VXLAN: BGP EVPN with Cumulus Quagga

VXLAN is an overlay network to encapsulate Ethernet traffic over an existing (highly available and scalable, possibly the Internet) IP network while accomodating a very large number of tenants. It is defined in RFC 7348. For an uncut introduction on its use with Linux, have a look at my “VXLAN & Linux” post.

VXLAN deployment

In the above example, we have hypervisors hosting a virtual machines from different tenants. Each virtual machine is given access to a tenant-specific virtual Ethernet segment. Users are expecting classic Ethernet segments: no MAC restrictions1, total control over the IP addressing scheme they use and availability of multicast.

In a large VXLAN deployment, two aspects need attention:

  1. discovery of other endpoints (VTEPs) sharing the same VXLAN segments, and
  2. avoidance of BUM frames (broadcast, unknown unicast and multicast) as they have to be forwarded to all VTEPs.

A typical solution for the first point is using multicast. For the second point, this is source-address learning.

Introduction to BGP EVPN

BGP EVPN (RFC 7432 and draft-ietf-bess-evpn-overlay for its application with VXLAN Continue reading

VXLAN & Linux

VXLAN is an overlay network to carry Ethernet traffic over an existing (highly available and scalable) IP network while accommodating a very large number of tenants. It is defined in RFC 7348.

Starting from Linux 3.12, the VXLAN implementation is quite complete as both multicast and unicast are supported as well as IPv6 and IPv4. Let’s explore the various methods to configure it.

VXLAN setup

To illustrate our examples, we use the following setup:

  • an underlay IP network (highly available and scalable, possibly the Internet),
  • three Linux bridges acting as VXLAN tunnel endpoints (VTEP),
  • four servers believing they share a common Ethernet segment.

A VXLAN tunnel extends the individual Ethernet segments accross the three bridges, providing a unique (virtual) Ethernet segment. From one host (e.g. H1), we can reach directly all the other hosts in the virtual segment:

$ ping -c10 -w1 -t1 ff02::1%eth0
PING ff02::1%eth0(ff02::1%eth0) 56 data bytes
64 bytes from fe80::5254:33ff:fe00:8%eth0: icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from fe80::5254:33ff:fe00:b%eth0: icmp_seq=1 ttl=64 time=4.98 ms (DUP!)
64 bytes from fe80::5254:33ff:fe00:9%eth0: icmp_seq=1 ttl=64 time=4.99 ms (DUP!)
64 bytes from fe80::5254:33ff:fe00:a%eth0: icmp_seq=1 ttl=64 time=4.99 ms (DUP!)

--- ff02::1%eth0 ping statistics ---
1 packets transmitted, 1 received, +3 duplicates,  Continue reading

Introducing the new Cloudflare Community Forum

Cloudflare’s community of users is vast. With more than 6 million domains registered, our users come in all shapes and sizes and are located all over the world. They can also frequently be found hanging out all around the web, from social media platforms, to Q&A sites, to any number of personal interest forums. Cloudflare users have questions to ask and an awful lot of expertise to share.

It’s with that in mind that we wanted to give Cloudflare users a more centralized location to gather, and to discuss all things Cloudflare. So we have launched a new Cloudflare Community at community.cloudflare.com.

Who is this community for?

It's for anyone and everyone who uses Cloudflare. Whether you are adding your first domain and don’t know what a name server is, or you are managing 1,000s of domains via API, or you are somewhere in between. In the Cloudflare Community you will be able to find tips, tricks, troubleshooting guidance, and recommendations.

We also think this will be a great way to get feedback from users on what’s working for them, what isn’t, and ways that we can make Cloudflare better. There will even be opportunities to Continue reading

Value Constrains Us. At Least, It Should.

A friend of mine asked me, “How do you manage the billions of chat messages, chat apps, social media, etc.? I’m becoming so inefficient it isn’t funny.”

TL;DR

The short answer is that I don’t manage them. I mostly ignore them. I don’t view most of these apps, especially social media, as something to be kept up with. I declared permanent amnesty (some would say bankruptcy) some time ago. I have a different viewpoint on these tools than I once did.

See also the post I wrote on Cal Newport’s book, Deep Work in May 2016.

I limit active participation.

I only take part in a few services, and I’m not consistently active on any of them. Despite however many followers I might have on a given platform, the world doesn’t care what I have to say on those services so much that my contributions especially matter. Therefore, stepping back isn’t harming anyone, nor is it disappointing someone that I’m not saying something or participating in every conversation that I might. No one notices.

Conversely, I don’t pay attention to everything everyone else is saying on all the platforms where things are being said. The Internet allows everyone to talk Continue reading

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.

But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:

To read this article in full, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.

But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:

To read this article in full or to leave a comment, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:To read this article in full or to leave a comment, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.

But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:

To read this article in full or to leave a comment, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:To read this article in full or to leave a comment, please click here

Face it: Enterprise cyberattacks are going to happen

There are now so many cyberattacks that many enterprises simply accept that hackers and bad actors will find ways to break into their systems.A strategy some large businesses have developed over the past two years has been to quickly identify and isolate these attacks, possibly by shutting down part of a system or network so the hackers won't get days or weeks to root around and grab sensitive corporate data.This enterprise focus on rapid detection and response to various attacks on networks and computers doesn't replace conventional security tools to prevent attacks. Instead, businesses are relying on both prevention software and detection software.To read this article in full or to leave a comment, please click here

Face it: Enterprise cyberattacks are going to happen

There are now so many cyberattacks that many enterprises simply accept that hackers and bad actors will find ways to break into their systems.A strategy some large businesses have developed over the past two years has been to quickly identify and isolate these attacks, possibly by shutting down part of a system or network so the hackers won't get days or weeks to root around and grab sensitive corporate data.This enterprise focus on rapid detection and response to various attacks on networks and computers doesn't replace conventional security tools to prevent attacks. Instead, businesses are relying on both prevention software and detection software.To read this article in full or to leave a comment, please click here

Windows 10 S: It’s for enterprise, too

Microsoft may have stuck to its script Tuesday when it unveiled a Windows 10 spin-off aimed at the K-12 educational market, but the new operating system will be enticing to businesses as well, analysts said today."They were very focused on Windows 10 S as an education play, but no question, this will also appeal to enterprises," said Carolina Milanesi of Creative Strategies.Microsoft yesterday announced Windows 10 S -- the "S" isn't a placeholder for something specific, the company maintained -- for school settings. The operating system is Windows 10, but comes with important restrictions, the most notable that users can only install and run apps from Microsoft's Windows Store. This summer, Microsoft will begin testing a version of its Office suite that will be available from the store in September.To read this article in full or to leave a comment, please click here

Worth Reading: A trillion edge graph on a single node

Efficiently and quickly chewing through one trillion edges of a complex graph is no longer in itself a standalone achievement, but doing so on a single node, albeit with some acceleration and ultra-fast storage, is definitely worth noting. There are many paths to processing trillions of edges efficiently and with high performance as demonstrated by companies like Facebook with its distributed trillion-edge scaling effort across 200 nodes in 2015 and Microsoft with a similar feat as well. —The Next Platform

The post Worth Reading: A trillion edge graph on a single node appeared first on rule 11 reader.

China will attempt to keep IT products spy-free with security checks

China will start carrying out security checks of IT suppliers in the country, with the intent of keeping out internet products vulnerable to spying and hacking.The new rules, which take effect in June, mean that foreign vendors will face more scrutiny -- including government-mandated background checks, and supply chain vetting -- when selling IT products to China’s major business sectors.On Tuesday, the country’s Cyberspace Administration of China released the new rules, which call for the review of any important internet products and services that relate to the country’s security.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3 telltale signs it’s a real digital transformation

“Get a digital transformation for only $199.95, but only if you call to order in the next 15 minutes!”OK, so I haven’t seen an ad like this on late night TV—well, at least not yet. The unfortunate truth, however, is that the term “digital transformation” may be the greatest selling tool the enterprise technology industry has created in a generation.Everywhere you turn, someone is selling something using the term "digital transformation." The truth is, many of the things technology companies are selling are incredible new technologies that do, in fact, play a vital role in your digital transformation journey and are worthy of your consideration.To read this article in full or to leave a comment, please click here

FBI’s Comey dangerous definition of “valid” journalism

The First Amendment, the "freedom of speech" one, does not mention journalists. When it says "freedom of the press" it means the physical printing press. Yes, that does include newspapers, but it also includes anybody else publishing things, such as the famous agitprop pamphlets published by James Otis, John Dickinson, and Thomas Paine. There was no journalistic value to Thomas Paine's Common Sense. The pamphlet argued for abolishing the monarchy and for American independence.

Today in testimony before congress, FBI directory James Comey came out in support of journalism, pointing out that they would not prosecute journalists doing their jobs. But he then modified his statement, describing "valid" journalists as those who in possession of leaks would first check with the government, to avoid publishing anything that would damage national security. It's a power the government has abused in the past to delay or censor leaks. It's specifically why Edward Snowden contacted Glenn Greenwald and Laura Poitras -- he wanted journalists who would not kowtow the government on publishing the leaks.

Comey's testimony today was in regards to prosecuting Assange and Wikileaks. Under the FBI's official "journalist" classification scheme, Wikileaks are not real journalists, but instead publish "intelligence porn" and Continue reading

Intel’s new data center chief, a former PC exec, will be hands-on

A top executive responsible for shaping Intel's PC roadmap will now run the company's data center business.Navin Shenoy -- previously senior vice president and general manager of the company's Client Computing Group -- has been appointed the general manager of Intel's Data Center Group (DCG). He will replace the well-respected Diane Bryant, who was group president of DCG.Bryant is taking a leave of absence for six to eight months, and will be given a new position on returning, Intel said in a filing with the U.S. Securities and Exchange Commission on Wednesday.To read this article in full or to leave a comment, please click here

1 2,110 2,111 2,112 2,113 2,114 3,858