Where to Use a VRF

Very early in our careers, we learn about physical and logical network segmentation. Generally speaking, that understanding comes in the form represented by the diagrams below.

Network Segmentation

Depending on the work environment of an individual, it may take some time before they are exposed to the methods that provide segmentation to routed parts of the network. Looking at the diagram above, let’s think about what is being accomplished in each example. The physical segmentation provides full isolation between the two hosts. This article examines the construct used to extend segmentation into a routed network. We will not get into the configuration details but will share some links to additional content that can provide practical guidance on the configuration.

VLANs only provide segmentation at layer 2. This would provide isolation for things like ARP and other broadcasts. VLANs would also provide full segmentation if a router didn’t exist for a given VLAN. However, it is often necessary to extend this into the routed portions of our networks. In the above example, I would expect properly configured routers and switches to allow the two hosts on the right to communicate with one another. What if that is not the goal? We might consider Continue reading

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Meeting Europe’s Connectivity Challenge: The Role for Community Networks

While Europe tops many charts in terms of Internet connectivity in global comparison, a number of challenges still persist. One of these challenges is the continuing urban-rural digital gap, which concerns many countries both in Western and Eastern Europe.

According to Eurostat, on average in the European Union (EU) 88% of households in urban areas are connected to broadband as opposed to 79% of rural households. (Broadband connection is defined as “a connection enabling higher than 144 Kbit/s download speed”, European Commission 2016.) In a few Southern and Southeastern EU countries, the broadband gap between urban and rural areas is well above 20%.

The Internet Society partnered with the Centre for European Policy Studies (CEPS) to examine the digital gap in Europe and to assess the role of community networks in the European context. This new paper looks at five different community network examples from around Europe and draws some key lessons learnt from these experiences.

Community networks are not a new thing in Europe. In fact, some of the well-established ones date back to the 1990’s. Community networks provide a innovative solutions to unserved or underserved areas, where the business case for investment by commercial operators is Continue reading

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface Venkatadri et al., IEEE Security and Privacy 2018

This is one of those jaw-hits-the-floor, can’t quite believe what I’m reading papers. The authors describe an attack exploiting Facebook’s custom audience feature, that can leak your PII.

Specifically, we show how the adversary can infer user’s full phone numbers knowing just their email address, determine whether a particular user visited a website, and de-anonymize all the visitors to a website by inferring their phone numbers en masse. These attacks can be conducted without any interaction with the victim(s), cannot be detected by the victim(s), and do not require the adversary to spend money or actually place an ad.

Following responsible disclosure of the attack vectors to Facebook, Facebook acknowledged the vulnerability and have put in place a fix (not giving audience size estimates under certain scenarios). The experiments conducted by the authors were performed between January and March 2017, and presumably the disclosure happened around that time or shortly afterwards. That probably means your PII on Facebook was vulnerable from when the custom audiences feature was first introduced, until early 2017. Someone with more time could probably put Continue reading

ISOC advocates good MANRS within European R&E community

The Internet Society will be participating in the GÉANT Services and Technology Forum this week, as it continues to develop its relationship with research and education networking in support of improved routing security. GÉANT is the pan-European networking activity that connects and supports 41 National Research and Education Networks (NRENs), and which recently joined the MANRS initiative.

R&E networks are especially important partners for improving the security and resilience of the global routing system, as they are generally not in competition with each other and are able to take a collective lead in addressing global networking problems. As historically early adopters of initiatives, they are also able to set the example for security proficiency and offer a unique selling point to their customers.

The MANRS initiative is also keen to utilise the expertise of the R&E community in capacity building, and providing input and feedback on the MANRS Observatory that is being developed to provide analysis of the state of the security and resilience of the routing system.

There are currently eleven (N)RENs participating in MANRS including GÉANT (Europe), NORDUnet (Nordic countries), CSC/FUNET (Finland), RUNNET (Russian), SUNET (Sweden), SURFnet (Netherlands) and BelWue (Baden-Württemberg/Germany) in Europe. Other participants elsewhere in the world Continue reading

Off the Cuff – Interop Speakers Panel

At Interop ITX 2018, Network Collective sat down with a few of our favorite speakers from the Network Transformation Summit to chat about the topics they were presenting on. From the emergence and importance of disaggregations and whitebox switching (Peyton Maynard-Koran), multi-gig connectivity for getting more out of your cabling investments (Peter Jones), to business driven design (Denise Donohue), this episode has a little bit of everything.

Peyton Maynard-Koran
Guest
Peter Jones
Guest
Denise Donohue
Guest
Jordan Martin
Host
Eyvonne Sharp
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Off the Cuff – Interop Speakers Panel appeared first on Network Collective.

Serverless Performance: Cloudflare Workers, Lambda and Lambda@Edge

Serverless Performance: Cloudflare Workers, Lambda and Lambda@Edge

A few months ago we released a new way for people to run serverless Javascript called Cloudflare Workers. We believe Workers is the fastest way to execute serverless functions.

If it is truly the fastest, and it is comparable in price, it should be how every team deploys all of their serverless infrastructure. So I set out to see just how fast Worker execution is and prove it.

tl;dr Workers is much faster than Lambda and Lambda@Edge:

Serverless Performance: Cloudflare Workers, Lambda and Lambda@Edge

This is a chart showing what percentage of requests to each service were faster than a given number of ms. It is based on thousands of tests from all around the world, evenly sampled over the past 12 hours. At the 95th percentile, Workers is 441% faster than a Lambda function, and 192% faster than Lambda@Edge.

The functions being tested simply return the current time. All three scripts are available on Github. The testing is being done by a service called Catchpoint which has hundreds of testing locations around the world.

The Gold Coast

This is every test ran in the last hour, with results over 1500ms filtered out:

Serverless Performance: Cloudflare Workers, Lambda and Lambda@Edge

You can immediately see that Worker results are tightly clustered around the x-axis, Continue reading

Ansible 2.6: Your Time Has Come!

Ansible-2.6

Guess what!? Another release has come upon us! Your time has come to upgrade to Ansible 2.6-”Heartbreaker.” Utilize some great updates to automate to your heart’s desire, and avoid being heartbroken. See what I did there? 

Let’s dive right into some of the changes.

Deprecation

One little bit of house cleaning before getting into the rest of the fun. The deprecated task option always_run has been removed, please use check_mode: no instead.

For any more information on behavioural changes from Ansible 2.5 to Ansible 2.6, please check out the Porting Guide.

Memory Utilization Improvements

In the development cycle of 2.6, we started to tackle a memory utilization problem that some of our users experienced in Dynamic Includes. In some cases, we have seen “roughly a drop of 50% memory consumption,” and in one scenario we had seen execution times of 21 seconds down to 8 seconds after the change was applied. Cool little bit, a bunch of these fixes were also back-ported to Ansible 2.5 as well as Ansible 2.4! In a future blog post, we plan to go into more detail of what was done to improve upon Dynamic Includes. Also, Continue reading

1 1,547 1,548 1,549 1,550 1,551 3,841