Day Two Cloud 020: Design Tips For Cloud Networking Success

VPCs. Vnets. DirectConnect. Kubernetes. Calico. Public clouds. Hybrid clouds. Networking is no small feat when it comes to the cloud. How does an organization keep their cloud networks from turning into a flying spaghetti monster? Day Two Cloud tackles this critical question with guest Andrew Wertkin, Chief Strategy Officer at BlueCat Networks. We discuss design tips, the critical role of DNS, monitoring and troubleshooting options, and more.

Day Two Cloud 020: Design Tips For Cloud Networking Success

VPCs. Vnets. DirectConnect. Kubernetes. Calico. Public clouds. Hybrid clouds. Networking is no small feat when it comes to the cloud. How does an organization keep their cloud networks from turning into a flying spaghetti monster? Day Two Cloud tackles this critical question with guest Andrew Werkin, Chief Strategy Officer at BlueCat Networks. We discuss design tips, the critical role of DNS, monitoring and troubleshooting options, and more.

The post Day Two Cloud 020: Design Tips For Cloud Networking Success appeared first on Packet Pushers.

vSAN Stretched Cluster Using an NSX-T Backed L3 Network

VMware vSAN and NSX-T Compatibility 

There are lot of discussions that talk about VMware NSX and VMware vSAN, most of them around compatibility.

vSAN and NSX are compatible with each other, however, vSAN traffic is not supported on NSX overlay network. But, the way VDS Portgroups can be used to configure vSAN vmkernel adapters, NSX-T VLAN backed logical switches can also be used to configure vSAN vmkernel adapters. Apart from this, NSX-T logical routers can be used as gateways to route the vSAN traffic, of course the backing for such configuration must be with NSX-T VLAN logical switches.

In this blog post I cover how NSX-T can be used to setup configuration for vSAN stretched cluster.

Deep Dive of vSAN Stretched Cluster Using an NSX-T Backed L3 Network

One of the configurations for vSAN stretched cluster can be achieved with L3 networking between Data Nodes and the Witness Host. In such deployment, the Data Nodes and Witness Host may reside in different networks. Hence, the vSAN vmkernel adapters need to point to their gateways to talk to each other. Following is the high-level network view of such topology for vSAN stretched cluster where hosts use VDS Portgroups to configure the Continue reading

How inspiration from your data center can modernize your campus network.

Campus networks are undergoing a rapid evolution as they draw inspiration from their data center peers from both a technology and cost perspective. At the forefront of this evolution is open networking, led by innovation and cost efficiencies that apply equally across data center and campus networks.

Interestingly, Cumulus Linux was originally intended for data center networking, but without a doubt, we’re seeing the lines between data center and campus blurring with campus standing to benefit significantly, and it’s about time. It’s the data center that has historically benefited from innovation, especially in compute and storage. The data center network, however, seemed to lag for more than a decade until our founders set out in 2010 to develop a fundamentally different approach to the data center with Cumulus Networks.

Cumulus Networks introduced an open, modern and innovative network operating system called Cumulus Linux. Cumulus Linux was originally designed to emulate the network architecture of the web-scale giants including Google, Amazon, Apple, Microsoft and Facebook allowing you to automate, customize and scale your data center network like no other, and for the first time, bringing this capability to the masses.

Cumulus Networks is building the modern data center network for applications Continue reading

How Did We End with 1500-byte MTU?

A subscriber sent me this intriguing question:

Is it not theoretically possible for Ethernet frames to be 64k long if ASIC vendors simply bothered or decided to design/make chipsets that supported it? How did we end up in the 1.5k neighborhood? In whose best interest did this happen?

Remember that Ethernet started as a shared-cable 10 Mbps technology. Transmitting a 64k frame on that technology would take approximately 50 msec (or as long as getting from East Coast to West Coast). Also, Ethernet had no tight media access control like Token Ring, so it would be possible for a single host to transmit multiple frames without anyone else getting airtime, resulting in unacceptable delays.

Read more ...

“I was told to buy a software or lose my computer: I ignored it.” A study of ransomware

“I was told to buy a software or lose my computer. I ignored it”: a study of ransomware Simoiu et al., SOUPS 2019

This is a very easy to digest paper shedding light on the prevalence of ransomware and the characteristics of those most likely to be vulnerable to it. The data comes from a survey of 1,180 US adults conducted by YouGov, an online global market research firm. YouGov works hard to ensure respondent participation representative of (in this case) the general population in the U.S., but the normal caveats apply.

We define ransomware as the class of malware that attempts to defraud users by restricting access to the user’s computer or data, typically by locking the computer or encrypting data. There are thousands of different ransomware strains in existence today, varying in design and sophistication.

The survey takes just under 10 minutes to complete, and goes to some lengths to ensure that self-reporting victims really were victims of ransomware (and not some other computer problem).

For respondents that indicated they had suffered from a ransomware attack, data was collected on month and year, the name of the ransomware variant, the ransom demanded, the payment method, Continue reading

Kubernetes, Ransomware to Hit Cloud and Data in 2020

Ransomware attacks shot up 500% in the last year with damage costs expected to soar up to $11...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Tech Bytes: Implementing Sensible Network Segmentation With Tufin (Sponsored)

Today's Tech Bytes podcast looks at how to implement sensible network segmentation to ensure compliance with security policies and accelerate business agility. Tufin is our sponsor, and we speak with guest Sagi Bar-Zvi, Strategic Pre-Sales Manager at Tufin.

The post Tech Bytes: Implementing Sensible Network Segmentation With Tufin (Sponsored) appeared first on Packet Pushers.

How to prevent IPv6 VPN breakout

Enterprises unaware of the role IPv6 plays on remote users’ devices run the risk that these machines might access banned sites despite using VPNs that are meant to restrict what they access.This hole stems from the fact that some of these remote-access VPNs are configured to inspect and apply security controls only to IPv4 traffic as it passes through a VPN concentrator without enabling similar protections for IPv6 traffic.[Get regularly scheduled insights by signing up for Network World newsletters.] This leaves IPv6 traffic free to access the Internet directly without those controls being applied. Known as IPv6 VPN breakout, the issue is well known yet often remains overlooked.To read this article in full, please click here

Heavy Networking 478: Leveraging LTE For SD-WAN With Cradlepoint (Sponsored)

Today's Heavy Networking show is sponsored by Cradlepoint, which provides wireless WAN networking. Our guest Marc Bresniker, VP of Product Management, joins us to discuss using LTE for WAN connections including IoT, and to explore the benefits of using Cradlepoint's LTE solutions as part of your SD-WAN strategy.

The post Heavy Networking 478: Leveraging LTE For SD-WAN With Cradlepoint (Sponsored) appeared first on Packet Pushers.

Network Break 256: Startup Forward Networks Nabs $35 Million; Vodafone Dials OpenRAN For Incumbent Alternatives

Today's Network Break podcast is chock full of inspirational cynicism. We cover fresh funding for Forward Networks, Vodafone trialing OpenRAN gear, SUSE closing the door on OpenStack, Extreme Networks shifting StackStorm to the Linux Foundation, and more tech news.

The post Network Break 256: Startup Forward Networks Nabs $35 Million; Vodafone Dials OpenRAN For Incumbent Alternatives appeared first on Packet Pushers.

Linux sudo flaw can lead to unauthorized privileges

A newly discovered and serious flaw in the sudo command can, if exploited, enable users to run commands as root in spite of the fact that the syntax of the  /etc/sudoers file specifically disallows them from doing so.Updating sudo to version 1.8.28 should address the problem, and Linux admins are encouraged to do so as soon as possible. [Get regularly scheduled insights by signing up for Network World newsletters.] How the flaw might be exploited depends on specific privileges granted in the /etc/sudoers file. A rule that allows a user to edit files as any user except root, for example, would actually allow that user to edit files as root as well. In this case, the flaw could lead to very serious problems.To read this article in full, please click here

Forcepoint Web Security Footprint Spans 160 Global PoPs

The vendor rolled out its Web Security platform across 160 points of presence as it builds out a...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Toshiba Taps Cybera’s SD-WAN for Retail Terminals

Under the agreement, Cybera becomes Toshiba's preferred SD-WAN vendor in the Asia-Pacific...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Intel Snaps Up Smart Edge Amid 5G Push

The company is expanding into edge computing, which it estimates will be a $65 billion silicon...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

1 1,131 1,132 1,133 1,134 1,135 3,849