as: the IP 192.0.2.1 was recorded reaching Cloudflare data center number 107 with a legitimate request. This data came from many sources, including our active and passive probes, logs of certain domains we own (like cloudflare.com), public sources (like BGP table), etc. The same line would usually be repeated across multiple Continue reading
My Cisco Certified DevNet Associate Journey by Nick Russo
On 27 February 2020, I took and passed the Cisco Certified DevNet Associate (DEVASC) exam on my first attempt. TLDR; it was a well-structured and fair exam. I think it was my favorite Cisco exam of all time. It had clear questions, good depth, no off-blueprint curveballs, and a great measure of candidate skill. The distribution of questions was also in accordance with the blueprint topic weights.
I’m known for being a concise and high signal-to-noise blogger, so I won’t turn this into a blueprint exploration article. You can learn more about the official certification here. Instead, I’ll focus on how I prepared for this exam.
Above all else, you need to sign up for an account at Cisco DevNet. It’s 100% free and contains many excellent resources to help you learn software-related topics. This is more than just “network automation” as you’ll be exposed to software development techniques and strategies, too. While everything on DevNet is useful, I believe the following three resources are the most important for this exam. Learning the content and passing any DevNet exam would be almost impossible without them:
- Sandboxes: These are demo environments that learners can use for testing specific products and Continue reading
Automation Story: Network Diagrams
Anne Baretta got pretty far in his automation story: after starting with configuration templates and storing network inventory into a database, he tackled the web UI. What’s next? How about a few auto-generated network diagrams?
Notes
- We covered the magic behind network diagrams in our network automation course.
- For whatever reason, I see numerous networking engineers focusing on generating useful network diagrams. Wasn’t that problem solved ages ago with miraculous single-pane-of-glass network management software?
Automation Story: Network Diagrams
Anne Baretta got pretty far in his automation story: after starting with configuration templates and storing network inventory into a database, he tackled the web UI. What’s next? How about a few auto-generated network diagrams?
Notes
- We covered the magic behind network diagrams in our network automation course.
- For whatever reason, I see numerous networking engineers focusing on generating useful network diagrams. Wasn’t that problem solved ages ago with miraculous single-pane-of-glass network management software?
Firecracker: lightweight virtualization for serverless applications
Firecracker: lightweight virtualisation for serverless applications, Agache et al., NSDI’20
Finally the NSDI’20 papers have opened up to the public (as of last week), and what a great looking crop of papers it is. We looked at a couple of papers that had pre-prints available last week, today we’ll be looking at one of the most anticipated papers of this year’s crop: Amazon’s Firecracker.
Firecracker is the virtual machine monitor (VMM) that powers AWS Lambda and AWS Fargate, and has been used in production at AWS since 2018. Firecracker is open source, and there are a number of projects that make it easy to work with outside of the AWS environment too, including Weave Firekube (disclaimer: Accel is an investor in Weaveworks). Firekube exists because none of the existing alternatives (virtualisation, containers or language-specific vms) met the combined needs of multi-tenant efficiency and strong isolation in the AWS environment.
The traditional view is that there is a choice between virtualization with strong security and high overhead, and container technologies with weaker security and minimal overhead. This tradeoff is unacceptable to public infrastructure providers, who need both strong security and minimal overhead.
Approaches to isolation
The first version of Continue reading