NetworkingNexus.net

The Week in Internet News: China and Russia Target ‘Illegal’ Content

Content crackdown: China and Russia plan to sign an agreement to crack down on what they consider “illegal” Internet content, The Register reports. It’s unclear what the agreement will cover but critics already fear the deal will enable the two countries to further crack down on free speech. China has even effectively banned cartoon character Winnie the Pooh because some people have compared the chubby bear to leader Xi Jinping.

Eyes on you: In more censorship-related news, Thailand has ordered restaurants and Internet cafes to log the Internet histories of users, Privacy News Online says. The Thai government already requires ISPs to keep a log of customers’ Internet histories for 90 days as part of the country’s Computer Crimes Act.

Poor access: Some of the U.S. states with the lowest levels of broadband access also have the highest poverty rates, notes a report from Axios. About 30 percent of low-income U.S. residents do not have access to broadband, says the story, citing a Census Bureau report.

Not so smart: A new “smart” doorbell may literally unlock a home’s doors to hackers, according to The Daily Swig. A security researcher found that the Wi-Fi connected doorbell had no authentication Continue reading

Network Features Coming Soon in Ansible Engine 2.9

slack-imgs.com-2

The upcoming Red Hat Ansible Engine 2.9 release has some really exciting improvements, and the following blog highlights just a few of the notable additions. In typical Ansible fashion, development of Ansible Network enhancements are done in the open with the help of the community. You can follow along by watching the GitHub project board, as well as the roadmap for the Red Hat Ansible Engine 2.9 release via the Ansible Network wiki page.

As was recently announced, Red Hat Ansible Automation Platform now includes Ansible Tower, Ansible Engine, and all Ansible Network content. To date, many of the most popular network platforms are enabled via Ansible Modules. Here are just a few:

Arista EOS
Cisco IOS
Cisco IOS XR
Cisco NX-OS
Juniper Junos
VyOS

A full list of the platforms that are fully supported by Red Hat via an Ansible Automation subscription can be found at the following location: https://docs.ansible.com/ansible/2.9/modules/network_maintained.html#network-supported

What we’ve learned

In the last four years we’ve learned a lot about developing a platform for network automation. We’ve also learned a lot about how users apply these platform artifacts as consumed in end-user Ansible Playbooks and Roles. In the Continue reading

Junos Policy-Based VPNs – Part 1 of 4 – Security Policies

Policy-based VPNs are a pain most of the time, especially when compared to route-based VPNs. Many of the policy-based VPNs …

Continue reading →

The post Junos Policy-Based VPNs – Part 1 of 4 – Security Policies appeared first on Fryguy's Blog.

SEC 1. Data plane and control plane protection in the networking (Nokia, Cisco and Mellanox/Cumulus) for IPv4.

Hello my friend,

This is the third article where we use the Mellanox SN 2010 running Cumulus Linux. And today we cover enormously important topic: network security. More precisely, we will speak about the data plane and the control plane protection. Cisco IOS XR and Nokia SR OS accompany us in this journey.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus Networks for providing me the Mellanox switch and Cumulus license for the tests.

Disclaimer

This blogpost is the continuation of the previous one, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.

Brief description

Each week you can find the news describing the security breaches. In the modern economy, where the Internet plays already a key role, all the connected businesses (and almost all businesses are connected) are on the risk caused by casual network scanning and brood force attacks. In addition to that, big companies and governments are quite often the attack targets for other companies, governments and criminals. Therefore, Continue reading

New Content: EVPN on Linux Hosts and External Azure Connectivity

Dinesh Dutt added another awesome chapter to the EVPN saga last week explaining how (and why) you could run VXLAN encapsulation with EVPN control plane on Linux hosts (TL&DR: think twice before doing it).

In the last part of current Azure Networking series I covered external VNet connectivity, including VNet peering, Internet access, Virtual Network Gateways, VPN connections, and ExpressRoute. The story continues on February 6th 2020 with Azure automation.

You’ll need Standard ipSpace.net Subscription to access both webinars.

9 hot micro-data-center startups to watch

Data-hungry technology trends such as IoT, smart vehicles, drone deliveries, smart cities and Industry 4.0 are increasing the demand for fast, always-on edge computing. One solution that has emerged to bring the network closer to the applications generating and end users consuming that data is the micro data center.The micro data center sector is a new space filled with more noise than signal. If you go hunting for a micro data center for your business you’ll find everything from suitcase-sized computing stacks that replace a server closet to modular enclosures delivered by semi-trucks to larger units that reside at the foot of cell towers to dedicated edge data centers with standardized designs that can spring up wherever there’s demand and where real estate or access rights are available, including easements, rooftops and industrial sites.To read this article in full, please click here

9 hot micro-data-center startups to watch

10 hot micro-data-center startups to watch

Docker’s Success a Foundation for Its Struggles

“In a sense, Docker is almost a victim of its own success,” said 451 Research's Jay Lyman....

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

EVPN-VXLAN | Layer 3 Gateway | IRB | JUNOS

I often get asked about EVPN Layer 3 gateway options. And more specifically, what are the differences between IRB with Virtual Gateway Address (VGA) and IRB without VGA. There are many different options and configuration knobs available when configuring EVPN L3 gateway. But I’ve focused on the 3 most popular options that I see with my customers in EVPN-VXLAN environments in a centralised model. I’m also only providing the very basic configuration required.

Each IRB option can be considered an Anycast gateway solution seeing as duplicate IPs are used across all IRB gateways. However, there are some subtle, yet significant, differences between each option.

Regardless of the transport technology used, whether it be MPLS or VXLAN, a layer 3 gateway is required to route beyond a given segment.

This Week: Data Center Deployment with EVPN/VXLAN by Deepti Chandra provides in-depth analysis and examples of EVPN gateway scenarios. I highly recommend reading this book!

IRB Option 1

Duplicate IP | Unique MAC | No VGA

Duplicate IPs are configured on all gateway IRBs and unique MAC addresses are used (manually configured or IRB default). Virtual Gateway Address is not used.

EVPN provides the capability to automatically synchronise gateways Continue reading

It’s crowded in here!

We recently gave a presentation on Programming socket lookup with BPF at the Linux Plumbers Conference 2019 in Lisbon, Portugal. This blog post is a recap of the problem statement and proposed solution we presented.

Our edge servers are crowded. We run more than a dozen public facing services, leaving aside the all internal ones that do the work behind the scenes.

Quick Quiz #1: How many can you name? We blogged about them! Jump to answer.

These services are exposed on more than a million Anycast public IPv4 addresses partitioned into 100+ network prefixes.

To keep things uniform every Cloudflare edge server runs all services and responds to every Anycast address. This allows us to make efficient use of the hardware by load-balancing traffic between all machines. We have shared the details of Cloudflare edge architecture on the blog before.

Granted not all services work on all the addresses but rather on a subset of them, covering one or several network prefixes.

So how do you set up your network services to listen on hundreds of IP addresses without driving the network stack over the edge?

Cloudflare engineers have had to ask themselves this question Continue reading

You cannot cURL under pressure

cURL. The wonderful HTTP plumbing tool that powers both a lot of command line debugging and bash scripts, but also exists as a strong foundation in our applications in the form of libcurl.

Editing Files in a Docker Container

This is the quick and easy way I learned to edit some files within a Docker container. Professional DevOps engineers might be doing it in a different way, this is the network engineers way of doing things

-Rakesh

Must read: Shades of Lock-in

Gregor Hohpe published an excellent series on Martin Fowler’s web site focusing on various aspects of lock-in. If nothing else, you SHOULD read the shades of lock-in part, and combine it with my thoughts on lock-in in data center networking.

What’s it like to come out as LGBTQIA+ at work?

Today is the 31st Anniversary of National Coming Out Day. I wanted to highlight the importance of this day, share coming out resources, and publish some stories of what it's like to come out in the workplace.

About National Coming Out Day

Thirty-one years ago, on the anniversary of the National March on Washington for Lesbian and Gay Rights, we first observed National Coming Out Day as a reminder that one of our most basic tools is the power of coming out. One out of every two Americans has someone close to them who is gay or lesbian. For transgender people, that number is only one in 10.

Coming out - whether it is as lesbian, gay, bisexual, transgender or queer - STILL MATTERS. When people know someone who is LGBTQ, they are far more likely to support equality under the law. Beyond that, our stories can be powerful to each other.

Each year on October 11th, National Coming Out Day continues to promote a safe world for LGBTQ individuals to live truthfully and openly. Every person who speaks up changes more hearts and minds, and creates new advocates for equality.

For more on coming out, visit HRC's Coming Out Continue reading

How the oil and gas industry exploits IoT

Like many traditional industries that have long-standing, tried-and-true methods of operation, the oil-and-gas sector hasn’t been the quickest to embrace IoT technology – despite having had instrumentation on drilling rigs, pipelines and refining facilities for decades, the extraction industry has only recently begun to work with modern IoT.To read this article in full, please click here(Insider Story)

Tarek Kamel: A Loss to the Internet Community

It was indeed very sad news yesterday that Tarek Kamel passed away. Despite his suffering and illness, no one expected death could be that close. Just last week I was chatting with friends in common about his persistence in planning to attend the upcoming ICANN meeting in Montreal, with permission from his doctors. That was Tarek Kamel: always forward looking and a real fighter for what he believed in.

Tarek’s death moved not only his family and friends, but a wider group, especially in the Internet community. Let me share why.

Who is He in a Nutshell?

Tarek Kamel had a Ph.D. in electrical engineering and information technology from the Technical University of Munich. From 1992 to 1999, he was the manager of Egypt’s Communications and Networking Department at the Cabinet Information and Decision Support Centre (IDSC/RITSEC). During this period, he established Egypt’s first connection to the Internet, steered the introduction of commercial Internet services in Egypt, and co-founded the Internet Society of Egypt (the Egyptian Chapter).

Kamel joined the Ministry of Communications and Information Technology at its formation in October 1999, where he was appointed senior advisor to the minister. Then he served as the minister of communications and information Continue reading

Women in Tech Week Profile: Clara McKenzie

We’re continuing our celebration of Women in Tech Week with another profile of one of many of the amazing women who make a tremendous impact at Docker – this week, and every week – helping developers build modern apps.

*Clara McKenzie (center) is a Support Escalation Engineer*.

What is your job?

SEG Engineer (Support Escalation Engineer).

How long have you worked at Docker?

4 months.

Is your current role one that you always intended on your career path?

The SEG role is a combination that probably doesn’t exist as a general rule. I’ve always liked to support other engineers and work cross-functionally, as well as unravel hard problems, so it’s a great fit for me.

What is your advice for someone entering the field?

The only thing constant about a career in tech is change. When in doubt, keep moving. By that, I mean keep learning, keep weighing new ideas, keep trying new things.

Tell us about a favorite moment or memory at Docker or from your career?

In my first month at Docker, we hosted a summer cohort of students from Historical Black Colleges who were participating in a summer internship. As part of their visit Continue reading

Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored)

Today on Heavy Networking we go deep on segment routing, a way to encode into a packet the path it should take through the network. Guest Ron Bonica, Distinguished Engineer at Juniper Networks, offers a detailed look at how segment routing works; discusses use cases; explores the differences among SR-MPLS, SRv6, and SRv6+; and more. Juniper is our sponsor for today's show.

The post Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored) appeared first on Packet Pushers.

« Previous 1 … 1,126 1,127 1,128 1,129 1,130 … 3,841 Next »