Campus design feature set-up : Part 4

In case you’ve missed the first three blogs, I’ve been showing you how to set up the CL 3.7.5 campus feature: Multi-Domain Authentication. This is a 6-part blog series and we’re officially past the half-way point.

In blogs 1-3 we covered Wired 802.1x using Aruba ClearPass, Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass. We’ll also have guides for Wired 802.1x using Cisco ISE, Wired MAC Authentication using Cisco ISE, and Multi-Domain Authentication using Cisco ISE. So yes, we’ve got all the bases covered.

In this fourth guide, I’ll be sharing how to enable wired 802.1X authentication in Cumulus Linux 3.7.5+ using Cisco ISE (Identity Services Engine) 2.4 Patch 8.

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Cisco ISE.

Cisco ISE Configuration:

1. Add a Cumulus Switch group to Cisco ISE:

First, we are going to add a Network Device Group to Cisco ISE:

Administration > Network Resources > Network Device Groups. Click the “+Add” button

Make sure to set the “Parent Group” to “All Device Types.” The result will look like the following:

2. Adding Continue reading

It’s time for the IoT to ‘optimize for trust’

One of the strengths of internet of things (IoT) technology is that it can do so many things well. From smart toothbrushes to predictive maintenance on jetliners, the IoT has more use cases than you can count. The result is that various IoT uses cases require optimization for particular characteristics, from cost to speed to long life, as well as myriad others.But in a recent post, "How the internet of things will change advertising" (which you should definitely read), the always-insightful Stacy Higginbotham tossed in a line that I can’t stop thinking about: “It's crucial that the IoT optimizes for trust."To read this article in full, please click here

When should you use IPv6 PA space?

I was reading RFC8475 this week, which describes some IPv6 multihoming ‘net connection solutions. This set me to thinking about when you should uses IPv6 PA space. To begin, it’s useful to review the concept of IPv6 PI and PA space.

PI, or provider independent, space, is assigned by a regional routing registry to network operators who can show they need an address space that is not tied to a service provider. These requirements generally involve having a specific number of hosts, showing growth in the number of IPv6 addresses used over time, and other factors which depend on the regional registry providing the address space. PA, or provider assigned, IPv6 addresses can be assigned by a provider from their PI pool to an operator to which they are providing connectivity service.

There are two main differences between these two kinds of addresses. PI space is portable, which means the operator can take the address space when them when they change providers. PI space is also fixed; it is (generally) safe to use PI space as you might private or other IP address spaces; you can assign them to individual subnets, hosts, etc., and count on them remaining the Continue reading

The Week in Internet News: Germany Considers Banning Encryption on Chat Apps

Transparent chatting: The German Ministry of the Interior is considering new regulations that would ban end-to-end encryption on chat apps, The Register reports. The proposed rules would require operators of chat services to provide plain-text records of users’ chats under court order. Meanwhile, by saying it sometimes needs access to user communications, Facebook is creating a blueprint for German officials, Forbes says.

No, thanks: In other anti-encryption news, the U.K. Government Communications Headquarters, or GCHQ, has issued its own proposal to allow spy agencies to listen into chat and other encrypted communications. But U.S. tech companies, cryptography experts, and human rights groups, lined up in opposition to the proposal, notes Fortune. The Internet Society has also added its name to the letter.

Attacking encryption another way: Meanwhile, a new study suggests a quantum computer could break 2048-bit RSA encryption in about eight hours, reports the MIT Technology Review. The researchers “have found a more efficient way for quantum computers to perform the code-breaking calculations, reducing the resources they require by orders of magnitude.”

No need to ban encryption on the IoT: At the risk of this being too encryption-focused this week, we look at one more related story: Continue reading

Network Break 237: Standards Bodies About-Face On Huawei; Will China’s Military Dump Windows?

Today's Network Break podcast examines the latest twists in the Huawei vs. USA battle, speculates on China's threat to ban Windows from military computers, explores a new telemetry feature from Mellanox, discusses Google's moves to deprecate ad-blocking features in Chrome, and more tech news.

The post Network Break 237: Standards Bodies About-Face On Huawei; Will China’s Military Dump Windows? appeared first on Packet Pushers.

Grafana and Influx – Infrastructure Engineers Language

If you want to understand what Infra engineer speaks and use a tool provided by them you need to have some exposure to the tool itself, you don’t have to be an expert.

 

Monitoring systems that I see nowadays are mostly centric around Prometheus while the Database used for storing any time-series events is InfluxDB. How do you actually map beautifully, its via Grafana

Grafana – https://grafana.com/

Influxdb – https://www.influxdata.com/

Prometheus – https://prometheus.io/

Now the problem here is that many tools are programmed on a daily basis, from a Network Engineer point of view I understood a few things. 

Not everything you need to know the end to end like an Expert for that tool and some choices is purely based on Cost than anything else. 

How would you really understand this? I set up a BME680 sensor in my home and will precisely use Grafana and Influx to map the recordings

Tools Used 

https://learn.adafruit.com/adafruit-bme680-humidity-temperature-barometic-pressure-voc-gas

Raspberry Pi 3

Docker Images – Grafana and Influx

Sample Influx Script – https://github.com/yukthr/auts/blob/master/random_programs/influx-test.py

And finally Beautiful Grafana

All of this is open source and are not hard after the invent of Docker. Give Continue reading

Know Thy Environment Before Redesigning It

A while ago I had an interesting consulting engagement: a multinational organization wanted to migrate off global Carrier Ethernet VPN (with routers at the edges) to MPLS/VPN.

While that sounds like the right thing to do (after all, L3 must be better than L2, right?) in that particular case they wanted to combine the provider VPN with Internet-based IPsec VPN… and doing that in parallel with MPLS/VPN tends to become an interesting exercise in “how convoluted can I make my design before I give up and migrate to BGP”.

Read more ...

Continuous integration of machine learning models with ease.ml/ci

Continuous integration of machine learning models with ease.ml/ci: towards a rigorous yet practical treatment Renggli et al., SysML’19

Developing machine learning models is no different from developing traditional software, in the sense that it is also a full life cycle involving design, implementation, tuning, testing, and deployment. As machine learning models are used in more task-critical applications and are more tightly integrated with traditional software stacks, it becomes increasingly important for the ML development life cycle also to be managed following systematic, rigit engineering discipline.

I didn’t find this an easy paper to follow at all points, but the question it addresses is certainly interesting: what does a continuous integration testing environment look like for a machine learning model? ease.ml/ci is a CI system for machine learning, and it has to take into account two main differences from a regular CI test suite:

  1. Machine learning is inherently probabilistic , so test conditions are evaluated with respect to an (\epsilon, \delta) -reliability requirement, where (1-\delta) is the probability of a valid test, and \epsilon is the error tolerance.
  2. By getting pass/fail feedback from the CI server, the model can adapt to the test set used in the CI environment, leading to it Continue reading
1 1,171 1,172 1,173 1,174 1,175 3,793