Is NAT a Bad Thing?
Peter Welcher examines the pros and cons of Network Address Translation and describes design scenarios.
Vodafone Finds Containers Drastically More Efficient Than VMs
Resource savings with containers is pegged at around 40 percent.
Stuff The Internet Says On Scalability For March 2nd, 2018
Hey, it's HighScalability time:
Algorithms described like IKEA instructions. Can anyone assemble these? (Algorithms and data structures)
If you like this sort of Stuff then please support me on Patreon. And please consider recommending my new book—Explain the Cloud Like I'm 10—to whole entire world.
- $75 million: Dropbox saved moving out of S3; 159 million: Spotify monthly active users; 80 million: more records added to Have I Been Pwned; 9%: universe expanding faster than predicted; $2,222,279: Warren Buffett won his long bet against hedge fund mangers; 60,000: Mayan houses found in Guatemala using LiDAR; $14.2 billion: PaaS revenue; ~180 million: years until first sun after the big whatever it was; $1,599: cost of stolen Extended Validation (EV) certificate; 8,000X: query speedup using GPU database; 2.4 million: Google requests to be forgotten; 6 minutes: time to IoT device attack on the internet; 103 million: tweets sent about the Olympics; 320,000: increase in Chloe Kim's twitter followers; 150 kg: acorns stored by woodpeckers in a telecom antenna; 0.14ms: Fsync performance on Intel PC-3700; Q: earliest known article on Wikipedia; 800Gbps+: memcached reflection/amplification attacks; Continue reading
Engineering versus Metaengineering
In my latest short take over at the Network Collective, I explain the difference between engineering and metaengineering.
The Modern Telco is Open Series, Part 1: Open Telco Framework Q&A
Thanks to all who joined us for the first of The Modern Telco is Open Series, The Open Telco Framework. During the webinar, we saw how Red Hat’s open 5G architecture foundation helps modern telcos deploy new services (MEC apps, vRAN, IoT) – faster, economically and at massive scale. After the webinar, we had a live Q&A with... Read more →
SDxCentral’s Weekly Roundup — March 2, 2018
Cisco forms IoT, 5G, and smart city partnerships; Softbank and Affirmed Networks strike an IoT agreement; VMware launches edge technology.
Enterprise Network on GNS3 – Part 7 – DMZ
This is the last article from the series of the articles discussing configuration of the enterprise network. The article explains the configuration of Demilitarized Zone (DMZ). Our DMZ consists of three devices - ASAv-DMZ-I, a multilayer switch vIOS-DMZ-I and Serv-DMZ-I. All the devices in DMZ are run by Qemu hypervisor. The ASAv_DMZ-I device is Cisco Adaptive Security Appliance Software version 9.6.1 and it has assigned 2048 MB RAM by GNS3. The device vIOS-DMZ-I is Cisco vIOS-L2 version 15.2 and it has assigned 512 MB RAM by GNS3. And finally, the device Serv-DMZ-I is Linux Ubuntu 16.04.3 LTS with 1024 MB RAM assigned by GNS3. The server Serv-DMZ-I provides DNS, NTP, Syslog services for devices in DMZ and a public web service for all hosts in the Internet.
Picture 1 - Demilitarized Zone - DMZ
All devices located in DMZ have their IP addresses assigned from the subnet 195.1.1.128/25. The subnet 195.1.1.128/27 is further divided with /30 mask, creating 8 subnets suitable for point-to-point link configuration . Servers located in DMZ are assigned to different VLANs. Currently, there is only server Serv-DMZ-I deployed in DMZ and configured with the IP addresses Continue reading
Enterprise Network on GNS3 – Part 7 – DMZ
This is the last article from the series of the articles discussing configuration of the enterprise network. The article explains the configuration of Demilitarized Zone (DMZ). Our DMZ consists of three devices - ASAv-DMZ-I, a multilayer switch vIOS-DMZ-I and Serv-DMZ-I. All the devices in DMZ are run by Qemu hypervisor. The ASAv_DMZ-I device is Cisco Adaptive Security Appliance Software version 9.6.1 and it has assigned 2048 MB RAM by GNS3. The device vIOS-DMZ-I is Cisco vIOS-L2 version 15.2 and it has assigned 512 MB RAM by GNS3. And finally, the device Serv-DMZ-I is Linux Ubuntu 16.04.3 LTS with 1024 MB RAM assigned by GNS3. The server Serv-DMZ-I provides DNS, NTP, Syslog services for devices in DMZ and a public web service for all hosts in the Internet.
Picture 1 - Demilitarized Zone - DMZ
All devices located in DMZ have their IP addresses assigned from the subnet 195.1.1.128/25. The subnet 195.1.1.128/27 is further divided with /30 mask, creating 8 subnets suitable for point-to-point link configuration . Servers located in DMZ are assigned to different VLANs. Currently, there is only server Serv-DMZ-I deployed in DMZ and configured with the IP addresses Continue reading
Short Take – Metaengineering
What’s the difference between being an engineer or a metaengineer? In this Network Collective Short Take, Russ White differentiates between the two and explores when it makes sense to be one or the other.
Russ White
The post Short Take – Metaengineering appeared first on Network Collective.
Memcached DDoS – There’s Still Time to Save Your Mind
In case you haven’t heard, there’s a new vector for Distributed Denial of Service (DDoS) attacks out there right now and it’s pretty massive. The first mention I saw this week was from Cloudflare, where they details that they were seeing a huge influx of traffic from UDP port 11211. That’s the port used by memcached, a database caching system.
Surprisingly, or not, there were thousands of companies that had left UDP/11211 open to the entire Internet. And, by design, memcached responds to anyone that queries that port. Also, carefully crafted packets can be amplified to have massive responses. In Cloudflare’s testing they were able to send a 15 byte packet and get a 134KB response. Given that this protocol is UDP and capable of responding to forged packets in such a way as to make life miserable for Cloudflare and, now, Github, which got blasted with the largest DDoS attack on record.
How can you fix this problem in your network? There are many steps you can take, whether you are a system admin or a network admin:
- Go to Shodan and see if you’re affected. Just plug in your company’s IP address ranges and have it Continue reading
Hardware as a Service: The New Missing Middle?
Computing used to be far away.
It was accessed via remote command terminals, through time sliced services. It was a pretty miserable experience. During the personal computing revolution, computing once again became local. It would fit under your desk, or in a small dedicated “computer rooms”. You could touch it. It was once more, a happy and contented time for computer users. The computer was personal again. There was a clue in the name.
However, as complexity grew, and as networks improved, computing was effectively taken away again and placed in cold dark rooms once more far, far away for …
Hardware as a Service: The New Missing Middle? was written by James Cuff at The Next Platform.
IT Automation: Not Just for the Big Dogs
Hyperscale companies like AWS have led the way on automation, but enterprise IT can close the gap by following these steps.
Video: Create an NSX Logical Switch with PowerNSX
After introducing PowerNSX Anthony Burke illustrated how easy it is to use with a Hello, World equivalent: creating a logical switch (VXLAN segment).
You’ll need at least free ipSpace.net subscription to watch the video.
Want to know more about VMware NSX? We’ll run an NSX-focused event and a NSX Deep Dive workshop in Zurich on April 19th 2018, an overview webinar comparing NSX, ACI and EVPN on March 1st, and a deep dive in VMware NSX architecture later in 2018.