0

Calico monthly roundup: November 2023

Welcome to the Calico monthly roundup: November edition! From open source news to live events, we have exciting updates to share—let’s get into it!

 

Find your Cluster Security Score Calico Cloud is releasing new capabilities for security posture management called Security Scoring and Recommended Actions. Start measuring and tracking your security posture. Learn more.

Customer case study: Boundless Software Calico Cloud enabled SOC 2 compliance for Boundless Software while also drastically reducing onboarding times for the company’s customers. Read our case study to find out how. Read case study.

Secure Kubernetes traffic with Calico Egress gateway Discover how egress gateways enable users to assign meaningful network identity to selected traffic so that this information can be further used by traditional tools to enforce granular policies to traffic based on identity or bandwidth. Read blog post.

Open source news

• NEW features
  • Streamlined Operations with Windows HostProcess Container – Automated node pool scaling and upgrades, eliminating the need for manual node initialization to streamline operations and management of Windows container-based applications.
  • Performance and Scalability with IPv6 Support for Calico eBPF Dataplane – IPv6 support for eBPF in Calico empowers enterprises to enhance the performance and scalability of their applications by alleviating Continue reading

0

NB459: IBM Aims To Own The Quantum Realm; Amazon Hitches A Ride With SpaceX

IBM has announced a new quantum processor and modular quantum computer in an effort to own the next generation of computing, Cisco unveils an AI assistant to help you untangle firewall rules, and Marvell debuts new DPUs for switches, firewalls, and other networking devices. The MEF looks for ways to stay relevant in the broadband... Read more »

0

NB459: IBM Aims To Own The Quantum Realm; Amazon Hitches A Ride With SpaceX

Today on Network Break we cover IBM's new quantum processor and modular quantum computer and its effort to own the next generation of computing. We also cover Cisco's AI assistant for firewalls, Marvell's new DPUs for networking devices, why Amazon has to rely on SpaceX to get Project Kuiper satellites into orbit, and more IT news.

The post NB459: IBM Aims To Own The Quantum Realm; Amazon Hitches A Ride With SpaceX appeared first on Packet Pushers.

0

Response: Vendor Network Automation Tools

Drew Conry-Murray published a excellent summary of his takeaways from the AutoCon0 event, including this one:

Most companies want vendor-supported tools that will actually help them be more efficient, reduce human error, and increase the velocity at which the network team can support new apps and services.

Yeah, that’s nothing new. Most Service Providers wanted vendors to add tons of nerd knobs to their products to adapt them to existing network designs. Obviously, it must be done for free because a vast purchase order¹ is dangling in the air. We’ve seen how well that worked, yet learned nothing from that experience.

0

Response: Vendor Network Automation Tools

Drew Conry-Murray published a excellent summary of his takeaways from the AutoCon0 event, including this one:

Most companies want vendor-supported tools that will actually help them be more efficient, reduce human error, and increase the velocity at which the network team can support new apps and services.

Yeah, that’s nothing new. Most Service Providers wanted vendors to add tons of nerd knobs to their products to adapt them to existing network designs. Obviously, it must be done for free because a vast purchase order¹ is dangling in the air. We’ve seen how well that worked, yet learned nothing from that experience.

0

Cisco Aims to Address Firewall Complexity with an AI Assist

Cisco introduced the Cisco AI Assistant for Security this week, a tool to help IT administrators manage their firewalls to maintain a robust security posture.

0

Worth Reading: Network CI and Open Source

Did you find the Network Automation with GitHub Actions blog post interesting? Here are some more GitHub Self-Hosted Runner goodies from Julio Perez: Network CI and Open Source – Welcome to the World of Tomorrow. Enjoy!

0

Worth Reading: Network CI and Open Source

Did you find the Network Automation with GitHub Actions blog post interesting? Here are some more GitHub Self-Hosted Runner goodies from Julio Perez: Network CI and Open Source – Welcome to the World of Tomorrow. Enjoy!

0

OpenSpeedTest: Check the Speed of your LAN via Web Browser

Imagine you’re developing an application for your internal network that requires a certain network speed to function properly. You could open a web browser and point it to one of the many network speed tests on the market but I’m sure you know what that does… it tests your connection to the outside world. What if you’re looking to test the speed of your LAN itself? OpenSpeedTest comes in. OpenSpeedTest is a free, open source HTML5 network performance estimation tool that doesn’t require any client-side software or plugin to function. Once deployed, the tool can be accessed from a standard, modern web browser. Even better, OpenSpeedTest can be deployed with Docker. It uses a combination of NGINX and Alpine Linux to use very little resources on your Docker server. You can run OpenSpeedTest with or without

0

Trunk to Access – Will It Work?

Recently a posted a question to Twitter about connecting two Cisco Catalyst switches. One switch has already booted and has the following configuration:

interface GigabitEthernet0/0
 description SW02
 switchport mode trunk
 switchport trunk allowed vlan 1,10,20,30
 switchport nonegotiate

The other switch is connected to Gi1/0/48 and has just been powered on. It has no configuration so it is booting with the default configuration. The intention is to onboard a new switch via Catalyst Center using Plug and Play (PNP).

Based on the responses not many people were able to describe what would happen and why or why not this scenario would work. There are some interesting details here and before running into this scenario myself I thought that it might work. Before we can answer if it will work, let’s list what we know at this point in time about the two switches, SW01, and SW02. For SW01 we know that:

• The port is configured as a trunk.
• The VLANs allowed on the trunk are 1,10,20, and 30.
• DTP has been disabled.
• The native VLAN is 1.

For SW02 we know that:

• It will boot with all ports enabled.
• Those ports will be in VLAN 1.
• DTP is enabled on the Continue reading

0

Worth Exploring: SRv6 Test Topologies

Want to explore SRv6? Cisco engineers put together a repository containing scripts and configs for building SRv6 test topologies. It works with Containerlab and FRR (unless you want to beg a Cisco account team for a Cisco 8000 image or make a sandwich while the IOS XRd image is booting).

Want to use netlab? Jeroen van Bemmel implemented baseline SRv6 support for Nokia SR OS.

0

Worth Exploring: SRv6 Test Topologies

Want to explore SRv6? Cisco engineers put together a repository containing scripts and configs for building SRv6 test topologies. It works with Containerlab and FRR (unless you want to beg a Cisco account team for a Cisco 8000 image or make a sandwich while the IOS XRd image is booting).

Want to use netlab? Jeroen van Bemmel implemented baseline SRv6 support for Nokia SR OS.

0

Preparing for the Shapeshifting Tactics of Modern Malware

The dynamic nature of malware trends and the rapid shifts between different types of threats underscore the critical need for adaptive cybersecurity measures.

0

Technology Short Take 171

Welcome to Technology Short Take #171! This is the next installation in my semi-regular series that shares links and articles from around the interwebs on various technology areas of interest. Let the linking begin!

Networking

The networking section this time around is focused on application level protocols…but hey, they’re still networking protocols, right?

• This post is the first of a three-part series on the core concepts of HTTP/3.
• Although the title of this article says “for Go programmers,” I still found it to be a well-written and understandable explanation of CORS (and I’m no Go programmer—yet).

Security

• Undetectable cryptomining technique on Azure? Yikes.
• Stealing cryptographic keys from SSH? Double yikes. (Fortunately, the fix for this is easy—don’t use RSA keys.)
• A UEFI flaw, affecting both Windows and Linux, that leverages malicious images? Triple yikes.
• Nick Frichette shows how to enumerate a principal ARN from an AWS unique identifier.

Cloud Computing/Cloud Management

• Veronica Gnilitska shared some thoughts on why Masterpoint investigated Crossplane but ended up sticking it out with Terraform.
• Trevor Roberts Jr. takes readers through how to allow GCP resources to assume AWS IAM roles—all using Pulumi, of course!
• Bill Shetti, a friend and former colleague of Continue reading

0

HN713: Network Automation: Where Are We, And Where Can We Go?

Welcome to Heavy Networking! On today’s show we’ve got a roundtable conversation on the state of automation in the networking industry. This show was inspired by the recent AutoCon conference, which is a new conference focused specifically on network automation. Ethan Banks and I both attended, as did two our guests, and we’re going share... Read more »

0

HN713: Network Automation: Where Are We, And Where Can We Go?

Today’s show is roundtable conversation on the state of automation in the networking industry. We discuss takeaways from the recent AutoCon event on network automation, and get into issues such as sources of truth and the role of abstractions in automation. We also talk about the learning, cultural, and business challenges of network automation--and how to get beyond them.

The post HN713: Network Automation: Where Are We, And Where Can We Go? appeared first on Packet Pushers.

0

What are you feeding your AI?

COMMISSIONED: Artificial intelligence (AI) promises to change the world. But AI algorithms are only as good as the data sets they’re built on. …

The post What are you feeding your AI? first appeared on The Next Platform.

What are you feeding your AI? was written by Martin Courtney at The Next Platform.

0

Weekend Reads 120923

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail.

Carding has been around since the 1980s but has evolved to the point that even less experienced cybercriminals can now launch campaigns.

Enter Cilium’s advanced Border Gateway Protocol (BGP) implementation, powered by the GoBGP control plane, a solution that not only addresses these challenges but also adds unprecedented flexibility to your network configurations.

The most curious part of this is how people working inside the macroculture are the only folks who don’t understand what’s going on.

Efforts to convince remote workers to return to corporate offices appear to have stalled, based on data from the government, academia, and private-sector organizations.

Once in your home, different individuals have differing authority based on who they are. Family members have access to your whole home.

HP is squeezing more margin out of print customers, the result of a multi-year strategy to convert unprofitable business into something more lucrative, and says its subscription model is “locking” in people.

Microsoft helped Chinese state-run media outlets disseminate propaganda as part of previously unreported partnership agreements, Continue reading

0

Hedge 205: OId Engineering Quotes

For this month’s roundtable, Eyvonne, Tom, and I return to Addresses to Engineering Students by Harrington and Waddell. This book, published in 1912, is a “product of its time,” and hence deserves some trigger warnings. But it is also interesting to see how advice given to engineering students over 100 years ago holds up for today. Have engineering challenges, and the engineering life, changed all that much? What kinds of advice stand the test of time, what kinds do not?

download

0

Video: netlab IP Address Management (IPAM)

Did you know that netlab includes full-blown IP address management? You can define address pools (or use predefined ones) and get IPv4 and IPv6 prefixes from those pools assigned to links, interfaces, and loopbacks. You can also assign static prefixes to links, use static IP addresses, interface addresses as an offset within the link subnet, or use unnumbered interfaces.

For an overview of netlab IPAM, watch the netlab address management video (part of the Network Automation Tools webinar), for more details read the netlab addressing tutorial.