Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Net neutrality could be on the line in Washington court battle

The FCC's net neutrality rules go on trial Friday as oral arguments begin in 10 lawsuits that could dramatically change the way Internet service providers are regulated.In February, the Federal Communications Commission voted to ban service providers from giving some content preferential treatment. It also reclassified broadband as a communications service, similar to old-fashioned telecommunications except with exemptions from pricing and other regulations.The rules went into effect in April but soon faced a barrage of lawsuits by carriers and industry groups that want to see them gutted. The suits were combined into one proceeding in the federal appeals court in Washington, where opening arguments will start Friday.To read this article in full or to leave a comment, please click here

Tools for debugging, testing and using HTTP/2

With CloudFlare's release of HTTP/2 for all our customers the web suddenly has a lot of HTTP/2 connections. To get the most out of HTTP/2 you'll want to be using an up to date web browser (all the major browsers support HTTP/2).

But there are some non-browser tools that come in handy when working with HTTP/2. This blog post starts with a useful browser add-on, and then delves into command-line tools, load testing, conformance verification, development libraries and packet decoding for HTTP/2.

If you know of something that I've missed please write a comment.

Browser Indicators

For Google Chrome there's a handy HTTP/2 and SPDY Indicator extension that adds a colored lightning bolt to the browser bar showing the protocol being used when a web page is viewed.

The blue lightning bolt shown here indicates that the CloudFlare home page was served using HTTP/2:

A green lightning bolt indicates the site was served using SPDY and gives the SPDY version number. In this case SPDY/3.1:

A grey lightning bolt indicates that neither HTTP/2 no SPDY were used. Here the web page was served using HTTP/1.1.

There's a similar extension for Firefox.

Online testing

There's also a handy online Continue reading

Tesla is copying Apple’s business model

One of the interesting things about Tesla is that the company is trying to copy Apple's business model. As a Silicon Valley entrepreneur myself, and an owner of a Tesla car, I thought I'd write up what that means.

There are two basic business models in the world. The first is cheap, low-quality, high-volume products. You don't make much profit per unit, but you sell of a ton of them. The second is expensive, high-quality (luxury), low-volume products. You don't sell many units, but you make a lot of profit per unit.

It's really hard to split the difference, selling high-volume, high-quality products. If you spend 1% more on quality, your customers can't tell the difference (without more research on their part), so you'll lose 10% of your customers who won't accept the higher price. Or, you are selling to the luxury market, lowering price to sell more units means lowering quality standards, destroying your brand.

Rarely, though, companies can split the difference. A prime example is Costco. While the average person who shops at Walmart (low-quality, high-volume store) earns less than $20,000 per year, the average income of a Costco customer is over $90,000 per year. Costco sells high-quality Continue reading

Millions of smart TVs, phones and routers at risk from old vulnerability

A three-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasn't been patched by many vendors, thus posing a risk, according to Trend Micro.Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst."These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all at risk as well," he wrote.To read this article in full or to leave a comment, please click here

Microsoft, law enforcement disrupt Dorkbot botnet

Microsoft said Thursday it aided law enforcement agencies in several regions to disrupt a four-year-old botnet called Dorkbot, which has infected one million computers worldwide.The Dorkbot malware aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix.It was first spotted around April 2011. Users typically get infected by browsing to websites that automatically exploit vulnerable software using exploit kits and through spam. It also has a worm functionality and can spread itself through through social media and instant messaging programs or removable media drives.Microsoft didn't provide much detail on how Dorkbot's infrastructure was disrupted. The company has undertaken several such actions over the last few years in cooperation with law enforcement.To read this article in full or to leave a comment, please click here

Network Automation with Ansible – Dynamically Configuring Interface Descriptions

It’s been a while since my last post, but let’s hope that changes with the flurry of posts planned for this month. Most of my recent time has been spent traveling and teaching courses that cover how to use Python and Ansible for Network Automation. I’ve written about many of these concepts in the past, but to re-iterate what I’ve been saying, and what I’ve written in the past, it’s crucial to start small when it comes to automation (otherwise it’s easy to feel overwhelmed trying to automate everything and then you never make any real progress). By starting small, you can get a quick win, and can gradually expand from there. In this post, I’m going to review one very small example of how to use Ansible for network automation. We’ll review how to use Ansible to dynamically configure interface descriptions populated with real-time LLDP neighbor information. While this post focuses on Cisco Nexus switches, note that the same approach can be used for any vendor.

The process that we’ll be using to auto-configure the interface descriptions is a three-step process:

1. Discover the device
While we are only using Cisco switches in this example, we still go through Continue reading

A Use Case for an SSH Bastion Host

In this post, I’m going to explore one specific use case for using an SSH bastion host. I described this configuration and how to set it up in a previous post; in this post, though, I’d like to focus on one practical use case.

This use case is actually one I depicted graphically in my earlier post:

SSH bastion host diagram

This diagram could represent a couple different examples. For example, perhaps this is an AWS VPC. Security best practices suggest that you should limit access from the Internet to your instances as much as possible; unless an instance needs to accept traffic from the Internet, don’t assign a public IP address (or an Elastic IP address). However, without a publicly-accessible IP address, how does one connect to and manage the instance? You can’t SSH to it without a publicly-accessible IP address—unless you use an SSH bastion host.

Or perhaps this diagram represents an OpenStack private cloud, where users can deploy instances in a private tenant network. In order for those instances to be accessible externally (where “externally” means external to the OpenStack cloud), the tenant must assign each instance a floating IP address. Security may not be as much of a concern Continue reading

Free digital certificate project opens doors for public beta

Let's Encrypt, the project offering free digital certificates for websites, is now issuing them more broadly with the launch of a public beta on Thursday.The beta label will eventually be dropped as the software they've developed is refined, wrote Josh Aas, executive director of the Internet Security Research Group (ISRG), which runs Let's Encrypt."Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms," he wrote.Digital certificates use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt traffic exchanged between a user and a service, adding a higher level of privacy and security.To read this article in full or to leave a comment, please click here

Wait: Did I just detect a flicker of personality in the enterprise IT industry?

Long gone are the days of the colorful enterprise networking industry I knew filled with provocative personalities like Cabletron Systems President Bob Levine and 3Com’s Bob Metcalfe. But at this week’s Xconomy Enterprise Tech Strikes Back event held at the Fidelity Center for Applied Technology in Boston, I actually detected some real-life individuality and swagger to go along with good business ideas being touted by the industry’s latest batch of young companies.To read this article in full or to leave a comment, please click here

1 3,140 3,141 3,142 3,143 3,144 3,755