Docker Swarm on AWS using Docker Machine

In this post I’m going to talk about how to use Docker Machine to build a Docker Swarm cluster on Amazon Web Services (AWS). This post is an adaptation of this Docker documentation post that shows how to build a Swarm cluster using VirtualBox.

This post builds on the earlier post I wrote on using Docker Machine with AWS, so feel free to refer back to that post for more information or more details anywhere along the way.

At a high level, the process looks like this:

  1. Obtain a Swarm cluster token.
  2. Provision the Swarm master.
  3. Provision the Swarm nodes.

Let’s take a look at these steps in a bit more detail.

Obtain a Swarm Cluster Token

There’s at least a couple ways to do this, but they pretty much all involve a Linux VM using the Swarm Docker image. It’s up to you exactly how you want to do this—you can use a local VM, or you can use an AWS instance. The Docker documentation tutorial uses a local VM with the VirtualBox driver:

docker-machine create -d virtualbox local
env $(docker-machine env local)
docker run swarm create

The first command above creates a VirtualBox VM (named “local”) and Continue reading

iBGP for PE-CE

I’ve worked on many large-scale MPLS VPN solutions, some with as many as 20k-30k managed CPEs, and as everybody knows – where you run BGP with this sort of setup. It’s almost always eBGP with a single AS across all sites using AS-override, or each site gets a different AS number, to get around the age-old eBGP loop prevention mechanisms which tend to get in the way when we use L3VPNs.

Recently I came across RFC 6368 which describes how iBGP can actually be used as a PE-CE protocol, in order to make the provider network more transparent from a BGP perspective. Usually there’s no problem running eBGP and 99% of networks seem to operate perfectly fine with it, however if the customer CE routers have a large BGP element behind them, the provider’s AS numbers and interactions with the BGP updates can in some cases cause problems.

Recently Cisco added support to run iBGP for PE-CE with the addition of a new command placed under the VRF – “neighbor <x.x.x.x> internal-vpn-client” in JUNOS the command is “independent-domain” which goes under the routing-options for the routing-instance.

For this configuration, consider the following basic topology:

Untitled-2

CE-1 and CE-2 Continue reading

Verizon’s breach experts missed one right under their noses

Verizon Enterprise, a bulwark against cyberattacks at many large organizations, has suffered a security breach itself.A flaw in the company's systems allowed an attacker to steal contact information on Verizon Enterprise customers, the company acknowledged Thursday. Verizon said it has fixed the flaw and is notifying those users, but it hasn't disclosed how many were affected. The intruder couldn't get to any customer proprietary network information, Verizon said, referring to data such as call records and billing information.The breach came to light Thursday in a post on the blog Krebs on Security. Krebs reported the hacker stole contact information for about 1.5 million Verizon Enterprise customers and offered it for sale for US$100,000 on a cybercrime forum. Because the data was offered for sale in the MongoDB format, among others it's likely the attacker forced a MongoDB database at Verizon to dump its contents, the blog said.To read this article in full or to leave a comment, please click here

I’m skeptical of NAND mirroring

Many have proposed "NAND mirroring" as the solution to the FBI's troubles in recovering data from the San Bernadino shooter's iPhone. Experts don't see any problem with this approach, but that doesn't mean experts know it will work, either. There are problems.

The problem is that iPhone's erase the flash after 10 guesses. The solution is to therefore create a backup, or "mirror", of the flash chips. When they get erased, just restore from backup, and try again.

The flaw with this approach is that it's time consuming. After every 10 failed attempts, the chips need to be removed the phone, reflashed, and reinserted back into the phone. Then the phone needs to be rebooted.

For a 4-digit passcode, this process will need to be repeated a thousand times.This is doable in a couples of days. For a 6-digit passcode that is standard on iOS 9, this needs to be repeated 100,000 times, which will take many months of nonstop effort 24-hours a day. Presumably, you can make this more efficient by pipelining the process, using multiple sets of flash chips, so that a new fresh set can be swapped in within a few seconds, but it still takes Continue reading

Worth Reading: Scrutinizing the Cisco-Arista legal battles

The legal battle between Cisco and Arista has heated up in a big way. Earlier this month, Judge David Shaw of the International Trade Commission (ITC) released the public version of the findings in the case. The findings reveal curious aspects of this case that raise questions about Cisco’s intentions and put a spotlight on Silicon Valley work culture. -via Network Computing

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Scrutinizing the Cisco-Arista legal battles appeared first on 'net work.

NASA competition could net you $1.5M for next great airship

NASA this week said it was considering a new Centennial Challenge: Build and airship capable of long duration flight for scientific missions.The agency issued a Request For information to see if there was enough industry interest in the challenge and to further develop rules for the competition. You may recall that NASA’s Centennial Challenges Program sets up challenging contests for the public, academia, and industry with an eye towards developing innovative technologies.To read this article in full or to leave a comment, please click here

US accuses 7 Iranians of hacking US banks, New York dam

The U.S. government says seven Iranians working for the country's Islamic Revolutionary Guard Corps are responsible for 187 denial of service attacks aimed at banks across the U.S. between 2011 and 2013.It also says one of the individuals gained access to the control system for the Bowman Avenue Dam, a small dam north of New York City, and would have been able to control flow of water through the system had it not been disconnected for repairs.The accused worked for two Iranian computer companies, ITSecTeam and Mersad, and were contracted by the Iranian government to conduct the attacks, according to a Department of Justice indictment unsealed on Thursday.To read this article in full or to leave a comment, please click here

Book Winners!

Lots of good suggestions in my inbox—thanks to all who gave me some great design ideas to blog about. I eventually chose two winners, as I uncovered another copy of the book to give away! The two winners are Patrick Watson and Matthew Sabin. I’m going to try and run something like this every three or four months, so look for another one in the future.

LinkedInTwitterGoogle+FacebookPinterest

The post Book Winners! appeared first on 'net work.

Justice Department indicts Iran hackers in massive financial cyberattack

The U.S. Department of Justice has indicted seven Iranian hackers in connection with cyberattacks on U.S. banks, the New York Stock Exchange, AT&T and a water facility in New York.The seven live outside the U.S. and it’s questionable whether they will ever be apprehended and tried, according to reports by Reuters, the New York Times and the Washington Post.To read this article in full or to leave a comment, please click here

1 3,027 3,028 3,029 3,030 3,031 3,787