NetworkingNexus.net

Proper isolation of a Linux bridge

TL;DR: when configuring a Linux bridge, use the following commands to enforce isolation:

# bridge vlan del dev br0 vid 1 self
# echo 1 > /sys/class/net/br0/bridge/vlan_filtering

A network bridge (also commonly called a “switch”) brings several Ethernet segments together. It is a common element in most infrastructures. Linux provides its own implementation.

A typical use of a Linux bridge is shown below. The hypervisor is running three virtual hosts. Each virtual host is attached to the br0 bridge (represented by the horizontal segment). The hypervisor has two physical network interfaces:

eth0 is attached to a public network providing various services for the virtual hosts (DHCP, DNS, NTP, routers to Internet, …). It is also part of the br0 bridge.
eth1 is attached to an infrastructure network providing various services to the hypervisor (DNS, NTP, configuration management, routers to Internet, …). It is not part of the br0 bridge.

Typical use of Linux bridging with virtual machines

The main expectation of such a setup is that while the virtual hosts should be able to use resources from the public network, they should not be able to access resources from the infrastructure network (including resources hosted on the hypervisor itself, like a Continue reading

Privacy and the common man (or the FBI director)

CSO's Joan Goodchild and Steve Ragan discuss some of the latest security news, including how the FBI director inadvertently (or on purpose?) revealed his Twitter ID and what the new regulations regarding ISPs being able to sell your private data without your consent really entails.

The Linux Migration: April 2017 Progress Report

In December 2016, I kicked off a migration to Linux (from OS X) as my primary laptop OS. In the nearly 4 months since the initial progress report, I’ve published a series of articles providing updates on things like which Linux distribution I selected, how I’m handling running VMs on my Linux laptop, and integration with corporate collaboration systems (here, here, and here). I thought that these “along the way” posts would be sufficient to keep readers informed, but I’ve had a couple of requests in the last week about how the migration is going. This post will help answer that question by summarizing what’s happened so far.

Let me start by saying that I am actively using a Linux-powered laptop as my primary laptop right now, and I have been doing so since early February. All the posts I’ve published so far have been updates of how things are going “in production,” so to speak. The following sections describe my current, active environment.

Linux Distribution

In my initial progress report, I’d tentatively chosen to use Ubuntu 16.04 LTS (“Xenial Xerus”). However, a short while later I switched to Fedora 25, and have settled Continue reading

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Kubernetes networking 101 – Services

In our last post we talked about how Kubernetes handles pod networking. Pods are an important networking construct in Kubernetes but by themselves they have certain limitations. Consider for instance how pods are allocated. The cluster takes care of running the pods on nodes – but how do we know which nodes it chose? Put another way – if I want to consume a service in a pod, how do I know how to get to it? We saw at the very end of the last post that the pods themselves could be reached directly by their allocated pod IP address (an anti-pattern for sure but it still works) but what happens when you have 3 or 4 replicas? Services aim to solve these problems for us by providing a means to talk to one or more pods grouped by labels. Let’s dive right in…

To start with, let’s look at our lab where we left at the end of our last post…

If you’ve been following along with me there are some pods currently running. Let’s clear the slate and delete the two existing test deployments we had out there…

user@ubuntu-1:~$ kubectl delete deployment pod-test-1
deployment "pod-test-1"  Continue reading

Fortinet upgrades for better cloud, SD-WAN protection

Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here

Fortinet upgrades for better cloud, SD-WAN protection

How to decide between cloud, on-premise and As-a-Service

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.

Deciding whether and how to use cloud computing is a complex, and made all the more complicated by the overwhelming number of vendors and products. What’s more, hybrid and multicloud approaches blur the lines between the cloud and on-premise deployment options.

With an operations team that counsels organizations on which type of architecture is best for them – on premise, cloud, hybrid or multicloud – and then evaluates what went well and didn’t in all four kinds of deployments, here’s our view of what situations tip the scale toward one approach or another. While the context is data storage, this analysis applies to most enterprise IT scenarios.

To read this article in full or to leave a comment, please click here

How to decide between cloud, on-premise and As-a-Service

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.Deciding whether and how to use cloud computing is a complex, and made all the more complicated by the overwhelming number of vendors and products. What’s more, hybrid and multicloud approaches blur the lines between the cloud and on-premise deployment options.With an operations team that counsels organizations on which type of architecture is best for them – on premise, cloud, hybrid or multicloud – and then evaluates what went well and didn’t in all four kinds of deployments, here’s our view of what situations tip the scale toward one approach or another. While the context is data storage, this analysis applies to most enterprise IT scenarios.To read this article in full or to leave a comment, please click here

21% off Seagate Backup Plus Hub for Mac, 4TB External Desktop Hard Drive – Deal Alert

Back up your files, precious photos and videos while connecting to and recharging any USB device, such as your tablet, smartphone or camera -- even if your system is off or in standby mode. The Backup Plus Hub for Mac is fully compatible with Time Machine, and will work with Windows based computers as well. This model has integrated USB ports, and packs a generous 4TB of space for just $109.99, a 21% discount over its typical list price of $139.99. See this deal now on Amazon.To read this article in full or to leave a comment, please click here

21% off Seagate Backup Plus Hub for Mac, 4TB External Desktop Hard Drive – Deal Alert

HP rises again to be the world’s top PC maker as Lenovo slips

It was another tough quarter for PC shipments, but there was good news for HP, which edged Lenovo to regain the title of world top's PC maker, according to IDC.Worldwide PC shipments totaled 60.3 million units in the first quarter of 2017, growing by just 0.6 percent compared to the same quarter the previous year.IDC previously forecast a decline of 1.8 percent in PC shipments, so the positive growth was a sign the PC market is recovering. Quarterly PC shipments reported positive growth for the first time since the first quarter of 2012. Lenovo previously beat HP for the title of the world's top maker in 2013 and has mostly held the position since then. HP regained the top spot this quarter boosted by strong laptop shipments worldwide. Now the question remains if HP can hold the spot.To read this article in full or to leave a comment, please click here

Microsoft kicks security bulletins to the curb in favor of security update guide

Forget about security bulletins; Microsoft is so done with them. Now, it’s all about the Security Update Guide – something Microsoft claimed customers wanted back in November 2016. Bulletins were supposed to bite the dust starting in January 2017, but it appears as if they did starting in April 2017. This new era for patching Microsoft is great, if you really like clicking again and again. If not, I suppose that is too bad, so sad.The release notes are slightly more informative than the Microsoft Security Response Center post about the April patches. The latter simply stated, “Today we released security updates to provide additional protections against malicious attackers.” Microsoft recommends turning on automatic updates, but probably not to stop the upcoming migraine for the click-fest you will have to endure to find out about the security updates.To read this article in full or to leave a comment, please click here

Microsoft kicks security bulletins to the curb in favor of security update guide

Orange Pi takes on Raspberry Pi with new computer boards

Raspberry Pi may be the most well-known board computer, but rival Orange Pi is rolling out a much larger range of boards at a furious pace and at cheaper prices.The number of board computer users is growing, with Raspberry Pi's shipments passing 10 million units last year. Orange Pi hasn't shipped as many devices but is trying to customize its boards to meet a wider set of computing needs. The latest board computer is the US$30 Orange Pi Prime, which is almost identical to Raspberry Pi 3 in terms of features. The Orange Pi Prime has better graphics by using a Mali-450 GPU, which can process 2K video.To read this article in full or to leave a comment, please click here

Worth Reading: Microsoft’s Open Approach to Networking

At Microsoft, we’re focused on enabling our customers by supporting all the technologies they depend on, and collaborating across organizational and industrial boundaries to bring the best possible experience to the cloud. Microsoft embraces open source and partner ecosystems to scale our own development efforts and accelerate innovation. Products that include Visual Studio Code, .NET, and ASP.NET are being publicly developed on GitHub with contributions from both Microsoft and non-Microsoft developers. These products are targeting Windows, Mac, and Linux. Microsoft is a contributing member of open source communities, including the Apache Software Foundation, Linux Foundation, R Consortium, and Node.js Foundation. —Microsoft Azure Blog

The post Worth Reading: Microsoft’s Open Approach to Networking appeared first on rule 11 reader.

Worth Reading: Microsoft’s Open Approach to Networking

The post Worth Reading: Microsoft’s Open Approach to Networking appeared first on 'net work.

42% off TurboTax Deluxe 2016 Tax Software Federal & State – Deal Alert

TurboTax coaches you every step of the way and double checks your return as you go to handle even the toughest tax situations, so you can be confident you’re getting every dollar you deserve. Its typical list price of $59.99 has been reduced a generous 42% to $34.89, a deal that is exclusive to Amazon. Learn more, or take advantage of the deal now, on Amazon.To read this article in full or to leave a comment, please click here

Today, Get 43% off SanDisk Connect Wireless Stick 200GB – Deal Alert

Note: This deal is only active until 2am ET, 4/12The SanDisk Connect wireless stick is a flash drive with a unique twist -- you can access it wirelessly. Whether it's in your pants pocket, in your bag, or on the picnic table at your campsite, the Connect wireless stick lets you stream media or move files wirelessly with up to three computers, phones or tablets simultaneously. Connections are made via built-in wifi (think "hotspot"), so no external wireless or internet services are needed. A USB connection is also available, if desired. Storage on this model is a generous 200GB. Reviewers on Amazon report at least 8-10 hours of battery life on one charge. This model is currently discounted 43%, from $119.99 down to $67.99. See it now on Amazon.To read this article in full or to leave a comment, please click here

« Previous 1 … 2,156 2,157 2,158 2,159 2,160 … 3,845 Next »