Test-driving EVPN route publishing with GoBGP

In recent times there has been a lot of interest in tunnel based L2 networks, especially for Cloud Networks implemented with VXLAN.  The tunnel based networks were initially proposed with the idea of alleviating the 4k limit imposed with VLAN based networks. EVPN based VXLAN tunneled networks use BGP as control plane for L2 learning. … Continue reading Test-driving EVPN route publishing with GoBGP

Docker Weekly Roundup | September 11, 2016

 

weekly-roundup.png

As we arrive at the conclusion of another week, the team at Docker wanted to take a moment to reflect on a few of the top posts you might have missed, while also highlighting a few other Docker stories from around the web. Here’s the weekly roundup for the week of September 11, 2016:

  • Docker Partner Program introducing the new tiered Docker Partner Program designed to address the growing demand by enterprise companies to adopt Containers as a Service environments with Docker Datacenter. 
  • Dockercast Episode 3 in this podcast Docker catches up with Nirmal Mehta at Booz Allen Hamilton. We discuss how large government organizations are modernizing their IT infrastructures and why these types of institutions seem to be early adopters of Docker.
  • IoT Swarm with Docker Machine the new Swarm Mode in Docker 1.12 makes it easy to build a Docker Swarm and connect different ARM devices to an IoT cluster. Instructions on how to build your own by Docker Captain Dieter Reuter.

Triggered remote packet capture using filtered ERSPAN

Packet brokers are typically deployed as a dedicated network connecting network taps and SPAN/mirror ports to packet analysis applications such as Wireshark, Snort, etc.

Traditional hierarchical network designs were relatively straightforward to monitor using a packet broker since traffic flowed through a small number of core switches and so a small number of taps provided network wide visibility. The move to leaf and spine fabric architectures eliminates the performance bottleneck of core switches to deliver low latency and high bandwidth connectivity to data center applications. However, traditional packet brokers are less attractive since spreading traffic across many links with equal cost multi-path (ECMP) routing means that many more links need to be monitored.

This article will explore how the remote Selective Spanning capability in Cumulus Linux 3.0 combined with industry standard sFlow telemetry embedded in commodity switch hardware provides a cost effective alternative to traditional packet brokers.

Cumulus Linux uses iptables rules to specify packet capture sessions. For example, the following rule forwards packets with source IP 20.0.1.0 and destination IP 20.0.1.2 to a packet analyzer on host 20.0.2.2:
-A FORWARD --in-interface swp+ -s 20.0.0.2 -d 20. Continue reading

Getting Started in the Mobile World

Got this challenge from one of my readers:

I've recently changed jobs and I am currently working for a telco. The problem is that I have no idea of what they are talking about when they mention SGSN, GGSN, Gi, Gn, etc... I only know routing and switching stuff :(.

Obviously he tried to search for information and failed.

Read more ...

Juniper QFX 5100 & VMware ESXI Host NIC Teaming -Design Consideration

The objective of this article is to highlight design consideration for NIC Teaming between  Juniper QFX 5100 (Virtual Chassis -VC) and VMWare ESXI host.

Reference topology is as under:-

We have 2 x Juniper QFX 5100 48S switches which are deployed as VC in order to provide connectivity to  compute machines. All compute machines are running VMWare ESXI Hyper-visor. Link Aggregation Group (LAG or Active/ Active NIC Teaming) is  required between compute machines and QFX 5100 VC.

  • Data Traffic from server to switch – xe-0/0/0  interface on both switches connected to NIC 3 & 4 on a single Compute Machine.
  • ESXI Host Management  and V-Motion Traffic from server to Switch-  xe-0/0/45 interface from both switches connected to NIC 1 & 2 ports on compute machine.
  • VLANs-ID
    • Data VLANs – 116, 126
    • V-Motion- 12
    • ESXI Management-11

Hence,the requirement is to configure  LAG (Active/ Active NIC Teaming) between compute machines and network switch for optimal link utilization in addition to fault tolerance if in case one physical link goes down between network switch and compute machine.

In order to achieve the required results one’s needs to understand default load balancing mechanism over LAG member interfaces in Juniper devices and same load balancing mechanism must be  configured on VMware ESXI Continue reading

Review: “Snowden” (2016)

tldr:

  • If you are partisan toward Snowden, you'll like the movie.
  • If you know little about Snowden, it's probably too long/slow -- you'll be missing the subtext.
  • If you are anti-Snowden, you'll hate it of course.


The movie wasn't bad. I was expecting some sort of over-dramatization, a sort of Bourne-style movie doing parkour through Hong Kong ghettos. Or, I expected a The Fifth Estate sort of movie that was based on the quirky character of Assange. But instead, the movie was just a slight dramatization of the events you (as a Snowden partisan) already know. Indeed, Snowden is a boring protagonist in the movie -- which makes the movie good. All the other characters in the movie are more interesting than the main character. Even the plot isn't all that interesting -- it's just a simple dramatization of what happens -- it's that slow build-up of tension toward the final reveal that keeps your attention.

In other words, it's clear that if you like Snowden, understand the subtext, you'll enjoy riding along on this slow buildup of tension.

Those opposed to Snowden, however, will of course gag on the one-side nature of the story. There's always two sides to Continue reading

Judge paves the way for British hacker’s extradition to US

A U.K. judge has ruled in favor of extraditing a British man to the U.S. on charges of hacking government computers, despite fears he may commit suicide.Lauri Love, 31, has been fighting his extradition for allegedly stealing data from U.S. government agencies, including the Department of Defense and NASA.On Friday, a Westminster Magistrates court ruled that Love can be safely extradited to the U.S. to face trial, even though he has Asperger Syndrome and a history of depression.“I send this case to the secretary of state for her decision as to whether or not Mr. Love should be extradited,” Judge Nina Tempia said in the ruling.To read this article in full or to leave a comment, please click here

Webcast: Hardening Microservices Security

Microservices is one of the buzz words of the moment. Beyond the buzz, microservices architecture offers a great opportunity for developers to rethink how they design, develop, and secure applications.

On Wednesday, September 21st, 2016 at 10am PT/1pm ET join SANS Technology Institute instructor and courseware author, David Holzer, as well as CloudFlare Solutions Engineer, Matthew Silverlock, as they discuss best practices for adopting and deploying microservices securely. During the session they will cover:

  • How microservices differ from SOA or monolithic architectures
  • Best practices for adopting and deploying secure microservices for production use
  • Avoiding continuous delivery of new vulnerabilities
  • Limiting attack vectors on a growing number of API endpoints
  • Protecting Internet-facing services from resource exhaustion

Don't miss this chance to learn from the pros. Register now!

Wroth Reading: Exascale might prove difficult

The supercomputing industry is accustomed to 1,000X performance strides, and that is because people like to think in big round numbers and bold concepts. Every leap in performance is exciting not just because of the engineering challenges in bringing systems with kilo, mega, tera, peta, and exa scales into being, but because of the science that is enabled by such increasingly massive machines. But every leap is getting a bit more difficult as imagination meets up with the constraints of budgets and the laws of physics. The exascale leap is proving to be particularly difficult, and not just because it is the one we are looking across the chasm at. —The Next Platform

LinkedInTwitterGoogle+Facebook

The post Wroth Reading: Exascale might prove difficult appeared first on 'net work.

HPE Docker Ready Servers Now Available – Get Docker Preinstalled On Your Favorite Hardware

It’s here!  HPE Docker ready servers are now available. These servers are pre-configured, integrated and validated with commercially supported Docker Engine out of the box. Enterprises can ease the adoption of Docker through a trusted hardware platform.  

Announced in June, the Docker and Hewlett Packard Enterprise (HPE) partnership, has been called The 10 Most Important Tech Partnerships In 2016 (so far),” by CRN as a way to bring infrastructure optimized Docker technology to enable a modern application platform for the enterprise.

Integrated, Validated and Supported

Docker ready servers are available for the HPE ProLiant, Cloudline, and Hyper Converged Systems. These servers come pre-installed with the commercially supported Docker Engine (CS Engine) and enterprise class support direct from HPE, backed by Docker. Whether deploying new servers or facing a hardware refresh, enterprises looking to adopt containerization can benefit from a simplified and repeatable deployment option on hardware they trust.

HPE Docker ready servers accelerate businesses time to value with everything needed in a single server to scale and support Docker environments, combining the hardware and OS you already use in your environment with the Docker CS Engine. Docker CS Engine is a commercially supported container runtime and native Continue reading

FBI faces lawsuit because it’s stayed mum on iPhone 5c hack

The FBI’s refusal to reveal how it accessed an iPhone 5c from a San Bernardino mass shooter will face scrutiny in court. USA Today’s parent company and two other news groups have filed a lawsuit against the agency, demanding it turn over the details.In March, the FBI unlocked the passcode-protected iPhone through an unknown third party, for a reportedly large sum that the agency hasn’t officially disclosed.The lack of details prompted USA Today to submit a Freedom of Information Act request to the FBI, regarding the costs paid to the third-party contractor. But in June, the FBI denied the request, claiming that the disclosure could interfere with law enforcement.To read this article in full or to leave a comment, please click here

Tech jobs that will get you the biggest raise next year

The biggest raises in 2017 will go to data scientists, who can expect a 6.4% boost in pay next year. That’s well above the average 3.8% increase that’s predicted for tech workers, according to new data from Robert Half Technology. The recruiting and staffing specialist recently released its annual guide to U.S. tech salaries, which finds IT workers will be getting slightly bigger pay bumps than many other professionals. Across all fields, U.S. starting salaries for professional occupations are projected to increase 3.6% in 2017. The largest gains will occur in tech – where starting salaries for newly hired IT workers are forecast to climb 3.8%.To read this article in full or to leave a comment, please click here

Remote Safe Mode attack defeats Windows 10 pass-the-hash defenses

Microsoft tries to protect user account credentials from theft in Windows 10 Enterprise, and security products detect attempts to pilfer user passwords. But all those efforts can be undone by Safe Mode, according to security researchers.The Safe Mode is an OS diagnostic mode of operation that has existed since Windows 95. It can be activated at boot time and only loads the minimal set of services and drivers that Windows requires to run.This means that most third-party software, including security products, don't start in Safe Mode, negating the protection they otherwise offer. In addition, there are also Windows optional features like the Virtual Secure Module (VSM), which don't run in this mode.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For September 16th, 2016

Hey, it's HighScalability time:

 

The struggle for life that kills. Stunning video of bacteria mutating to defeat antibiotics. 

 

If you like this sort of Stuff then please support me on Patreon.

  • 60%: time spent cleaning dirty dirty BigData; 10 million: that's a lot of Raspberry Pi; 365: days living in a Mars simulation; 100M: monthly League of Legends players; 1.75 billion: copyright takedowns by Google; 3.5 petabytes: data Evernote has to move to Google cloud; 11%: YoY growth in time spent on mobile apps; 4 hours: time between Lambda coldstarts; 

  • Quotable Quotes:
    • Camille Fournier: humans struggle to tangibly understand domains that are theoretically separate when they are presented as colocated by the source code.
    • @songcarver: The better example: iPhone 7 is showing 115% of 2016 Macbook single core performance, 88% of multi-core.
    • ex3ndr: We (actor.im) also moved from google cloud to our servers + k8s. Shared persistent storage is a huge pain. We eventually stopped to try to do this, will try again when PetSets will be in Beta and will be able to update it's images.
    • @mcclure111: "Well maybe you should get your Continue reading
1 2,658 2,659 2,660 2,661 2,662 3,835