Episode 1 – Top 10 Ways To Break Your Network

In episode 1, we take an introspective look back at some of our biggest mistakes when operating live production networks.  The panel discusses outages that range from a total outage on a global MPLS network, to taking out a core switch due to an over-active case of OCD.  Valuable, hard-earned, lessons are shared by this group of experienced network engineers and possibly a funny story or two.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/


 

Carl Fugate
Guest
Mike Zsiga
Guest
Jody Lemoine
Guest
Jordan Martin
Co-Host
Eyvonne Sharp
Co-Host
Phil Gervasi
Co-Host

 

Audio Only Podcast Feed:

The post Episode 1 – Top 10 Ways To Break Your Network appeared first on Network Collective.

Episode 1 – Top 10 Ways To Break Your Network

In episode 1, we take an introspective look back at some of our biggest mistakes when operating live production networks.  The panel discusses outages that range from a total outage on a global MPLS network, to taking out a core switch due to an over-active case of OCD.  Valuable, hard-earned, lessons are shared by this group of experienced network engineers and possibly a funny story or two.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/


 

Carl Fugate
Guest
Mike Zsiga
Guest
Jody Lemoine
Guest
Jordan Martin
Co-Host
Eyvonne Sharp
Co-Host
Phil Gervasi
Co-Host

 

Audio Only Podcast Feed:

The post Episode 1 – Top 10 Ways To Break Your Network appeared first on Network Collective.

IDG Contributor Network: IoT protects fishing fleets and global fisheries with RPMA technology

The global seafood industry is over $190 billion. Millions of fishers take to the oceans each day to feed local communities and a growing global appetite for seafood.How can the demand for fish be met while maintaining healthy oceans? A new IoT-based solution holds promise.Background: The challenge of monitoring fishing boats Over half of the world’s seafood is exported from developing countries. Much of the catch is from small fishing boats, which are difficult to monitor and protect. Commercial fishing in developing regions typically occurs within 30 miles from land. Establishing a communication channel that can support hundreds of fishing boats spread out over a large area is a challenge. Boats are small and lack dependable power. Devices have to be both affordable and rugged.To read this article in full or to leave a comment, please click here

VMware, Splunk & Juniper among highest paying networking companies

Networking and other technology businesses are among the highest paying companies in America, according to a new report from jobs marketplace Glassdoor. And if you find yourself out of a tech job, well, there’s always consulting, where the pay isn’t too shabby either. In fact, the top two companies on the list, A.T. Kearney and PwC’s Strategy&, are both consulting firms, and two others are on the Top 25 List as well. A.T. Kearney and Strateg& offer median total compensation of $175K and $172K, respectively, according to the Glassdoor study, which is based on self-reported data by Glassdoor members. The report reveals total and base compensation, with the difference between the two often in the $15K-$30K range once you factor in commissions, bonuses, etc. To read this article in full or to leave a comment, please click here

IDG Contributor Network: IoT protects fishing fleets and global fisheries with RPMA technology

The global seafood industry is over $190 billion. Millions of fishers take to the oceans each day to feed local communities and a growing global appetite for seafood.How can the demand for fish be met while maintaining healthy oceans? A new IoT-based solution holds promise.Background: The challenge of monitoring fishing boats Over half of the world’s seafood is exported from developing countries. Much of the catch is from small fishing boats, which are difficult to monitor and protect. Commercial fishing in developing regions typically occurs within 30 miles from land. Establishing a communication channel that can support hundreds of fishing boats spread out over a large area is a challenge. Boats are small and lack dependable power. Devices have to be both affordable and rugged.To read this article in full or to leave a comment, please click here

VMware, Splunk & Juniper among highest paying networking companies

Networking and other technology businesses are among the highest paying companies in America, according to a new report from jobs marketplace Glassdoor. And if you find yourself out of a tech job, well, there’s always consulting, where the pay isn’t too shabby either. In fact, the top two companies on the list, A.T. Kearney and PwC’s Strategy&, are both consulting firms, and two others are on the Top 25 List as well. A.T. Kearney and Strateg& offer median total compensation of $175K and $172K, respectively, according to the Glassdoor study, which is based on self-reported data by Glassdoor members. The report reveals total and base compensation, with the difference between the two often in the $15K-$30K range once you factor in commissions, bonuses, etc. To read this article in full or to leave a comment, please click here

Detecting insider threats is easier than you think

When it came to the physical plant, it used to be easy with surveillance cameras and access badges to tell if an insider was up to no good. Now with a more virtual network, you can’t always know if the person sitting in the next cubicle is gaining access to confidential documents. While the insider threat still connotes an employee of the company, the intruder is no longer someone located within the confines of the building. Accessing the network can happen from such public places as the local coffee shop. “For companies today, where old corporate lines are disappearing more frequently, the challenges only increase. Enterprises need to adapt their policies and procedures to prevent threats by securing corporate end-point equipment and the right tools that protect and allow users to do their work,” said Matias Brutti, a hacker at Okta. “Work environments are constantly changing, so monitoring is difficult on a corporate level.”To read this article in full or to leave a comment, please click here

Detecting insider threats is easier than you think

When it came to the physical plant, it used to be easy with surveillance cameras and access badges to tell if an insider was up to no good. Now with a more virtual network, you can’t always know if the person sitting in the next cubicle is gaining access to confidential documents. While the insider threat still connotes an employee of the company, the intruder is no longer someone located within the confines of the building. Accessing the network can happen from such public places as the local coffee shop. “For companies today, where old corporate lines are disappearing more frequently, the challenges only increase. Enterprises need to adapt their policies and procedures to prevent threats by securing corporate end-point equipment and the right tools that protect and allow users to do their work,” said Matias Brutti, a hacker at Okta. “Work environments are constantly changing, so monitoring is difficult on a corporate level.”To read this article in full or to leave a comment, please click here

Proper isolation of a Linux bridge

TL;DR: when configuring a Linux bridge, use the following commands to enforce isolation:

# bridge vlan del dev br0 vid 1 self
# echo 1 > /sys/class/net/br0/bridge/vlan_filtering

A network bridge (also commonly called a “switch”) brings several Ethernet segments together. It is a common element in most infrastructures. Linux provides its own implementation.

A typical use of a Linux bridge is shown below. The hypervisor is running three virtual hosts. Each virtual host is attached to the br0 bridge (represented by the horizontal segment). The hypervisor has two physical network interfaces:

  • eth0 is attached to a public network providing various services for the virtual hosts (DHCP, DNS, NTP, routers to Internet, …). It is also part of the br0 bridge.
  • eth1 is attached to an infrastructure network providing various services to the hypervisor (DNS, NTP, configuration management, routers to Internet, …). It is not part of the br0 bridge.

Typical use of Linux bridging with virtual machines

The main expectation of such a setup is that while the virtual hosts should be able to use resources from the public network, they should not be able to access resources from the infrastructure network (including resources hosted on the hypervisor itself, like a Continue reading

The Linux Migration: April 2017 Progress Report

In December 2016, I kicked off a migration to Linux (from OS X) as my primary laptop OS. In the nearly 4 months since the initial progress report, I’ve published a series of articles providing updates on things like which Linux distribution I selected, how I’m handling running VMs on my Linux laptop, and integration with corporate collaboration systems (here, here, and here). I thought that these “along the way” posts would be sufficient to keep readers informed, but I’ve had a couple of requests in the last week about how the migration is going. This post will help answer that question by summarizing what’s happened so far.

Let me start by saying that I am actively using a Linux-powered laptop as my primary laptop right now, and I have been doing so since early February. All the posts I’ve published so far have been updates of how things are going “in production,” so to speak. The following sections describe my current, active environment.

Linux Distribution

In my initial progress report, I’d tentatively chosen to use Ubuntu 16.04 LTS (“Xenial Xerus”). However, a short while later I switched to Fedora 25, and have settled Continue reading

Kubernetes networking 101 – Services

In our last post we talked about how Kubernetes handles pod networking.  Pods are an important networking construct in Kubernetes but by themselves they have certain limitations.  Consider for instance how pods are allocated.  The cluster takes care of running the pods on nodes – but how do we know which nodes it chose?  Put another way – if I want to consume a service in a pod, how do I know how to get to it?  We saw at the very end of the last post that the pods themselves could be reached directly by their allocated pod IP address (an anti-pattern for sure but it still works) but what happens when you have 3 or 4 replicas?  Services aim to solve these problems for us by providing a means to talk to one or more pods grouped by labels.  Let’s dive right in…

To start with, let’s look at our lab where we left at the end of our last post

 

If you’ve been following along with me there are some pods currently running.  Let’s clear the slate and delete the two existing test deployments we had out there…

user@ubuntu-1:~$ kubectl delete deployment pod-test-1
deployment "pod-test-1"  Continue reading

Fortinet upgrades for better cloud, SD-WAN protection

Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here

Fortinet upgrades for better cloud, SD-WAN protection

Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here

Fortinet upgrades for better cloud, SD-WAN protection

Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here

How to decide between cloud, on-premise and As-a-Service

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.

Deciding whether and how to use cloud computing is a complex, and made all the more complicated by the overwhelming number of vendors and products. What’s more, hybrid and multicloud approaches blur the lines between the cloud and on-premise deployment options.

With an operations team that counsels organizations on which type of architecture is best for them – on premise, cloud, hybrid or multicloud – and then evaluates what went well and didn’t in all four kinds of deployments, here’s our view of what situations tip the scale toward one approach or another.  While the context is data storage, this analysis applies to most enterprise IT scenarios.

To read this article in full or to leave a comment, please click here