SD-WAN Must Tackle the Multidomain Problem

Chris Wade Chris Wade serves as the co-founder and CTO of Itential, a network automation software company focused on simplifying and accelerating the adoption of network automation and transforming network operations practices. SD-WAN (software-defined networking in a wide area network) was originally touted as a way to leverage both private (MPLS) and public (internet) networks to route traffic to the most appropriate network. Over time, SD-WAN has evolved and enabled the acceleration for more innovative services. In an effort to extend SD-WAN into a multicloud reality, SD-WAN 2.0 enhances security and analytics while connecting innovation at the edge with application and cloud concepts. While we have seen tremendous innovation in the cloud ecosystems, network and application domains are adopting similar concepts to build software-centric, programmable networks. Given these applications and networks now span clouds, data centers, WANs, LANs, and edge, the automation of networks should be viewed as a Multidomain problem. Each domain has unique challenges which should be automated locally while providing an end-to-end capability to align with the target network reality. Applications and services are becoming more distributed and require connectivity and policy enforcement across a variety of domains. Whether it is zero-trust security, intelligent network automation, Continue reading

BrandPost: Know the True Business Drivers for SD-WAN

If a software-defined WAN (SD-WAN) vendor calls you up and says you need their product because it will help you save money, hang up the phone. Okay, maybe you shouldn’t hang up the phone—but you should at least tell him that he’s selling his product wrong.It’s true that the early conversations about SD-WAN were all about cost savings, and those promised cost savings were to come via replacing MPLS with internet connectivity. To some extent, SD-WAN definitely delivers on this promise. That being said, saving money is not the real business driver for SD-WAN.To read this article in full, please click here

BrandPost: Do-it-Yourself SD-WANs: No Shortage of Complexity

With interest in software-defined wide-area networks (SD-WAN) heating up, companies are facing a key question: can they implement SD-WAN themselves or do they need a service provider to help?It’s a rather loaded question, with many issues to consider if you elect to go the do-it-yourself (DIY) route. In this post, we’ll examine some of the highest hurdles you’ll have to get over if you decide to DIY; paint a picture of what sort of company may be able to tackle an SD-WAN project; and define who will be better off with a managed service.To read this article in full, please click here

REST API 1. Basics cheat sheet (Ansible, Bash, Postman, and Python) for GET using NetBox and Docker as examples

Hello my friend,

There was a small pause with the blogposts caused by heavy load I had with the ongoing projects. However, I hope you enjoyed watching some videos I have prepared for you with the awesome guests. Today we are going to discuss some details about REST API using Digital Ocean NetBox and Docker as examples.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Brief description

The REST API was already extensively used in my previous articles about the Data Centre Fabric project such as NetBox integration with the Infrastructure Enabler Stack, monitoring of the network infrastructure using Telegraf/InfluxDB/Grafana or closed-loop automation with Kapacitor. Nevertheless, we haven’t discussed how to work with the REST API itself.

In terms of using the Web applications, there are four main action types forming CRUD abbreviation:

  • C – CREATE is an action type, which creates the entry within the application database.
  • R – READ is an action type, which extract the existing information out of the Continue reading

The Song Remains The Same

RedHat-IBM-Announcement

Now that Red Hat is a part of IBM, some people may wonder about the future of the Ansible project. Here is the good news: the Ansible community strategy has not changed.

As always, we want to make it as easy as possible to work with any projects and communities who want to work with Ansible. With the resources of IBM behind us, we plan to accelerate these efforts. We want to do more integrations with more open source communities and more technologies.

One of the reasons we are excited for the merger is that IBM understands the importance of a broad and diverse community. Search for “Ansible plus <open source project>” and you can find Ansible information, such as playbooks and modules and blog posts and videos and slide decks, intended to make working with that project easier. We have thousands of people attending Ansible meetups and events all over the world. We have millions of downloads. We have had this momentum because we provide users flexibility and freedom. IBM is committed to our independence as a community so that we can continue this work.

We’ve worked hard to be good open source citizens. We value the trust Continue reading

Network Break 243: Zoom Changes Tone On Security Vulnerabilities; Cisco Spends $2.6 Billion For Acacia

Today's Network Break analyzes Zoom's change of course on security vulnerabilities, discusses the reasons behind Cisco's multibillion acquisition of Acacia, examines IBM's closing of its Red Hat purchase, and more tech news.

The post Network Break 243: Zoom Changes Tone On Security Vulnerabilities; Cisco Spends $2.6 Billion For Acacia appeared first on Packet Pushers.

The Week in Internet News: Amazon, Microsoft Look to Expand Internet Access

More access, please: Two large tech companies have announced plans to expand Internet access. First, Microsoft and Ohio-based telecom firm Watch Communications have announced an agreement to extend broadband service to underserved areas in Ohio, Indiana, and Illinois, the Associated Press reports, via the Jacksonville Journal Courier. The project is part of Microsoft’s Airband Initiative, an effort to expand service across the U.S.

Look to the sky: Secondly, Amazon has asked the U.S. Federal Communications Commission for permission to launch more than 3,200 satellites, with plans to launch a global broadband network, Smart Cities Dive says. The Amazon plan would target underserved areas across the globe as well as aircraft, ships, and submarines.

That’s a long time without service: More than 350 Internet shutdowns during the last three years have caused the equivalent of 15 years of lost access, The Telegraph reports. About two-third of those shutdowns were in India, and protests or political instability were the reasons for the government actions, according to a report from Access Now.

Warning shot: Two companies, British Airways and Marriott, are facing nine-figure fines (in U.S. dollars) under the European Union’s General Data Protection Regulation for past data breaches Continue reading

Service-defined Firewall Benchmark and Solution Architecture

Today we are happy to introduce the Service-defined Firewall Validation Benchmark report and Solution Architecture document. Firewalls and firewalling technology have come a very long way in thirty years. To understand how VMware is addressing the demands of modern application frameworks, while addressing top concerns for present day CISO’s, let’s take a brief look at the history of this technology.

 

A Brief Firewall History

Over time, the network firewall has grown up, from initially being very basic to more advanced with the inclusion of additional features and functionality. The network firewall incrementally incorporated increasingly complex functionality to address many threats in the modern security landscape.

While the network firewall initially progressed rapidly to keep pace with the development of network technology and rapid evolution of network threat vectors, over the past decade there has been very little in terms of innovation in this space. The requirements of next-generation (NGFW) haven’t changed tremendously since its late 2000’s introduction to the market, and with the uptick in adoption of modern micro-services based architectures into the modern enterprise, applications are becoming more and more distributed in nature, with growing scale and security concerns around the ephemeral nature of the infrastructure.

Micro-services, which Continue reading

Data Shapley: equitable valuation of data for machine learning

Data Shapley: equitable valuation of data for machine learning Ghorbani & Zou et al., ICML’19

It’s incredibly difficult from afar to make sense of the almost 800 papers published at ICML this year! In practical terms I was reduced to looking at papers highlighted by others (e.g. via best paper awards), and scanning the list of paper titles looking for potentially interesting topics. For the next few days we’ll be looking at some of the papers that caught my eye during this process.

The now somewhat tired phrase “data is the new oil” (something we can consume in great quantities to eventually destroy the world as we know it???) suggests that data has value. But pinning down that value can be tricky – how much is a given data point worth, and what framework can we use for thinking about that question?

As data becomes the fuel driving technological and economic growth, a fundamental challenge is how to quantify the value of data in algorithmic predictions and decisions…. In this work we develop a principled framework to address data valuation in the context of supervised machine learning.

One of the nice outcomes is that once you’ve understood Continue reading

BrandPost: The Latest in Innovation in the SD-WAN Managed Services Market

As enterprisesincreasingly focus on improving network performance to support applications and deliver a better customer experience, SD-WAN solutions are in the spotlight. One of the key components of providing ongoing IT support is ensuring that networks have the agility needed to adapt to changing business priorities at speed.In one recent IDG survey, 91% of enterprises that implemented SD-WAN technologies saw an increase in network speed. SD-WAN managed services have come to the forefront as a choice that allows enterprises to capture the benefits of SD-WAN, along with the expertise to make the most of the technology. Solutions offer access to the knowledge needed to design, deploy and manage SD-WAN networks, while letting the enterprise maintain visibility and control as desired.To read this article in full, please click here

Arista BGP FlowSpec


The video of a talk by Peter Lundqvist from DKNOG9 describes BGP FlowSpec, use cases, and details of Arista's implementation.

FlowSpec for real-time control and sFlow telemetry for real-time visibility is a powerful combination that can be used to automate DDoS mitigation and traffic engineering. The article, Real-time DDoS mitigation using sFlow and BGP FlowSpec, gives an example using the sFlow-RT analytics software.

EOS 4.22 includes support for BGP FlowSpec. This article uses a virtual machine running vEOS-4.22 to demonstrate how to configure FlowSpec and sFlow so that the switch can be controlled by an sFlow-RT application (such as the DDoS mitigation application referenced earlier).

The following output shows the EOS configuration statements related to sFlow and FlowSpec:
!
service routing protocols model multi-agent
!
sflow sample 16384
sflow polling-interval 30
sflow destination 10.0.0.70
sflow run
!
interface Ethernet1
   flow-spec ipv4 ipv6
!
interface Management1
   ip address 10.0.0.96/24
!
ip routing
!
router bgp 65096
   router-id 10.0.0.96
   neighbor 10.0.0.70 remote-as 65070
   neighbor 10.0.0.70 transport remote-port 1179
   neighbor 10.0.0.70 send-community extended
   neighbor 10.0.0.70 maximum-routes 12000 
   !
   address-family flow-spec ipv4
      neighbor 10.0.0.70  Continue reading
1 1,141 1,142 1,143 1,144 1,145 3,793