OpenStack and Cumulus Linux: A match made in networking heaven

A few weeks ago, we attended the OpenStack Summit where we had a wonderful time connecting with customers, partners and several new faces. With the excitement of the event still lingering, we thought this was a great time to highlight how OpenStack and Cumulus Linux offer a unique, seamless solution for building a private cloud. But first, here are a few highlights from the conference.

OpenStack Summit 2017, Boston

  • Jonathan Bryce, Executive Director at OpenStack Foundation, opened the show talking about the substantial growth of OpenStack over the past several years and how they are just one part of the vibrant open infrastructure community. A large focus of the conference was how organizations are moving towards private cloud environments as they realize it’s a better long-term solution.
  • Throughout the conference, containers and Kubernetes were the hottest topics. Many sessions throughout the four days focused on these technologies and how organizations are looking to use them as an abstraction layer to make infrastructure less visible or locked-in.
  • Edward Snowden was one of the most favorited speakers. Presenting from Russia, Snowden focused on how IT professionals are in position to influence how cloud infrastructure is built, influence the future of the internet Continue reading

PCIe versus Ethernet in a Composable System

I posted a link to a worth reading story last week about Liqid’s composable hyperconverged system. A reader (Vova Moki) commented on the LinkedIn post with this question—

Although I don’t understand how much faster is the PCIe than regular NICs?

Excellent question! It certainly seems that 100g Ethernet should be much faster than PCIe; this article lists the highest speed of PCIe as 15.8G/s across 16 lanes, with faster speeds expected into the future. Further, PCIe runs on parallel lanes, which means it must be very difficult to build a switch for the technology. The simplest way to build such a switch would be to pull the signals off the 16 different lanes, serialize them into a single packet of some sort, and then push them back out into 16 lanes again (potentially in different order/etc.).

So why should composable systems use something like PCIe, rather than using 100g Ethernet. After all, the Ethernet NIC is essentially doing precisely what a PCIe switch would need to do by pulling the data off a PCIe bus, serializing the data, and sending it over a network to a switch, which can, with the right design, already switch these packets Continue reading

Augury scoops up cash to power the industrial IoT

Ever since outgoing GE CEO Jeff Immelt opined upon his organization’s move from being an industrial machinery vendor to a software one, the world has been increasingly interested in the opportunities introduced by the industrial Internet of Things (IIoT).IIoT simply refers to the increasing trend towards industrial machinery being connected to the internet and pinging off all sort of interesting data that can then be monitored and analyzed. And while it is fair to say that connected industrial machinery has been around for a long time (via SCADA and PLCs), the difference today is that under the IIoT, it is general the public internet that has all this data traversing on it. Further, increasingly customers are looking to the IIoT to deliver efficiencies, create agility and reduce downtime.To read this article in full or to leave a comment, please click here

Worth Reading: Balancing Trademarks and Domain Names

The UDRP is a simple-worded, non-territorial, specialized forum for adjudicating claims of cybersquatting. It is conducted wholly online. It is not a trademark court. If there’s any analogy with litigation, it is that the complaint should be treated as a motion for summary judgment. Whether there is cybersquatting depends on arbitrators (called Panels) applying core principles to the particular facts that have been brought to their attention. The record is paramount; silence (failure to make a case) is deadly. —CircleID

The post Worth Reading: Balancing Trademarks and Domain Names appeared first on rule 11 reader.

Remotely Triggered Black Hole (RTBH) Routing

The screen shot demonstrates real-time distributed denial of service (DDoS) mitigation. Automatic mitigation was disabled for the first simulated attack (shown on the left of the chart).  The attack reaches a sustained packet rate of 1000 packets per second for a period of 60 seconds. Next, automatic mitigation was enabled and a second attack launched. This time, as soon as the traffic crosses the threshold (the horizontal red line), a BGP remote trigger message is sent to router, which immediately drops the traffic.
The diagram shows the test setup. The network was built out of freely available components: CumulusVX switches and Ubuntu 16.04 servers running under VirtualBox.

The following configuration is installed on the ce-router:
router bgp 65140
 bgp router-id 0.0.0.140
 neighbor 10.0.0.70 remote-as 65140
 neighbor 10.0.0.70 port 1179
 neighbor 172.16.141.2 remote-as 65141
 !
 address-family ipv4 unicast
  neighbor 10.0.0.70 allowas-in
  neighbor 10.0.0.70 route-map blackhole-in in
 exit-address-family
!
ip community-list standard blackhole permit 65535:666
!
route-map blackhole-in permit 20
 match community blackhole
 match ip address prefix-len 32
 set ip next-hop 192.0.2.1
The ce-router peers with the upstream service provider router ( Continue reading

Cisco Port Security Basics and configurations

Today I am going to talk about the Switching topic and that topic is Port Security. Port security is required in the case you want to control the traffic by allowing Specific MAC address entries, which means if the invalid MAC addresses traffic comes, it will be blocked or dropped.

Lets talk about the port security and the modes of port security. So the question is why port security required, may be want to safe from the attacks as well.

Why Port Security is important ?
Well port security is generally used so that you can easily prevent the unwanted MAC address traffic from the external or the internal network.

Port security can be enabled in three different ways are defined as below:
  • Protect : In the protected state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. 
  • Restrict : In the restrict state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment
  • Shutdown : In the shutdown state, switch port will Continue reading

Arista’s new solutions sets the standard for cloud scale

When it comes to the cloud's impact on the network, there are two things I hear over and over again that I disagree with. The first is that the cloud commoditizes the network. This actually dovetails into the second fallacy where some believe that merchant silicon based products offer no differentiation and “good enough” will become the norm where price is the only way to compete.  I do believe the cloud will have a negative effect on many technologies, such as spinning disks (not flash) and rack mount servers, but the network does not fall into this category.With the cloud, the network matters more than ever. In fact, the network will be one of the competitive differentiators for cloud providers and enterprises building out their own private or hybrid clouds. A good enough network means a good enough cloud experience, where a high quality, agile network enables greater cloud performance. Don’t get me wrong, the network needs to change from the monolithic, hardware centric solutions available today to something more agile with the ability to scale up and out at “cloud speed” but it’s more important than ever.To read this article in full or to leave a Continue reading

Arista’s new solutions sets the standard for cloud scale

When it comes to the cloud's impact on the network, there are two things I hear over and over again that I disagree with. The first is that the cloud commoditizes the network. This actually dovetails into the second fallacy where some believe that merchant silicon based products offer no differentiation and “good enough” will become the norm where price is the only way to compete.  I do believe the cloud will have a negative effect on many technologies, such as spinning disks (not flash) and rack mount servers, but the network does not fall into this category.With the cloud, the network matters more than ever. In fact, the network will be one of the competitive differentiators for cloud providers and enterprises building out their own private or hybrid clouds. A good enough network means a good enough cloud experience, where a high quality, agile network enables greater cloud performance. Don’t get me wrong, the network needs to change from the monolithic, hardware centric solutions available today to something more agile with the ability to scale up and out at “cloud speed” but it’s more important than ever.To read this article in full or to leave a Continue reading

Reckless abuse (again) of surveillance spyware that was sold to governments

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here

Reckless abuse (again) of surveillance spyware that was sold to governments

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here

Reckless abuse of surveillance spyware sold to governments (again)

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here

My Cisco Live 2017 Schedule

It is that time once again.  CiscoLive 2017 – Summer Camp for Geeks!  This will be my 15th CiscoLive/Networkers. What is my absolute #1 suggestion to anyone going to a CiscoLive event?  Easy – “Begin with the End in Mind“.  Know what your priorities are and then schedule your week accordingly.

So… here you go.  My CiscoLive (CLUS) priorities and schedule for the week.

  • Teach
  • Recharge
  • Learn
  • Play and Have Fun

 

64% off Anker Astro E1 Ultra Compact High Speed Portable Charger – Deal Alert

This inexpensive smartphone charger from Anker is the size of a candy bar, and has enough juice to recharge any smartphone, including the iPhone 7 and 7 Plus, at least 1-2 times over. It's discounted 64% to just $18. The Astro E1 currently averages 4.5 out of 5 stars from over 8,200 people on Amazon (81% rate 5 stars: See reviews), and it's listed there as a #1 best-seller. See the attractively priced Anker Astro E1 charger now on Amazon.To read this article in full or to leave a comment, please click here

1 2,021 2,022 2,023 2,024 2,025 3,849