Tech Bytes: Choosing Single-Vendor SASE For Networking And Security (Sponsored)
Today on the Tech Bytes podcast, sponsored by Palo Alto Networks, we get into Secure Access Services Edge (SASE), which combines SD-WAN with cloud-delivered security services. You can integrate parts from different vendors, but Palo Alto Networks is here to make a case for why you might want to consider a single-vendor approach.
The post Tech Bytes: Choosing Single-Vendor SASE For Networking And Security (Sponsored) appeared first on Packet Pushers.
The Dream Of Placing Blocks On Chip Designs With AI
Similar to interior designers trying to fit the chairs, tables, and other furniture in rooms inside of a home, chip designers have to figure out where the various bits and pieces of a processor will lie on confined floor plans where latency between parts matters. …
The Dream Of Placing Blocks On Chip Designs With AI was written by Jeffrey Burt at The Next Platform.
Ansible Validated Content: Introduction to infra.osbuild Collection
Introduction to the Image builder use case
During the last year we met with multiple edge customers, covering the automation needs for IT Linux infrastructure at scale across remote locations where there is often no IT staff on site. Think about retail stores, dark stores and warehouses where self-checkout, handhelds and POS devices hosting RHEL are distributed everywhere.
For industrial setups and manufacture, this could be the scenario for small factor servers and storage hosting logging monitoring to gather information about operational activities, which are located in secure facilities.
One of the recurrent needs for our customers with distributed devices is the ability to upgrade Linux devices faster, at scale, mostly due to regulations or security risks. Ideally, you should be able to patch at scale as soon as a vulnerability is identified.
The main challenge with the traditional RPM patching model is that it is incremental, and frequently some Linux devices might have slight differences. That is why there are new edge-focused capabilities and models that start with the premise that you could and should test a whole base image, and once it passes your validations, it should be deployed into all the target devices that Continue reading
Network Break 423: Arista Woos Large Enterprises With New SD-WAN Router; Google Breaks Glass Enterprise
This week's Network Break covers Arista's new WAN routers that get the company into the SD-WAN market, debates whether Aryaka targeting SMEs is a sign of problems or opportunity, and discusses an update on the size of the SASE market. We also look at an HPE acquisition, the use of exploding USBs to target journalists, space networking, and more.Network Break 423: Arista Woos Large Enterprises With New SD-WAN Router; Google Breaks Glass Enterprise
This week's Network Break covers Arista's new WAN routers that get the company into the SD-WAN market, debates whether Aryaka targeting SMEs is a sign of problems or opportunity, and discusses an update on the size of the SASE market. We also look at an HPE acquisition, the use of exploding USBs to target journalists, space networking, and more.
The post Network Break 423: Arista Woos Large Enterprises With New SD-WAN Router; Google Breaks Glass Enterprise appeared first on Packet Pushers.
VyOS dropped packet notifications
Dropped packets have a profound impact on network performance and availability. Packet discards due to congestion can significantly impact application performance. Dropped packets due to black hole routes, expired TTLs, MTU mismatches, etc. can result in insidious connection failures that are time consuming and difficult to diagnose. Visibility into dropped packets offers significant benefits for network troubleshooting, providing real-time network-wide visibility into the specific packets that were dropped as well the reason the packet was dropped. This visibility instantly reveals the root cause of drops and the impacted connections.
vyos@vyos:~$ show version
Version: VyOS 1.4-rolling-202303260914
Release train: current
Built by: [email protected]
Built on: Sun 26 Mar 2023 09:14 UTC
Build UUID: 72b34f74-bfcd-4b51-9b95-544319c2dac5
Build commit ID: d68bda6a295ba9
Architecture: x86_64
Boot via: installed image
System type: guest
Hardware vendor: innotek GmbH
Hardware model: VirtualBox
Hardware S/N: 0
Hardware UUID: df0a2b79-b8c4-8342-a27f-76aa3e52ad6d
Copyright: VyOS maintainers and contributors
Verify that the version of of VyOS is VyOS 1.4-rolling-202303260914 or later.
On VyOS dropped packet monitoring Continue readingIntroducing our first Authorized Service Delivery Partners for Cloudflare One
Cloudflare's commitment to building the most compelling and easy-to-use SASE platform on the market has led to significant growth over the past year. Cloudflare One services have seen the fastest adoption among our customers, with a 3x increase in partner bookings and a 70% YoY increase in transacting partners. Partners consistently cite the simplicity of our platform, our innovation, and our global network as key differentiators that are driving strong customer demand.
To continue building on this momentum and deliver required services that our customers may require, we previously announced the creation of our new specialization track for Authorized Services Delivery Partners (ASDP) as part of our efforts to continue growing our partnership program.
Cloudflare's Authorized Services Delivery Partner track is designed to authorize partners that meet our high standards for professional services delivery around Cloudflare One. Partners who undergo the rigorous technical validation process and meet the criteria for security, performance, and reliability of their services delivery capabilities are designated as Cloudflare Authorized Service Delivery Partners. This designation provides a variety of benefits, including access to Cloudflare One sourced opportunities requiring services, access to named Cloudflare One Service Delivery Managers, and access to special partner incentive funds designed to Continue reading
Home Automation — Finally Roller Curtains and Nightmares
< MEDIUM: https://raaki-88.medium.com/home-automation-finally-roller-curtains-and-nightmares-b8ef1fc473d9 >
Am a fan and enthusiast of home automation, tried various things in the past and now settled with few things which I would like to share.
- Light Automation is the first and most popular thing to do — Initially I started wiring with PIR sensor available in Amazon, later upgraded the entire light system to Philips Hue and along with Philips Motion sensor, so far so good. Its expensive than my initial solution but had to choose that because of wired vs wireless situation in home
- Smart-plugs are another common set of devices — while I have both combinations of commercially available one and also I personally flashed few of Sonoff smart switches with Tasmota firmware
. . .
Lets get to the Curtain Rollers — So for these here is the catch, I have a remote for these and thats about it, nothing more nothing less, My ideas were mostly around having network connectivity and manipulating them.
- First and foremost thought that these are blue-tooth based and am wrong
- I went to DFROBOT and bought IR-Transmitter and IR-Receiver, nope they dint work
- I went Amazon and bought some other IR-transmitter and Receiver — Again, wasted a Continue reading
Enabling Nested-Virtualisation on Google cloud platform Instance
< MEDIUM: https://raaki-88.medium.com/enabling-nested-virtualisation-on-google-cloud-platform-instance-7f80f3120834 >
Important Excerpt from the below page.
https://cloud.google.com/compute/docs/instances/nested-virtualization/overview
You must run Linux-based OSes that can run QEMU; you can’t use Windows Server images.
You can’t use E2, N2D, or N1 with attached GPUs, and A2 machine types.
You must use Intel Haswell or later processors; AMD processors are not supported. If the default processor for a zone is Sandy Bridge or Ivy Bridge, change the minimum CPU selection for the VMs in that zone to Intel Haswell or later. For information about the processors supported in each zone, see Available regions and zones.
Though there are many use cases, I will speak from a networking standpoint. Let us say you need to do some sort of lab based on popular vMX Juniper or Cisco or any other vendor, if you have a bare metal instance, you have the ability to access the virtualised CPU cores and allocate them to the Qemu which will be the underlying emulator.
Issue
Almost by default most of the cloud providers will disable access to VT-x because of various reasons and some instances are not capable of supporting this by default. So either choose a custom instance with Continue reading
Power to the engineering people
SPONSORED: The value of great engineering is often overlooked, yet almost every object we use on a daily basis has been meticulously designed and tested by somebody somewhere to deliver the best possible performance and meet exacting cost and efficiency requirements. …
Power to the engineering people was written by Martin Courtney at The Next Platform.
DHCP Relaying in VXLAN Segments
After I got the testing infrastructure in place (simple DHCP relay, VRF-aware DHCP relay), I was ready for the real fun: DHCP relaying in VXLAN (and later EVPN) segments.
TL&DR: It works exactly as expected. Even though I had anycast gateway configured on the VLAN, the Arista vEOS switches used their unicast IP addresses in the DHCP relaying process. The DHCP server had absolutely no problem dealing with multiple copies of the same DHCP broadcast relayed by different switches attached to the same VLAN. One could only wish things were always as easy in the networking land.
DHCP Relaying in VXLAN Segments
After I got the testing infrastructure in place (simple DHCP relay, VRF-aware DHCP relay), I was ready for the real fun: DHCP relaying in VXLAN (and later EVPN) segments.
TL&DR: It works exactly as expected. Even though I had anycast gateway configured on the VLAN, the Arista vEOS switches used their unicast IP addresses in the DHCP relaying process. The DHCP server had absolutely no problem dealing with multiple copies of the same DHCP broadcast relayed by different switches attached to the same VLAN. One could only wish things were always as easy in the networking land.
Cloud Notes: AWS ELB
https://codingpackets.com/blog/cloud-notes-aws-elb
Worth Reading: Off-Path Firewall with Traffic Engineering
I have blog post ideas sitting in my to-write queue for over a decade. One of them is why would you need a VRF (and associated router) between virtual servers and a firewall?
Andrea Dainese answered at least part of that question in his Off-Path firewall with Traffic Engineering blog post. Enjoy!
Worth Reading: Off-Path Firewall with Traffic Engineering
I have blog post ideas sitting in my to-write queue for over a decade. One of them is why would you need a VRF (and associated router) between virtual servers and a firewall?
Andrea Dainese answered at least part of that question in his Off-Path firewall with Traffic Engineering blog post. Enjoy!