The Week in Internet News: The New Internet Space Race

Broadband in space: The Associated Press, via the New York Post, has a story on the new space race involving Amazon, SpaceX, and other companies. The competition is to be first to deploy new satellite networks to provide broadband service to all corners of the Earth. Still, there are some questions about these low-Earth orbit satellites, with the multi-billion-dollar cost of deployment being the biggest concern.

Secure by algorithm: Researchers at Princeton University have developed algorithms that they say can prevent hacker attacks on power grids, DownToEarth reports. The new algorithms target power spikes that could be driven by IoT-based attacks. One algorithm would prevent connections overloading by balancing power, and the other would help grids restore their functionality after an attack.

Please help: A column at ZDNet asks network operators to using existing tools to fix security problems with the Border Gateway Protocol, which routers use to tell each other the best way to route traffic. The BGP standard includes Route Origin Authorizations (ROAs) to confirm the accuracy of routing messages, but those tools aren’t as widely deployed as they could be, the column suggests.

Lost jobs: A nearly two-month Internet shutdown in the India-controlled Kashmir region Continue reading

Junos Primary and Preferred Interface Commands

This blog post was spurred on by a recent real-world experience where I had to configure a primary IP address …

Continue reading →

The post Junos Primary and Preferred Interface Commands appeared first on Fryguy's Blog.

Recommended Networking Resources for September 2019 Third Week

There are so many good resources for Network Engineers out there. I started to share the ones I liked on beginning of this month. Click here to see previous Networking Recommended Resources. As you know, I share 5 resource every week. There are so many in my list already, I can’t wait for the next …

Continue reading "Recommended Networking Resources for September 2019 Third Week"

The post Recommended Networking Resources for September 2019 Third Week appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Networking in Public Clouds – New ipSpace.net Online Course

I have exciting news I’d love to share with you: we’re launching a new online course focused on networking in public clouds starting in February 2020 (I’ve been mulling over this idea and polishing the concept for almost 18 months, and finally it all came together ;)

With Go To The Cloud becoming the answer to all questions (regardless of what the question is), you can find tons of materials describing various aspects of public clouds, so you might wonder why I decided to enter the fray. The answer is simple: with everyone being focused on developers, there’s not much that an infrastructure engineer could use to help him survive when the developers move on and he’s left to manage whatever they put in place.

Small world with high risks: a study of security threats in the npm ecosystem

Small world with high risks: a study of security threats in the npm ecosystem Zimmermann et al., USENIX Security Symposium 2019

This is a fascinating study of the npm ecosystem, looking at the graph of maintainers and packages and its evolution over time. It’s packed with some great data, and also helps us quantify something we’ve probably all had an intuition for— the high risks involved in depending on a open and fast-moving ecosystem. One the key takeaways for me is the concentration of reach in a comparatively small number of packages and maintainers, making these both very high value targets (event-stream, it turns out, wouldn’t even have made the top-1000 in a list of ranked targets!), but also high leverage points for defence. We have to couple this of course with an exceedingly long tail.

The npm ecosystem

As the primary source of third-party JavaScript packages for the client-side, server-side, and other platforms, npm is the centrerpiece of a large and important software ecosystem.

Npm is an open ecosystem hosting a collection of over 800,000 packages as of February 2019, and it continues to grow rapidly.

To share a package on npm, a maintainer creates Continue reading

Serverless Security Threats Loom as Enterprises Go Cloud Native

Worth Reading: Koding Academies

Every few weeks I stumble upon an article (or twitter storm) in which someone claims you don’t need formal education to get started as a Software Engineer (or whatever else) - all you need is a coding academy/bootcamp and you're all set.

George V. Neville-Neil wrote a hilarious rebuttal of this idea followed by some pretty good advice. Hope you’ll enjoy it as much as I did ;)

Run a script on virtual machines when the host is shut down

I want to show you how to configure a host server so, when it is shut down, it executes a script that runs commands on any running virtual machines before the host tries to stop them. I will configure the host server to wait until the script completes configuring the virtual machines before continuing with the shutdown process, shutting down the virtual machines, and eventually powering off.

I had to learn how Systemd service unit configuration files work and some more details about how Libvirt is configured in different Linux distributions. Read on to see the solution, plus some details about how to test the solution in Ubuntu and CentOS.

Solution Summary

Create a new Systemd service named graceful-shutdown that runs a script when the host system shuts down, but before Libvirt shuts down any virtual machines. Ensure that the libvirt-guests service is already started and enabled, and is configured appropriately.

The graceful-shutdown.service unit configuration file

Create a new Systemd unit configuration file named graceful-shutdown.service and save it in the directory, /etc/systemd/system, where it is advised you put custom configuration files.

For example:

# vi /etc/systemd/system/graceful-shutdown.service

Enter the following text into the file, then save it:

 Continue reading

Cloudflare’s protection against a new Remote Code Execution vulnerability (CVE-2019-16759) in vBulletin

Cloudflare has released a new rule as part of its Cloudflare Specials Rulesets, to protect our customers against a high-severity vulnerability in vBulletin.  

A new zero-day vulnerability was discovered for vBulletin, a proprietary Internet forum software. By exploiting this vulnerability, bad actors could potentially gain privileged access and control to the host servers on which this software runs, through Remote Code Execution (RCE).

Implications of this vulnerability

At Cloudflare, we use three key indicators to understand the severity of a vulnerability 1) how many customers on Cloudflare are running the affected software 2) the Common Vulnerability Scoring System (CVSS) score, and 3) the OWASP Top 10, an open-source security framework.

We assess this vulnerability to be very significant as it has a CVSS score of 9.8/10 and affects 7 out of the 10 key risk areas of the OWASP 2017 Top 10.

Remote Code Execution is considered a type of injection, which provides the capability to potentially launch a catastrophic attack. Through RCE an attacker can gain privileged access to the host server that might be running the unpatched and vulnerable version of this software. With elevated privileges the attacker could perform malicious activities including discovery of additional Continue reading

Qualcomm Paints Strategic Contrasts in Cloud, AI, Edge

Worth Reading: SDN Ate My Hamster

A long while ago Daniel Dib wrote a nice blog post on “SDN will make the networking engineers obsolete” theme. While it sounds like beating a dead horse, the SDN craze isn’t subsiding, so another healthy dose of common sense might come handy.

Hint: if you’re not following Daniel’s blog, you should… even though he decided to make old farts’ life harder by publishing on LinkedIn.

Heavy Networking 474: Find Breaches With Continuous Monitoring From Open Systems (Sponsored)

On today's Heavy Networking, sponsor Open Systems joins us to talk about its continuous security monitoring capabilities that help customers find breaches quickly. Our guest is Dave Martin, Senior Director for Product Management of Threat Response at Open Systems.

The post Heavy Networking 474: Find Breaches With Continuous Monitoring From Open Systems (Sponsored) appeared first on Packet Pushers.

Cumulus Co-Founder JR Rivers Joins Amazon

Birthday Week 2019 Wrap-up

This week we celebrated Cloudflare’s 9th birthday by launching a variety of new offerings that support our mission: to help build a better Internet.  Below is a summary recap of how we celebrated Birthday Week 2019.

Cleaning up bad bots

Every day Cloudflare protects over 20 million Internet properties from malicious bots, and this week you were invited to join in the fight!  Now you can enable “bot fight mode” in the Firewall settings of the Cloudflare Dashboard and we’ll start deploying CPU intensive code to traffic originating from malicious bots.  This wastes the bots’ CPU resources and makes it more difficult and costly for perpetrators to deploy malicious bots at scale. We’ll also share the IP addresses of malicious bot traffic with our Bandwidth Alliance partners, who can help kick malicious bots offline. Join us in the battle against bad bots – and, as you can read here – you can help the climate too!

Browser Insights

Speed matters, and if you manage a website or app, you want to make sure that you’re delivering a high performing website to all of your global end users. Now you can enable Browser Insights in the Speed section of the Continue reading

Tutorial: Explore Project Calico Network Policies with Google Kubernetes Engine

Virtual networking softwareKubernetes open source container orchestration software. While Kubernetes has extensive support for Role-Based Access Control (RBAC), the default networking stack based on Google Kubernetes Engine (GKE). Unlike other managed Kubernetes services, GKE comes with an integrated Calico stack that can be enabled during the cluster creation. It is also possible to configure Calico on an existing, running GKE cluster. Start by launching a standard GKE cluster with network policies enabled. This can be done by clicking the Enable network policy checkbox available under Availability, networking, security, and additional features section. After the cluster is up and running, we can check for Calico Pods deployed as a part of Daemonset in the kube-system namespace. Let’s download the calicoctl, Calico’s CLI to explore the environment further. We need to point calicoctl to etcd endpoints of GKE cluster. This can be done with the below settings: Now, let’s go ahead and deploy one of the samples provided by Project Calico. Run the below commands to deploy the application. You can download the YAML files from Project Calico’s http://mi2.live. The post Tutorial: Explore Project Calico Network Policies with Google Kubernetes Engine appeared first on The New Stack.

AT&T Lobs White Box Router Design at OCP

5G: Easy Please for Enterprises Say Verizon, IBM, Qualcomm

Stuff The Internet Says On Scalability For September 27th, 2019

Wake up! It's HighScalability time:

 

Nifty diagram of what testing looks like in an era or progressive delivery. (@alexsotob, @samnewman)

Do you like this sort of Stuff? I'd greatly appreciate your support on Patreon. I wrote Explain the Cloud Like I'm 10 for all who want to understand the cloud. On Amazon it has 55 mostly 5 star reviews (131 on Goodreads). They'll thank you for changing their life forever.

Number Stuff:

Don't miss all that the Internet has to say on Scalability, click below and become eventually consistent with all scalability knowledge (which means this post has many more items to read so please keep on reading)...

The Role of South Asia’s NOGs in Community Building

At the recently concluded 34th South Asia Network Operators Group (SANOG 34), it was interesting not only to hear about the evolution of digital infrastructure, technology, and the economy in South Asia, including the opportunities it presents to network operators, but also to hear how community-led national Network Operating Groups (NOGs) in South Asia are working to build technical community knowledge, capacity, and engagement in their respective economies.

SANOG, which was set up as a sub-regional, community-led initiative in 2003, has played a significant role in bringing operators from the region together for knowledge sharing and cooperation. It is a biannual event, rotated among economies for maximum reach and participation.

While the NOGs of developed economies in the Asia Pacific began forming in the late 1990s, the NOGs in South Asia are quite recent: Bangladesh (bdNOG) and Bhutan (btNOG) were set up in 2014; Nepal (npNOG) in 2016; Sri Lanka (LKNOG) in 2017; and India (INNOG) in 2017.

The objectives of these NOGs are to encourage knowledge sharing within their respective economies and discuss global and regional technical developments, while addressing local requirements and issues. This, in turn, helps members Continue reading

Designing Your First Application in Kubernetes, Part 5: Provisioning Storage

In this blog series on Kubernetes, we’ve already covered:

1. The basic setup for building applications in Kubernetes
2. How to set up processes using pods and controllers
3. Configuring Kubernetes networking services to allow pods to communicate reliably
4. How to identify and manage the environment-specific configurations to make applications portable between environments

In this series’ final installment, I’ll explain how to provision storage to a Kubernetes application. 

Step 4: Provisioning Storage

The final component we want to think about when we build applications for Kubernetes is storage. Remember, a container’s filesystem is transient, and any data kept there is at risk of being deleted along with your container if that container ever exits or is rescheduled. If we want to guarantee that data lives beyond the short lifecycle of a container, we must write it out to external storage.

Any container that generates or collects valuable data should be pushing that data out to stable external storage. In our web app example, the database tier should be pushing its on-disk contents out to external storage so they can survive a catastrophic failure of our database pods.

Similarly, any container that requires the provisioning of a lot of data should be getting Continue reading