Route Filtering Technique: IP Prefix Lists

Today I am going to talk about another route filtering protocol which is widely used in the BGO environment. IP prefix lists are generally used when we need to block or permit the block of the IP addresses in the network.

Before we talk about these protocols,  I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos


Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go

Now Let's talk about the route filtering technique named as IP Prefix list. So IP Prefix list is the way to permit and deny the routes with the larger block size.

With the use of two keywords , ge and le we are going to deny or permit the IP Prefix block with the subnet mask. The prefix list is applied to inbound or outbound updates for specific peer by entering the prefix-list command in neighbor address-family mode. 

Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can Continue reading

Sharing is Caring: Docker Enterprise Edition Access Control

Multi-tenancy has many benefits in organizations. Clearly it increases hardware utilization but it also allows IT roles to specialize more, and provides better separation of concerns. This leads to more manageable infrastructure. Multi-tenancy is a challenging practice though, as it requires strict security control over resources without becoming too cumbersome for application deployment.

This blog post is about the Role-based Access Control (RBAC) enhancements introduced in Docker Enterprise Edition (Docker EE) 17.06. These enhancements allow for much more granular control and also flexible policy modeling that is one giant building block of a multitenant container infrastructure. This post will help you  address questions like:

  • How do I prevent different teams from viewing or interacting with each other’s applications when using shared infrastructure?
  • How can I enforce scheduling on certain nodes in the cluster?
  • How can I manage all the access policies so it’s clearly understandable who has access to what?

Docker EE Access Control is a policy-based model that uses access control lists called grants to dictate access between users and cluster resources. A grant is a rule that ties together who, can do which actions, against what resource.

As shown below, a grant is made Continue reading

Securing Native Cloud Workloads with VMware NSX Cloud Blog Series – Part 1: Getting Started

Introduction As businesses evaluate their applications in the constantly evolving world of IT, new strategies are emerging for delivery. These strategies include keeping applications on-premises or moving them to one or more public cloud providers. These public clouds come with their own networking and security constructs and policy management. This results in a new set of... Read more →

Securing Native Cloud Workloads with VMware NSX Cloud Blog Series – Part 1: Getting Started

Introduction

As businesses evaluate their applications in the constantly evolving world of IT, new strategies are emerging for delivery. These strategies include keeping applications on-premises or moving them to one or more public cloud providers.

These public clouds come with their own networking and security constructs and policy management. This results in a new set of technology siloes that increases expense, complexity and risk:

This blog series will discuss the challenges of providing consistent networking and security policies for native cloud workloads, the value of VMware NSX Cloud, and walk through the process of securing and connecting applications running natively in the public cloud.

VMware NSX Cloud

VMware’s strategy is to enable businesses to create and deliver applications. To support new delivery strategies, VMware NSX Cloud provides consistent networking and security for native applications running in multiple public and private clouds. Utilizing a single management console and a common application programming interface, VMware NSX Cloud offers numerous benefits:

  • Unified Micro-Segmentation Security Policies – VMware NSX Cloud provides control over East-West traffic between native workloads running in public clouds. Security policies are defined once and applied to native workloads. These policies are supported in multiple AWS accounts, regions, and VPCs. Policies are Continue reading

Marvell And Cavium Forge A Datacenter Platform

It has taken what seems like forever, but Arm server processors are starting to get some legs just as a massive consolidation wave, driven as much by the end of Moore’s Law as by the desire to always be bigger, is undertaking the semiconductor industry. All we need is a recession and a price war in the datacenter and a lot of compute, storage, and networking incumbents could be toppled. It wouldn’t be the first time, and it will not be the last.

This is why semiconductor giant Broadcom wants to pay a stunning $130 billion to acquire sometime rival

Marvell And Cavium Forge A Datacenter Platform was written by Timothy Prickett Morgan at The Next Platform.

The loss of net neutrality: Say goodbye to a free and open internet

Update May 17, 2018 Following the U.S. Senate’s 52-47 vote to reinstate net neutrality rules, U.S. Rep. Mike Doyle (D-Pa.) announced the House of Representatives will attempt to also force a vote on the issue under the Congressional Review Act (CRA).“I have introduced a companion CRA in the House,” Doyle said during a press conference yesterday, “but I’m also going to begin a discharge petition, which we will have open for signature tomorrow morning. And I urge every member who supports a free and open internet to join me and sign this petition, so we can bring this legislation to the floor.”To force a vote in the House, the petition needs 218 signatures. The Democrats hold only 193 seats there, so they need 25 Republicans to switch sides.To read this article in full, please click here

Terminology Tuesday Presents: Microservices

Microservices is the philosophy of designing software programs by breaking what used to be a singular function or command into multiple components, known as services.  The ultimate goal is to reduce complexity and increase speed (basically the goal of anything nowadays).

 

Think of Thanksgiving.  A traditional approach would have the same person cook the entire meal.  And likely even do all the dishes.  Think of a world instead where you can assign different individuals (and ovens!) for cooking the turkey, gravy, mashed potatoes, stuffing and anything else that may grace your table.

 

 

Microservices delivers on this dream but also takes the principle to the next level.  Not just breaking up the request (multi-course dinner) into multiple services (turkey, salad, not burning the garlic bread) but making them really really minute.

 

“Services” that used to be inherently linear can now happen concurrently.  To go back to our Thanksgiving example, you could have the potatoes peeled at the same time they’re being mashed.  If we were able to avoid running into one another (part of the magic of software over families in kitchens) everything would become very efficient.

 

Want Continue reading

BrandPost: SD-WAN Vision vs. Acquisition

The migration of applications to the cloud is motivating enterprises to rethink how they architect their WANs, and this in turn has created the SD-WAN market category. The recent acquisition of VeloCloud by VMware, and of Viptela by Cisco earlier in the year, represent attempts by two of the bigger players in IT to stake a claim in this fast-growing new market.While it’s convenient to place products into categories, there are many approaches to SD-WAN, each focused on a different use case or customer base. It was not unexpected to see Cisco go for Viptela. Of all the SD-WAN solutions, Viptela is arguably the one that most closely emulates a traditional router, including conventional device-by-device CLI-based configuration, with a limited amount of central orchestration. It certainly represents the least disruptive approach for Cisco, and gives them an angle to extend the life of the old Swiss army knife known as the ISR.To read this article in full, please click here

How to handle the vanishing radio spectrum: Share frequencies

With the billions of Internet of Things (IoT) devices projected to come on-stream over the next few years, questions are arising as to just where the bandwidth and radio channels are going to come from to make it all work.The sensors need to send their likely increasingly voluminous data back to networks wirelessly to be processed.RELATED: 8 tips for building a cost-effective IoT sensor network But there’s a finite amount of radio spectrum available, and much of it is already allocated to incumbent primary users, such as public safety agencies. Other spectrum is dedicated to mobile network operators who have licensed chunks of it. Some is leftover in the millimeter frequencies, which is thus far pretty much untested in the real world — it’s going to be used for 5G in the future.To read this article in full, please click here

How to handle the vanishing radio spectrum: Share frequencies

With the billions of Internet of Things (IoT) devices projected to come on-stream over the next few years, questions are arising as to just where the bandwidth and radio channels are going to come from to make it all work.The sensors need to send their likely increasingly voluminous data back to networks wirelessly to be processed.RELATED: 8 tips for building a cost-effective IoT sensor network But there’s a finite amount of radio spectrum available, and much of it is already allocated to incumbent primary users, such as public safety agencies. Other spectrum is dedicated to mobile network operators who have licensed chunks of it. Some is leftover in the millimeter frequencies, which is thus far pretty much untested in the real world — it’s going to be used for 5G in the future.To read this article in full, please click here

Worth Reading: Intel moves into 5G

The Intel XMM 8000-series of 5G-capable modems will bring the next generation of wireless connectivity to PCs, smartphones and infrastructure devices with a target consumer-product launch in mid-2019. Intel INTC, -2.23% also updated plans for a new 4G LTE modem that will offer speeds as high as 1.6 gigabits per second, a substantial upgrade from current connectivity options on smartphones (peaking at 1.0 gigabits per second), again with a 2019 target release. — Ryan Shrout @ Market Watch

Your Holiday Cybersecurity Guide

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I'd write up a quick guide of the most important things.

1. Stop them from reusing passwords

By far the biggest threat to average people is that they re-use the same password across many websites, so that when one website gets hacked, all their accounts get hacked.

To demonstrate the problem, go to haveibeenpwned.com and enter the email address of your relatives. This will show them a number of sites where their password has already been stolen, like LinkedIn, Adobe, etc. That should convince them of the severity of the problem.

They don't need a separate password for every site. You don't care about the majority of website whether you get hacked. Use a common password for all the meaningless sites. You only need unique passwords for important accounts, like email, Facebook, and Twitter.

Write down passwords and store them in a safe place. Sure, it's a common joke that people in offices write passwords on Post-It notes stuck on their monitors or under their keyboards. This is a common security mistake, but that's only because the Continue reading

Installing Postman on Fedora 27

I recently had a need to install the Postman native app on Fedora 27. The Postman site itself only provides a link to the download and a rather generic set of instructions for installing the Postman native app (a link to these instructions for Ubuntu 16.04 is also provided). There were not, however, any directions for Fedora. Hence, I’m posting the steps I took to set up the Postman native app on my Fedora 27 laptop.

(Note that these instructions will probably work with other versions of Fedora as well, but I’ve only used them on Fedora 27.)

Here are the steps I followed:

  1. Download the installation tarball, either via your browser of choice or via the command line. If you’d prefer to use the command line, this command should take care of you:

    curl -L https://www.getpostman.com/app/download/linux64 -O postman-linux-x64.tar.gz

  2. Unpack the tarball into the directory of your choice. I prefer to put third-party applications such as this into the /opt directory; you can (obviously) put it wherever you prefer. This command should do the trick:

    sudo tar xvzf postman-linux-x64.tar.gz -C /opt

    If you prefer a directory other than /opt, specify the Continue reading

IDG Contributor Network: The future of SD-WAN: Gen2 is here

SD-WAN is the hottest topic in networking today. On the one hand, analyst reports state that this industry is in its infancy with less than 5% adoption through 2017. On the other hand, the same analysts project over 50% customer adoption in the next 36 months. Why has adoption been modest to-date, and why is 10X acceleration expected now? The answer lies in understanding the differences between the first generation of SD-WAN (Gen1) and the second generation of SD-WAN (Gen2).In the old days, WAN routers were focused on providing connectivity using MPLS. The goal of Gen1 SD-WAN was to enable usage of broadband for connectivity. So Gen1 SD-WAN provided better VPN manageability and improved the delivery of voice traffic over broadband connections. However, like many first-generation products, Gen1 SD-WAN has serious limitations, three of which I examine below.To read this article in full, please click here

1 1,839 1,840 1,841 1,842 1,843 3,864