Review: HPE OfficeConnect switch, access point easy to deploy, manage

The role of Wi-Fi has changed in most companies and is no longer something that’s merely convenient. Rather, it’s critical to a business’s ability to ensure its customer are happy and workers are productive.Given the growing importance of Wi-Fi, it’s essential vendors make products that are easy to set up, particularly for small businesses where the technical acumen of the person setting the product up is likely to be low.HPE had inquires as to the importance of having the product be easy to setup and manage, and I said that I felt it was the most important attribute. In fact, I chose the solution for my house — which includes four indoor access points (APs), one outdoor AP, and a 48 port Ethernet switch — based on how easy the product was to operate.  I'm very technical, but I really can't be bothered to fiddle around with doing things in a CLI.To read this article in full, please click here

Review: HPE OfficeConnect switch, access point easy to deploy, manage

The role of Wi-Fi has changed in most companies and is no longer something that’s merely convenient. Rather, it’s critical to a business’s ability to ensure its customer are happy and workers are productive.Given the growing importance of Wi-Fi, it’s essential vendors make products that are easy to set up, particularly for small businesses where the technical acumen of the person setting the product up is likely to be low.HPE had inquires as to the importance of having the product be easy to setup and manage, and I said that I felt it was the most important attribute. In fact, I chose the solution for my house — which includes four indoor access points (APs), one outdoor AP, and a 48 port Ethernet switch — based on how easy the product was to operate.  I'm very technical, but I really can't be bothered to fiddle around with doing things in a CLI.To read this article in full, please click here

Review: HPE OfficeConnect network products extremely easy to deploy, manage

The role of Wi-Fi has changed in most companies and is no longer something that’s merely convenient. Rather, it’s critical to a business’s ability to ensure its customer are happy and workers are productive.Given the growing importance of Wi-Fi, it’s essential vendors make products that are easy to set up, particularly for small businesses where the technical acumen of the person setting the product up is likely to be low.HPE had inquires as to the importance of having the product be easy to setup and manage, and I said that I felt it was the most important attribute. In fact, I chose the solution for my house — which includes four indoor access points (APs), one outdoor AP, and a 48 port Ethernet switch — based on how easy the product was to operate.  I'm very technical, but I really can't be bothered to fiddle around with doing things in a CLI.To read this article in full, please click here

FPGA maker Xilinx aims range of software-programmable chips at data centers

As data centers are called upon to handle an explosion of unstructured data fed into a variety of cutting-edge applications, the future for FPGAs looks bright.That’s because FPGAs, or field programmable gate arrays, are essentially chips that can be programmed, after manufacturing, to act as custom accelerators for workloads including machine-learning, complex data analysis, video encoding, and genomics – applications that have far-reaching consequences for communications, networking, health care, the entertainment industry and many other businesses.[ Check out REVIEW: VMware’s vSAN 6.6 and hear IDC’s top 10 data center predictions . | Get regularly scheduled insights by signing up for Network World newsletters. ] Such applications lend themselves to parallel processing, an important feature of FPGAs, which can also be reconfigured on the fly to handle new features as the nature of these workloads evolve.To read this article in full, please click here

FPGA maker Xilinx aims range of software-programmable chips at data centers

As data centers are called upon to handle an explosion of unstructured data fed into a variety of cutting-edge applications, the future for FPGAs looks bright.That’s because FPGAs, or field programmable gate arrays, are essentially chips that can be programmed, after manufacturing, to act as custom accelerators for workloads including machine-learning, complex data analysis, video encoding, and genomics – applications that have far-reaching consequences for communications, networking, health care, the entertainment industry and many other businesses.[ Check out REVIEW: VMware’s vSAN 6.6 and hear IDC’s top 10 data center predictions . | Get regularly scheduled insights by signing up for Network World newsletters. ] Such applications lend themselves to parallel processing, an important feature of FPGAs, which can also be reconfigured on the fly to handle new features as the nature of these workloads evolve.To read this article in full, please click here

FPGA maker Xilinx aims range of software-programmable chips at data centers

As data centers are called upon to handle an explosion of unstructured data fed into a variety of cutting-edge applications, the future for FPGAs looks bright.That’s because FPGAs, or field programmable gate arrays, are essentially chips that can be programmed, after manufacturing, to act as custom accelerators for workloads including machine-learning, complex data analysis, video encoding, and genomics – applications that have far-reaching consequences for communications, networking, health care, the entertainment industry and many other businesses.[ Check out REVIEW: VMware’s vSAN 6.6 and hear IDC’s top 10 data center predictions . | Get regularly scheduled insights by signing up for Network World newsletters. ] Such applications lend themselves to parallel processing, an important feature of FPGAs, which can also be reconfigured on the fly to handle new features as the nature of these workloads evolve.To read this article in full, please click here

FPGA maker Xilinx aims range of software programmable chips at data centers

As data centers are called upon to handle an explosion of unstructured data fed into a variety of cutting-edge applications, the future for FPGAs looks bright.That’s because FPGAs, or field programmable gate arrays, are essentially chips that can be programmed, after manufacturing, to act as custom accelerators for workloads including machine-learning, complex data analysis, video encoding, and genomics – applications that have far-reaching consequences for communications, networking, health care, the entertainment industry and many other businesses.Such applications lend themselves to parallel processing, an important feature of FPGAs, which can also be reconfigured on the fly to handle new features as the nature of these workloads evolve.To read this article in full, please click here

FPGA maker Xilinx aims range of software programmable chips at data centers

As data centers are called upon to handle an explosion of unstructured data fed into a variety of cutting-edge applications, the future for FPGAs looks bright.That’s because FPGAs, or field programmable gate arrays, are essentially chips that can be programmed, after manufacturing, to act as custom accelerators for workloads including machine-learning, complex data analysis, video encoding, and genomics – applications that have far-reaching consequences for communications, networking, health care, the entertainment industry and many other businesses.Such applications lend themselves to parallel processing, an important feature of FPGAs, which can also be reconfigured on the fly to handle new features as the nature of these workloads evolve.To read this article in full, please click here

9 Reasons to Be Extra Excited About Interop ITX 2018

9 Reasons to Be Extra Excited About Interop ITX 2018

FPGA Maker Xilinx Says the Future of Computing is ACAP

The field programmable gate space is heating up with new use cases driven by everything from emerging network, IoT, and application acceleration trends. Keeping ahead of the curve means expanding on devices that have quite steady improvement cycles, which means the few companies at the top need to get creative to stay competitive.

Xilinx and Altera – which was bought by Intel in 2015 for $16.7 billion – have been the top vendors of FPGAs, which can be programmed and reprogrammed, enabling organizations the ability to adapt the processors to the varying workloads running on the systems. The high price …

FPGA Maker Xilinx Says the Future of Computing is ACAP was written by Jeffrey Burt at The Next Platform.

Integration of a Go service with systemd: socket activation

In a previous post, I highlighted some useful features of systemd when writing a service in Go, notably to signal readiness and prove liveness. Another interesting bit is socket activation: systemd listens on behalf of the application and, on incoming traffic, starts the service with a copy of the listening socket. Lennart Poettering details in a blog post:

If a service dies, its listening socket stays around, not losing a single message. After a restart of the crashed service it can continue right where it left off. If a service is upgraded we can restart the service while keeping around its sockets, thus ensuring the service is continously responsive. Not a single connection is lost during the upgrade.

This is one solution to get zero-downtime deployment for your application. Another upside is you can run your daemon with less privileges—loosing rights is a difficult task in Go.¹

The basics?

Let’s take back our nifty 404-only web server:

package main

import (
    "log"
    "net"
    "net/http"
 Continue reading

How Do You Get Information from Network Devices?

One of the biggest challenges of network automation is getting usable information from network devices… or as asked by a student in my Building Network Automation Solutions online course in the course Slack team:

How do I get specific information from a specific command from a device without an Ansible Network Module? Is Python the only suggested approach?

I described how hard it is to get structured information from network devices in great details in this section of the Ansible for Networking Engineers webinar and online course. Here are a few more thoughts on the topic:

Basic Trustsec – Implementing Manual SGTs and SGACLs

Trustsec is a mature and interesting policy mechanism available in most Cisco gear. The features and capabilities vary depending on device type and class. One of the frustrations I have is that almost every Trustsec reference I find focuses on the use of ISE. While I consider ISE a key component, I think a manual configuration is a better way to understand the components of the solution.

This post is the first in a series that will go through the configuration of Trustsec in various places in the network. I hope to examine classification and tag assignment, propagation techniques and enforcement. Ultimately, I will introduce ISE but it will be the tool that makes this technology dynamic and robust. The goal is to build a better foundation by taking a step by step approach into the world of Trustsec.

In this article, I will simply build a network with a Catalyst 9300 and two devices. One device will be assigned an SGT of 2 and the other will receive an SGT of 3. I understand that many are concerned about the fact that they don’t have this class of switch at the access layer. Future articles will address how Trustsec Continue reading

Basic Trustsec – Implementing Manual SGTs and SGACLs

Trustsec is a mature and interesting policy mechanism available in most Cisco gear. The features and capabilities vary depending on device type and class. One of the frustrations I have is that almost every Trustsec reference I find focuses on the use of ISE. While I consider ISE a key component, I think a manual configuration is a better way to understand the components of the solution.

This post is the first in a series that will go through the configuration of Trustsec in various places in the network. I hope to examine classification and tag assignment, propagation techniques and enforcement. Ultimately, I will introduce ISE but it will be the tool that makes this technology dynamic and robust. The goal is to build a better foundation by taking a step by step approach into the world of Trustsec.

In this article, I will simply build a network with a Catalyst 9300 and two devices. One device will be assigned an SGT of 2 and the other will receive an SGT of 3. I understand that many are concerned about the fact that they don’t have this class of switch at the access layer. Future articles will address how Trustsec Continue reading

Basic Trustsec – Implementing Manual SGTs and SGACLs

Trustsec is a mature and interesting policy mechanism available in most Cisco gear. The features and capabilities vary depending on device type and class. One of the frustrations I have is that almost every Trustsec reference I find focuses on the use of ISE. While I consider ISE a key component, I think a manual configuration is a better way to understand the components of the solution.

This post is the first in a series that will go through the configuration of Trustsec in various places in the network. I hope to examine classification and tag assignment, propagation techniques and enforcement. Ultimately, I will introduce ISE but it will be the tool that makes this technology dynamic and robust. The goal is to build a better foundation by taking a step by step approach into the world of Trustsec.

In this article, I will simply build a network with a Catalyst 9300 and two devices. One device will be assigned an SGT of 2 and the other will receive an SGT of 3. I understand that many are concerned about the fact that they don’t have this class of switch at the access layer. Future articles will address how Trustsec Continue reading

IETF 101, Day 1: Would you IPv6 it?

It’s another packed week at IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Monday is a very full day with two important IPv6 working groups, one on IoT, a couple on routing, and another couple related to crypto.

Route-based VPN on Linux with WireGuard

In a previous article, I described an implementation of redundant site-to-site VPNs using IPsec (with strongSwan as an IKE daemon) and BGP (with BIRD) to achieve this: ?

The two strengths of such a setup are:

1. Routing daemons distribute routes to be protected by the VPNs. They provide high availability and decrease the administrative burden when many subnets are present on each side.
2. Encapsulation and decapsulation are executed in a different network namespace. This enables a clean separation between a private routing instance (where VPN users are) and a public routing instance (where VPN endpoints are).

As an alternative to IPsec, WireGuard is an extremely simple (less than 5,000 lines of code) yet fast and modern VPN that utilizes state-of-the-art and opinionated cryptography (Curve25519, ChaCha20, Poly1305) and whose protocol, based on Noise, has been formally verified. It is currently available as an out-of-tree module for Linux but is likely to be merged when the protocol is not subject to change anymore. Compared to IPsec, its major weakness is its lack of interoperability.

It can easily replace strongSwan in our site-to-site setup. On Linux, it already acts as a route-based VPN. As a first Continue reading

Worth Reading: Magical Thinking in Internet Security

Someone pointed me to this article by dr. Paul Vixie (of the DNS fame). The best part (as I’m not a security person):

The TCO of new technology products and services, including security-related products and services, should be fudge-factored by at least 3X to account for the cost of reduced understanding. That extra 2X is a source of new spending: on training, on auditing, on staff growth and retention, on in-house integration.

In case you didn’t get it: figure out how much you think the magic unicorn-based software-defined solution will cost, then multiply it by three. Of course nobody wants to admit that.

Let’s Reform the IGF to Ensure Its Healthy Future

It seems like yesterday we were in Tunis at the 2005 World Summit on the Information Society (WSIS), where I was involved in the negotiations that led to the formation of the Internet Governance Forum (IGF). When I look back at the evolution of Internet governance since then, it is amazing!

But the decisions we have made before are in constant scrutiny of the reality check. Geopolitical forces around the world have been changing and increased challenges with rapid Internet evolution have impacted global society as never before. Nevertheless, the IGF community is showing signs of fatigue – less government and high level attendance, difficulties to confirm the host country in advance, fewer contributions for the intersessional work – while there are heated debates on the Internet front regarding cybersecurity, the digital economy, and the future of jobs and education with IoT and AI.

Thus, it is urgent that the community takes the responsibility of introducing the reform the IGF needs to continue its brilliant journey. The IGF has an amazing opportunity ahead to adapt and inspire people to work effectively in support of people-centered development.

The world is much better with the IGF than without it!

The IGF Continue reading