6 industries where private 5G makes sense

OK, I’ve come around on the notion of private 5G.Last year, I blogged about private 5G and explained how you’d know you were a prospect for the technology as an alternative to WiFi or public cellular services. My focus was on the same community of workers that most tech empowerment has focused on, meaning the white-collar or “carpet” types. Since the first of the year, I’ve had a chance to chat with 31 companies who are using or deploying private wireless technology, and I’ve also chatted with some of their integrators and suppliers. None of the enterprises were using private 5G in the hallowed (carpeted) halls of an office. Instead, their targeted jobs were outside in the dirt—sometimes literally—or on some factory or warehouse floor.To read this article in full, please click here

Global hosting providers help keep key Ukraine web sites available

If there’s one big lesson about internet availability, it might be coming from Ukraine, where more than a year of Russian attacks have failed to bring down the network.According to a study by ThousandEyes, which is part of Cisco, the repeated attempts to disrupt access to key Ukrainian web sites have occasionally succeeded, but only for short periods.The most effective defensive strategy proved to be hosting content on global providers’ infrastructure, which demonstrated the most resilience overall, according to ThousandEyes’ “Ukraine Internet Analysis – March 2023”.To read this article in full, please click here

Network Break 425: Microsoft Adds Security Copilot To AI Squadron; Samsung Stung By ChatGPT Leaks

This week's Network Break examines Security Copilot, the latest AI-infused assistant in Microsoft's growing arsenal; discusses optical advancements from Arelion and Infinera that sent 400Gb wavelengths over 1,800 kilometers; examine a news report that claims Tesla workers shared "highly invasive" images recorded by vehicle cameras; plus even more tech news.

Network Break 425: Microsoft Adds Security Copilot To AI Squadron; Samsung Stung By ChatGPT Leaks

This week's Network Break examines Security Copilot, the latest AI-infused assistant in Microsoft's growing arsenal; discusses optical advancements from Arelion and Infinera that sent 400Gb wavelengths over 1,800 kilometers; examine a news report that claims Tesla workers shared "highly invasive" images recorded by vehicle cameras; plus even more tech news.

The post Network Break 425: Microsoft Adds Security Copilot To AI Squadron; Samsung Stung By ChatGPT Leaks appeared first on Packet Pushers.

Kubernetes Security And Networking 6: Kubernetes CVEs – Video

This video looks at various Kubernetes vulnerabilities and their severity scores to help you understand how to evaluate CVEs so you can prioritize remediation. It also shows different options and sources of CVEs. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of […]

The post Kubernetes Security And Networking 6: Kubernetes CVEs – Video appeared first on Packet Pushers.

VyOS DDoS mitigation

Real-time flow analytics on VyOS describes how to install real-time analytics based on sFlow and the sFlow-RT analytics engine. This article extends the example to show how to automatically mitigate DDoS attacks using flow analytics combined with BGP Remotely Triggered Black Hole (RTBH) / Flowspec. 
vyos@vyos:~$ add container image sflow/ddos-protect
First, download the sflow/ddos-protect image. 
vyos@vyos:~$ mkdir -m 777 /config/sflow-rt
Create a directory to store persistent container state. 
set container network sflowrt prefix 192.168.1.0/24
Define an internal network to connect to container. Currently VyOS BGP does not allow direct connections to local addresses (e.g. 127.0.0.1), so we need to put controller on its own network so the router can connect and receive DDoS mitigation BGP RTBH / Flowspec controls. 
set container name sflow-rt image sflow/ddos-protect
set container name sflow-rt host-name sflow-rt
set container name sflow-rt arguments '-Dddos_protect.router=192.168.1.1 -Dddos_protect.enable.flowspec=yes'
set container name sflow-rt environment RTMEM value 200M
set container name sflow-rt memory 0
set container name sflow-rt volume store source /config/sflow-rt
set container name sflow-rt volume store destination /sflow-rt/store
set container name sflow-rt network sflowrt address 192.168.1.2

Configure a container to run the image. The Continue reading

Startup Radar: Kumorai Tackles Multi-Cloud Infrastructure Automation

Kumorai is a startup that aims to simplify the deployment and operation of compute, networking, and security infrastructure across public clouds. The company says its SaaS application provides a no-code environment where IT pros can use a visual interface to assemble infrastructure components such as compute, VPCs and vNets, Transit Gateways, and firewalls, and then […]

The post Startup Radar: Kumorai Tackles Multi-Cloud Infrastructure Automation appeared first on Packet Pushers.

VPP – Monitoring

VPP

About this series

Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation service router), VPP will look and feel quite familiar as many of the approaches are shared between the two.

I’ve been working on the Linux Control Plane [ref], which you can read all about in my series on VPP back in 2021:

DENOG14

  • [Part 1]: Punting traffic through TUN/TAP interfaces into Linux
  • [Part 2]: Mirroring VPP interface configuration into Linux
  • [Part 3]: Automatically creating sub-interfaces in Linux
  • [Part 4]: Synchronize link state, MTU and addresses to Linux
  • [Part 5]: Netlink Listener, synchronizing state from Linux to VPP
  • [Part 6]: Observability with LibreNMS and VPP SNMP Agent
  • [Part 7]: Productionizing and reference Supermicro fleet at IPng

With this, I can make a regular server running Linux use VPP as kind of a software ASIC for super fast forwarding, filtering, NAT, and so on, while keeping control of the interface state (links, addresses and routes) itself. With Continue reading

Weekend Reads 040723


What it is about is how very few companies have access to the raw AI models that are transforming the world, the curated datasets that have been purged of bias (to one degree or another) that are fundamental to training AI systems using machine learning techniques, the model weights and checkpoints that are key to tuning a model, and the money to either build or rent the capacity to bring the neural network software and the data together to train an AI model.


Intel has announced a new processor with 144 cores designed for simple data-center tasks in a power-efficient manner.


Data center fires aren’t common, but they can be devastating. As use of lithium-ion batteries grows, enterprises need to be aware of the risks, Uptime Institute warns.


Russian intelligence services, together with a Moscow-based IT company, are planning worldwide hacking operations that will also enable attacks on critical infrastructure facilities.


Back in the old days, there was a CPU and chip designers crammed everything into that single CPU, which made sense for the greatest number of customers offset against the additional cost of adding extra functionality.


A picture is said to be worth a thousand words. A graph can Continue reading

Notes from IETF116

The IETF had its 116th meeting in Yokohama, Japan in the last week of March. Here’s some notes I made from some of the working group sessions I attended that I found to be of interest.

Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN

You know all those Apple and other IoT devices connected to your wireless network? Lots of them run apps that discover services on your network via multicast DNS (mDNS). All of that mDNS traffic can have a significant impact on your WLAN’s performance. On today's Heavy Networking we talk with guest Bryan Ward who has actually measured the impact of mDNS on a production wireless network to see what would happen if he let mDNS traffic run wild.

Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN

You know all those Apple and other IoT devices connected to your wireless network? Lots of them run apps that discover services on your network via multicast DNS (mDNS). All of that mDNS traffic can have a significant impact on your WLAN’s performance. On today's Heavy Networking we talk with guest Bryan Ward who has actually measured the impact of mDNS on a production wireless network to see what would happen if he let mDNS traffic run wild.

The post Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN appeared first on Packet Pushers.

Technology Short Take 167

Welcome to Technology Short Take #167! This Technology Short Take is a tad shorter than the typical one; I’ve been busy recently and my intake volume of content has gone down, thus resulting in fewer links to share with all of you! I opted to go ahead and publish a shorter Technology Short Take instead of making everyone wait around for a longer one. In any case, here’s hoping that I’ve included something useful for you!

Networking

Servers/Hardware

Security

Cloud Computing/Cloud Management

Turning WiFi into a Thick Yellow Cable

The “beauty” (from an attacker perspective) of the original shared-media Ethernet was the ability to see all traffic sent to other hosts. While it’s trivial to steal someone else’s IPv4 address, the ability to see their traffic allowed you to hijack their TCP sessions without the victim being any wiser (apart from the obvious session timeout). Really smart attackers could go a step further, insert themselves into the forwarding path, and inject extra payload into unencrypted sessions.

A recently-discovered WiFi vulnerability brought us back to that wonderful world.

Read more …

Turning WiFi into a Thick Yellow Cable

The “beauty” (from an attacker perspective) of the original shared-media Ethernet was the ability to see all traffic sent to other hosts. While it’s trivial to steal someone else’s IPv4 address, the ability to see their traffic allowed you to hijack their TCP sessions without the victim being any wiser (apart from the obvious session timeout). Really smart attackers could go a step further, insert themselves into the forwarding path, and inject extra payload into unencrypted sessions.

A recently-discovered WiFi vulnerability brought us back to that wonderful world.

Read more …
1 243 244 245 246 247 3,766