Network Simulations with Network Service Mesh

In September 2019 I had the honour to present at Open Networking Summit in Antwerp. My talk was about meshnet CNI plugin, k8s-topo orchestrator and how to use them for large-scale network simulations in Kubernetes. During the same conference, I attended a talk about Network Service Mesh and its new kernel-based forwarding dataplane which had a lot of similarities with the work that I’ve done for meshnet. Having had a chat with the presenters, we’ve decided that it would be interesting to try and implement a meshnet-like functionality with NSM. In this post, I’ll try to document some of the findings and results of my research.

Network Service Mesh Introduction

NSM is a CNCF project aimed at providing service mesh-like capabilities for L2/L3 traffic. In the context of Kubernetes, NSM’s role is to interconnect pods and setup the underlying forwarding, which involves creating new interfaces, allocating IPs and configuring pod’s routing table. The main use cases are cloud-native network functions (e.g. 5G), service function chaining and any containerised applications that may need to talk over non-standard protocols. Similar to traditional service meshes, the intended functionality is achieved by injecting sidecar containers that communicate with a distributed control plane of Continue reading

How Open-RAN could ‘white-box’ 5G

One of Britain’s principal mobile networks, O2, has just announced that it intends to deploy Open Radio Access Network technology (O-RAN) in places.O-RAN is a wireless industry initiative for designing and building radio network solutions using “a general-purpose, vendor-neutral hardware and software-defined technology,” explains Telecom Infra Project, the body responsible, on its website.TIP is the trade body that, along with Intel and Vodafone, conceived of the technology alternative – an attempt at toppling the dominance of Ericsson, Huawei and Nokia, which provide almost all mobile telco infrastructure now.To read this article in full, please click here

250M Microsoft Customer Records Exposed; Cisco Prescribes Patches

Daily Roundup: CloudGenix CEO Guns for Cisco

Rakuten Mobile Plans Commercial 4G LTE Launch in April

Amazon Asks Court to Stop Microsoft’s JEDI Work

TriggerMesh Lands $3M Investment to Bolster Serverless Interoperability

IPv6 Buzz 043: Let’s Explore IPv6 Router Advertisements!

IPv6 Buzz 043: Let’s Explore IPv6 Router Advertisements!

In this week's IPv6 Buzz episode, Ed and Tom talk in depth about IPv6 Router Advertisements (or RAs), what they are, what they do, and why they're critical to IPv6 operations.

The post IPv6 Buzz 043: Let’s Explore IPv6 Router Advertisements! appeared first on Packet Pushers.

Pluribus Taps Red Hat OpenStack, Ansible for Edge Centers

The Edge Just Got Real

CloudGenix CEO: We’re Coming For Cisco’s Customers

Automation Solution: Testing Data Models

If your automation solution relies on a back-end database with strict database schema you can stop reading… but if you (like most others) still live in the land of text files encoded in your favorite presentation format (because it’s hip to hate YAML), you might appreciate the solution Donald Johnson uses to check his data models before committing them into Git repository.

ISPs Should Strongly Consider MANRS to Fight Cybercrime: World Economic Forum Report

A World Economic Forum (WEF) report released today recommends that Internet Service Providers (ISPs) should strongly consider joining the Mutually Agreed Norms for Routing Security (MANRS) initiative to improve the security of the Internet’s global routing system.

Systemic security issues about how traffic is routed on the Internet make it a relatively easy target for criminals. MANRS helps reduce the most common routing threats and increase efficiency and transparency among ISPs on peering relationships.

The WEF Centre for Cybersecurity identifies four actionable principles as effective in preventing malicious activities from getting “down the pipes” from network providers to consumers in the report Cybercrime Prevention: Principles for Internet Service Providers, released today in Davos, Switzerland.

The principles were developed and tested over a year with leading ISPs around the world and multilateral organizations, including BT, Deutsche Telekom, Du Telecom, Europol, Global Cyber Alliance, Korea Telecom, Proximus, Saudi Telcom, Singtel, Telstra, and ITU, WEF says in a press release.

One of the principles is to “take action to shore up the security of routing and signalling to reinforce effective defence against attacks”, and MANRS, a global initiative supported by the Internet Society, is one of the recommendations to achieve the principle Continue reading

Cisco issues firewall, SD-WAN security warnings

Amongst Cisco’s dump of 27 security advisories today only one was rated as critical – a vulnerability in its Firepower firewall system that could let an attacker bypass authentication and execute arbitrary actions with administrative privileges on a particular device.The Firepower Management Center (FMC) vulnerability – which was rated at 9.8 out of 10 – comes from improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. With it, an attacker could exploit the vulnerability by sending crafted HTTP requests to an affected device and gain administrative access to its web-based management interface.To read this article in full, please click here

Cisco issues firewall, SD-WAN security warnings

Amongst Cisco’s dump of 27 security advisories today only one was rated as critical – a vulnerability in its Firepower firewall system that could let an attacker bypass authentication and execute arbitrary actions with administrative privileges on a particular device.The Firepower Management Center (FMC) vulnerability – which was rated at 9.8 out of 10 – comes from improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. With it, an attacker could exploit the vulnerability by sending crafted HTTP requests to an affected device and gain administrative access to its web-based management interface.To read this article in full, please click here

VMware targets SD-WAN management with Nyansa acquisition

VMware says it plans to acquire AI-based network management and analytics firm Nyansa for an undisclosed amount.VMware said the Nyansa technology will be targeted at boosting monitoring and troubleshooting for LAN/WAN deployments within its SD-WAN package – VMware SD-WAN by VeloCloud. More about SD-WAN: How to buy SD-WAN technology: Key questions to consider when selecting a supplier • How to pick an off-site data-backup method •  SD-Branch: What it is and why you’ll need it • What are the options for security SD-WAN? Founded in 2013, Nyansa’s primary technology is a cloud-based network management package called Voyance that employs AI to automate the discovery of devices on the network and identify unusual behavior.  Nyansa says it’s being used to watch-over some 20 million client devices operating across roughly 200 networks. Its customers include Tesla, Uber, Lululemon, GE Healthcare and Stanford University.To read this article in full, please click here

Daily Roundup: VMware Buys Nyansa

US Pledges $1B to Roast Huawei With Open RAN 5G

Survey: Digital transformation can reveal network weaknesses

Digital transformation is a catch-all phrase that describes the process of using technology to modernize or even revolutionize how services are delivered to customers. Not only technology but also people and processes commonly undergo fundamental changes for the ultimate goal of significantly improving business performance.Such transformations have become so mainstream that IDC estimated that 40% of all technology spending now goes toward digital transformation projects, with enterprises spending in excess of $2 trillion on their efforts through 2019.To read this article in full, please click here