The most interesting thing about Hewlett Packard Enterprise has nothing to do with its many products in compute, storage, and networking, or even its recent $1.3 billion deal to acquire supercomputer maker Cray. …
Selling Distributed Public Cloud, One Rack At A Time was written by Timothy Prickett Morgan at .
Last week I explained how you could take a typical first attempt at a network automation data model and reduce the amount of duplicate data… but the data model we used was still describing a set of seemingly disconnected boxes.
How about restructuring the whole thing and describing what networks really are - graphs made of nodes (network devices) and links?
CheriABI: enforcing valid pointer provenance and minimizing pointer privilege in the POSIX C run-time environment Davis et al., ASPLOS’19
Last week we saw the benefits of rethinking memory and pointer models at the hardware level when it came to object storage and compression (Zippads). CHERI also rethinks the way that pointers and memory work, but the goal here is memory protection. The scope of the work stands out as particularly impressive:
We have adapted a complete C, C++, and assembly-language software stack, including the open source FreeBSD OS (nearly 800 UNIX programs and more than 200 libraries including OpenSSH, OpenSSL, and bsnmpd) and PostgreSQL database, to employ ubiquitous capability-based pointer and virtual-address protection.
The protections are hardware implemented and cannot be forged in software. The process model, user-kernel interactions, dynamic linking, and memory management concerns are all in scope, and the protection spans the OS/DBMS boundary.
The basic question here is whether it is practical to support a large-scale C-language software stack with strong pointer-based protection… with only modest changes to existing C code-bases and with reasonable performance cost. We answer this question affirmatively.
That ‘reasonable’ performance cost is a 6.8% slowdown, significantly better than e. Continue reading
The final countdown: After two delays, SpaceX has launched a rocket containing 60 satellites designed to deliver broadband to Earth-bound people, Marketwatch reports. SpaceX plans to eventually deploy up to 12,000 satellites in an effort to provide broadband service across the globe. SpaceX sees the satellite network as a way to fund future Mars missions.
Banning rural broadband: Moves by U.S. President Donald Trump’s administration to ban products from Chinese telecom hardware company Huawei may hurt rural broadband access, Phys.org says. Many small broadband and mobile providers serving rural areas use inexpensive telecom equipment from Huawei and other Chinese companies.
The (un)connected tractor: Meanwhile, the U.S. is far from the only country facing challenges with rural broadband. Farmers in Brazil often lack access, Reuters reports. Even as many pieces of new farm equipment require Internet access, less than 10 percent of Brazilian farms are connected, according to one estimate.
Dividing line: The Internet is dividing between a Chinese and a Western view of how it should operate, says ABC.net.au. And Chinese companies, aided by their government, are spreading their technologies and philosophies across the globe, the story suggests.
Expensive bugs: An 11-year-old laptop loaded with Continue reading
Notice
This guide is an updated version of a previous edition. If you need to target distributions older than Debian Stretch and Ubuntu Bionic, please have a look at the older version instead.
While the creation of Debian packages is abundantly documented, most tutorials are targeted to packages implementing the Debian policy. Moreover, Debian packaging has a reputation of being unnecessarily difficult1 and many people prefer to use less constrained tools2 like fpm or CheckInstall.
However, building Debian packages with the official tools can become straightforward if you bend some rules:
No source package will be generated. Packages will be built directly from a checkout of a VCS repository.
Additional dependencies can be downloaded during build. Packaging individually each dependency is a painstaking work, notably when you have to deal with some fast-paced ecosystems like Java, Javascript and Go.
The produced packages may bundle dependencies. This is likely to raise some concerns about security and long-term maintenance, but this is a common trade-off in many ecosystems, notably Java, Javascript and Go.
If you run connections to the ‘net at any scale, even if you are an “enterprise” (still a jinxed term, IMHO), you will quickly find it would be very useful to have a time series record of the changes in BGP at your edge. Even if you are an “enterprise,” knowing what changes have taken place in the routes your providers have advertised to you can make a big difference in tracking down an application performance issue, or knowing just when a particular service went off line. Getting this kind of information, however, can be difficult.
BGP is often overloaded for use in data center fabrics, as well (though I look forward to the day when the link state alternatives to this are available, so we can stop using BGP this way). Getting a time series view of BGP updates in a fabric is often crucial to understanding how the fabric converges, and how routing convergence events correlate to application issues.
One solution is to set up the BGP Monitoring Protocol (BMP—an abbreviation within an abbreviation, in the finest engineering tradition).
BMP is described in RFC7854 as a protocol intended to “provide a convenient interface for obtaining route views.” Continue reading
In this post I will introduce and showcase how security groups can be used to enable certain scenarios.
Security groups allow fine-grained access control to - and from - the oVirt VMs attached to external OVN networks.
The Networking API v2 defines security groups as a white list of rules - the user specifies in it which traffic is allowed. That means, that when the rule list is empty, neither incoming nor outgoing traffic is allowed (from the VMs perspective).
A demo recording of the security group feature can be found below.
.
This repo adds tools, and information on how to use them, to help manage the security groups in oVirt, since currently there is no supported mechanism to provision security groups, other than the REST API, and ManageIQ. ManageIQ also doesn't fully support security groups, since it lacks a way to attach security groups to logical ports.
In the following links you can also find playbooks that can be built upon to reach different types of scenarios.
From the year 2000, sharing it just because
The post Frame Relay Forum – Basics Guide to Frame Relay Networking appeared first on EtherealMind.
Today's Network Break dives into the ongoing battle of U.S. vs. Huawei, discusses DNS research from RIPE 78, explores new switch capabilities and telemetry from Mellanox, and more tech news.
The post Network Break 236: US Tech Firms Suspend Biz With Huawei; Mellanox Amps Up Ethernet Switches appeared first on Packet Pushers.
There are almost as many open source groups and projects working on edge computing as there are...
The post Network Traffic Analysis and Alerting based on NetFlow appeared first on Noction.
More than a decade ago I decided to start a pet project: a blog describing interesting details of networking technologies. The idea quickly morphed into vendor-neutral webinars - the first one took place in February 2010. A year or two later I had my first guest speaker and as of today we had more than 50 industry experts participating in ipSpace.net webinars and online courses.
In the meantime the ipSpace.net team grew: I had video and audio editors for years, Irena Marčetič took over marketing, logistics, and production in 2018, and we got a team of webinar moderators that will help us with guest speaker webinars (last week we ran the first guest speaker webinar where I didn’t have to be involved - hooray ;)
Read more ...
The San Jose, California-based company selected SAP’s Enterprise Resource Planning platform to...