Dataplane MAC Learning with EVPN

Johannes Resch submitted the following comment to the Is Dynamic MAC Learning Better Than EVPN? blog post:

I’ve also recently noticed some vendors claiming that dataplane MAC learning is so much better because it reduces the number of BGP updates in large scale SP EVPN deployments. Apparently, some of them are working on IETF drafts to bring dataplane MAC learning “back” to EVPN. Not sure if this is really a relevant point - we know that BGP scales nicely, and its relatively easy to deploy virtualized RR with sufficient VPU resources.

While he’s absolutely correct that BGP scales nicely, the questions to ask is “what is the optimal way to deliver a Carrier Ethernet service?

Read more …

On the ‘net: Network Models at Packet Pushers

I’ve just started a new series on network models over at Packet Pushers. The first two installments are here:

I learned the Open Systems Interconnect (OSI) model way back in the mid-1980s, as a part of my basic networking education. Ever since then, I’ve used the OSI model in my day-to-day work as a network engineer.

First, models are not sacrosanct. A model is just a tool. If the model you are using is not working for you, feel free to modify it.

On the ‘Net: The IETF at Packet Pushers

I’ve been writing a series about working within the IETF to publish a new standard over at Packet Pushers. The most recent installments are:

There are other seemingly mystical concepts in the IETF process as well—for instance, what is a “document stream,” and what is a document’s “status?”

You’re almost ready to submit a shiny new document to the IETF for consideration, right? Not quite yet—we still need to deal with mandatory sections and language.

Schedule 0923

Here’s a preview of what I’m working on for those who are interested:

  • September 2023: (this Friday) How Routers Really Work, a three-hour live webinar at Safari Books Online through Pearson
  • October 2023:
    • How the Internet Really Works a four-hour live webinar at Safari Books Online through Pearson; this is newly formatted and reorganized version of the two sessions I used to do
    • I’m speaking at a small theological conference on AI and ethics in Cary, NC
  • November 2023:
    • The new CCST book should be released
    • I have recorded a network basics video series that should be released in late 2023 or early 2024
  • January 2024:
    • What Coders Need to Know about Networks, a new course, co-authored with an engineer from Akamai; a three-hour live webinar at Safari Books Online through Pearson
    • I’ll be teaching a course in network engineering at the University of Colorado for the spring semester
  • February 2024: A new three-hour live webinar on infrastructure interviewing skills at Safari Books Online through Pearson
  • March 2024: BGP Policy, a three-hour live webinar on Safari Books Online through Pearson
  • April 2024: Troubleshooting, a reformatted and rebuilt three-hour live webinar at Safari Books Online through Pearson

There will probably Continue reading

China’s 1.5 Exaflops Supercomputer Chases Gordon Bell Prize – Again

The Association for Computing Machinery has just put out the finalists for the Gordon Bell Prize award that will be given out at the SC23 supercomputing conference in Denver, and as you might expect, some of the biggest iron assembled in the world are driving the advanced applications that have their eyes on the prize.

The post China’s 1.5 Exaflops Supercomputer Chases Gordon Bell Prize – Again first appeared on The Next Platform.

China’s 1.5 Exaflops Supercomputer Chases Gordon Bell Prize – Again was written by Timothy Prickett Morgan at The Next Platform.

Cisco snuffs HyperFlex development, hands HCI future to Nutanix

When Cisco and Nutanix partnered in August, it raised questions about the future development of Cisco’s HyperFlex platform. The other shoe dropped this week as Cisco said it would cease development of its hyperconverged infrastructure (HCI) system.Cisco announced the end-of-sale and end-of-life dates for its HyperFlex Data Platform (HXDP); the last day to order any products related to the system is September 11, 2024, and the last day to renew to an existing subscription is February 28, 2029. Active customers will be able to continue receiving Cisco support as necessary.To read this article in full, please click here

Cisco snuffs HyperFlex development, hands HCI future to Nutanix

When Cisco and Nutanix partnered in August, it raised questions about the future development of Cisco’s HyperFlex platform. The other shoe dropped this week as Cisco said it would cease development of its hyperconverged infrastructure (HCI) system.Cisco announced the end-of-sale and end-of-life dates for its HyperFlex Data Platform (HXDP); the last day to order any products related to the system is September 11, 2024, and the last day to renew to an existing subscription is February 28, 2029. Active customers will be able to continue receiving Cisco support as necessary.To read this article in full, please click here

Cisco snuffs HyperFlex development, hands HCI future to Nutanix

When Cisco and Nutanix partnered in August, it raised questions about the future development of Cisco’s HyperFlex platform. The other shoe dropped this week as Cisco said it would cease development of its hyperconverged infrastructure (HCI) system.Cisco announced the end-of-sale and end-of-life dates for its HyperFlex Data Platform (HXDP); the last day to order any products related to the system is September 11, 2024, and the last day to renew to an existing subscription is February 28, 2029. Active customers will be able to continue receiving Cisco support as necessary.To read this article in full, please click here

Cisco snuffs Hyperflex development, hands hyperconverged infrastructure future to Nutanix

When Cisco and Nutanix partnered in August, the writing was on the wall: future development of Cisco’s Hyperflex platform was on the rocks.The other shoe dropped this week as Cisco said it would end development of the hyperconverged (HCI) system, saying it would “end-of-life” the HyperFlex Data Platform (HXDP) and the last day to order any products related to the system would be September 11, 2024. The last day to renew to an existing subscription is February 28, 2029 though active customers will be able to continue receiving Cisco support as necessary.To read this article in full, please click here

Cisco snuffs Hyperflex development, hands hyperconverged infrastructure future to Nutanix

When Cisco and Nutanix partnered in August, the writing was on the wall: future development of Cisco’s Hyperflex platform was on the rocks.The other shoe dropped this week as Cisco said it would end development of the hyperconverged (HCI) system, saying it would “end-of-life” the HyperFlex Data Platform (HXDP) and the last day to order any products related to the system would be September 11, 2024. The last day to renew to an existing subscription is February 28, 2029 though active customers will be able to continue receiving Cisco support as necessary.To read this article in full, please click here

Weekend Reads 091523


The average total cost of a data breach has reached an all-time high in 2023 of $4.45 million. This is an increase of 2.3% from last year’s $4.35 million.


Originally created as a secure sandbox to run compiled C/C++ code in web browsers, WebAssembly (Wasm) has been gaining traction and momentum on the server-side.


Specifically, the web giant’s Privacy Sandbox APIs, a set of ad delivery and analysis technologies, now function in the latest version of the Chrome browser. Website developers can thus write code that calls those APIs to deliver and measure ads to visitors with compatible browsers.


The German digital association, Bitkom, recently announced that the cost of IT equipment theft, data breaches, digital and industrial espionage, and sabotage is expected to reach a staggering 206 billion euros ($224 billion) in 2023.


The alarming rise of phishing attacks has been underscored by a recent study “Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing conducted” by the Interisle Consulting Group, revealing a tripling of such attacks since May 2020.


Japan is widely regarded as one of the most advanced economies for Internet penetration. Japan’s Internet usage rate (individuals) is 82.9% Continue reading

IBM X-Force: Use of compromised credentials darkens cloud security picture

As connectivity to cloud-based resources grows, cybercriminals are using valid, compromised credentials to access enterprise resources at an alarming rate.That's one of the chief findings of the IBM X-Force Cloud Threat Landscape Report, which also found a 200% increase (about 3,900 vulnerabilities) in cloud-oriented Common Vulnerabilities and Exposures (CVE) in the last year.“Over 35% of cloud security incidents occurred from attackers’ use of valid, compromised credentials,” wrote Chris Caridi, strategic cyber threat analyst with IBM X-Force, in a blog about the report. “Making up nearly 90% of assets for sale on dark web marketplaces, credentials’ popularity among cybercriminals is apparent, averaging $10 per listing – or the equivalent of a dozen doughnuts.”To read this article in full, please click here

IBM X-Force: Use of compromised credentials darkens cloud security picture

As connectivity to cloud-based resources grows, cybercriminals are using valid, compromised credentials to access enterprise resources at an alarming rate.That's one of the chief findings of the IBM X-Force Cloud Threat Landscape Report, which also found a 200% increase (about 3,900 vulnerabilities) in cloud-oriented Common Vulnerabilities and Exposures (CVE) in the last year.“Over 35% of cloud security incidents occurred from attackers’ use of valid, compromised credentials,” wrote Chris Caridi, strategic cyber threat analyst with IBM X-Force, in a blog about the report. “Making up nearly 90% of assets for sale on dark web marketplaces, credentials’ popularity among cybercriminals is apparent, averaging $10 per listing – or the equivalent of a dozen doughnuts.”To read this article in full, please click here

IBM X-Force: Use of compromised credentials darkens cloud security picture

As connectivity to cloud-based resources grows, cybercriminals are using valid, compromised credentials to access enterprise resources at an alarming rate.That's one of the chief findings of the IBM X-Force Cloud Threat Landscape Report, which also found a 200% increase (about 3,900 vulnerabilities) in cloud-oriented Common Vulnerabilities and Exposures (CVE) in the last year.“Over 35% of cloud security incidents occurred from attackers’ use of valid, compromised credentials,” wrote Chris Caridi, strategic cyber threat analyst with IBM X-Force, in a blog about the report. “Making up nearly 90% of assets for sale on dark web marketplaces, credentials’ popularity among cybercriminals is apparent, averaging $10 per listing – or the equivalent of a dozen doughnuts.”To read this article in full, please click here

Heavy Networking 701: Monitoring SD-WAN At Scale With Broadcom (Sponsored)

Our topic today on Heavy Networking is SD-WAN monitoring at massive scale. Scale can grow quickly with SD-WAN when you account for the underlay, overlays, gateways, endpoints, and more. We talk with sponsor Broadcom about their monitoring platform and dig into a case study with a Broadcom customer providing global IT infrastructure for thousands of their own customers.

Heavy Networking 701: Monitoring SD-WAN At Scale With Broadcom (Sponsored)

Our topic today on Heavy Networking is SD-WAN monitoring at massive scale. Scale can grow quickly with SD-WAN when you account for the underlay, overlays, gateways, endpoints, and more. We talk with sponsor Broadcom about their monitoring platform and dig into a case study with a Broadcom customer providing global IT infrastructure for thousands of their own customers.

The post Heavy Networking 701: Monitoring SD-WAN At Scale With Broadcom (Sponsored) appeared first on Packet Pushers.

Making Content Security Policies (CSPs) easy with Page Shield

Making Content Security Policies (CSPs) easy with Page Shield
Making Content Security Policies (CSPs) easy with Page Shield

Modern web applications are complex, often loading JavaScript libraries from tens of different sources and submitting data to just as many. This leads to a vast attack surface area and many attack types that hackers may leverage to target the user browser directly. Magecart, a category of supply chain attack, is a good example.

To combat this, browser vendors (Google, Microsoft, Mozilla, etc.) have agreed on a standard that allows application owners to control browser behavior from a security perspective. This standard is called Content Security Policies (CSPs). Content Security Policies are implemented by application owners as a specially formatted HTTP response header that the browser then parses and enforces. This header can be used, for example, to enforce loading of JavaScript libraries only from a specific set of URLs. CSPs are good as they reduce the attack surface, but are hard to implement and manage, especially in a fast-paced development environment.

Starting today, Page Shield, our client-side security product, supports all major CSP directives. We’ve also added better reporting, automated suggestions, and Page Shield specific user roles, making CSPs much easier to manage.

If you are a Page Shield enterprise customer, log in to your Continue reading

BrandPost: Unified Management Is the Key to Single-Vendor SASE

It’s no secret that SASE has skyrocketed in popularity in recent years due in large part to how the solution provides strong threat protection and secure access no matter where a user, device, or application is located. This is no small feat, especially in the work-from-anywhere (WFA) era, where employees are logging in from a coffee shop one day and the office the next.  To read this article in full, please click here

1 155 156 157 158 159 3,763