0

Broadcom’s new switching chip links GPUs, aims to boost AI networks

Broadcom’s new networking chip, called the Jericho3-AI, is designed to connect supercomputers and features a high-performance fabric for artificial intelligence (AI) environments.Broadcom has three switch families: the high-bandwidth Tomahawk switch platform, which is used primarily within data centers; the lower bandwidth Trident platform, which offers greater programmability and deeper buffers, making it more suited for the edge; and the Jericho line, which sits somewhere between the other two and is best suited for low latency interconnects.Jericho3-AI is targeted at AI and machine-learning backend networks where the switch fabric handles spraying of traffic on all network links and reordering of that traffic before delivering to the endpoints. It also has built-in congestion management capabilities for load balancing and minimizing network congestion. To read this article in full, please click here

0

BrandPost: Scaling enterprise multi-fabric SD-WAN deployments

By: Alex Amaya, Senior Technical Marketing Engineer at HPE Aruba Networking.   In today's fast-paced digital world, companies need a robust and flexible network infrastructure to support their rapidly growing and changing business requirements. As a result, many organizations are turning to Software-Defined Wide Area Networks (SD-WAN) technology to address the challenges of traditional WANs. But as companies grow and their SD-WAN deployments expand, it can become difficult to manage and maintain the network effectively.To read this article in full, please click here

0

How to Decide Between a Layer 2 or Layer 3 Network

As communication service providers (CSPs) continue to provide essential services to businesses and individuals, the demand for faster and more reliable network connectivity continues to grow in demand and in complexity. To meet these demands, CSPs must offer a variety of connectivity services that provide high-quality network performance, reliability and scalability. When it comes to offering network connectivity services, CSPs have many options when providing Layer 2 (data link) or Layer 3 (network or packet layer) connectivity of the Open Systems Interconnection (OSI) model for network communication. This article will explore some of the advantages and benefits of each type of connectivity, in order for CSPs to determine which one may be better suited for different types of environments or applications. What Is Layer 2 Connectivity? At a basic level, Layer 2 connectivity refers to the use of the data link layer of the

0

Aruba introduces a simplified NaaS offering

Aruba Networks has upgraded its cloud-based Aruba Central network-management package to support better control of and visibility into enterprise assets.Hewlett Packard Enterprise’s network subsidiary also rolled out a new network-as-a-service, Agile NaaS, aimed at streamling the process of choosing network infrastructure components available through the serivcethat that fit customers’ business needs.First introduced on 2014, Aruba Central is the vendor’s flagship network management package that supports device onboarding, network configuration, health monitoring, and troubleshooting as well as intrusion detection and prevention services for campus, branch, remote, data center, and IoT wired and wireless networks.To read this article in full, please click here

0

Netbox Upgrade Play-by-play

I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.

Environment

• The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
• The destination v3.4.8 server is an Ubuntu 20.04 VM.
• We have no media, scripts, or reports in Netbox.
• I’m running Virtualbox on my laptop to do the data migrations.
• I did the Netbox installs with Netbox Build-o-matic.

Process Overview

Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.

The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.

One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading

0

Netbox Upgrade Play-by-play

I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.

Environment

• The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
• The destination v3.4.8 server is an Ubuntu 20.04 VM.
• We have no media, scripts, or reports in Netbox.
• I’m running Virtualbox on my laptop to do the data migrations.
• I did the Netbox installs with Netbox Build-o-matic.

Process Overview

Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.

The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.

One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading

0

SLP: a new DDoS amplification vector in the wild

Earlier today, April 25, 2023, researchers Pedro Umbelino at Bitsight and Marco Lux at Curesec published their discovery of CVE-2023-29552, a new DDoS reflection/amplification attack vector leveraging the SLP protocol. If you are a Cloudflare customer, your services are already protected from this new attack vector.

Service Location Protocol (SLP) is a “service discovery” protocol invented by Sun Microsystems in 1997. Like other service discovery protocols, it was designed to allow devices in a local area network to interact without prior knowledge of each other. SLP is a relatively obsolete protocol and has mostly been supplanted by more modern alternatives like UPnP, mDNS/Zeroconf, and WS-Discovery. Nevertheless, many commercial products still offer support for SLP.

Since SLP has no method for authentication, it should never be exposed to the public Internet. However, Umbelino and Lux have discovered that upwards of 35,000 Internet endpoints have their devices’ SLP service exposed and accessible to anyone. Additionally, they have discovered that the UDP version of this protocol has an amplification factor of up to 2,200x, which is the third largest discovered to-date.

Cloudflare expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks as malicious actors learn how to exploit Continue reading

0

Outburst: Dune in the Style of H.R. Giger #midjourney – YouTube

If you are into Dune, then this AI Art should fill an emotional void

0

IPv6 Security in Layer-2 Firewalls

You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?

Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.

Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:

0

IPv6 Security in Layer-2 Firewalls

You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?

Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.

Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:

0

Arista streamlines network access control via SaaS

Arista Networks has rolled out a SaaS-based service aimed at helping enterprises more network access control (NAC) more easily.The service, called CloudVision Guardian for Network Identity (CV-AGNI) uses real-time telemetry from Arista’s network products, combines it with data from its CloudVision management platform, and uses artificial intelligence to evaluate the information and implement security policies. The service can also onboard new devices, authenticate existing users, segment devices on the network, or help troubleshoot problems from a cloud-based system, according to Pramod Badjate, group vice president and general manager, of Arista’s Cognitive Campus group. To read this article in full, please click here

0

Arista streamlines network access control via SaaS

Arista Networks has rolled out a SaaS-based service aimed at helping enterprises more network access control (NAC) more easily.The service, called CloudVision Guardian for Network Identity (CV-AGNI) uses real-time telemetry from Arista’s network products, combines it with data from its CloudVision management platform, and uses artificial intelligence to evaluate the information and implement security policies. The service can also onboard new devices, authenticate existing users, segment devices on the network, or help troubleshoot problems from a cloud-based system, according to Pramod Badjate, group vice president and general manager, of Arista’s Cognitive Campus group. To read this article in full, please click here

0

Who is selling NaaS, and what do you get?

Vendors of all stripes—network hardware vendors, telcos, hyperscalers, and a new generation of cloud-based upstarts—are jumping on the network-as-a-service (NaaS) bandwagon, so it can be confusing to sort out who is offering what.Even the definition of NaaS is somewhat fluid. Is NaaS simply procuring networking gear on a pay-as-you go, subscription basis rather than buying it? Is NaaS just a different way of describing a managed service?Or is NaaS something fundamentally different that addresses a growing challenge for network execs: how to provide network connectivity, resiliency, security, and scalability in a multicloud world?To read this article in full, please click here

0

Zscaler Report: Phishing Continues to Be the Scourge of the Security Industry

Zscaler’s 2023 Phishing Report details the latest trends in phishing attacks, and how organizations can protect themselves from these cyber threats.

0

Arm reportedly set to make prototype chip ahead of IPO

UK-based chipmaker Arm is reportedly set to work with a manufacturing partner to make a prototype, advanced chip as it prepares for an IPO.

0

Bridging The Gap Between ‘Default Yes’ And ‘Default No’

I’ve encountered two basic philosophies for responding to requests to join a project. One philosophy I’ll describe as “Default Yes”. The argument goes, “If someone brings you a request, say yes! You only grow with challenges and if you say no too much, people will stop asking.” The second philosophy could be called “Default No.” […]

The post Bridging The Gap Between ‘Default Yes’ And ‘Default No’ appeared first on Packet Pushers.

0

Cisco to launch an extended detection and response SaaS package

Cisco is taking its first major step into Extended Detection and Response (XDR) with a SaaS-delivered integrated system of endpoint, network, firewall, email and identity software aimed at protecting enterprise resources.Cisco’s XDR service, which will be available July, brings together myriad Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that Security Operations Center (SOC) operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated.To read this article in full, please click here

0

Cisco to launch an extended detection and response SaaS package

Cisco is taking its first major step into Extended Detection and Response (XDR) with a SaaS-delivered integrated system of endpoint, network, firewall, email and identity software aimed at protecting enterprise resources.Cisco’s XDR service, which will be available July, brings together myriad Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that Security Operations Center (SOC) operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated.To read this article in full, please click here

0

Network Break 427: Prosimo Launches Cloud-Native Networking Suite; Broadcom Stitches New Jericho ASIC For AI-Friendly Network Fabrics

Take a Network Break! This week we cover new cloud networking capabilities from Prosimo, discuss Broadcom's latest version of the Jericho ASIC which is being positioned for network fabrics for AI workloads, and explore the latest version of the open-source Dent network OS. We also cover financial results from F5, Starlink price cuts, and more tech news.

0

Network Break 427: Prosimo Launches Cloud-Native Networking Suite; Broadcom Stitches New Jericho ASIC For AI-Friendly Network Fabrics

Take a Network Break! This week we cover new cloud networking capabilities from Prosimo, discuss Broadcom's latest version of the Jericho ASIC which is being positioned for network fabrics for AI workloads, and explore the latest version of the open-source Dent network OS. We also cover financial results from F5, Starlink price cuts, and more tech news.

The post Network Break 427: Prosimo Launches Cloud-Native Networking Suite; Broadcom Stitches New Jericho ASIC For AI-Friendly Network Fabrics appeared first on Packet Pushers.