Heavy Networking 434: Solving Network Performance And Security Problems With VIAVI Solutions (Sponsored)

On today's sponsored Heavy Networking, VIAVI Solutions joins the Packet Pushers to discuss the intersection of network performance management (NPM) and security. We discuss how network and security teams can leverage VIAVI's packet capture capabilities, how it enriches flow records with additional data to provide valuable context, and how the concept of end user experience informs VIAVI's approach to NPM.

The post Heavy Networking 434: Solving Network Performance And Security Problems With VIAVI Solutions (Sponsored) appeared first on Packet Pushers.

Weekend Reads 030719

Do you really understand Big O? If so, then this will refresh your understanding before an interview. If not, don’t worry — come and join us for some endeavors in computer science. —Shen Huang

The optical transceiver industry, by comparison, is a cottage industry built on fractured design methodologies, captive wafer manufacturing, proprietary packaging and labor-intensive production that limits economies of scale. —Roberto Marcoccia

IoT devices like these are a security and privacy risk to individual users. This can include bad people taking control of your Wi-Fi enabled webcams or internet-connected children’s toys. However, the greater concern for me is when these insecure devices are taken over for the purposes of a distributed denial-of-service attack (DDoS) whereby hundreds or thousands of devices are used to attack core internet infrastructure or services. —Jacques Latour

In a new official statement on the Directive (English translation), Kelber warns that Article 13 will inevitably lead to the use of automated filters, because there is no imaginable way for the organisations that run online services to examine everything their users post and determine whether each message, photo, video, or audio clip is a copyright violation. —Cory Doctorow

Opposing parties continue to debate whether WHOIS should stay after Continue reading

Stuff The Internet Says On Scalability For March 8th, 2019

Wake up! It's HighScalability time:

 

A highly simplified diagram of serverless. (@jbesw)

 

Do you like this sort of Stuff? I'd greatly appreciate your support on Patreon. Know anyone who needs cloud? I wrote Explain the Cloud Like I'm 10 just for them. It has 40 mostly 5 star reviews. They'll learn a lot and love you even more.

 

  • 5%: France's new digital tax revolution; $15 trillion: AI contribution to global GDP by 2030; 70%: better response time using HTTP keep-alive in lambda; 115 million: Akamai found bots (per day) compromising user accounts by credential stuffing; 83%: of all internet traffic is API calls, not HTML; $1 million: first millionaire bug-bounty hacker is 19 years old; 15%: mooch their Netflix account; 5%: Microsoft's app store take; $15: Tensorflow at the edge; 30%: first quarter drop in DRAM prices; $2 billion: IBM's microkernel folly; ~1TWh: lithium-ion batteries production per year by 2030; 25%: Tesla supercharger time improvement by a software update; 

  • Quoteable Quotes:
    • Jeff Bezos: I've witnessed this incredible thing happen on the internet over the last two decades. I started Amazon in my Continue reading

ExaBGP and etcd – processing routes

In my last post – we took a look at how we could leverage etcd from Python. In this post, I want to propose a use for leveraging etcd as a sort of message bus for ExaBGP. We saw some pretty compelling features with etcd that I think can work nicely in our ExaBGP model. So without further blabbering – let’s start coding.

Note: I assume you have a local instance of etcd installed and it is currently empty. If it’s not empty – you’ll want to clear it all out using a command like this ETCDCTL_API=3 etcdctl del "" --from-key=true

If you recall – in our last post on ExaBGP we were at a point where the ExaBGP process was using two Python programs we wrote. One for processing received routes (exa_bgp_receive.py) and one for sending route updates (exa_bgp_send.py). My goal here it to remove a lot of the logic for static route processing from these two scripts and make them more about route processing. More specifically – I want to turn the two Python scripts that ExaBGP is running on our behalf into simple programs that read/write to to/from etcd. Once we Continue reading

How to determine if Wi-Fi 6 is right for you

There's a lot of hype around the next Wi-Fi standard, 802.11ax, more commonly known as Wi-Fi 6. Often new technologies are built up by vendors as the "next big thing" and then flop because they don’t live up to expectations. In the case of Wi-Fi 6, however, the fervor is warranted because it's the first Wi-Fi standard designed with the premise that Wi-Fi is the primary connection for devices rather than a network of convenience. Wi-Fi resources Test and review of 4 Wi-Fi 6 routers: Who’s the fastest? Five questions to answer before deploying Wi-Fi 6 Wi-Fi 6E: When it’s coming and what it’s good for Wi-Fi 6 is a different kind of Wi-Fi Wi-Fi 6 is loaded with features, such as Orthogonal Frequency Division Multiple Access (OFDMA), 1024-QAM (quadrature amplitude modulation) encoding, and target wake time (TWT), that make Wi-Fi faster and less congested. Many of these enhancements came from the world of LTE and 4G, which addressed these challenges long ago. These new features will lead to a better mobile experience and longer client battery life, and they will open the door to a wide range of applications that could not have been done on Continue reading

Sample Solution: Automated Auditing Toolbox

Wherever you look you find three kinds of people: those that build tools they need, those that find the tools they need, and those that yammer about the lack of tools without ever doing anything to solve the problem.

Daniel Teycheney is clearly in the first category. When faced with “collect some data and create a simple report” hands-on assignment during the Building Network Automation Solutions course he started creating a toolbox of playbooks that can be used in initial network auditing. I’m positive you’ll find tons of useful tidbits in his code ;)

Want to be able to do something similar? You missed the Spring 2019 online course, but you can get the mentored self-paced version with Expert Subscription.

A generalised solution to distributed consensus

A generalised solution to distributed consensus Howard & Mortier, arXiv’19

This is a draft paper that Heidi Howard recently shared with the world via Twitter, and here’s the accompanying blog post. It caught my eye for promising a generalised solution to the consensus problem, and also for using reasoning over immutable state to get there. The state maintained at each server is monotonic.

Consensus is a notoriously hard problem, and Howard has been deep in the space for several years now. See for example the 2016 paper on Flexible Paxos. The quest for the holy grail here is to find a unifying and easily understandable protocol that can be instantiated in different configurations allowing different trade-offs to be made according to the situation.

This paper re-examines the problem of distributed consensus with the aim of improving performance and understanding. We proceed as follows. Once we have defined the problem of consensus, we propose a generalised solution to consensus that uses only immutable state to enable more intuitive reasoning about correctness. We subsequently prove that both Paxos and Fast Paxos are instances of our generalised consensus algorithm and thus show that both algorithms are conservative in their approach.

The Continue reading

Python Decorators – From a Network Engineers Perspective

As going through learning some basic programming, I encountered Decorators. I should be very honest if any of you are trying to figure out or learn what decorators in python do from my blog post you are dangerously in trouble.

So what this post about if not learning, well its mostly on what the functionality is so that you can learn the concept from better programming resources.

 

Let’s examine the below code

 

The output will be something like below

 

What’s in this code:

The first thing you have to realize is that some representation with ‘@’ symbol. If you have noticed get_reinfo and get_modelinfo functions, they have one thing in common which is to connect to the device and get output before they parse the required fields, that what a Decorator is helping us to do here, we extend that wrapping functionality around new functions without having to write everything or globalize everything.

At least that is what I understood.  So, next time when you are writing some code try to think if you can incorporate decorators into them.

-Rakesh

 

BrandPost: Resilience at Edge Computing Sites Is Resilience for the Whole IT Environment

As edge computing deployments get under way, organizations need to make their edge computing sites resilient. As the saying goes, “you’re only as good as your weakest link,” so if edge computing locations are allowed to be the weakest link in a multi-location environment, the entire network surely will suffer.You can’t have a truly resilient IT deployment without resilience at these edge computing sites. So organizations have to harden these sites with best-in-class technology as they do at centralized and regional data centers. Organizations need redundancy, security and management controls designed to prevent downtime.To read this article in full, please click here

Context-aware Micro-segmentation with NSX-T 2.4

With last’s week landmark release of NSX-T 2.4,  and the RSA conference in full swing,  this is the perfect time to talk about to some of the new security functionality we are introducing in NSX-T 2.4.

If you prefer seeing NSX-T in action, you can watch this demo which covers Layer 7 application identity, FQDN Filtering and Ientity Firewall. Or if you are around at RSAC in San Francisco this week, swing by the VMware booth. 

Micro-segmentation has been one of the key reasons why our customers deploy NSX. With Micro-segmentation, NSX enables organizations to implement a  zero-trust network security model  in their on-premise datacenter as well as in the cloud and beyond.  A key component making Micro-segmentation possible is the Distributed Firewall, which is deployed at the logical port of every workload allowing the most granular level of enforcement, regardless of the form factor of that workload – Virtual Machine – Container – Bare Metal Server or where that workload resides – On Premise – AWS -Azure – VMC.

NSX-T 2.4 provides significant new security features and functionality such as Context-aware Micro-segmentation, Network (and Security) Intrastructure as Code, E-W Service Insertion and Guest Continue reading

Cumulus content roundup: February

It’s time to officially unveil our Cumulus content roundup- February edition! In case you missed any of the content from the last month we, naturally, have you covered with links to it all below. Dig into the latest and greatest resources and news including two great podcasts that we recommend you queue up and listen to during your commute.

From Cumulus Networks:

How to make CI/CD with containers viable in production: Software-defined infrastructure is no longer a nice to have. It’s an absolute must using modern development approaches, such as CI/CD, containers, etc.

Kernel of Truth season 2 episode 1- EVPN on the host: Guess who’s back? Back again? The real Kernel of Truth is back with season 2 and we’re starting off this season with all things EVPN! This topic is near and dear to Attilla de Groots’ heart having talked about it in his recent blog here. He now joins Atul Patel and our host Brian O’Sullivan to talk more about EVPN on host for multi-tenancy.

BGP: What is it, how can it break, and can Linux BGP fix it?: Border Gateway Protocol is one of the most important protocols on the internet. Linux BGP allows for in-depth monitoring and Continue reading

1 1,064 1,065 1,066 1,067 1,068 3,612