0

VRF route leaking: time to get a little more social!

Virtual Routing and Forwarding (VRF) is a ubiquitous concept in networking, first introduced in the late 1990s as the control and data plane mechanism to provide traffic isolation at layer 3 over a shared network infrastructure. VRF for Linux is an excellent blog that describes the technology behind VRFs, especially as it pertains to the Linux kernel. With the introduction of support for leaking of routes, VRFs get to enjoy their isolation while also having the nous to mix and mingle.

Wait, aren’t VRFs meant to be completely isolated?

You have a valid question there. That was certainly the initial use case for VRFs. Each VRF was intended to represent a customer of a service provider and isolation was a fundamental tenet. Each VRF had its own routing protocol sessions and IPv4 and IPv6 routing tables and route computation as well as packet forwarding was independent from other VRFs. All communication stayed within the VRF other than specific scenarios such as reaching the Internet. Hershey’s wouldn’t want to get too chatty with Lindt, right? No, VRFs weren’t meant to be gregarious.

As VRFs moved outside the realm of the service provider and started finding application elsewhere, such as in the Continue reading

0

Worth Reading: IPv6 Tables

iptables is a popular utility that allows system administrators to configure tables provided by the Linux kernel firewall and the chains and rules it stores. It is the most common and widely used Linux firewall for IPv4 traffic and it has a version called ip6tables, which is used for IPv6 traffic. Both versions need to be configured separately. —Imtiaz Rahman @APNIC

0

Check Out Our New Software Testing Course – Software Testing QA: A Comprehensive Overview

Instructor: Justin Spears

Course Duration: 1hr 45min



About the Course

The modern accessibility of public, private and hybrid cloud environments has led rise to a bastion of cloud-centric practices. One of the most notable is the idea of QA and Testing in the cloud. This course will describe the concepts, methodologies and implementations of testing in a cloud environment. We will go through the full software QA lifecycle and describe where and how each component of that lifecycle can be offloaded into the cloud and further describe methods and mechanisms on how to do so effectively.

0

Red Hat Single Sign-on Integration with Ansible Tower

As you might know, Red Hat Ansible Tower supports SAML authentication (both N and Z) by default. This document will guide you through the steps for configuring both products to delegate the authentication to RHSSO/Keycloak (Red Hat Single Sign-On).

Requirements:

• A running RHSSO/Keycloak instance
• Ansible Tower
• Admin rights for both
• DNS resolution

 

Hands-On Lab

Unless you have your own certificate already, the first step will be to create one. To do so, execute the following command:

openssl req -new -x509 -days 365 -nodes -out saml.crt -keyout saml.key

Now we need to create the Ansible Tower Realm on the RHSSO platform. Go to the "Select Realm" drop-down and click on "Add new realm":

Once created, go to the "Keys" tab and delete all certificates, keys, etc. that were created by default.

Now that we have a clean realm, let's populate it with the appropriate information. Click on "Add Keystore" in the upper right corner and click on RSA:

Click on Save and create your Ansible Tower client information. It is recommend to start with the Tower configuration so that you can inject the metadata file and customize a few of the fields.

Log in as the admin user Continue reading

0

Huawei and InfoVista Partner to Improve SD-WAN User Experience

InfoVista’s VNF will be added to Huawei’s open SD-WAN service to support application monitoring and delivery capabilities, WAN optimization, and analytics.

0

New ‘Lazy FPU’ Chip Flaw Hits Intel Processors

Similar to the earlier Spectre and Meltdown bugs the new security flaw could allow access to sensitive data through a side channel. Intel ranks it as a “moderate” vulnerability.

0

Citrix’s Karl Brown Discusses the Importance of Real-Time and Dynamic Applications in Managed SD-WAN

In this interview, Karl Brown, senior director of product management for the Citrix NetScaler SD-WAN platform, talks about Citrix’s approach to SD-WAN.

0

History of Networking: The History of Email (part 1)

In this episode of the History of Networking, we sit with Steve Crocker to discuss the history of email. This was a long session, so we split it up into two episodes; the next episode should be published next week.

0

Day 1 Keynote Highlights from DockerCon San Francisco 2018

Hello from San Francisco! Tuesday we kicked off the first day of DockerCon with general session jam packed with inspiration, demos and customer guest speakers.

Steve Singh, our CEO and Chairman opened the session with Docker’s promise to ensure freedom of choice, agility in development and operations and pervasive security in a container platform that can help unlock the potential for innovation in every company. Docker will deliver an integrated toolset with a delightful user experience that needs innovators like you.

Day one also featured three demos of new technologies capabilities for both Docker Desktop and Docker Enterprise Edition. These features are not yet generally available but released and those interested in the beta can sign up here to be notified.

• Docker Desktop features a graphical user interface, templates and workflows in addition to existing CLI to make it easy for new developers to build container applications
• Docker Enterprise Edition integrates Windows Server support with Kubernetes. Docker Enterprise Edition already integrates Kubernetes for Linux containers and is now extending the operational model for Windows Server.
• Federated Application Management in Docker Enterprise Edition to federate across on premise clusters and cloud hosted Kubernetes services like GKE, AKS, EKS with a single Continue reading

0

3GPP Hits Another 5G Milestone by Approving 5G SA

This latest specification means that operators can deploy 5G without being dependent upon an underlying 4G LTE network.  

0

Veea Snaps Up MEC Platform Provider Virtuosys to Boost IoT Play

Virtuosys' software relies on containers to support and secure applications. That use is similar to a cloud deployment using VMs for greater efficiency, but uses containers because VMs were considered too "heavy" to work at the edge.

0

IDG Contributor Network: A new era of campus network design

Applications have become a key driver of revenue, rather than their previous role as merely a tool to support the business process. What acts as the heart for all applications is the network providing the connection points. Due to the new, critical importance of the application layer, IT professionals are looking for ways to improve the architecture of their network.A new era of campus network design is required, one that enforces policy-based automation from the edge of the network to public and private clouds using an intent-based paradigm. To read this article in full, please click here

0

IDG Contributor Network: A new era of campus network design

Applications have become a key driver of revenue, rather than their previous role as merely a tool to support the business process. What acts as the heart for all applications is the network providing the connection points. Due to the new, critical importance of the application layer, IT professionals are looking for ways to improve the architecture of their network.A new era of campus network design is required, one that enforces policy-based automation from the edge of the network to public and private clouds using an intent-based paradigm. To read this article in full, please click here

0

New Video Explains Routing Security and How MANRS Can Help

Routing security can be a difficult topic to explain. It’s technical. It’s filled with industry jargon and acronyms. It’s, well, nerdy. But routing security is vital to a stable and secure future Internet, and we here at the Internet Society have been supporting the Mutually Agreed Norms for Routing Security (MANRS) initiative for several years now. To help explain, at a very high level, some of the major routing security issues and how MANRS can help address them, we’re pleased to announce a new explanatory video.

Available with English, French, and Spanish subtitles, this short new video explains three major incidents that can lead to things like denial of service attacks, surveillance, and lost revenue:

• Route Hijacking – when one network operator or attacker impersonates another
• Route Leak – when a network operator unintentionally announces that it has a route to a destination
• IP Address Spoofing – when fake source IP addresses hide a sender’s identity

Network operators of all sizes have a role to play in securing the Internet’s routing infrastructure. By implementing the four simple MANRS Actions, together we can make significant improvements to reduce the most common routing threats. Those four actions are:

• Filtering – making Continue reading

0

IDG Contributor Network: Our vision of the ideal network is as easy as adaption itself

The race to automate An autonomous network was once seen as part of a utopian ideal, albeit one far off into the future. It would make up the backbone of everything we did, managing a hyper-connected world in which everything from the minutiae of knowing when the milk in the fridge needed replacing, to the ability of the network to automatically ramp services up or down, without the need for human intervention.In a recent ACG Research survey of network service providers, internet content providers, cloud service providers and large enterprises, 100 percent of respondents said they felt the need to pursue automation, and 100 percent are optimistic about automation’s future. Additionally, 75 percent of respondents indicated that they’ll have full or significant network automation within the next five years.To read this article in full, please click here

0

IDG Contributor Network: Our vision of the ideal network is as easy as adaption itself

The race to automate An autonomous network was once seen as part of a utopian ideal, albeit one far off into the future. It would make up the backbone of everything we did, managing a hyper-connected world in which everything from the minutiae of knowing when the milk in the fridge needed replacing, to the ability of the network to automatically ramp services up or down, without the need for human intervention.In a recent ACG Research survey of network service providers, internet content providers, cloud service providers and large enterprises, 100 percent of respondents said they felt the need to pursue automation, and 100 percent are optimistic about automation’s future. Additionally, 75 percent of respondents indicated that they’ll have full or significant network automation within the next five years.To read this article in full, please click here

0

Cisco opens DNA Center network control and management software to the DevOps masses

ORLANDO – Cisco made a bold move this week to broaden the use of its DNA Center by opening up the network controller, assurance, automation and analytics system to the community of developers looking to take the next step in network programming.Introduced last summer as the heart of its Intent Based Networking initiative, Cisco DNA Center features automation capabilities, assurance setting, fabric provisioning and policy-based segmentation for enterprise networks.[ Now see What is quantum computing [and why enterprises should care.] David Goeckeler, executive vice president and general manager of networking and security at Cisco told the Cisco Live customer audience here that DNA Center’s new open platform capabilities mean all its powerful, networkwide automation and assurance tools are available to partners and customers. New applications can use the programmable network for better performance, security and business insights, he said.To read this article in full, please click here

0

Cisco opens DNA Center network control and management software to the DevOps masses

ORLANDO – Cisco made a bold move this week to broaden the use of its DNA Center by opening up the network controller, assurance, automation and analytics system to the community of developers looking to take the next step in network programming.Introduced last summer as the heart of its Intent Based Networking initiative, Cisco DNA Center features automation capabilities, assurance setting, fabric provisioning and policy-based segmentation for enterprise networks.[ Now see What is quantum computing [and why enterprises should care.] David Goeckeler, executive vice president and general manager of networking and security at Cisco told the Cisco Live customer audience here that DNA Center’s new open platform capabilities mean all its powerful, networkwide automation and assurance tools are available to partners and customers. New applications can use the programmable network for better performance, security and business insights, he said.To read this article in full, please click here

0

Why SD-WAN Won’t Kill MPLS

The idea that SD-WAN will make MPLS obsolete plays on the frustrations of enterprise IT professionals that are dissatisfied with their current WAN provider and want to kick them to the curb.

0

Worth Reading: Advances in IPv6 Network Reconnaissance

During the recent TROOPERS18 conference in Heidelberg, Germany, and the subsequent x33fcon conference in Gdynia, Poland, I presented some findings from an IPv6 network reconnaissance project I’ve been working on, along with a number of tools that have been recently incorporated into the SI6 Networks’ IPv6 Toolkit that I maintain. —Fernando Gont @APNIC