DC 15. Segment-routing/MPLS on the data centre white box switch and VNF/PNF networking (Nokia, Cisco and Mellanox/Cumulus).

Hello my friend,

the article today would be very special because of three following points. First of all, we’ll talk about the segment routing, which is the leading technology today for building service providers and emerging for DC. Second, you will learn how to connect VNFs with the real network devices. Third, we will fork Cumulus Linux with modified FRR. Thrilled? Let’s go!

Join Network Automation Expert Course
Join Network Automation Expert Course


1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests. Additional thank to Anton Degtyarev from Cumulus for consulting me on FRR details.

Disclaimer

This blogpost is the continuation of the previous, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.

Continue reading

Network Automation Beyond Configuration Templating

Remember Nicky Davey describing how he got large DMVPN deployment back on track with configuration templating? In his own words…:

Configuration templating is still as big win a win for us as it was a year ago. We have since expanded the automation solution, and reading the old blog post makes me realise how far we have come. I began working with this particular customer in May 2017, so 2 years now. At that time the new WAN project was on the horizon and the approach to network configuration was entirely manual.

Here’s how far he got in the meantime:

Read more ...

A New Twist On PCI-Express Switching For The Datacenter

While there are plenty of distributed applications that are going to chew through the hundreds of gigabits per second of bandwidth per port that modern Ethernet or InfiniBand ASICs deliver inside of switches, there are still others that might benefit from having a more streamlined stack that is also more malleable and composable.

A New Twist On PCI-Express Switching For The Datacenter was written by Timothy Prickett Morgan at The Next Platform.

Silver Peak Surpasses 1,500 SD-WAN Deployments

Silver Peak’s EdgeConnect SD-WAN platform this week surpassed 1,500 customer deployments just...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

3 Layers to Defend Your Kubernetes Workloads

Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid HTTP/2 traffic. While HTTP/2 is a relatively new protocol it should be noted that even after several years of hardening we still see vulnerabilities for the TCP protocol like the recently reported SACK vulnerability.

 

Vulnerability Scanning and Patching

So how do we ensure that Kubernetes workloads are protected from these types of vulnerabilities? 

Security researchers work to identify new vulnerabilities and then help developers develop security patches. You can apply those patches to keep your software secure from the lastest known vulnerabilities.

The simple answer then is to scan workload images and patch your software and update your software to use the latest patches. However, that approach essentially means you have to wait for the next attack and then will need to repeat the cycle. While this works, it is not sufficient and quite disruptive to implement as we play into the hands of the adversaries where they are working on the next vulnerability while Continue reading

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

Single Sign-On for Kubernetes: Dashboard Experience

Over my last two posts (part 1 and part 2), I have investigated user authentication in Kubernetes and how to create a single sign-on experience within the Kubernetes ecosystem. So far I have explained how Open ID Connect (OIDC) works, how to get started with OIDC and how to perform a login from the command line.

The final piece of this puzzle is the Kubernetes dashboard, often used by our engineers alongside kubectl. To complete our move to SSO, we wanted to ensure that, when using the Dashboard, our engineers logged in to the same account they used for kubectl.

Since Kubernetes version 1.7.0, the dashboard has had a login page. It allows users to upload a kubeconfig file or enter a bearer token. If you have already logged into the command line, this allows you to copy the OIDC id-token from your kubeconfig file into the bearer token field and login. There are, however, a couple of problems with this:

  • The login page has a skip button — If you aren’t using any authorization (RBAC) then this would permit anyone to access the dashboard with effective admin rights.
  • Copy and pasting a token from a Continue reading

Day Two Cloud 019: Building Your First CI/CD Pipeline

CI/CD. You’ve got a vague notion of what it might be. Then you're asked to help the dev team put together an automated delivery process for a cloud app. How you do get from CI/CD as a concept to making it a reality? That's the subject of today's Day Two Cloud podcast with guest Nathaniel Avery.

The post Day Two Cloud 019: Building Your First CI/CD Pipeline appeared first on Packet Pushers.

Scripting is the Wrong Approach to Automating Networks

Olivier Huynh Van Olivier Huynh Van is the CTO and co-founder of Gluware and leads the Gluware R&D team. Olivier has spent 20+ years designing and managing mission-critical global networks for such organizations as ADM Investor Services, Groupe ODDO & Cie, Natixis, Oxoid and Deutsche Bank. He holds a Master’s Degree in Electronics, Robotics and Information Technology from ESIEA in Paris, France. In the race to keep up with swiftly moving digital currents, enterprises are in search of ways to automate their networks. They want to remove complexity and make changes to their networks quickly and effectively. Vendors are offering a variety of scripting approaches to network management that are open-source. The use of scripts in DevOps has been effective since they are generally run on consistent operating systems and compute platforms. The industry is now trying to push scripting on NetOps, but it is much harder due to the variation of vendors, operating systems and hardware platforms used in the networking layer. Scripts may provide a quick fix, but they are not reliable over time and not a long-term strategic solution. In addition, these approaches may be risky, as they could lead to costly errors and network outages. For Continue reading

Can McAfee Sell Its Security Story In a World Without Firewalls?

The vendor kicked off its annual Mpower Cybersecurity Summit with a new analytics tool that aims to...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

How Carnival Corporation Creates Customized Guest Experiences with Docker Enterprise

Regal Princess cruise ship. Photo by Jamie Morrison on Unsplash

When you get on a cruise ship or go to a major resort, there’s a lot happening behind the scenes. Thousands of people work to create amazing, memorable experiences, often out of sight. And increasingly, technology helps them make those experiences even better.

We sat down recently with Todd Heard, VP of Infrastructure at Carnival Corporation, to find out how technology like Docker helps them create memorable experiences for their guests. Todd and some of his colleagues worked at Disney in the past, so they know a thing or two about memorable experiences.

Here’s what he told us. You can also catch the highlights in this 2 minute video:

On Carnival’s Mission

Our goal at Carnival Corporation is to provide a very personalized, seamless, and customized experience for each and every guest on their vacation. Our people and technology investments are what make that possible. But we also need to keep up with changes in the industry and people’s lifestyles.

On Technology in the Travel Industry and Customized Guest Experiences

One of the ironies in the travel industry is that everybody talks about technology, but the technology should be invisible Continue reading

Kubernetes Latest Flaw a ‘Billion Laughs’ … Not

The vulnerability can allow someone to launch a denial-of-service attack against a Kubernetes API...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Rubrik CEO: ‘We’re Not for Sale’

"I want to make it unequivocally clear that Rubrik is not for sale," wrote Rubrik CEO Bipul Sinha...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

SDxCentral’s Top 10 Articles — September 2019

VMware CEO: IBM Paid Too Much for Red Hat; AT&T, Sprint, & Cisco Execs Dump Cold Water on...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

U.S. Cellular Sparks 5G Plans

The nation’s fifth-largest mobile operator says parts of Iowa and Wisconsin will gain access to...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Serverlist Sept. Wrap-up: Static sites, serverless costs, and more

Serverlist Sept. Wrap-up: Static sites, serverless costs, and more

Check out our eighth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

BrandPost: Westcon-Comstor Builds a more Visible WAN

For Michael Soler, a senior infrastructure manager at Westcon-Comstor, a major IT distributor, moving to a software-defined wide-area network (SD-WAN) was as much about taking control of the network as it was about saving money.The move accomplished both, according to Soler. “It’s been a very successful story,” says Soler. “We have gained visibility, and this means control. I can see which users are using which applications, and we can look at bandwidth. We wanted to save money and we greatly succeeded.”Of course, there is more to the story than that. Soler says moving to an SD-WAN platform, built by Silver Peak, accomplished many goals at once. These included:To read this article in full, please click here

1 1,141 1,142 1,143 1,144 1,145 3,849