Today's Network Break episode discusses new data center software and switches from Extreme, new networking cloud tools from Google, Microsoft's support for DoH, an internal re-organization at Cisco and more tech news.
The post Network Break 262: Extreme Announces Fabric Automation And New Switches; Google Rolls Out Smarter Cloud Networking appeared first on Packet Pushers.
Internet from the skies: Loon, Google’s sister company, is teaming up with Internet provider Telefonica to provide Internet access to remote areas of the Amazon rainforest in Peru, TechCrunch reports. Loon, the high-altitude balloon company, plans to have the service available in 2020. The area of Peru targeted by the service has about 200,000 residents.
Internet from the highway: Meanwhile, Osceola County Schools in Florida has equipped an unused bus with computer equipment in an effort to bring Internet access to homeless students living in motels, WSBTV.com reports. The school district, south of Orlando, has about 500 students living in motels, some with limited Internet access.
Investigating encryption: A top official at the U.S. Department of Justice has hinted that end-to-end encryption services could be part of a sweeping investigation into some big tech companies, the New York Times reports. The DOJ and law enforcement agencies from other countries have been pushing large tech companies like Facebook to drop their end-to-end encryption services, to the chagrin of many security experts.
Iran shuts it down: The Iranian government shut down Internet access for citizens for several days in response to protests about huge hikes in fuel prices, CNN.com reports. Continue reading
As part of the release of Red Hat Ansible Automation Platform, we’re happy to announce the release of Red Hat Ansible Tower 3.6. Ansible Tower is the scalable execution framework of the Ansible Automation Platform, providing an API around automation that you can use to scale automation across your enterprise and integrate automation into your tools and processes.
Not all automation processes can proceed entirely without human input. In Ansible Tower 3.6, we’ve added pause and approval to Ansible Tower workflows to help enable more flexible automation. At any step in a workflow you can pause and wait for an approval from an administrator, or any other you delegate approval permissions to. Need to verify that your deployment was fully successful before updating the external DNS entries? Need to ensure that your developers won’t spin up 300 extra cloud servers when provisioning new dev environments? Now you can do that, integrated directly in Ansible Tower workflows.
Notifications were introduced in Ansible Tower 3.0, allowing the status of any job to be reported out via email, Slack, IRC, and more. In Ansible Tower 3.6, we’ve made the content Continue reading
This blog was selected as a finalist in Cisco BLOG Awards in the Best Analysis category, the category for resources that provide insightful discussions and help for networking architects around the world. Fancy right? Do you agree? Go and vote, it’s the second one on the list ? https://www.ciscofeedback.vovici.com/se/705E3ECD18791A68
The post Best Analysis Finalist – Cisco IT Blog Awards for 2019 appeared first on How Does Internet Work.
I’m running two workshops in Zurich in the next 10 days:
I published the slide deck for the NSX versus ACI workshop a few days ago (and you can already download it if you have a paid ipSpace.net subscription) and it’s full of new goodness like ACI vPod, multi-pod ACI, multi-site ACI, ACI-on-AWS, and multi-site NSX-V and NSX-T.
Mergeable replicated data types Kaki et al., OOPSLA’19
This paper was published at OOPSLA, but perhaps it’s amongst the distributed systems community that I expect there to be the greatest interest. Mergeable Replicated Data Types (MRDTs) are in the same spirit as CRDTs but with the very interesting property that they compose. Furthermore, a principled approach for deriving MRDTs is provided, allowing a wide range of data-types to be lifted to their mergeable, replicated counterparts with very little effort on the part of the programmer. The paper sets the discussion in the context of geo-replicated distributed systems, but of course the same mechanisms could be equally useful in the context of local-first applications.
There’s a lot of material in this paper’s 29 pages, and to make sure I have the space to properly understand the ideas (the process of summary writing is a critical part of that for me), I’m going to spread my coverage over two posts.
We’ll begin by looking at the context and the high-level idea behind MRDTs, then we’ll investigate how merge specifications can be derived and composed, and how merge implementations can be derived too. Finally we’ll touch on the implementation of MRDTs in Continue reading
Steve Bellovin wrote a great series of articles describing the early history of Usenet. The most interesting part in the “security and authentication” part was probably this gem:
That left us with no good choices. The infrastructure for a cryptographic solution was lacking. The uux command rendered illusory any attempts at security via the Usenet programs themselves. We chose to do nothing. That is, we did not implement fake security that would give people the illusion of protection but not the reality.
A lot of other early implementers chose the same route, resulting in SMTP, BGP… which wouldn’t be a problem if someone kept track of that and implemented security a few years later. Unfortunately we considered those problems solved and moved on to chase other squirrels. We’re still paying the interest on that technical debt.
CCDE Study Guide – Are you looking for a book that will teach you all the topics on advanced technical networking? If so, I would be very pleased to recommend CCDE Study Guide written by Marwan Al-Shawi to you.
As one of the professionals who contributed immensely to this book, I must admit that Marwan wrote this book in collaboration with a number of savvy designers. IT experts who contributed to this wonderful book include Russ White, Andre Laurent, Denise Fishbourne, Ivan Papeljnak, and Orhan Ergun. In fact, all the IT concepts in this book are enlightening! The book has many drawings, which will assist learners to understand network design.
Today, I spoke with one of my old friend, an expert in CCDE, who read Marwan’s book, and his comment was this: “The book contains pictures that explain a thousand words.”
The most important topics of the networking design, especially for the CCDE exam, are layer 3 technologies such as IGP, BGP, MPLS, Inter-AS MPLS, and IPv6 and VPNs. These topics are extensively covered in this book.
These topics are very important because CCDE exam is a layer 3 infrastructure exam and because these technologies provide an Continue reading
From the days of old, setting fire to a large torch would signal to a neighbouring town something was going on. On the Great Wall in China, reports of signals reaching some 470 miles can be read on Wikipedia! Back to the future and modern day times, signals are transmitted and received as part of every application we touch. Signals underpin a system’s communications, irrelevant of what that system is. Software gives off many signals of a wide variety in normal operations and through signal correlation, we can yield useful events. Signals can also be used to achieve an outcome in a remote system as well as direct application API calls.
Being a fan of systems that have a natural synergy to them, I also look for ways to tie application functionality into natural system interactions.
For this post, I want to talk about the separation of concerns between an application’s functionality via it’s primary operational interface, likely an API of some sort, versus the application’s operational configuration, which allows it start on the correct TCP/IP port and consume the correct credential information.
Why not just get the application to refresh its configuration through the operational interface? The best way Continue reading
Another great advice from Charity Majors: does it make sense to go back to being an engineer after being a manager for a few years?
Personal note: finding a great replacement for my CTO role was probably the best professional decision I ever made ;)
Zsh ships vcs_info, a function fetching information about the
VCS state for the current directory and populating a variable that can
be used in a shell prompt. It supports several VCS, including Git and
SVN. Here is an example of configuration:
autoload -Uz vcs_info zstyle ':vcs_info:*' enable git () { local formats="${PRCH[branch]} %b%c%u" local actionformats="${formats}%{${fg[default]}%} ${PRCH[sep]} %{${fg[green]}%}%a" zstyle ':vcs_info:*:*' formats $formats zstyle ':vcs_info:*:*' actionformats $actionformats zstyle ':vcs_info:*:*' stagedstr "%{${fg[green]}%}${PRCH[circle]}" zstyle ':vcs_info:*:*' unstagedstr "%{${fg[yellow]}%}${PRCH[circle]}" zstyle ':vcs_info:*:*' check-for-changes true } add-zsh-hook precmd vcs_info
You can use ${vcs_info_msg_0_} in your prompt to display the current
branch, the presence of staged and unstaged changes, as well as the
ongoing action.1 Have a look at the documentation for more
details.
vcs_info function.On large repositories, some information are expensive to fetch. While
vcs_info queries Git, interactions with Zsh are stuck. A possible
solution is to execute vcs_info asynchronously with zsh-async.
Edge computing is a dispersion or distribution of the cloud and latency is the driving force of...
TCP_MD5 (RFC 2385) is something that doesn’t come up often. There’s a couple of reasons for that, good and bad.
I used it with tlssh, but back then (2010) it was not practical due to the limitations in the API on Linux and OpenBSD.
This is an updated post, written after I discovered TCP_MD5SIG_EXT.
In short it’s a TCP option that adds an MD5-based signature to every TCP packet. It signs the source and destination IP addresses, ports, and the payload. That way the data is both authenticated and integrity protected.
When an endpoint enables TCP MD5, all unsigned packets (including SYN packets) are silently dropped. For a signed connection it’s not even possible for an eavesdropper to reset the connection, since the RST would need to be signed.
Because it’s on a TCP level instead of part of the protocol on top of TCP, it’s the only thing that can protect a TCP connection against RST attacks.
It’s used by the BGP protocol to set a password on the connection, instead of sending the password in the handshake. If the password doesn’t match the TCP connection doesn’t even establish.
But outside of BGP it’s essentially Continue reading
It is funny to think that in a certain light, AMD has Big Blue to thank for its resurgence in the datacenter. …
Talking System Architecture With AMD CTO Mark Papermaster was written by Timothy Prickett Morgan at The Next Platform.