Log every request to corporate apps, no code changes required

When a user connects to a corporate network through an enterprise VPN client, this is what the VPN appliance logs:

The administrator of that private network knows the user opened the door at 12:15:05, but, in most cases, has no visibility into what they did next. Once inside that private network, users can reach internal tools, sensitive data, and production environments. Preventing this requires complicated network segmentation, and often server-side application changes. Logging the steps that an individual takes inside that network is even more difficult.

Cloudflare Access does not improve VPN logging; it replaces this model. Cloudflare Access secures internal sites by evaluating every request, not just the initial login, for identity and permission. Instead of a private network, administrators deploy corporate applications behind Cloudflare using our authoritative DNS. Administrators can then integrate their team’s SSO and build user and group-specific rules to control who can reach applications behind the Access Gateway.

When a request is made to a site behind Access, Cloudflare prompts the visitor to login with an identity provider. Access then checks that user’s identity against the configured rules and, if permitted, allows the request to proceed. Access performs these checks on each request a user Continue reading

Dell Technologies CTO: Why AI Needs Empathy

Writing userspace USB drivers for abandoned devices

Writing userspace USB drivers for abandoned devices

Weekly Top Posts: 2019-11-17

1. Headcount: Firings, Hirings, and Retirings — October 2019
2. Analysts Debate SASE’s Merits as Vendors Board Hype Train
3. Google Killed Chronicle, Report Claims
4. AT&T Sounds Alarm on 5G Security
5. Juniper Targets VMware, Data Center Complexity With Contrail Insights

Palo Alto Networks Leaps Into SASE Market

Monitoring for High Performance Networks at 400G scale

IoT in 2020: The awkward teenage years

Much of the hyperbole around the Internet of Things isn’t really hyperbole anymore – the instrumentation of everything from cars to combine harvesters to factories is just a fact of life these days. IoT’s here to stay.Yet despite the explosive growth – one widely cited prediction from Gartner says that the number of enterprise and automotive IoT endpoints will reach 5.8 billion in 2020 – the IoT market’s ability to address its known flaws and complications has progressed at a far more pedestrian pace. That means ongoing security woes and a lack of complete solutions are most of what can be safely predicted for the coming year.To read this article in full, please click here

IoT in 2020: The awkward teenage years

Much of the hyperbole around the Internet of Things isn’t really hyperbole anymore – the instrumentation of everything from cars to combine harvesters to factories is just a fact of life these days. IoT’s here to stay.Yet despite the explosive growth – one widely cited prediction from Gartner says that the number of enterprise and automotive IoT endpoints will reach 5.8 billion in 2020 – the IoT market’s ability to address its known flaws and complications has progressed at a far more pedestrian pace. That means ongoing security woes and a lack of complete solutions are most of what can be safely predicted for the coming year.To read this article in full, please click here

Carrier supporting Carrier with BGP-LU

In our last post we talked about the less used method of deploying CsC where we ran OSPF and LDP inside the CSC-PE routing-instance.

Note: I can’t help myself apparently so be aware that Carrier of Carriers (CoC) is the same as Carrier supporting Carrier (CsC)

This required some changes to be made to our default LDP export policy as well as how we moved routes between the inet.3 and inet.0 tables. That being said, if you’re a single org it might make good sense to run things that way. I liked how you were able to see all of the remote LDP domain loopbacks in your local inet.3 table which in my mind made it easier to imagine the LSP paths.

That being said, it is clearly not the preferred deployment methodology. Most examples you’ll find leverage BGP (BGP-LU specifically) for the CSC-CE to CSC-PE connections as well as within the local label domains. So in this example, we’ll do just that. Larges chunks of the base configuration will be the same as they were in the previous post but for the sake of clarity I’ll post our starting post the starting configurations and diagrams here Continue reading

IETF 106 Begins Nov 16 in Singapore – Here is how you can participate remotely in building open Internet standards

Starting Saturday, November 16, 2019, the 106th meeting of the Internet Engineering Task Force (IETF) will begin in Singapore. Over 1,000 engineers from around the world will gather in the convention center to join together in the debates and discussions that will advance the open standards that make the Internet possible. They are gathered, in the words of the IETF mission, “to make the Internet work better“.

Pick your protocol – the future of DNS, DOH, TLS, HTTP(S), QUIC, SIP, TCP, IPv6, ACME, NTP… and many, many more will be debated in the rooms and hallways over the next week.

What if you cannot be IN Singapore?

If you are not able to physically be in Singapore this week, the good news is you can participate remotely! The IETF website explains the precise steps you need to do. To summarize quickly:

1. Register as a remote participant. There is no cost.
2. Review the agenda to figure out which sessions you want to join. (I will note that there are some very interesting (to me!) Birds-of-a-Feather (BOF) sessions at IETF 106.)
3. Choose the channel(s) you will use to participate, including:
   • Meetecho (video, slides, audio, and chat)
   • Audio Continue reading

IDG Contributor Network: Dell Tech’s PowerOne approach to hybrid cloud

Hyper Converged Infrastructure is going through a period of dynamic shifts and disruption, hybrid and multi cloud architectures are also transforming how people think about infrastructure. And with this I am watching the vendor landscape go through a period of significant transformation.For most traditional IT vendors, established norms and product roadmaps are in a state of flux as product lifecycles are being compressed. And new mega trends – AI, ML, containers and 5G, to name a few – are disrupting how IT is provisioned, managed and consumed.We are also entering a market cycle of increased “coopetition,” where traditional on-premises vendors such as IBM, Dell Tech, HPE and Cisco (among others) are having product roadmaps and revenue projections upended by hyperscale cloud providers such as AWS, Microsoft with Azure and Google Cloud Platform. While these companies are continuing to work together strategically, it’s also easy to recognize that market conditions are yielding an increased level of competition among these same organizations. These shifts are driving the incumbent infrastructure vendors to make bold moves to stay relevant and continue to drive the growth so craved by shareholders and the innovation desired by their largest customers and users.To read this Continue reading

Weekly Wrap: Juniper Guns for Cisco, Aruba With Mist AI

Microsoft Earns Top Marks in Industrial IoT

Amazon Challenges Pentagon’s $10B JEDI Award

The Datacenter Starts To Perk Up For Nvidia

The datacenter business at Nvidia hit a rough patch a little less than a year ago, but it is starting to pick up again after a few quarters of declines and may soon be in positive growth territory. …

The Datacenter Starts To Perk Up For Nvidia was written by Timothy Prickett Morgan at The Next Platform.

Stuff The Internet Says On Scalability For November 15, 2019

How to Network for a Job

When most people hear the phrase “job networking,” they think of those white collar career type jobs that may eventually lead to someone becoming a CEO or owner of a big company. However, whether you are looking for a job in a top 500 company, or simply looking for a job with a construction company, as a cook, or as a teacher here are some helpful tips on how to network for a job.

How to Network for a Job in 6 Easy Steps

Build a Network Before Your Actually Need One

The minute you decide on the type of job that you really like, you should start building a network of people who can offer advice, let you know about job openings, and will spread the word when you are ready to start the job of your choice. Build your network of people in the trade or business you are interested in, related businesses, and people who have influence in the community, as well as people with whom you may share other interests.

Maintain Your Network

Once you have a network in place, begin maintaining your network. Call or email the people regularly just to ask how they are Continue reading

AI and Trivia

Photo by Pixabay on Pexels.com

I didn’t get a chance to attend Networking Field Day Exclusive at Juniper NXTWORK 2019 this year but I did get to catch some of the great live videos that were recorded and posted here. Mist, now a Juniper Company, did a great job of talking about how they’re going to be extending their AI-driven networking into the realm of wired networking. They’ve been using their AI virtual assistant, named “Marvis”, for quite a while now to solve basic wireless issues for admins and engineers. With the technology moving toward the copper side of the house, I wanted to talk a bit about why this is important for the sanity of people everywhere.

Finding the Answer

Network and wireless engineers are walking storehouses of useless trivia knowledge. I know this because I am one. I remember the hello and dead timers for OSPF on NBMA networks. I remember how long it takes BGP to converge or what the default spanning tree bridge priority is for a switch. Where some of my friends can remember the batting average for all first basemen in the league in 1971, I can instead tell you all about Continue reading

Heavy Networking 486: Measuring Global Performance Of The Big 5 Cloud Providers (Sponsored)

Sponsor ThousandEyes comes on Heavy Networking to review their research on the global cloud performance of AWS, Azure, GCP, AliCloud, and IBM. Their data measures and compares public clouds from a networking perspective, helping us figure out optimal placement of workloads and connectivity. Our guests from ThousandEyes are Archana Kesavan, Director, Product Marketing; and Angelique Medina, Director, Product Marketing.

The post Heavy Networking 486: Measuring Global Performance Of The Big 5 Cloud Providers (Sponsored) appeared first on Packet Pushers.

Run the Antidote network emulator on KVM for better performance

Antidote is the network emulator that runs the labs on the Network Reliability Labs web site. You may install a standalone version of Antidote on your personal computer using the Vagrant virtual environment provisioning tool.

In this post, I show you how to run Antidote on a Linux system with KVM, instead of VirtualBox, on your local PC to achieve better performance — especially on older hardware.

Why use KVM instead of VirtualBox?

Antidote runs emulated network nodes inside a host virtual machine. If these emulated nodes must also run on a hypervisor, as most commercial router images require, then they are running as nested virtual machines inside the host virtual machine. Unless you can pass through your computer’s hardware support for virtualization to the nested virtual machines, they will run slowly.

VirtualBox offers only limited support for nested virtualization. If you are using a Linux system, you can get better performance if you use Libvirt and KVM, which provide native support for nested virtualization.

When to use VirtualBox

If you plan to run Antidote on a Mac or a PC, you should use Antidote’s standard installation with VirtualBox¹. Vagrant and VirtualBox are both cross-platform, open-source tools.

Continue reading