Choose Simple Solutions

In my experience, simplicity is not valued enough in software development. Instead, there is a lot of emphasis placed on flexibility. —Felix

Replace “software” with “network,” and think about it. How often do network engineers select the chassis-based system that promises to “never need to be replaced?” How often do we build networks like they will be “in use” 20+ years from now? Now it does happen from time to time; I have heard of devices with many years of uptime, for instance. I have worked on AT&T Brouters in production—essentially a Cisco AGS+ rebranded and resold by AT&T—that were some ten or fifteen years old even back when I worked on them. These things certainly happen, and sometimes they even happen for good reasons.

But knowing such things happen and planning for such things to happen are two different mindsets. At least some of the complexity in networks comes from just this sort of “must make it permanent: thinking:

Many developers like to write code which handles any problem which might appear at any point in the future. In that regard, they are fortune tellers, trying to find a solution for eventual problems. This can work out very Continue reading

Meta Networks builds user security into its Network-as-a-Service

Network-as-a-Service (NaaS) is growing in popularity and availability for those organizations that don’t want to host their own LAN or WAN, or that want to complement or replace their traditional network with something far easier to manage.With NaaS, a service provider creates a multi-tenant wide area network comprised of geographically dispersed points of presence (PoPs) connected via high-speed Tier 1 carrier links that create the network backbone. The PoPs peer with cloud services to facilitate customer access to cloud applications such as SaaS offerings, as well as to infrastructure services from the likes of Amazon, Google and Microsoft. User organizations connect to the network from whatever facilities they have — data centers, branch offices, or even individual client devices — typically via SD-WAN appliances and/or VPNs.To read this article in full, please click here

Meta Networks builds user security into its Network-as-a-Service

Network-as-a-Service (NaaS) is growing in popularity and availability for those organizations that don’t want to host their own LAN or WAN, or that want to complement or replace their traditional network with something far easier to manage.With NaaS, a service provider creates a multi-tenant wide area network comprised of geographically dispersed points of presence (PoPs) connected via high-speed Tier 1 carrier links that create the network backbone. The PoPs peer with cloud services to facilitate customer access to cloud applications such as SaaS offerings, as well as to infrastructure services from the likes of Amazon, Google and Microsoft. User organizations connect to the network from whatever facilities they have — data centers, branch offices, or even individual client devices — typically via SD-WAN appliances and/or VPNs.To read this article in full, please click here

Introducing Warp: Fixing Mobile Internet Performance and Security

Introducing Warp: Fixing Mobile Internet Performance and Security
Introducing Warp: Fixing Mobile Internet Performance and Security

April 1st is a miserable day for most of the Internet. While most days the Internet is full of promise and innovation, on “April Fools” a handful of elite tech companies decide to waste the time of literally billions of people with juvenile jokes that only they find funny.

Cloudflare has never been one for the traditional April Fools antics. Usually we just ignored the day and went on with our mission to help build a better Internet. Last year we decided to go the opposite direction launching a service that we hoped would benefit every Internet user: 1.1.1.1.

The service's goal was simple — be the fastest, most secure, most privacy-respecting DNS resolver on the Internet. It was our first attempt at a consumer service. While we try not to be sophomoric, we're still geeks at heart, so we couldn't resist launching 1.1.1.1 on 4/1 — even though it was April Fools, Easter, Passover, and a Sunday when every media conversation began with some variation of: "You know, if you're kidding me, you're dead to me."

No Joke

We weren't kidding. In the year that's followed, we've been overwhelmed by the response. Continue reading

Lessons Learned in Cloud Networking – AWS vs Azure

I’ve been working a lot with cloud networking lately. I will share some of my findings as this is still quite new and documentation around some topics is poor. Especially on the Azure side. Let me just first start with two statements that I have seen made around cloud networking:

Cloud networking is easy! – Not necessarily so. I’ll explain more.

We don’t need networking in cloud! – Wrong. You do but in basic implementations it’s not visible to you.

This post will be divided into different areas describing the different components in cloud networking. You will see that there are many things in common between AWS and Azure.

System Routes

Within a VPC/VNET, there are system routes. If 10.0.0.0/22 was assigned to the VPC/VNET, there will be a system route saying along the lines of “10.0.0.0/22 local”. Subnets are then deployed in the VPC/VNET and there is full connectivity due to the system route. This route will point to a virtual router which is the responsibility of AWS/Azure. Normally this router will have a “leg” in each subnet, at the first IP address of the subnet, for example 10.0.0.1 for Continue reading

Upcoming Events and Webinars

In April 2019 we’re starting a new cloud security saga with Matthias Luft. The first webinar in this series will focus on the basics, subsequent live sessions spread through the rest of 2019 will cover individual technologies.

Another series we’re starting is Business Aspects of Networking, opening on April 4th with Three Paths of Enterprise IT.

We’ll also continue the math-in-networking series, this time focused on reliability functions and advanced reliability topics.

The crux of voice (in)security: a brain study of speaker legitimacy detection

The crux of voice (in)security: a brain study of speaker legitimacy detection Neupane et al., NDSS’19

The key results of this paper are easy to understand, but the implications are going to take us a long time to unravel. Speech morphing (voice morphing) is the process of translating a speaker’s voice to sound like a given impersonation target. This capability is now available off-the-shelf —this paper uses the CMU Festvox voice converter— and is getting better all the time. Being able to impersonate someone’s voice takes things like social engineering attacks to a whole new level…

…voice imitation is an emerging class of threats, especially given the advancement in speech synthesis technology seen in a variety of contexts that can harm a victim’s reputation and her security/safety. For instance, the attacker could publish the morphed voice samples on social media, impersonate the victim in phone conversations, leave fake voice messages to the victim’s contacts, and even launch man-in-the-middle attacks against end-to-end encryption technologies that require users to verify the voices of the callers, to name a few instances of such attacks.

So voice should sit alongside images and video as a source we can’t trust in our new Continue reading

Part1 – Monitoring Network Traffic with ntopng and nProbe

Ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. It provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information. ntopng comes in three versions, Community, Professional (Small Business Edition) and Enterprise. The Community version is free to use and opensource. A physical NIC card of the server can be monitored by by specifying its interface name as

./ntopng -i eth0

However, we will use ntopng in flow collection mode along with nProbe which can act as probe/proxy. The communication between nProbe and ntopng takes place over ZeroMQ, a publish-subscribe protocol that allows ntopng to communicate with nProbe.

ntpong community version is installed on Ubuntu Server 18.04.1 with IP address 172.17.100.7/16. Ubuntu is running inside VirtualBox VM. The IP address of the host (Asus k55vm) is 172.17.100.2/16. The host is connected to the SOHO router that functions as gateway to the Internet gateway with the IP address 172.17.100.1/16. The network diagram is shown on the Picture 1.

nProbe is installed on Raspberry Pi 3B with the IP address 172.17.100.50/16. Windows 7 Continue reading

Understanding the BGP Table Version (3 part Blog Series)

The BGP Table Version is the most unknown and unexplained BGP concept/value that I rarely ever troubleshoot without. Seriously, I cannot imagine troubleshooting BGP without understanding the BGP table version.  I always “eyeball” it at the very least when I’m... Read More ›

The post Understanding the BGP Table Version (3 part Blog Series) appeared first on Networking with FISH.

Transgender Day of Visibility

Transgender Day of Visibility
The transgender pride flag
Transgender Day of Visibility

My name is Kas. I’m a Cloudflare employee and I wanted to share my story with you on International Transgender Day of Visibility.

I've been different for as long as I can remember. I've been the odd one out not just for the time I've spent in tech, but most of my life.

I'm transgender in that I am gender non-binary. I'm working with the word 'agender' right now, as it is the word that describes me best: I'm not a woman, or a man, just a human. I don't really have a gender, and I certainly don't identify with either binary label.

Transgender Day of Visibility
The agender flag

Being transgender in tech is difficult. There are many times where we have to work harder, smarter, and give up so much to stay afloat. Times where you have to weigh the benefits of correcting your pronouns against the title of the person who is to be corrected (are they a customer? Your bosses' bosses' boss?). Times where you don't know if you can even be 'out' with your coworkers, because you just don't know if, or how, they'll treat you differently, or fairly.

Being agender or outside the Continue reading

No surprise performance test

Recently I had a need to deploy some python FLASK based application. Although FLASK has a convenience CLI built-in to run your application while developing the deployment documentation provided a bunch of production ready deployment method. After going through the various documentation and learning about the event loop based implementation of Gevent, I decided to … Continue reading No surprise performance test

Feature Friday: DockerCon speakers sound off on Kubernetes, Service Mesh and More

DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.

In this first highlight, we have a few of our own Docker speakers that are covering storage and networking topics, including everything from container-level networking on up to full cross-infrastructure and cross-orchestrator networking.

 

Persisting State for Windows Workloads in Kubernetes

More on their session here.

Anusha Ragunathan

Docker Software Engineer

Deep Debroy

Docker Software Engineer

What is your breakout about?

We’ll be talking about persistent storage options for Windows workloads on Kubernetes. While a lot of options exist for Linux workloads we will look at dynamic provisioning scenarios for Windows workloads.

Why should people go to your session?

Persistence in Windows containers is very limited. Our talk aims to tackle this hard problem and provide practical solutions. The audience will learn about ways to achieve persistent storage in their Windows container workloads and they will also hear about future direction.

What is your favorite DockerCon moment?
Deep: The Dockercon party in Continue reading

Russia demands access to VPN providers’ servers

The Russian censorship agency Roskomnadzor has ordered 10 VPN service providers to link their servers in Russia to its network in order to stop users from reaching banned sites.If they fail to comply, their services will be blocked, according to a machine translation of the order.RELATED: Best VPN routers for small business The 10 VPN  providers are ExpressVPN, HideMyAss!, Hola VPN, IPVanish, Kaspersky Secure Connection NordVPN, OpenVPN, VPN Unlimited and VyprVPN.To read this article in full, please click here

Russia demands access to VPN providers’ servers

The Russian censorship agency Roskomnadzor has ordered 10 VPN service providers to link their servers in Russia to its network in order to stop users from reaching banned sites.If they fail to comply, their services will be blocked, according to a machine translation of the order.RELATED: Best VPN routers for small business The 10 VPN  providers are ExpressVPN, HideMyAss!, Hola VPN, IPVanish, Kaspersky Secure Connection NordVPN, OpenVPN, VPN Unlimited and VyprVPN.To read this article in full, please click here

Weekend Reads 032919

There’s a growing focus on automating data center operations, a trend driven by staffing challenges and the need for remote management of “lights out” edge data centers. Do you expect to see more automation? What are the most promising approaches in this area? —Data center Frontier

In this article, I will describe how we introduced IPv6 inside IBM’s own network over the past few years, and look at the challenges we encountered as well as what lies on the road ahead. —Andy Mindnich

If you want to see what real competition might look like at some point in the future of the server racket, look no further than the Ethernet switch market, where switch ASICs and the companies that build switches alike have to fight for every dollar and make it up in volume every year without pause. —Timothy Prickett Morgan

Misconceptions can be dangerous. This is especially true when they lead to network insecurity. In this post I’ll seek to set the record straight for several of the most common misconceptions about IPv6 security. —David Holder

Although the SRE job role is often defined as being about automation, the reality is that 59 percent of SREs agree there is Continue reading

Heavy Networking 438: VMware NSX Evolution For Cloud Networking And Security (Sponsored)

Today's Heavy Networking, sponsored by VMware, dives into the latest security features in NSX-T, and examines how NSX is expanding from the data center to the WAN and the cloud. We also hear from NSX customer Sky UK about how NSX helps bridge the gap between infrastructure and developer teams.

The post Heavy Networking 438: VMware NSX Evolution For Cloud Networking And Security (Sponsored) appeared first on Packet Pushers.

1 1,286 1,287 1,288 1,289 1,290 3,856