Juniper QFX 5100 & VMware ESXI Host NIC Teaming -Design Consideration

The objective of this article is to highlight design consideration for NIC Teaming between  Juniper QFX 5100 (Virtual Chassis -VC) and VMWare ESXI host.

Reference topology is as under:-

We have 2 x Juniper QFX 5100 48S switches which are deployed as VC in order to provide connectivity to  compute machines. All compute machines are running VMWare ESXI Hyper-visor. Link Aggregation Group (LAG or Active/ Active NIC Teaming) is  required between compute machines and QFX 5100 VC.

  • Data Traffic from server to switch – xe-0/0/0  interface on both switches connected to NIC 3 & 4 on a single Compute Machine.
  • ESXI Host Management  and V-Motion Traffic from server to Switch-  xe-0/0/45 interface from both switches connected to NIC 1 & 2 ports on compute machine.
  • VLANs-ID
    • Data VLANs – 116, 126
    • V-Motion- 12
    • ESXI Management-11

Hence,the requirement is to configure  LAG (Active/ Active NIC Teaming) between compute machines and network switch for optimal link utilization in addition to fault tolerance if in case one physical link goes down between network switch and compute machine.

In order to achieve the required results one’s needs to understand default load balancing mechanism over LAG member interfaces in Juniper devices and same load balancing mechanism must be  configured on VMware ESXI Continue reading

Review: “Snowden” (2016)

tldr:

  • If you are partisan toward Snowden, you'll like the movie.
  • If you know little about Snowden, it's probably too long/slow -- you'll be missing the subtext.
  • If you are anti-Snowden, you'll hate it of course.


The movie wasn't bad. I was expecting some sort of over-dramatization, a sort of Bourne-style movie doing parkour through Hong Kong ghettos. Or, I expected a The Fifth Estate sort of movie that was based on the quirky character of Assange. But instead, the movie was just a slight dramatization of the events you (as a Snowden partisan) already know. Indeed, Snowden is a boring protagonist in the movie -- which makes the movie good. All the other characters in the movie are more interesting than the main character. Even the plot isn't all that interesting -- it's just a simple dramatization of what happens -- it's that slow build-up of tension toward the final reveal that keeps your attention.

In other words, it's clear that if you like Snowden, understand the subtext, you'll enjoy riding along on this slow buildup of tension.

Those opposed to Snowden, however, will of course gag on the one-side nature of the story. There's always two sides to Continue reading

Judge paves the way for British hacker’s extradition to US

A U.K. judge has ruled in favor of extraditing a British man to the U.S. on charges of hacking government computers, despite fears he may commit suicide.Lauri Love, 31, has been fighting his extradition for allegedly stealing data from U.S. government agencies, including the Department of Defense and NASA.On Friday, a Westminster Magistrates court ruled that Love can be safely extradited to the U.S. to face trial, even though he has Asperger Syndrome and a history of depression.“I send this case to the secretary of state for her decision as to whether or not Mr. Love should be extradited,” Judge Nina Tempia said in the ruling.To read this article in full or to leave a comment, please click here

Webcast: Hardening Microservices Security

Microservices is one of the buzz words of the moment. Beyond the buzz, microservices architecture offers a great opportunity for developers to rethink how they design, develop, and secure applications.

On Wednesday, September 21st, 2016 at 10am PT/1pm ET join SANS Technology Institute instructor and courseware author, David Holzer, as well as CloudFlare Solutions Engineer, Matthew Silverlock, as they discuss best practices for adopting and deploying microservices securely. During the session they will cover:

  • How microservices differ from SOA or monolithic architectures
  • Best practices for adopting and deploying secure microservices for production use
  • Avoiding continuous delivery of new vulnerabilities
  • Limiting attack vectors on a growing number of API endpoints
  • Protecting Internet-facing services from resource exhaustion

Don't miss this chance to learn from the pros. Register now!

Wroth Reading: Exascale might prove difficult

The supercomputing industry is accustomed to 1,000X performance strides, and that is because people like to think in big round numbers and bold concepts. Every leap in performance is exciting not just because of the engineering challenges in bringing systems with kilo, mega, tera, peta, and exa scales into being, but because of the science that is enabled by such increasingly massive machines. But every leap is getting a bit more difficult as imagination meets up with the constraints of budgets and the laws of physics. The exascale leap is proving to be particularly difficult, and not just because it is the one we are looking across the chasm at. —The Next Platform

LinkedInTwitterGoogle+Facebook

The post Wroth Reading: Exascale might prove difficult appeared first on 'net work.

HPE Docker Ready Servers Now Available – Get Docker Preinstalled On Your Favorite Hardware

It’s here!  HPE Docker ready servers are now available. These servers are pre-configured, integrated and validated with commercially supported Docker Engine out of the box. Enterprises can ease the adoption of Docker through a trusted hardware platform.  

Announced in June, the Docker and Hewlett Packard Enterprise (HPE) partnership, has been called The 10 Most Important Tech Partnerships In 2016 (so far),” by CRN as a way to bring infrastructure optimized Docker technology to enable a modern application platform for the enterprise.

Integrated, Validated and Supported

Docker ready servers are available for the HPE ProLiant, Cloudline, and Hyper Converged Systems. These servers come pre-installed with the commercially supported Docker Engine (CS Engine) and enterprise class support direct from HPE, backed by Docker. Whether deploying new servers or facing a hardware refresh, enterprises looking to adopt containerization can benefit from a simplified and repeatable deployment option on hardware they trust.

HPE Docker ready servers accelerate businesses time to value with everything needed in a single server to scale and support Docker environments, combining the hardware and OS you already use in your environment with the Docker CS Engine. Docker CS Engine is a commercially supported container runtime and native Continue reading

FBI faces lawsuit because it’s stayed mum on iPhone 5c hack

The FBI’s refusal to reveal how it accessed an iPhone 5c from a San Bernardino mass shooter will face scrutiny in court. USA Today’s parent company and two other news groups have filed a lawsuit against the agency, demanding it turn over the details.In March, the FBI unlocked the passcode-protected iPhone through an unknown third party, for a reportedly large sum that the agency hasn’t officially disclosed.The lack of details prompted USA Today to submit a Freedom of Information Act request to the FBI, regarding the costs paid to the third-party contractor. But in June, the FBI denied the request, claiming that the disclosure could interfere with law enforcement.To read this article in full or to leave a comment, please click here

Tech jobs that will get you the biggest raise next year

The biggest raises in 2017 will go to data scientists, who can expect a 6.4% boost in pay next year. That’s well above the average 3.8% increase that’s predicted for tech workers, according to new data from Robert Half Technology. The recruiting and staffing specialist recently released its annual guide to U.S. tech salaries, which finds IT workers will be getting slightly bigger pay bumps than many other professionals. Across all fields, U.S. starting salaries for professional occupations are projected to increase 3.6% in 2017. The largest gains will occur in tech – where starting salaries for newly hired IT workers are forecast to climb 3.8%.To read this article in full or to leave a comment, please click here

Remote Safe Mode attack defeats Windows 10 pass-the-hash defenses

Microsoft tries to protect user account credentials from theft in Windows 10 Enterprise, and security products detect attempts to pilfer user passwords. But all those efforts can be undone by Safe Mode, according to security researchers.The Safe Mode is an OS diagnostic mode of operation that has existed since Windows 95. It can be activated at boot time and only loads the minimal set of services and drivers that Windows requires to run.This means that most third-party software, including security products, don't start in Safe Mode, negating the protection they otherwise offer. In addition, there are also Windows optional features like the Virtual Secure Module (VSM), which don't run in this mode.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For September 16th, 2016

Hey, it's HighScalability time:

 

The struggle for life that kills. Stunning video of bacteria mutating to defeat antibiotics. 

 

If you like this sort of Stuff then please support me on Patreon.

  • 60%: time spent cleaning dirty dirty BigData; 10 million: that's a lot of Raspberry Pi; 365: days living in a Mars simulation; 100M: monthly League of Legends players; 1.75 billion: copyright takedowns by Google; 3.5 petabytes: data Evernote has to move to Google cloud; 11%: YoY growth in time spent on mobile apps; 4 hours: time between Lambda coldstarts; 

  • Quotable Quotes:
    • Camille Fournier: humans struggle to tangibly understand domains that are theoretically separate when they are presented as colocated by the source code.
    • @songcarver: The better example: iPhone 7 is showing 115% of 2016 Macbook single core performance, 88% of multi-core.
    • ex3ndr: We (actor.im) also moved from google cloud to our servers + k8s. Shared persistent storage is a huge pain. We eventually stopped to try to do this, will try again when PetSets will be in Beta and will be able to update it's images.
    • @mcclure111: "Well maybe you should get your Continue reading

Worth Reading: Joining forces against mass collection

Some of the world’s biggest companies and organizations joined forces with Microsoft to fend off the U.S. government’s habitual practice of demanding access to customers’ personal information. Microsoft filed a lawsuit against the U.S. Department of Justice (DOJ) in April, arguing it is unconstitutional to seize computer data from third parties and subsequently issue gag orders so companies cannot notify customers. Now a motley crew of institutions, organizations, and businesses — like Apple, Google, Delta Air Lines, Mozilla, The Washington Post, Fox News, the American Civil Liberties Union, the U.S. Chamber of Commerce — have joined the cause by signing and submitting an amicus brief. —The Stream

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Joining forces against mass collection appeared first on 'net work.

Integrating SRX in Svc Provider Network (Routing and Multi-tenancy Considerations)

Service Providers networks are always have complex requirements of multi-tenancy, routing & security and pose challenges to network architects.  In this blog I will write about SRX integration in Svc Provider Network while highlighting methodologies how to handle challenges of implementing security features with multi-tenancy and routing consideration.srx-in-sp

                                                                               REFERENCE TOPOLOGY

Devices have been classified into following segments based on their role:-

  •  Remote Customer Network (consist of Customer PCs connected to Provide Edge through Customer Edge).
  • Provider Network (Consist of Provider Edge Routers and Provider Back Bone Rout
  • Data Center Network (Consist of Internet Firewall and Server inside Data Center directly connected with Internet Firewall).
  •   Internet Edge (Consist of Internet Router connected with Internet Firewall hence providing internet access to Customer Networks connected with Data Center through provider network).

Traffic flow and security requirements are as under:-

  • Customer 1 Network (PC-1) requires access to Server-1 installed in Data Center and to Public DNS Server reachable via Internet Edge Router.
  • Continue reading

FBI urges ransomware victims to step forward

The FBI has issued a plea for those who have been hit by ransomware to report this to federal law enforcement so that the country can get a better sense of just how bad this problem really is.Ransomware refers to malware that encrypts files on computers or locks users out of their computers, and requests ransom be paid to set files free or allow users to regain access. Such malware, often going by spooky names like Cryptolocker or TeslaCrypt, can be activated by clicking on a web link or even visiting a compromised website, or opening an file in email. One nasty variant even takes your money and still deletes your files.To read this article in full or to leave a comment, please click here

1 2,681 2,682 2,683 2,684 2,685 3,858