Shannon McFarland discusses IPv6 and container networking on today's IPv6 Buzz podcast episode. We look at the state of v6 support in containers and orchestration platforms, how v6 addressing works with containers, the role of service meshes, and much more.
The post IPv6 Buzz 028: Are Container Networks Ready For IPv6? appeared first on Packet Pushers.
The following summarizes a root privilege escalation vulnerability that I identified in A10 ACOS ADC software. This was disclosed to A10 Networks in June 2016 and mitigations have been put in place to limit exposure to the vulnerability.
SUMMARY OF VULNERABILITY
Any user assigned sufficient privilege to upload an external health monitor (i.e a script) and reference it from a health monitor can gain root shell access to ACOS.
At this point, I respectfully acknowledge Raymond Chen’s wise words about being on the other side of an airtight hatch; if the malicious user is already a system administrator or has broad permissions, then one could argue that they could already do huge damage to the ADC in other ways. However, root access could allow that user to install persistent backdoors or monitoring threats in the underlying OS where other users can neither see nor access them. It could also allow a partition-level administrator to escalate effectively to a global admin, by way of being able to see the files in every partition on the ADC.
SOFTWARE VERSIONS TESTED:
This vulnerability was originally discovered and validated initially in ACOS 2.7.2-P4-SP2 and is present in 4.x as Continue reading
One of my subscribers sent me an interesting puzzle:
>One of my colleagues configured a single-area OSPF process in a customer VRF customer, but instead of using area 0, he used area 123 nssa. Obviously it works, but I was thinking: “What the heck, a single OSPF area MUST be in Area 0”
Not really. OSPF behaves identically within an area (modulo stub/NSSA behavior) regardless of the area number…
Read more ...Recently I’ve been pondering the idea of cloud-like method of consumption of traditional (physical) networks. My main premise for this was that users of a network don’t have to wait hours or days for their services to be provisioned when all that’s required is a simple change of an access port. Let me reinforce it by an example. In a typical data center network, the configuration of the core (fabric) is fairly static, while the config at the edge can change constantly as servers get added, moved or reconfigured. Things get even worse when using infrastructure-as-code with CI/CD pipelines to generate and test the configuration since it’s hard to expose only a subset of it all to the end users and it certainly wouldn’t make sense to trigger a pipeline every time a vlan is changed on an edge port.
This is where Network-as-a-Service (NaaS) platform fits in. The idea is that it would expose the required subset of configuration to the end user and will take care of applying it to the devices in a fast and safe way. In this series of blogposts I will describe and demonstrate a prototype of such a platform, implemented on top of Continue reading
In this episode, you’ll hear from Andre Kindness, Principal Analyst, Forrester Research; Jeff...
Cisco is pushing network operators to view 5G as an opportunity to design their networks around the...
The Spain-based telecom giant plans to offer the service through a virtual network function...
The endpoint security company, founded by former McAfee executives, sold 18 million shares priced...
The company's Crosswalk open source framework "codifies" AWS best practices into a single platform.
I’ve been looking at security cameras recently, in part because my home owners association needs to upgrade the system which monitors some of the amenities. We want motion detection features and, obviously, remote access to view live cameras and recorded footage without having to go to the location. Unfortunately there’s a gap in the market which seems to be exactly where I’m looking. Cisco Meraki may have just stepped in and bridged that gap.
Over the last few years, a wide variety of small security cameras have become available, any of which which at first glance would appear suitable. These include products like Netgear’s Arlo, Amazon’s Blink, Google’s Nest Cam and more. After some brief testing, however, I’m a little less convinced that they are what we’re looking for. It sounds silly to say it, because it’s not like this is something they hide, but these products are all aimed at the home user market. Dashboard logins are single user, based on an email address and the web interfaces may not work well for much more than five or so cameras. The camera choices are fairly limited, and as they’ll be streaming their Continue reading
May is well in the books and summer seems to be in full swing with recent heatwaves across the country. Since we know life can get pretty busy and you may have missed some of May’s great content, we’ve rounded up some of our favorite podcasts, blog posts, and articles for you here. So settle in, hopefully, stay cool, and get ready for all things open networking!
From Cumulus Networks:
Minipack Highlight Video from OCP Summit: Listen to Brian O’Sullivan & Michael Lane, VP of Business Development at Edgecore Networks discuss the recently launched Minipack, open, modular switch.
Kernel of Truth season 2 episode 7: Certifications: Listen as we discuss the value of certifications, if any, what works for certifications and what doesn’t, who should be taking certifications and more!
Installing Cumulus packages on air-gapped equipment: Check out this excerpt to help you get additional packages into an air-gapped environment for the install where you don’t have a repo or mirror available to pull from.
ngrok on Cumulus Linux: If you have a good idea of what ngrok is and what it does, here are step-by-step instructions for turning up ngrok ssh services on Cumulus Linux.
What's it like using serverless in production? We answer that question in this Day Two Cloud podcast with guest Robb Schiefer, who's running a live application on AWS Lambda for a healthcare company. We talk about why the organization adopted serverless, how they chose AWS, and how DevOps practices are key for ongoing operations.
The post Day Two Cloud 011: Going All In On Serverless And DevOps appeared first on Packet Pushers.
There are two trends converging in AI inference and so far, only a small number of companies are enmeshed. …
Will Analog AI Make Mythic a Unicorn? was written by Nicole Hemsoth at .
Cooperation has been key to expanding Internet access around the globe. Ten years ago, the African region created AfPIF, a space focused on collaboration about among regional actors on topics related to peering and interconnection. Inspired by that project, in 2014 I approached Bevil Wooding to create a similar space for the Caribbean.
In recent years, the Caribbean has been losing its traditional industries, such as sugar and banana production. In this context, the Internet can be seen as a good opportunity to leverage the local economy. Fortunately, the idea gained the support of the Caribbean Telecommunications Union (CTU) and the Caribbean Network Operators Group (CaribNOG). That’s how the Caribbean Peering and Interconnection Forum (CarPIF) was born.
From its inaugural meeting in 2015, CarPIF has sought to bring together key infrastructure, service, and content providers to improve network interconnection, lower the cost of connectivity, and increase the number of Internet users and services in the Caribbean. This year, the meeting will be held from 12 to 13 June in Grenada, with the aim of highlight the active role played by the Organization of Eastern Caribbean States (OECS) in the successful deployment of Internet Continue reading