Episode 34 – MPLS Part 3 – Traffic Engineering

Traffic engineering is one of the most complex topics in network design and operation. Join us in this episode of the Network Collective as we discuss the concepts and tradeoffs in traffic engineering using MPLS.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 34 – MPLS Part 3 – Traffic Engineering appeared first on Network Collective.

IDG Contributor Network: What’s wrong with Cisco running SD-WAN on your routers?

Cisco’s announcement earlier this month that it will add the Viptela SD-WAN technology to the IOS XE software running the ISR/ASR routers will be a mixed blessing for enterprises.On the one hand, it brings SD-WAN migration closer to Cisco customers. On the other hand, two preliminary indicators —  one-on-one conversations and Cisco’s refusal to participate in an SD-WAN test —  suggest enterprises should expect reduced throughput if they enable the SD-WAN capabilities on their routers.Cisco’s easy migration to SD-WAN By including the SD-WAN code with IOS XE, Cisco will provide a migration path for the more than one million ISR/ASR edge routers in the field. There’s been a lot of conversation as to whether or not SD-WAN is going to kill the router performance. Delivering SD-WAN code on the ISRs is Cisco’s answer: routers are here to stay but they’ll morph into SD-WAN appliances.To read this article in full, please click here

IDG Contributor Network: What’s wrong with Cisco running SD-WAN on your routers?

Cisco’s announcement earlier this month that it will add the Viptela SD-WAN technology to the IOS XE software running the ISR/ASR routers will be a mixed blessing for enterprises. On the one hand, it brings SD-WAN migration closer to Cisco customers. On the other hand, two preliminary indicators —  one-on-one conversations and Cisco’s refusal to participate in an SD-WAN test —  suggest enterprises should expect reduced throughput if they enable the SD-WAN capabilities on their routers.Cisco’s easy migration to SD-WAN By including the SD-WAN code with IOS XE, Cisco will provide a migration path for the more than one million ISR/ASR edge routers in the field. There’s been a lot of conversation as to whether or not SD-WAN is going to kill the router performance. Delivering SD-WAN code on the ISRs is Cisco’s answer: routers are here to stay but they’ll morph into SD-WAN appliances.To read this article in full, please click here

Ciena Buys DonRiver to Boost Blue Planet Portfolio

A DonRiver team of specialized OSS software, integration, and consulting experts will form a specialized services group within the Blue Planet Organization.

Europe Embraces Network Virtualization, Time Zones Become a Pain Point

There seem to be a lot more European vendors, emerging from anonymity, that are having success in network virtualization.

Research: DNSSEC in the Wild

The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and web site security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records. These signatures rely on public/private key pairs that are transitively signed (forming a signature chain) from individual subdomains through the Top Level Domain (TLD). Now that these standards are in place, how heavily is DNSSEC being used in the wild? How much safer are we from man-in-the-middle attacks against TLS and other transport encryption mechanisms?

Three researchers published an article in Winter ;login; describing their research into answering this question (membership and login required to read the original article). The result? While more than 90% of the TLDs in DNS are DNSEC enabled, DNSSEC is still not widely deployed or used. To make matter worse, where it is deployed, it isn’t well deployed. The article mentions two specific problems that appear to plague DNSSEC implementations.

First, on the server side, a number of Continue reading

Welcome, WP Engine!

We’ve had the tremendous pleasure of working with WP Engine for nearly 5 years, starting when both companies employed less than 100 people in total. From the beginning, we noticed striking similarities between our two companies—both were founded in 2010, both are incredibly passionate about their customers’ success, and both strive to make their technology as simple and accessible as possible. Fast forward to 2018: with WP Engine already leveraging Cloudflare for DNS, thousands of mutual WP Engine and Cloudflare customers, and millions of WordPress websites already protected behind Cloudflare, it was a no-brainer to formally partner together.

Today, we are thrilled to announce WP Engine as a Cloudflare partner! The joint offering, Global Edge Security powered by Cloudflare, integrates WP Engine’s platform with Cloudflare’s managed web application firewall (WAF), advanced distributed denial of service mitigation (DDoS), SSL/TLS encryption, and CDN across a global edge network to deliver the world’s most secure and scalable digital experience on WordPress today.

We couldn’t be more excited about our opportunity to collaborate with WP Engine to deploy business-critical security and CDN edge services to Enterprises and SMBs globally.

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak's Ethernet VPN (EVPN) webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks, and for me, he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak EVPN webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks and for me; he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak EVPN webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks and for me; he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

Vapor IO Takes Control of Project Volutus, Secures Series C

The Project Volutus joint venture with Crown Castle will now be fully under control of Vapor IO, which will now handle the deployment and service management through its Kinetic Edge platform.

We’ve Added a New Microsoft Certification Course to Our Video Library!

Considering Windows Server 2016 MCSA Certification? In this helpful course, get the details about Windows Server 2016 70-741 exam, in the MCSA certification.

Why You Should Watch

In this course we will perform tasks related to the networking features and functionalities available in Windows Server 2016. Students should have familiarity with implementing and managing DNS, DHCP, and IPAM, as well as deploying remote access solutions such as VPN and RADIUS, managing DFS and branch cache solutions, configuring high performance network features and functionality, and implementing Software Defined Networking (SDN) solutions, such as Hyper-V Network Virtualization (HNV) and Network Controller.

What You’ll Learn

This course will cover the following exam topics:

• Implement a Domain Name System (DNS)
• Implement DHCP and IPAM
• Implement Network Connectivity and Remote Access Solutions
• Implement an Advanced Network Infrastructure

About The Instructor

Melissa Hallock has been in the IT field since 1996 when she first began working with hardware. While working on a Bachelor of Applied Science in Networking, she landed her first IT job in a Forbe’s top 100 growing companies as a LAN Technician and worked with all things Microsoft. Later she migrated to Linux and Mac operating systems. Having always worked in an Continue reading

Cisco SVP Romanski Joins PE Firm Siris Capital

Romanski is the third high-level Cisco executive to leave the company in the past month.

IDG Contributor Network: We need innovation to help escape from the cloud-services land of Oz

Welcome to Agility City! Let me set the scene.In the castle, the Wonderful Wizard orchestrates networks in beautiful and powerful ways. Point-to-point tunnel connections are heralded as “architectural wonders,” which decades ago were called bridges with disdain.Meanwhile, The Wicked Witch of the West brews a primordial potion of complexity that is hidden behind curtains of automated provisioning. Packets of information are heavily laden with unnecessary information and double encryption.[ Learn who's developing quantum computers. ] It almost makes you want Dorothy Gale to appear and click her ruby slippers - “There's no place like home. There's no place like home.” If only we start talking about true networking and not orchestration of bridges.To read this article in full, please click here

IDG Contributor Network: We need innovation to help escape from the cloud-services land of Oz

Welcome to Agility City! Let me set the scene.In the castle, the Wonderful Wizard orchestrates networks in beautiful and powerful ways. Point-to-point tunnel connections are heralded as “architectural wonders,” which decades ago were called bridges with disdain.Meanwhile, The Wicked Witch of the West brews a primordial potion of complexity that is hidden behind curtains of automated provisioning. Packets of information are heavily laden with unnecessary information and double encryption.[ Learn who's developing quantum computers. ] It almost makes you want Dorothy Gale to appear and click her ruby slippers - “There's no place like home. There's no place like home.” If only we start talking about true networking and not orchestration of bridges.To read this article in full, please click here

IDG Contributor Network: Toto, I have a feeling we’re not in Kansas anymore

Welcome to Agility City! Let me set the scene: In the castle, the Wonderful Wizard orchestrates networks in beautiful and powerful ways. Point-to-point tunnel connections are heralded as “architectural wonders,” which decades ago were called bridges with disdain. Meanwhile, The Wicked Witch of the West brews a primordial potion of complexity that is hidden behind curtains of automated provisioning. Packets of information are heavily laden with unnecessary information and double encryption.It almost makes you want Dorothy Gale to appear and click her Ruby Red slippers; “There is no place like home. There is no place like home.” If only we start talking about true networking, and not orchestration of bridges.To read this article in full, please click here

Datanauts 146: A VDI Design Guide

In this Datanauts podcast, we get a fresh perspective on designing and deploying VDI in the enterprise. Most of the conversation is based on VDI Design Guide, a new book from our guest Johan van Amersfoort.

The post Datanauts 146: A VDI Design Guide appeared first on Packet Pushers.

Worth Reading: Why developers should learn to write

In today’s data-driven, data-heavy world, there’s so much content to consume. We’re constantly bombarded by videos, pictures, advertisements, podcasts, and articles. Each of these media has a different type of appeal, and it always seems like there’s strong competition to try to attract and retain our attention. —Derek Mei @Free Code Camp

Top Questions from VMworld 2018

Last week, the Docker team had a chance to interact with the attendees of VMworld to talk about containers and container platforms. We spoke to companies in all stages of their containerization journey – some were just getting started and figuring out where containers may be used, others had started early containerization projects, some had mature container environments. Here are some of the most common questions we were asked.

Q: We have developers that are using Docker containers now, but what is the relevancy of containers to me (as an IT or virtualization admin)?

A: While developers were the first to adopt containers, there are many benefits of containers for IT:

• Server consolidation: While virtualization did increase the number of virtual machines per server, studies show that servers are still greatly underutilized. On average, Docker Enterprise customers see 50% greater server consolidation with containerization. That means being able to pack more workloads onto existing infrastructure or even reducing the number of servers and therefore saving on licensing and hardware costs.
• Easier patching and maintenance: Containerized applications can be updated easily through changes to the source image file. This also means it’s possible to update and rollback patches on the Continue reading

Protection from Struts Remote Code Execution Vulnerability (S2-057)

On August 22 a new vulnerability in the Apache Struts framework was announced. It allows unauthenticated attackers to perform Remote Code Execution (RCE) on vulnerable hosts.

As security researcher Man Yue Mo explained, the vulnerability has similarities with previous Apache Struts vulnerabilities. The Cloudflare WAF already mitigated these so adjusting our rules to handle the new vulnerability was simple. Within hours of the disclosure we deployed a mitigation with no customer action required.

OGNL, again

Apache Struts RCE payloads often come in the form of Object-Graph Navigation Library (OGNL) expressions. OGNL is a language for interacting with the properties and functions of Java classes and Apache Struts supports it in many contexts.

For example, the snippet below uses OGNL to dynamically insert the value "5" into a webpage by calling a function.

<s:property value="%{getSum(2,3)}" />

OGNL expressions can also be used for more general code execution:

${
    #_memberAccess["allowStaticMethodAccess"]=true,
    @java.lang.Runtime@getRuntime().exec('calc')
}

Which means if you can find a way to make Apache Struts execute a user supplied OGNL expression, you've found an RCE vulnerability. Security researchers have found a significant number of vulnerabilities where this was the root cause.

What’s different this time?

The major difference between Continue reading