Docker Online Meetup #38: Docker Support in NetBeans, Eclipse and IntelliJ
At the latest Docker Online Meetup, Docker Captain Arun Gupta from Couchbase joined us to discuss Docker support in an Integrated Development Environment (IDE). A typical tool chain of Java developer consists of an IDE such as NetBeans, Eclipse, or … ContinuedSSH Jump Host and Connection Multiplexing
Jump Hosts While working with libvirt as my primary hypervisor to launch test VMs I need a way to connect to the VMs easily over SSH. As libvirt uses private network and SNAT for connecting the VMs to external world getting SSH access to the VMs requires Port Forwarding or DNAT. I recently came to … Continue reading SSH Jump Host and Connection Multiplexing
GETVPN Example
A couple of weeks ago I had the good fortune of attending Jeremy Filliben’s CCDE Bootcamp.
It was a great experience, which I will elaborate on in another post. But one of the technology areas I had a bit of difficult with, was GETVPN.
So in this post a I am going to setup a scenario in which a customer has 3 sites, 2 “normal” sites and a Datacenter site. The customer wants to encrypt traffic from Site 1 to Site 2.
Currently the customer has a regular L3VPN service from a provider (which is beyond the scope of this post). There is full connectivity between the 3 sites through this service.
The topology is as follows:
GETVPN consists of a few components, namely the Key Server (KS) and Group Members (GM’s), which is where it derives its name: Group Encrypted Transport. A single SA (Security Association) is used for the encryption. The Key Server distributes the information to the Group Members through a secure transport, where the Group Members then use this information (basically an ACL) to encrypt/decrypt the data packets.
The routing for the topology is fairly simple. (See Routing Diagram) Each client as well as the KeyServer Continue reading
Cisco ASA packet capture showing bidirectional traffic flow
Recently I had to troubleshoot some communication issues via a Cisco ASA device and the packet capture on the IOS comes in handy for this task.
When you have a lot of traffic over ASA and you’re interested in a particular IP address, the basic packet capture lesson says that you should configure an access-list to limit the captured packets for the interesting traffic only.
Let’s assume that I have a particular interest for the traffic to and from the IP address 10.0.0.10.
I created a standard ACL to match only the traffic related to 10.0.0.10:
access-list TS standard permit host 10.0.0.10
Afterward I attached the created ACL to a packet capture on a particular interface (let’s call it “lan”).
capture TSHOOT access-list TS interface lan
You can find the above lines in almost any how-to regarding packet capture on Cisco ASA.
Checking the capture I noticed that traffic is unidirectional captured:
FW# show capture TSHOOT 4 packets captured 1: 20:15:32.757010 802.1Q vlan#10 P0 192.168.0.10 > 10.0.0.10: icmp: echo request 2: 20:15:33.759283 802.1Q vlan#10 P0 192.168.0.10 > 10. Continue reading
SDxCentral Weekly News Roundup — May 13, 2016
ONUG creates four new open source initiatives.
MLAG – An Implementation for Everyone!
I typically don’t to get up on a soapbox and preach the awesomeness of Linux networking, but I think I’m going to make an exception for this one topic: MLAG.
Yes, MLAG, that wonderful non-standard Multi-chassis Link Aggregation protocol that enables layer 2 multipathing from the host to gain either additional bandwidth or link resiliency. Every vendor that supports MLAG does so by using their own custom rolled implementation of it, which means Vendor A’s version of MLAG cannot interoperate with Vendor B’s version of MLAG. So I can’t have one switch be an “X” box and another be a “Y” box and expect the two to be part of the same MLAG configuration with a Dell server.
That ends today (arguably I could have said, that ended January 2015 when Cumulus Networks shipped with MLAG support in Cumulus Linux 2.5, but I’ll get to that in a bit). Several weeks ago I was with my colleagues Shrijeet Mukherjee and Tuyen Quoc giving a talk about how “Linux Networking Is Awesome” at the 2016 OCP Summit. During our standing room only talk, we explained how Linux networking has become the de-facto networking stack in the data center (and Continue reading
From PSKs to Blockchain: Ideas for Solving the IoT Security Dilemma
The problem is vast, but a few options are emerging.
How startups can attract and retain cloud talent
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
Today, it’s rare to encounter a company that doesn’t use the cloud. According to a recent RightScale report, 93% of organizations surveyed are running applications in the cloud or experimenting with infrastructure-as-a-service, and 82% of enterprises have a hybrid cloud strategy, up from 74% in 2015.
As cloud adoption rises, employees skilled in cloud development and management are finding themselves a hot commodity in the job market. In fact, many organizations are fighting for highly-coveted cloud computing experts to optimize cloud performance and help them better compete in their respective markets.
To read this article in full or to leave a comment, please click here
Microservices Network Architecture 101
A new god is rising in the world of application development – Microservices
The new god promises if not happiness in the next life, scalability, agility and fault tolerance in this life. At the heart of all this, is a simple, age-old axiom that is a key design goal of Unix: do one thing, and do it well. In the evolution of application architectures, single monolithic applications made way for client-server applications, which in turn made the way for microservices. The upending of the old world continues in data centers.
Communication is at the heart of this new religion (one popular theory of the etymology of the word religion is the word “religio” which means “to reconnect”). Every religion and every new technology introduces its own new vocabulary.
Microservices are no different!
In the domain of communications, the new lingo involves things such as MacVlan, IPVlan, Weave, Flannel and Swarm, to just name a few. What are they ? How are they connected ? Is IPVlan a new encapsulation format ? If it’s not a new encapsulation format, what is it ? If it is a new encapsulation format, how is it related to VxLAN ? Why were they invented ? Which one should I use ? What Continue reading
AnsibleFest Call For Speakers Now Open
AnsibleFest is heading back to San Francisco on Thursday, July 28. You can expect all the usual highlights, like product roadmaps and Ask an Expert sessions. Plus, this year we're planning distinct tracks to give you exactly the type of information you need for wherever you are in your Ansible journey. Track themes will include use cases, best practices, and technical deep-dives into trending topics.
Do you have a story to share about how you're using Ansible?
Submit your abstract during our Call for Speakers - open until June 1. We'll select speakers and notify all participants by June 13.
To see examples of talks that have been accepted in the past, check out the recordings from our last two AnsibleFest events in London and San Francisco.
Then buy your tickets now during Super Early Bird pricing. This exclusive $299 pricing ends on May 31 and you won't find a better deal. If you're selected as a speaker, we'll refund your ticket amount.
See you in San Francisco!
|
|
WANT A TASTE OF ANSIBLEFEST? Watch presentations from AnsibleFest London 2016. |
VMware NSX Fundamentals Live is Coming to a City Near You
Sometimes a webcast isn’t enough – that’s why when VMware brings an NSX seminar to your hometown, you say “yes.” VMware is kicking off the NSX Fundamentals Live U.S. tour, so register now to secure your spot in one of these seminars when it gets to your town.
VMware experts will start off with a business overview of NSX use cases and IT outcomes. Want to know about the future of the software-defined data center and what role network virtualization will play in helping you face new business challenges? Here’s your chance. Want to discover how to bring the operational model of a virtual machine to your data center network, so you can transform the economics of network and security operations? Again, now’s your chance.
Following this business overview, experts will walk you through an in-depth technical overview of NSX architecture and key components. After this session, you’ll fully understand how networking functions and services are implemented within the NSX platform, and how to analyze key workflows for configuring virtual network & security services.
Digital business transformation is creating new opportunities and risks for businesses across every industry. VMware NSX helps you overcome challenges, such as increased risk Continue reading
Securing BGP: A Case Study
What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve? This series of posts walks through a wide range of technical and business problems to create a solid set of requirements against which to measure proposed solutions for securing BGP in the global Internet, and then works through several proposed solutions to see how they stack up.
Post 1: An introduction to the problem space
Post 2: What can I prove in a routing system?
Post 3: What I can prove in a routing system?
Post 4: Centralized or decentralized?
Post 5: Centralized or decentralized?
Post 6: Business issues with centralization
Post 7: Technical issues with centralization
Post 8: A full requirements list
Post 9: BGPSEC (S-BGP) compared to the requirements
Post 10: RPKI compared to the requirements
I will continue updating this post as I work through the remaining segments of this series.
The post Securing BGP: A Case Study appeared first on 'net work.
PCEP Extensions
The moment an IETF working group agrees on a protocol someone starts creating extensions. PCEP is no exception; in the last part of the BGP-LS and PCEP webinar Julian Lucek talked about some of them.