NetworkingNexus.net

Technology Short Take 175

Welcome to Technology Short Take #175! Here’s your weekend reading—a collection of links and articles from around the internet on a variety of data center- and cloud-related topics. I hope you find something useful here!

Networking

The good folks over at Packet Pushers have compiled a list of open source networking projects.

Security

I attended a local meetup here in the Denver metro area a short while ago and was introduced to sops.
AMD processors have been discovered to have multiple security flaws; more details available here.
The Linux kernel project has become a CVE Numbering Authority (CNA); Greg Kroah-Hartman wrote a blog post that discusses this in more depth.

Cloud Computing/Cloud Management

Josh Biggley shows how to deploy Tetragon with Cribl Edge. The blog post is a bit heavy on the Cribl marketing, but I suppose that is to be expected (it’s extremely common with most vendor blogs).
Jack Lindamood’s list of infrastructure decisions he endorses or regrets provides some valuable insight into his personal experience with a variety of technologies and processes. Well worth reading, in my opinion. (Hat tip to Simon Wardley for sharing this on Twitter.)
Ivan Yurochko of PerfectScale discusses how to manage S3 Continue reading

HS066: The Holy Grail: A Functioning Tech Strategy

It’s rare for strategists, executives, and technologists to all get on the same page in order to create, execute, and adjust an organization’s tech strategy, much less do it well. But it is possible. Johna and Greg discuss their experiences of seeing through some consultants’ smoke and mirrors, honestly evaluating an organization’s capability to implement... Read more »

Worth Reading: Popular git config options

Another must-explore gem by Julia Evans: Popular git config options.

Side note: I keep collecting links to insightful Git articles in the Git and GitHub section of the Network Automation Tools webinar.

Worth Reading: Popular git config options

Another must-explore gem by Julia Evans: Popular git config options.

Side note: I keep collecting links to insightful Git articles in the Git and GitHub section of the Network Automation Tools webinar.

Intel: I Was Lostry, But Now I Am Foundry

Pat Gelsinger, current chief executive officer at Intel and formerly the head of its Data Center Group as well as its chief technology officer, famously invented the tick-tock method of chip launches to bring some order and reason to the way the world’s largest chip maker – as it was in the mid-2000s – mitigated risk and spurred innovation in its products. …

Intel: I Was Lostry, But Now I Am Foundry was written by Timothy Prickett Morgan at The Next Platform.

Hybrid IT and the New East-West Network

That’s right, there’s a new east-west network that needs securing, and as AI adoption ramps up, you can bet one of those security needs is going to be for APIs.

VyOS 1.4 LTS released

Protectli Vault - 4 Port

The VyOS 1.4.0 (Sagitta) LTS release announcement is exciting news! VyOS is an open source router operating system based on Linux that can be installed on commodity PC hardware - for optimal performance at least 1GB RAM and 4GB of storage space is recommended.

The new 1.4 LTS release includes a significantly enhanced implementation of industry standard sFlow telemetry based on the open source Host sFlow agent.

set system sflow interface eth0
set system sflow interface eth1
set system sflow interface eth2
set system sflow interface eth3
set system sflow polling 30
set system sflow sampling-rate 1000
set system sflow drop-monitor-limit 50
set system sflow server 192.0.2.100

Enter the commands above to enable sFlow monitoring on interfaces eth0, eth1, eth2, and eth3. Interface counters will be exported every 30 seconds, packets will be sampled with probability 1/1000, and up to 50 packet headers (and drop reasons) per second will collected from packets dropped by the router. The sFlow telemetry stream will be sent to an sFlow collector at 192.0.2.100.

Running Docker on the sFlow collector makes it easy to run a variety of Continue reading

Hedge 214: Hardware Offloading

Network operators increasingly rely on generic hosts, rather than specialized routers (appliances) to forward traffic. Much of the performance on hosts relies on offloading packets switching and processing to specialized hardware on the network interface card. In this episode of the Hedge, Krzysztof Wróbel and Maciej Rabęda join Russ and Tom to talk about hardware offloading.

download

You can find out more about hardware offloading here.

IPB145: Internet Reconnaissance and IPv6

Are you on the IPv6 hit list? Does your CPE device have Recommended Simple Security Capabilities? Are your ULA prefixes unique, but still manageable? Do you have a protection method structure or are you just hoping that the IPv6 space is so vast the bad guys will never find you? Tom Coffeen and Scott Hogg... Read more »

CloudFabrix and Cisco Partner to Enable the Autonomous Enterprise

CloudFabrix’s Data Fabric works with Cisco's Observability Platform to automate data ingestion pipelines and provide insights into inventory and analytics.

Enhancing security analysis with Cloudflare Zero Trust logs and Elastic SIEM

Today, we are thrilled to announce new Cloudflare Zero Trust dashboards on Elastic. Shared customers using Elastic can now use these pre-built dashboards to store, search, and analyze their Zero Trust logs.

When organizations look to adopt a Zero Trust architecture, there are many components to get right. If products are configured incorrectly, used maliciously, or security is somehow breached during the process, it can open your organization to underlying security risks without the ability to get insight from your data quickly and efficiently.

As a Cloudflare technology partner, Elastic helps Cloudflare customers find what they need faster, while keeping applications running smoothly and protecting against cyber threats. “I'm pleased to share our collaboration with Cloudflare, making it even easier to deploy log and analytics dashboards. This partnership combines Elastic's open approach with Cloudflare's practical solutions, offering straightforward tools for enterprise search, observability, and security deployment,” explained Mark Dodds, Chief Revenue Officer at Elastic.

Value of Zero Trust logs in Elastic

With this joint solution, we’ve made it easy for customers to seamlessly forward their Zero Trust logs to Elastic via Logpush jobs. This can be achieved directly via a Restful API or through an intermediary storage solution like Continue reading

Tighter IT/OT Integration Starts With Zero Touch

SPONSORED FEATURE: We might all be working for the same organization, even on the same infrastructure. …

Tighter IT/OT Integration Starts With Zero Touch was written by Joseph Martins at The Next Platform.

BGP Labs: Remove Private AS from AS-Path

In a previous BGP lab exercise, I described how an Internet Service Provider could run BGP with a customer without the customer having a public BGP AS number. The only drawback of that approach: the private BGP AS number gets into the AS path, and everyone else on the Internet starts giving you dirty looks (or drops your prefixes).

Let’s fix that. Most BGP implementations have some remove private AS functionality that scrubs AS paths during outgoing update processing. You can practice it in the Remove Private BGP AS Numbers from the AS Path lab exercise.

BGP Labs: Remove Private AS from AS-Path

Explore the lab exercise

Nvidia Will Be The Next IT Giant To Break $100 Billion In Sales

Here is a history question for you: How many IT suppliers who do a reasonable portion of their business in the commercial IT sector – and a lot of that in the datacenter – have ever broken through the $100 billion barrier? …

Nvidia Will Be The Next IT Giant To Break $100 Billion In Sales was written by Timothy Prickett Morgan at The Next Platform.

D2C234: What to Do About VMware

Broadcom’s acquisition of VMware has generated a lot of anxiety among VMware customers. In this episode, we closely analyze the situation. First, we look at Broadcom’s past acquisitions in the infrastructure sector. Then we examine the product alignment and possible new product offerings and whether the acquisition will hamper innovation and development. We also cover... Read more »

Arm Neoverse Roadmap Brings CPU Designs, But No Big Fat GPU

Spoiler alert!

A lot of neat things have just been added to the Arm Neoverse datacenter compute roadmap, but one of them is not a datacenter-class, discrete GPU accelerator. …

Arm Neoverse Roadmap Brings CPU Designs, But No Big Fat GPU was written by Timothy Prickett Morgan at The Next Platform.

Mobile World Congress 2024 to Focus on 5G, AI, and IoT

Next week's global mobility event also spotlights four connected industries: manufacturing, transportation, FinTech, and sports and entertainment.

Supercharging the Smart City with AI-Enhanced Edge Computing

The integration of AI-enhanced edge computing in smart cities revolutionizes urban management, optimizing resource allocation, enhancing security, promoting sustainability, and fostering citizen engagement. That ultimately leads to a higher quality of life for residents.

Implementing ‘Undo’ Functionality in Network Automation

Kurt Wauters sent me an interesting challenge: how do we do rollbacks based on customer requests? Here’s a typical scenario:

You might have deployed a change that works perfectly fine from a network perspective but broke a customer application (for example, due to undocumented usage), so you must be able to return to the previous state even if everything works. Everybody says you need to “roll forward” (improve your change so it works), but you don’t always have that luxury and might need to take a step back. So, change tracking is essential.

He’s right: the undo functionality we take for granted in consumer software (for example, Microsoft Word) has totally spoiled us.