0

Small Site EBGP-Only Design

One of my subscribers found an unusual BGP specimen in the wild:

• It was a small site with two core switches and a WAN edge router
• The site had VPN concentrators running in virtual machines
• The WAN edge router was running BGP across WAN IPsec tunnels
• The VPN concentrators were running BGP with core switches.

So far so good, and kudos to whoever realized BGP is the only sane protocol to run between virtual machines and network core. However, the routing in the network core was implemented with EBGP sessions between the three core devices, and my subscriber thought the correct way to do it would be to use IBGP and OSPF.

0

Small Site EBGP-Only Design

One of my subscribers found an unusual BGP specimen in the wild:

• It was a small site with two core switches and a WAN edge router
• The site had VPN concentrators running in virtual machines
• The WAN edge router was running BGP across WAN IPsec tunnels
• The VPN concentrators were running BGP with core switches.

So far so good, and kudos to whoever realized BGP is the only sane protocol to run between virtual machines and network core. However, the routing in the network core was implemented with EBGP sessions between the three core devices, and my subscriber thought the correct way to do it would be to use IBGP and OSPF.

0

The Skills Gap For Fortran Looms Large In HPC

Back in the dawn of time, which is four decades ago in computer science and which was before technical computing went mainstream with the advent of Unix workstations and their beefy server cousins, the computer science students we knew at college had taught themselves BASIC on either TRS-80s or Commodore VICs and they went to college to learn something useful like COBOL and maybe got a smattering of C and Pascal, or occasionally even RPG, for variety. …

The Skills Gap For Fortran Looms Large In HPC was written by Timothy Prickett Morgan at The Next Platform.

0

RSAC 2023 interview: Tigera talks cloud-native security on theCUBE

During RSA Conference 2023, Utpal Bhatt sat down with SiliconANGLE & theCUBE host, John Furrier, to talk cloud-native security. Watch the full interview below.

 

Here’s a sneak peak of what’s inside…

“Cloud-native applications have fundamentally changed how security gets done. And there are a lot of challenges that cloud-native applications bring to the table, which is what organizations are realizing. If you think about organizations moving into the cloud, the majority have traditionally done a lift and shift. But now they’re recognizing that in order to get the economics right, they need to start developing cloud-native technologies, which are highly distributed, ephemeral, and transient. So all your standard security tools just really don’t work in that environment because you have a really large Continue reading

0

US, EU pressure Malaysia to bar Huawei hardware from 5G network

The US and the EU have put heavy diplomatic pressure on the government of Malaysia, urging it to bar Chinese networking equipment vendor Huawei from its state-owned 5G network, according to the Financial Times.Letters from the US ambassador to the country, Brian McFeeters, and from the head of the EU delegation to Malaysia, Michalis Rokas, warned of potential legal problems and national security issues, if the country succumbs to what the Financial Times described as heavy lobbying by Huawei.“Senior officials in Washington agree with my view that upending the existing model would undermine the competitiveness of new industries, stall 5G growth in Malaysia, and harm Malaysia’s business-friendly image internationally,” wrote McFeeters, according to the Financial Times. “Allowing untrusted suppliers in any part of the network also subjects Malaysia’s infrastructure to national security risks.”To read this article in full, please click here

0

U.S. Firms Face Daunting Challenges with 3G Network Shutdowns Internationally

Slow speeds, security issues, and a higher cost of doing business exist as countries take different tacks on wireless network evolutions.

0

HS047: Architect/Engineers/Operations, Career Progression and Liability

What are these roles and how do they fit into a strategy ? Who solves problems, designs solutions, and tests to make sure that’s workable ? How do we create/train people for these roles ? What about professional liability ?

0

HS047: Architect/Engineers/Operations, Career Progression and Liability

What are these roles and how do they fit into a strategy ? Who solves problems, designs solutions, and tests to make sure that’s workable ? How do we create/train people for these roles ? What about professional liability ?

The post HS047: Architect/Engineers/Operations, Career Progression and Liability appeared first on Packet Pushers.

0

What you can’t do with Kubernetes network policies (unless you use Calico)

Kubernetes documentation clearly defines what use cases you can achieve using Kubernetes network policies and what you can’t. You are probably familiar with the scope of network policies and how to use them to secure your workload from undesirable connections. Although it is possible to cover the basics with Kubernetes native network policies, there is a list of use cases that you cannot implement by just using these policies.

You can refer to the Kubernetes documentation to review the list of “What you can’t do with network policies (at least, not yet)”.

Here are some of the use cases that you cannot implement using only the native network policy API (transcribed from the Kubernetes documentation):

• Forcing internal cluster traffic to go through a common gateway.
• Anything TLS related.
• Node specific policies.
• Creation or management of “Policy requests” that are fulfilled by a third party.
• Default policies which are applied to all namespaces or pods.
• Advanced policy querying and reachability tooling.
• The ability to log network security events.
• The ability to explicitly deny policies.
• The ability to prevent loopback or incoming host traffic (Pods cannot currently block localhost access, nor do they have the ability to block access from Continue reading

0

After The 2022 Bump, Arista Is Back To The Grind In 2023

For Arista Networks, the poster-child of hyperscaler and cloud build networking that, more than any other vendor, has championed merchant silicon and Linux as the basis of a modular network operating system, 2022 was a bumper crop year. …

After The 2022 Bump, Arista Is Back To The Grind In 2023 was written by Timothy Prickett Morgan at The Next Platform.

0

How we built Network Analytics v2

Network Analytics v2 is a fundamental redesign of the backend systems that provide real-time visibility into network layer traffic patterns for Magic Transit and Spectrum customers. In this blog post, we'll dive into the technical details behind this redesign and discuss some of the more interesting aspects of the new system.

To protect Cloudflare and our customers against Distributed Denial of Service (DDoS) attacks, we operate a sophisticated in-house DDoS detection and mitigation system called dosd. It takes samples of incoming packets, analyzes them for attacks, and then deploys mitigation rules to our global network which drop any packets matching specific attack fingerprints. For example, a simple network layer mitigation rule might say “drop UDP/53 packets containing responses to DNS ANY queries”.

In order to give our Magic Transit and Spectrum customers insight into the mitigation rules that we apply to their traffic, we introduced a new reporting system called "Network Analytics" back in 2020. Network Analytics is a data pipeline that analyzes raw packet samples from the Cloudflare global network. At a high level, the analysis process involves trying to match each packet sample against the list of mitigation rules that dosd has deployed, so that it can Continue reading

0

Heavy Networking 677: US Networking User Association – Meetups For Network Engineers

You ever want a group of fellow networking nerds to hang with once in a while? The US Networking User Association might be exactly what you’re looking for. With local networking user groups popping up in various places all over the US and soon other countries, the USNUA is fostering community and knowledge sharing for networkers everywhere. On today's Heavy Networking we speak with Jason Gintert and Chris Kane, two of the folks behind the USNUA organization, to discuss what the USNUA is, and how you can work with them to get a NUG started in your area.

0

Heavy Networking 677: US Networking User Association – Meetups For Network Engineers

You ever want a group of fellow networking nerds to hang with once in a while? The US Networking User Association might be exactly what you’re looking for. With local networking user groups popping up in various places all over the US and soon other countries, the USNUA is fostering community and knowledge sharing for networkers everywhere. On today's Heavy Networking we speak with Jason Gintert and Chris Kane, two of the folks behind the USNUA organization, to discuss what the USNUA is, and how you can work with them to get a NUG started in your area.

The post Heavy Networking 677: US Networking User Association – Meetups For Network Engineers appeared first on Packet Pushers.

0

Private 5G might just make you rethink your wireless options

The hype surrounding 5G ranges from Jetsons-like futurism to deep-in-the-rabbit-hole conspiracy theories. On the consumer side, 5G is still serving up more sizzle than steak, mainly because the technology is so new, handsets so few, and infrastructure still mostly 4G LTE or earlier, so developers are still figuring out how to take advantage of its capabilities.To read this article in full, please click here

0

Effects of the conflict in Sudan on Internet patterns

On Saturday, April 15, 2023, an armed conflict between rival factions of the military government of Sudan began. Cloudflare observed a disruption in Internet traffic on that Saturday, starting at 08:00 UTC, which deepened on Sunday. Since then, the conflict has continued, and different ISPs have been affected, in some cases with a 90% drop in traffic. On May 2, Internet traffic is still ~30% lower than pre-conflict levels. This blog post will show what we’ve been seeing in terms of Internet disruption there.

On the day that clashes broke out, our data shows that traffic in the country dropped as much as 60% on Saturday, after 08:00 UTC, with a partial recovery on Sunday around 14:00, but it has consistently been lower than before. Although we saw outages and disruptions on major local Internet providers, the general drop in traffic could also be related to different human usage patterns because of the conflict, with people trying to leave the country. In Ukraine, we saw a clear drop in traffic, not always related to ISP outages, after the war started, when people were leaving the country.

Here’s the hourly perspective of Sudan’s Internet traffic over the past weeks as seen Continue reading

0

Heavy Wireless 001: Are We Ready For Wi-Fi 7?

Welcome to the Heavy Wireless podcast! For this inaugural episode we look at the Wi-Fi 7 standard (802.11be). With consumer products expected to ship in 2023, now's the time to explore what the latest advances mean for enterprise and consumer markets. Host Keith Parsons welcomes David D. Coleman to discuss key features including 320 Mhz channels, 4K QAM, and Multi-Link Operation (MLO).

0

Heavy Wireless 001: Are We Ready For Wi-Fi 7?

Welcome to the Heavy Wireless podcast! For this inaugural episode we look at the Wi-Fi 7 standard (802.11be). With consumer products expected to ship in 2023, now's the time to explore what the latest advances mean for enterprise and consumer markets. Host Keith Parsons welcomes David D. Coleman to discuss key features including 320 Mhz channels, 4K QAM, and Multi-Link Operation (MLO).

The post Heavy Wireless 001: Are We Ready For Wi-Fi 7? appeared first on Packet Pushers.

0

How to shop for network observability tools

Today’s enterprise networks span on-premises and cloud environments, and it has become a lot harder for IT teams to maintain performance, reliability and security when some parts of the network are unknown or off-limits to traditional performance monitoring tools.“If you cannot get visibility into all the components comprising the digital experience, everything that is between the end user clicking the mouse to the deepest part of a cloud or data center network, then you are flying blind, you are incurring a lot of risk, and you could be overspending, too,” says Mark Leary, research director for network analytics and automation at research firm IDC.To read this article in full, please click here

0

How to shop for network observability tools

Today’s enterprise networks span on-premises and cloud environments, and it has become a lot harder for IT teams to maintain performance, reliability and security when some parts of the network are unknown or off-limits to traditional performance monitoring tools.“If you cannot get visibility into all the components comprising the digital experience, everything that is between the end user clicking the mouse to the deepest part of a cloud or data center network, then you are flying blind, you are incurring a lot of risk, and you could be overspending, too,” says Mark Leary, research director for network analytics and automation at research firm IDC.To read this article in full, please click here

0

netlab Release 1.5.2: Aruba CX, External Tools, Tunnel Interfaces

netlab release 1.5.2 brings another bunch of cool features, including:

• Aruba AOS-CX Support by Stefano Sasso
• External network management tools that you can start together with your lab
• Tunnel interfaces
• Reusable topology components

I’ll cover these features in separate blog posts; today I wanted to highlight a few minor additions: