DHCP Relaying in VXLAN Segments

After I got the testing infrastructure in place (simple DHCP relay, VRF-aware DHCP relay), I was ready for the real fun: DHCP relaying in VXLAN (and later EVPN) segments.

TL&DR: It works exactly as expected. Even though I had anycast gateway configured on the VLAN, the Arista vEOS switches used their unicast IP addresses in the DHCP relaying process. The DHCP server had absolutely no problem dealing with multiple copies of the same DHCP broadcast relayed by different switches attached to the same VLAN. One could only wish things were always as easy in the networking land.

Read more …

DHCP Relaying in VXLAN Segments

After I got the testing infrastructure in place (simple DHCP relay, VRF-aware DHCP relay), I was ready for the real fun: DHCP relaying in VXLAN (and later EVPN) segments.

TL&DR: It works exactly as expected. Even though I had anycast gateway configured on the VLAN, the Arista vEOS switches used their unicast IP addresses in the DHCP relaying process. The DHCP server had absolutely no problem dealing with multiple copies of the same DHCP broadcast relayed by different switches attached to the same VLAN. One could only wish things were always as easy in the networking land.

Read more …

This Week in Computing: Malware Gone Wild

Malware is sneaky AF. It tries to hide itself and cover up its actions. It detects when it is being studied in a virtual sandbox, and so it sits still to evade detection. But when it senses a less secure environment — such as an unpatched Windows 7 box — it goes wild, as if Tudor Dumitras, in a recently posted talk from red pills, which helps malware detect when it is in a controlled environment, and change its behavior accordingly. As a result, many of the signatures used for commercial malware detection packages may not Continue reading

Worth Reading: The Dangers of Knowing Everything

Another interesting take on ChatGPT in networking, this time by Tom Hollingsworth in The Dangers of Knowing Everything:

In a way, ChatGPT is like a salesperson. No matter what you ask it the answer is always yes, even if it has to make something up to answer the question.

To paraphrase an old joke: It’s not that ChatGPT is lying. It’s just that what it knows isn’t necessarily true. See also: the difference between bullshit and lies.

Worth Reading: The Dangers of Knowing Everything

Another interesting take on ChatGPT in networking, this time by Tom Hollingsworth in The Dangers of Knowing Everything:

In a way, ChatGPT is like a salesperson. No matter what you ask it the answer is always yes, even if it has to make something up to answer the question.

To paraphrase an old joke: It’s not that ChatGPT is lying. It’s just that what it knows isn’t necessarily true. See also: the difference between bullshit and lies.

Briefings In Brief 103: Arista Enters The SD-WAN Arena

Arista Networks has announced two hardware WAN routers, the 5510 and the 5310, which are targeted at branch, edge, and remote sites. The routers run EOS with a full routing stack. The new hardware can run as standard routers, or be used for SD-WAN with all the features you’d expect, including support for multiple links and app identification. Ethan Banks and Drew Conry-Murray share what they learned in a briefing with the company and debate the strategy behind Arista's entry into the SD-WAN market.

Briefings In Brief 103: Arista Enters The SD-WAN Arena

Arista Networks has announced two hardware WAN routers, the 5510 and the 5310, which are targeted at branch, edge, and remote sites. The routers run EOS with a full routing stack. The new hardware can run as standard routers, or be used for SD-WAN with all the features you’d expect, including support for multiple links and app identification. Ethan Banks and Drew Conry-Murray share what they learned in a briefing with the company and debate the strategy behind Arista's entry into the SD-WAN market.

The post Briefings In Brief 103: Arista Enters The SD-WAN Arena appeared first on Packet Pushers.

Heavy Networking 671: Is ChatGPT Coming For Your Job?

On today's Heavy Networking we sub in a podcast from our Heavy Strategy channel. Greg Ferro from the Packet Pushers and Johna Till Johnson, CEO of Nemertes Research, discuss the impacts of ChatGPT and AI on the technology workspace, including whether human workers can partner with these tools to increase productivity and improve technology experiences. They don't have answers, but they do have unanswered questions.

Heavy Networking 671: Is ChatGPT Coming For Your Job?

On today's Heavy Networking we sub in a podcast from our Heavy Strategy channel. Greg Ferro from the Packet Pushers and Johna Till Johnson, CEO of Nemertes Research, discuss the impacts of ChatGPT and AI on the technology workspace, including whether human workers can partner with these tools to increase productivity and improve technology experiences. They don't have answers, but they do have unanswered questions.

The post Heavy Networking 671: Is ChatGPT Coming For Your Job? appeared first on Packet Pushers.

Hedge 171: Paul Grubb on Zero Knowledge Middleboxes

Middleboxes are used in modern networking to sniff out attack traffic (IDS), block unwanted traffic (stateful packet filters), and share load among several different servers. Encryption, however, is making it hard for the middleboxes to do their job. Paul Grubb joins Tom Ammon and Russ White to discuss zero knowledge middle boxes, which allow operators to enforce arbitrary policies on the underlying traffic of an encrypted connection without decrypting it.

download

To find out more about Paul’s work in this and other areas, please see Paul’s research page, this article on zero-knowledge middleboxes, and this research paper on zero knowledge middle boxes.

Use the language of your choice with Pages Functions via WebAssembly

Use the language of your choice with Pages Functions via WebAssembly
Use the language of your choice with Pages Functions via WebAssembly

On the Cloudflare Developer Platform, we understand that building any application is a unique experience for every developer. We know that in the developer ecosystem there are a plethora of tools to choose from and as a developer you have preferences and needs. We don’t believe there are “right” or “wrong” tools to use in development and want to ensure a good developer experience no matter your choices. We believe in meeting you where you are.

When Pages Functions moved to Generally Available in November of last year, we knew it was the key that unlocks a variety of use cases – namely full-stack applications! However, we still felt we could do more to provide the flexibility for you to build what you want and how you want.

That’s why today we’re opening the doors to developers who want to build their server side applications with something other than JavaScript. We’re excited to announce WebAssembly support for Pages Functions projects!

WebAssembly (or Wasm) is a low-level assembly-like language that can run with near-native performance. It provides programming languages such as C/C++, C# or Rust with a compilation target, enabling them to run alongside JavaScript. Primarily designed to run on Continue reading

Case Study: Let’s Encrypt DNS-01

Last week I shared how IPng Networks deployed a loadbalanced frontend cluster of NGINX webservers that have public IPv4 / IPv6 addresses, but talk to a bunch of internal webservers that are in a private network which isn’t directly connected to the internet, so called IPng Site Local [ref] with addresses 198.19.0.0/16 and 2001:678:d78:500::/56.

I wrote in [that article] that IPng will be using ACME HTTP-01 validation, which asks the certificate authority, in this case Let’s Encrypt, to contact the webserver on a well-known URI for each domain that I’m requesting a certificate for. Unsurprisingly, several folks reached out to me asking “well what about DNS-01”, and one sentence caught their eye:

Some SSL certificate providers allow for wildcards (ie. *.ipng.ch), but I’m going to keep it relatively simple and use [Let’s Encrypt] which offers free certificates with a validity of three months.

I could’ve seen this one coming! The sentence can be read to imply it doesn’t, but of course Let’s Encrypt offers wildcard certificates. It just doesn’t satisfy my relatively simple qualifier of the second part of the sentence … So here I go, down the Continue reading

1 316 317 318 319 320 3,832