Private VLAN (PVLAN) Configuration Example

Private VLAN (PVLAN) Configuration Example

We all know that by default, all the devices in the same VLAN can talk to each other. For example, if you have a switch with multiple devices connected to it and if they are part of the same VLAN, they can communicate without any restrictions. But there are times when you might want to keep the devices in the same VLAN while preventing them from talking to each other. This is where Private VLANs come into play, offering control over who can talk to each other within the 'same VLAN'. So, let’s get started and we will cover the following topics.

  1. Isolated VLAN, Community VLAN and Promiscuous Port
  2. A very Simple Private VLAN example
  3. Private VLAN with Multiple Switches (Trunk)
  4. Private VLAN to Default Gateway over Trunk

Private VLAN (PVLAN) Introduction

Let's break down how Private VLANs work with a simple scenario. Imagine we have a "users" VLAN where all the laptops connect. Suppose we have a mix of Windows and Linux devices. We want to ensure that Windows devices can't communicate with each other at all. However, it's okay for Linux devices to talk to each other, but they shouldn't communicate with the Windows devices either.

Continue reading

HN749: Expand Your Network Labs With Containerlab and Clabernetes

On today’s episode, we cover open source Clabernetes, a tool that allows you to run Containerlab on Kubernetes. Containerlab provides a CLI for orchestrating and managing container-based networking labs. It starts the containers, builds a virtual wiring between them to create lab topologies of your choice and manages the lab’s lifecycle.  We discuss the answer... Read more »

Oracle Puts AI, Automation Between Its Cloud And the Bad Guys

Despite a slow start several years ago, Oracle has refashioned itself into a cloud builder, rapidly expanding its Oracle Cloud Infrastructure to make it among the top second-tier providers, although still well behind the likes of Amazon Web Services, Microsoft Azure, and Google Cloud.

Oracle Puts AI, Automation Between Its Cloud And the Bad Guys was written by Jeffrey Burt at The Next Platform.

The Difficulty – And Necessity – Of Parsing Out AI Spending

For a decade before the generative AI boom took off in late 2022, classical artificial intelligence, used for all kinds of self-learning predictive algorithms, was destined to be a very large component of the IT stack at most organizations in the world.

The Difficulty – And Necessity – Of Parsing Out AI Spending was written by Timothy Prickett Morgan at The Next Platform.

TL003: Leveling Up Your Team’s Skills

IT work requires ongoing training and skills development. Laura Santamaria and guest Scott Robohn discuss strategies for leveling up your team to ensure they have the skills they need. Laura and Scott talk about the need for continuous learning and explore options for encouraging skill development, even in budget-constrained environments. Good leaders should guide by... Read more »

The Evolution of PON

The evolution of wired access networks for suburban reticulation has been driven by a special set of economic and technical circumstances. Infrastructure assets are in this sector need to have an extended service life in order to by financially viable. While optical technology continues to evolve rapidly the challenge is to map this changing technology on to a fixed fibre cable plant.

How Meta Is Reinforcing its Global Network for AI Traffic

It was in 2022 when Meta engineers started to see the first clouds of an incoming storm, namely how much AI would change the nature —and volume — of the company’s network traffic. “Starting 2022, we started seeing a whole other picture,” said Meta’s Networking @Scale 2024 conference, being held this week both virtually and at Santa Clara Convention Center, in Calif. Mind you, Meta owns one of the world’s largest private backbones, a global network physically connecting 25 data centers and 85 points of presence with millions of miles of fiber optic cable, buried under both land and sea. Its reach and throughput allows someone on an Australian beach to see videos being posted by their friend in Greece nearly instantaneously. And for the past five years, this global capacity has grown consistently by 30% a year. Yet, the growing AI demands on the backbone is bumpy and difficult to predict. “The impact of large clusters, GenAI, and AGI is yet to be learned,” Sundaresan said. “We haven’t yet fully flushed out what that means for the backend.” Nonetheless, the networking team has gotten creative Continue reading

Hedge 243: The Open Radio Area Network (RAN)

The cellular network world is similar enough to the IP networking world to feel familiar, but different enough to require learning new terms and ideas. Tom Nadeau joins Tom Ammon and Russ White to discuss one element of this networking world, the RAN network, and the current move towards open source and white box disaggregated solutions.

download

Protecting APIs from abuse using sequence learning and variable order Markov chains

Consider the case of a malicious actor attempting to inject, scrape, harvest, or exfiltrate data via an API. Such malicious activities are often characterized by the particular order in which the actor initiates requests to API endpoints. Moreover, the malicious activity is often not readily detectable using volumetric techniques alone, because the actor may intentionally execute API requests slowly, in an attempt to thwart volumetric abuse protection. To reliably prevent such malicious activity, we therefore need to consider the sequential order of API requests. We use the term sequential abuse to refer to malicious API request behavior. Our fundamental goal thus involves distinguishing malicious from benign API request sequences.

In this blog post, you’ll learn about how we address the challenge of helping customers protect their APIs against sequential abuse. To this end, we’ll unmask the statistical machine learning (ML) techniques currently underpinning our Sequence Analytics product. We’ll build on the high-level introduction to Sequence Analytics provided in a previous blog post.

API sessions

Introduced in the previous blog post, let’s consider the idea of a time-ordered series of HTTP API requests initiated by a specific user. These occur as the user interacts with a service, such as while browsing Continue reading

NAN073: Some Final Words of Wisdom from Greg Ferro

This episode was recorded with Greg Ferro, co-founder of Packet Pushers, just days before his retirement in July 2024. Greg and Eric reflect on Greg’s influential career in network engineering and the evolution of the industry. Greg discusses the challenges of maintaining open-source projects amid increasing commercialization and corporate exploitation. He emphasizes the importance of... Read more »

How the Harris-Trump US presidential debate influenced Internet traffic

Much has changed in the 2024 United States presidential election since the June 27 debate between Donald Trump and Joe Biden, then the presumptive nominees for the November election. Now, over two months later, on September 10, the debate was between Kamala Harris, the Democratic nominee, and Donald Trump, the Republican nominee. In this post, we will explore the event's impact on Internet traffic in specific states where there was a bigger impact than during the Biden-Trump debate, as well as examine cyberattacks, email phishing trends, and general DNS data on candidates, news, and election-related activity.

We’ve been tracking the 2024 elections globally through our blog and election report on Cloudflare Radar, covering some of the more than 60 national elections this year. Regarding the US elections, we have previously reported on trends surrounding the first Biden vs. Trump debate, the attempted assassination of Trump, the Republican National Convention, and the Democratic National Convention.

Typically, we have observed that election days don’t come with significant changes to Internet traffic, and the same is true for debates. Yet, debates can also draw attention that impacts traffic, especially when there is heightened anticipation. The 2024 debates were not only Continue reading

Customers get increased integration with Cloudflare Email Security and Zero Trust through expanded partnership with CrowdStrike

Today, we’re excited to expand our recent Unified Risk Posture announcement with more information on our latest integrations with CrowdStrike. We previously shared that our CrowdStrike Falcon Next-Gen SIEM integration allows for deeper analysis and further investigations by unifying first- and third-party data, native threat intelligence, AI, and workflow automation to allow your security teams to focus on work that matters.

This post explains how Falcon Next-Gen SIEM allows customers to identify and investigate risky user behavior and analyze data combined with other log sources to uncover hidden threats. By combining Cloudflare and CrowdStrike, organizations are better equipped to manage risk and decisively take action to stop cyberattacks.

By leveraging the combined capabilities of Cloudflare and CrowdStrike, organizations combine Cloudflare’s email security and zero trust logging capabilities with CrowdStrike’s dashboards and custom workflows to get better visibility into their environments and remediate potential threats. Happy Cog, a full-service digital agency, currently leverages the integration. Co-Founder and President Matthew Weinberg said:

'The integration of Cloudflare’s robust Zero Trust capabilities with CrowdStrike Falcon Next-Gen SIEM enables organizations to gain a more comprehensive view of the threat landscape and take action to mitigate both internal and external risks posed by today’s security Continue reading

PMTUD in MPLS-enabled Networks

In the previous post on MSS, MSS Clamping, PMTUD, and MTU, we learned how PMTUD is performed by setting the Don’t fragment flag in the IP header which leads to the device that needs to perform fragmentation dropping the packet and sending ICMP Fragmentation needed packet towards the source. In MPLS-enabled networks, it’s not always possible to send the ICMP packet straight towards the source as the P routers have no knowledge of the customer specific networks. In RFC 3032 – MPLS Label Stack Encoding, such a scenario is described:

Suppose one is using MPLS to "tunnel" through a transit routing
domain, where the external routes are not leaked into the domain's
interior routers.  For example, the interior routers may be running
OSPF, and may only know how to reach destinations within that OSPF
domain.  The domain might contain several Autonomous System Border
Routers (ASBRs), which talk BGP to each other.  However, in this
example the routes from BGP are not distributed into OSPF, and the
LSRs which are not ASBRs do not run BGP.

In this example, only an ASBR will know how to route to the source of
some arbitrary packet.  If an interior router needs  Continue reading

PP030: Volt Typhoon On the Attack, Starlink Joins the Navy, and More Security News

Today’s Packet Protector is an all-news episode. We cover the Volt Typhoon hacker group exploiting a zero-day in Versa Networks gear and a multitude of vulnerabilities in Zyxel network products. We also debate whether Microsoft’s endpoint security summit will be more than a public relations exercise, a serious backdoor in RFID cards used in offices... Read more »
1 104 105 106 107 108 3,836