The Linux ranger: What is it and how do you use it?

For those of us who cut our technical teeth on the Unix/Linux command line, the relatively new ranger makes examining files a very different experience. A file manager that works inside a terminal window, ranger provides useful information and makes it very easy to move into directories, view file content or jump into an editor to make changes.Unlike most file managers that work on the desktop but leave you to the whims of ls, cat and more to get a solid handle on files and contents, ranger provides a very nice mix of file listing and contents displays with an easy way to start editing. In fact, among some Linux users, ranger has become very popular.To read this article in full, please click here

Momentum Gathers for Persistent Memory Preppers

While it is possible to reap at least some benefits from persistent memory, for those that are performance focused, the work to establish an edge is getting underway now with many of the OS and larger ecosystem players working together on new standards for existing codes.

Before we talk about some of the efforts to bring easier programming for persistent memory closer, it is useful to level-set about what it is, isn’t, how it works, and who will benefit in the near term. The most common point of confusion is that persistent memory is not necessarily about hardware, a fact

Momentum Gathers for Persistent Memory Preppers was written by Nicole Hemsoth at The Next Platform.

Context-Aware Micro-segmentation – an innovative approach to Application and User Identity Firewall

Summary: With Context-awareness, NSX for vSphere 6.4 enables customers to enforce policy based on Application and Protocol Identification and expands the Identity Firewall support to Multiple User Sessions.

A few weeks ago, VMware released version 6.4 of NSX for vSphere.  The 6.4 release brings many new features, with Context-awareness being key from a security perspective.  Micro-segmentation enables East-West security controls, and is a key building block to a secure datacenter. Context-awareness builds-on and expands Micro-segmentation by  enabling customers even more fine-grained visibility and control.  NSX has supported the use infrastructure or application-centric constructs such as Security Groups based on criteria like VM name or OS version, or Dynamic Security Tags describing things like the workload function, the environment it’s deployed in, or any compliance requirements the workload falls under, enabling fine-grained control and allowing customers to automate the lifecycle of a security policy from the time an application is provisioned to the time it’s decommissioned. Prior to 6.4, rules with  infrastructure or application-centric grouping constructs on the Management plane, are eventually translated to 5-tuple based rules in the dataplane.

Figure: NSX drives policy based on Network, User and Workload Context

A crucial aspect of Context-awareness Continue reading

Episode 21 – Tools For Network Engineers

In this episode of Network Collective, Hank Yeomans and Jonathan Davis join us to take a look at some of our favorite tools as network engineers. Whether it’s hardware or software, tools are the things that help us do our jobs well, and if used correctly, can help set you apart.

 

 

We would like to thank Cumulus Networks for sponsoring this episode of Network Collective. Cumulus invites you to find out more about how Linux is changing the data center networking space by downloading their free ebook “Linux Networking 101” here: http://cumulusnetworks.com/NetworkCollectiveLinux

 

 

Show Notes:

  • Text Editer
    • It sounds simple, but a good text editor saves a lot of time
    • Regex search and replace is incredibly powerful once you know how to use it well
    • Standard features as well, like tabbed interfaces
    • Good options – Sublime Text, Notepad++
  • Terminal Software

The Network Architect Part 2

I got some great comments from my readers on the first part of this post. I love engaging with readers! So I thought I would write a part two to explain some of my thinking which I described in some of the comments.

Does a network architect need to be technical?

Yes, he/she needs to be technical but what does that mean? Let’s say that two datacenters need to be connected. Layer two needs to be stretched between the two DCs. The architect should be able to know different solutions to the problem such as using fibres between the two DCs, clustering technologies, TRILL, OTV and so on. Does the architect need to be able to configure OTV off the bat? Nope. Does the architect need to know what different timers OTV uses? Nope. Those are not things that need to be considered at that point in time. Now, often the architect is involved in the actual design as well and in that case the architect is involved in creating the design and documenting what commands are needed and so on. So the architect needs to be technical but not super technical.

Does the network architect need operational experience?

Preferably Continue reading

Help Five Projects Connect the World

At Bilkent University in Ankara, students sit at desks littered with bookbags and bottles of water. It looks like a typical classroom, except for the makeup of the students – school-age girls – and when the instructor asks a question, the room comes alive. “Who wants to code again after today?”

The hands shoot up.

The students are participating in Coding Sisters, a program that teaches coding to girls. Soon they are grinning as they raise their certificates of completion into the air. They yell in unison, “Hello world!”

The project was funded by the Internet Society’s Digital schools!” Chapterthon 2017, in partnership with Wikimedia Foundation. From October to November 2017, 30 projects from around the world came together to bring educational opportunities to children, especially girls. Chapterthon has been nominated for a series of prizes to be given out at the World Summit on the Information Society (WSIS), an annual United Nations-sponsored summit focused on the role information and communication plays in our world. TheWSIS Prizes recognize individuals and organizations that advance the Sustainable Development Goals: 17 global goals dedicated to building a better world by 2030.

Four other innovative, Internet Society-funded projects Continue reading

Gimmicky IoT devices detract from IoT’s real potential

Making fun of silly implementations of the Internet of Things (IoT) is easier than shooting fish in a barrel. No matter how ridiculous the last IoT device may seem, there’s always something even more outré in the works.That’s fine — up to a point. It doesn’t necessarily hurt for IoT to enter people’s lives in friendly, non-threatening, non-mission-critical applications. Ideally, that can make IoT seem approachable instead of creepy, mildly useful instead of invasive.Also on Network World: Forget the CES hype, IoT is all about industry But there’s a limit to this approach. The endless parade of pointless IoT gimmicks threatens to trivialize the technology, leading consumers (and business people) to dismiss the IoT as the realm of smart toothbrushes and smart hairbrushes and smart refrigerators — and internet-connected toilets.To read this article in full, please click here

Explain Cisco ETA to Me in a Way That Even My Neighbor Can Understand It

Cisco Encrypted Traffic Analytics (ETA) sounds just a little bit like magic the first time you hear about it. Cisco is basically proposing that when you turn on ETA, your network can (magically!) detect malicious traffic (ie, malware, trojans, ransomware, etc) inside encrypted flows. Further, Cisco proposes that ETA can differentiate legitimate encrypted traffic from malicious encrypted traffic.

Uhmm, how?

The immediate mental model that springs to mind is that of a web proxy that intercepts HTTP traffic. In order to intercept TLS-encrypted HTTPS traffic, there’s a complicated dance that has to happen around building a Certificate Authority, distributing the CA’s public certificate to every device that will connect through the proxy and then actually configuring the endpoints and/or network to push the HTTPS traffic to the proxy. This is often referred to as “man-in-the-middle” (MiTM) because the proxy actually breaks into the encrypted session between the client and the server. In the end, the proxy has access to the clear-text communication.

Is ETA using a similar method and breaking into the encrypted session?

In this article, I’m going to use an analogy to describe how ETA does what it does. Afterwards, you should feel more comfortable about how Continue reading

Automation Win: Cleanup Checkpoint Configuration

Gabriel Sulbaran decided to tackle a pretty challenging problem after watching my Ansible for Networking Engineers webinar: configuring older Checkpoint firewalls.

I had no idea what Ansible was when I started your webinar, and now I already did a really simple but helpful playbook to automate changing the timezone and adding and deleting admin users in a Checkpoint firewall using the command and raw modules. Had to use those modules because there are no official Checkpoint module for the version I'm working on (R77.30).

Did you automate something in your network? Let me know!

Explain Cisco ETA to Me in a Way That Even My Neighbor Can Understand It

Cisco Encrypted Traffic Analytics (ETA) sounds just a little bit like magic the first time you hear about it. Cisco is basically proposing that when you turn on ETA, your network can (magically!) detect malicious traffic (ie, malware, trojans, ransomware, etc) inside encrypted flows. Further, Cisco proposes that ETA can differentiate legitimate encrypted traffic from malicious encrypted traffic.

Uhmm, how?

The immediate mental model that springs to mind is that of a web proxy that intercepts HTTP traffic. In order to intercept TLS-encrypted HTTPS traffic, there's a complicated dance that has to happen around building a Certificate Authority, distributing the CA's public certificate to every device that will connect through the proxy and then actually configuring the endpoints and/or network to push the HTTPS traffic to the proxy. This is often referred to as “man-in-the-middle” (MiTM) because the proxy actually breaks into the encrypted session between the client and the server. In the end, the proxy has access to the clear-text communication.

Is ETA using a similar method and breaking into the encrypted session?

In this article, I'm going to use an analogy to describe how ETA does what it does. Afterwards, you should feel more comfortable about how Continue reading

It’s Hard To Change The Keys To The Internet And It Involves Destroying HSM’s

It’s Hard To Change The Keys To The Internet And It Involves Destroying HSM’s

It’s Hard To Change The Keys To The Internet And It Involves Destroying HSM’sPhoto by Niko Soikkeli / Unsplash

The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to provide cryptographic signatures alongside DNS records that can be validated, i.e. prove the answer is correct and has not been tampered with. To learn more about why DNSSEC is important, you can read our earlier blog post.

Today, the root zone is signed with a 2048 bit RSA “Trust Anchor” key. This key is used to sign further keys and is used to establish the Chain of trust that exists in the public DNS at the moment.

With access to this root Trust Anchor, it would be possible to re-sign the DNS tree and tamper with the content of DNS records on any domain, implementing a man-in-the-middle DNS attack… without causing recursors and resolvers to consider the data invalid.

As explained in this blog the key is very well protected with eye scanners and fingerprint readers and fire-breathing dragons patrolling the gate (okay, maybe not dragons). Operationally though, the root zone uses two different keys, the mentioned Trust Anchor key (that is called the Key Signing Key or KSK for Continue reading

IBM’s 2018 Rollout Plan For Power9 Systems

In a way, the processor market started moving in slow motion through 2017 as server makers and their customers were awaiting a veritable cornucopia of processor options, something the industry has not seen in many a year. We have been predicting that there would be a Cambrian Explosion of compute, first in 2017, but it has taken a bit longer for many of these processors to come to market and it looks like 2018 might be the year.

This might be, in fact, the year when IBM’s Power RISC processors see a long-awaited resurgence, and frankly, if it doesn’t happen

IBM’s 2018 Rollout Plan For Power9 Systems was written by Timothy Prickett Morgan at The Next Platform.

The Network Architect

What’s the difference between a network architect and a network designer? What is network architecture and what is network design? These are questions I asked myself a couple of years ago and that I get asked frequently from others. The reason I wanted to write this post is to help people that want to be network architects understand what it is about. I also wanted to help people that are studying for the CCDE to get into the right mindset. If you go in to the practical with the mindset of a designer, you will fail. You need to think like an architect.

This post is not about if an architect is more advanced than a designer. They are both needed and often they are the same person. I work as both but my title is network architect. Some people use the title to indicate it’s a senior role although the role might not be heavily geared towards design.

So what does a network architect do? And how is that different from the network designer?

The network architect is the one that is fronting the business. What does this mean? The network architect is the one that is meeting stakeholders Continue reading

New Memory Challenges Legacy Approaches to HPC Code

From DRAM to NUMA to memory non-volatile, stacked, remote, or even phase change, the coming years will bring big changes to code developers on the world’s largest parallel supercomputers.

While these memory advancements can translate to major performance leaps, the code complexity these devices will create pose big challenges in terms of performance portability for legacy and newer codes alike.

While the programming side of the emerging memory story may not be as widely appealing as the hardware, work that people like Ron Brightwell, R&D manager at Sandia National Lab and head of numerous exascale programming efforts do to expose

New Memory Challenges Legacy Approaches to HPC Code was written by Nicole Hemsoth at The Next Platform.

Top 5 From The Last 3 Months

 

In today’s day and age, content is king. It’s nearly impossible to keep up with the deluge of information, especially in the tech space where change is constant. We’re aware that the struggle is real. To keep you up-to-date on the latest and greatest in networking, we’ve compiled a round-up blog of the top posts from the past few months.

 

VMware Closes Acquisition of VeloCloud Networks

 In December, VMware NSX completed its acquisition of VeloCloud Networks, bringing their industry-leading, cloud-delivered SD-WAN solution to our own growing software-based networking portfolio. The acquisition of VeloCloud significantly advances our strategy of enabling customers to run, manage, connect and secure any application on any cloud to any device. Learn all about the acquisition from SVP and GM, Networking and Security Business Unit Jeff Jennings.

VMware SDDC with NSX Expands to AWS

With VMware Cloud on AWS, customers can now leverage the best of both worlds – the leading compute, storage and network virtualization stack enabling enterprises for SDDC can now all be enabled with a click of a button on dedicated, elastic, bare-metal and highly available AWS infrastructure. Bonus: because it’s a managed service by VMware, customers can focus on the Continue reading

1 1,733 1,734 1,735 1,736 1,737 3,841