Network Design and Validation: IT Matters

With the complexity of our industry, two things should be obviously necessary. These two things are Network Design and Validation Testing. Design requires identifying the requirements of the business and of dependent systems. This could include things like minimum bandwidth, maximum jitter, convergence time, recovery time, minimal redundancy, etc. It is also important to understand that more rigorous requirements often contribute to cost and operational complexity. Operational complexity creates additional challenges that often erode the very parameters that have been identified as requirements. When this is found true, there are some conversations that need to be had about what is and is not achievable, given the operational and capital budgets–as well as the realistic capabilities of the staff managing the environment.

Validation is also critically important. I posted an article a few weeks ago that illustrated an interesting failure with CAPWAP. Avoiding issues like this require us to first design our network then validate the behavior against the design. Allow me to make a bold statement–If you haven’t designed and validated your network, you DON’T know how it works. Without validation–How do you know that your convergence is subsecond? How do you know that your backup routes work with applications? Continue reading

Venerable Cisco Catalyst 6000 switches ousted by new Catalyst 9600

Few events in the tech industry are truly transformative, but Cisco’s replacement of its core Catalyst 6000 family could be one of those actions for customers and the company.Introduced in 1999, iterations of the Catalyst 6000 have nestled into the core of scores of enterprise networks, with the model 6500 becoming the company’s largest selling box ever. Learn about edge networking How edge networking and IoT will reshape data centers Edge computing best practices How edge computing can help secure the IoT It goes without question that migrating these customers alone to the new switch – the Catalyst 9600  which the company introduced today – will be of monumental importance to Cisco as it looks to revamp and continue to dominate large campus-core deployments. The first Catalyst 9000, introduced in June 2017, is already the fastest ramping product line in Cisco’s history.To read this article in full, please click here

gRPC-Web and Istio: A Report from Service Mesh Day

In this post I’ll briefly describe the problem in the gRPC domain and a solution based on gRPC-Web, Envoy proxy and Istio to neatly solve it.

What is gRPC?

gRPC is a universal, high-performance, open-source RPC framework based on HTTP/2. Essentially, it lets you easily define a service using Protocol Buffers (Protobufs), works across multiple languages and platforms, and is simple to set up and scale. All this leads to better network performance and flexible API management.

Benefits of gRPC-Web

gRPC-Web addresses a shortcoming in the core gRPC framework. As developers look to benefit from the advantages it confers beyond backend microservices—the fact that it doesn’t work so well with web applications running on browsers. Although most browsers support HTTP/2 and gRPC is based on HTTP/2, gRPC has its own protocols that web applications must understand in order to work properly with it. Web applications do not have this capability because browsers don’t support gRPC out of the box.

One way to get around this problem is to use the gRPC-Web plugin and run a proxy like Envoy along with it. Envoy serves as the default proxy for Istio, and on configuring its gRPC-Web filter, it can transcode HTTP requests/responses Continue reading

The Economics of Trust: Overcoming Obstacles to Better Consumer IoT Security

In 2018 the Internet Society launched the Trust by Design campaign, to make sure that security and privacy features are built into Internet of Things (IoT) products. We focused our activities on consumer IoT, a segment particularly vulnerable, despite having the biggest share in the IoT market. We believe trust should come as standard, and so we’ve been working with manufacturers and suppliers to make sure privacy and security are included in the initial design phase all the way through the product lifecycle, as outlined in the OTA IoT Trust Framework. Our work does not stop there, as this goal can only be achieved when consumers drive demand for security and privacy capabilities as a market differentiator and policymakers create a policy environment that strengthens trust and enables innovation.

Consumer IoT devices and services without adequate security pose a wide range of risks, from directly threatening the security, privacy, and safety of their owners to the devices themselves turning into botnets that can initiate DDoS attacks against the Internet. As more and more connected devices with weak security are rushed to the market due to competition and cost concerns, missing trust is deeply rooted in economics. To better understand the Continue reading

Network Break 232: Apple Spends Millions On AWS; The G7 Wants Decryption Capabilities For Law Enforcement

Today's Network Break examines Apple's AWS spending; discusses a G7 pronouncement that wants Internet companies to provide access to encrypted data; reviews quarterly financials from Juniper, Amazon, and Microsoft; and more IT news.

The post Network Break 232: Apple Spends Millions On AWS; The G7 Wants Decryption Capabilities For Law Enforcement appeared first on Packet Pushers.

The Week in Internet News: Microsoft Reduces Password Count

What’s my password again? Microsoft has changed its baseline security configuration, which had suggested passwords be changed every 60 days, Ars Technica reports. Requiring users to change passwords so often can be counterproductive by encouraging them to pick easy-to-remember passwords, the article says.

Big money: Facebook has set aside $3 billion to pay a potential fine to the U.S. Federal Trade Commission over its handling of users’ personal data and various data breaches, CNet reports. Some critics say the expected fine, which could reach $5 billion, is a slap on the wrist for a company that clears tens of billions a year in profits, Recode suggests.

Blocking speech: Terrorist attacks in Sri Lanka that killed more than 350 people on April 21 have prompted the government there to block social media in an effort to prevent the spread of fake news, CNN reports. While some groups praised the decision others said that restricting free speech isn’t productive, Wired.com says.

Censorship on the rise: Meanwhile, it’s becoming increasingly common for governments to block Facebook and other social media for a variety of reasons. This social media blocking could lead to wider censorship efforts, The Verge suggests.

Please regulate us: Continue reading

Does your cloud-access security broker support IPv6? It should.

Cloud access security brokers (CASB) insert security between enterprises and their cloud services by providing visibility and access control, but IPv6 could be causing a dangerous blind spot.That’s because CASBs might not support IPv6, which could be in wide corporate use even in enterprises that choose IPv4 as their preferred protocol. [ Related: What is IPv6, and why aren’t we there yet? For example, end users working remotely have a far greater chance of connecting via IPv6 than when they are in the office.  Mobile providers collectively have a high percentage of IPv6-connected subscribers and broadband residential Internet customers often have IPv6 connectivity without realizing it.  Internet service providers and software-as-a-service (SaaS) vendors both widely support IPv6, so a mobile worker accessing, say, DropBox over a Verizon 4G wireless service might very well connect via IPv6.To read this article in full, please click here(Insider Story)

StackStorm Ansible Pack Usage

StackStorm has the ability to run Ansible playbooks. In this post I will install and configure the Ansible pack and create a workflow to test out the functionality. Lab Environment I have StackStorm installed on a Centos7 host. The following software versions will be utilised as part of...

Chef From The Start To The Beginning

Chef is an infrastructure automation tool similar to Puppet and Salt. In this post I will setup a Chef infrastructure consisting of a Chef server, node and workstation to manage the infrastructure. In April 2019 Chef announced that they are open sourcing all of their products under the...

The Serverlist Newsletter: A big week of serverless announcements, serverless Rust with WASM, cloud cost hacking, and more

The Serverlist Newsletter: A big week of serverless announcements, serverless Rust with WASM, cloud cost hacking, and more

Check out our fourth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

Weekend Reads 042619

EVPN-VXLAN is an open industry standard developed by leading vendors to solve these problems and more. With EVPN fabrics, all major types of networking connectivity services can be virtualized using a single protocol suite. —SDX Central

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. —Swati Khandelwal

The internet – created in the 80s, but the world wide web officially went live in 1991 and has since then grown into a beast with around 3.2 billion of the worlds population currently online. Internet guru and entrepreneur Jay Adelson has witnessed the explosion of interconnection labelling it as the hub and central point of the internet. —Jay Adelson

When the future is certain to be multivendor, how do we collectively go about making technology work? It’s a pretty basic question, but gets to the point on how technology is developed and propagated throughout the industry. It’s not enough to be innovative, developers must do so in a way that facilitates mass adoption by not only customers, but competitors, too. —Mike Bushong

I believe that there are two simple reasons why Continue reading

1 1,242 1,243 1,244 1,245 1,246 3,835