AI for Network Engineers: Multi-Class Classification

 Introduction 

This chapter explains the multi-class classification training process. It begins with an introduction to the MNIST dataset (Modified National Institute of Standards and Technology dataset). Next, it describes how the SoftMax activation function computes the probability of the image fed into the model during the forward pass and how the weight parameters are adjusted during the backward pass to improve training results. Additionally, the chapter discusses the data parallelization strategy from a network perspective.


MINST Dataset

We will use the MNIST dataset [1], which consists of handwritten digits, to demonstrate the training process. The MNIST dataset includes four files: (1) a training set with 60,000 gray-scale images (28x28 pixels) and their respective (2) labels, and a test set with 10,000 images (28x28 pixels) and their respective labels. Figure 3-1 illustrates the structure and dependencies between the test dataset and the labels.

The file train-images-idx3-ubyte contains metadata describing how the images are ordered, along with the image pixel order. The file train-labels-idx1-ubyte defines which label (the digits 0-9) corresponds to which image in the image file. Since we have ten possible outputs, we use ten output neurons.

Before the training process begins, the labels for each image-label pair are one-hot Continue reading

NOG.HR: A NOG Meeting Worth Attending

I never know what to expect when I’m invited to speak at a regional (or in-country) Network Operator Group (NOG) meeting. Sometimes, it turns out to be a large conference (PLNOG and ITNOG come to mind); other times, it’s just a few people gathered around free donuts and coffee1. Last week’s Croatian NOG (NOG.HR) meeting was in the Goldilocks zone between the extremes: plenty of interested networking engineers, but not large enough to be overpowering.

Also, it was such a nice experience ;)

Read more …

The IPv6 Transition

I wrote an article in May 2022, asking “Are we there yet?” about the transition to IPv6. At the time I concluded the article on an optimistic note, observing that we may not be ending the transition just yet, but we are closing in. I thought at the time that we won’t reach the end of this transition to IPv6 with a bang, but with a whimper. A couple of years later, I’d like to revise these conclusions with some different thoughts about where we are heading and why.

Global Protect VPN SAML SSO with Entra-ID

Global Protect VPN SAML SSO with Entra-ID

In this blog post, we will look at how to use Entra-ID SAML SSO with GlobalProtect VPN. This guide assumes you are already familiar with GlobalProtect VPN and have an existing VPN solution with other forms of authentication. If you are new to GlobalProtect VPN, feel free to check out my other blog post, which is linked below.

Palo Alto Global Protect VPN Configuration Example
In this blog post, we will cover how to configure Palo Alto Global Protect VPN. We’ll go through setting up the portal, gateway, authentication profile, IP pools, split-tunnel, security policy, NAT policy and other necessary components.
Global Protect VPN SAML SSO with Entra-IDPacketswitchSuresh Vina
Global Protect VPN SAML SSO with Entra-ID

Adding GlobalProtect to the Admin Centre

  1. Sign in to the Microsoft Entra admin centre and navigate to Identity > Applications > Enterprise applications > New application.
  2. Add the Palo Alto Networks - GlobalProtect application.
  3. Once added, select Palo Alto Networks - GlobalProtect > Single sign-on.
Global Protect VPN SAML SSO with Entra-ID
Global Protect VPN SAML SSO with Entra-ID

On the Set up single sign-on with SAML page, click the pencil icon in the Basic SAML Configuration section to edit the settings.

💡
In the Basic SAML Configuration section, for the Entity ID and Reply URL, ensure that you include :443 after the URL, otherwise, it won't work. I Continue reading

What Is the Future of the .io Domain?

The .io domain was originally created for the British Indian Ocean Territory but eventually became popular with the tech sector, for obvious reasons. Part of the reason for this is that ‘io’ is similar in appearance to I/O (aka input/output), which is why the tech sector started gobbling up the .io domains. There were issues soon after the creation of the domain that had to do with the distribution of profit. A lot of app developers use the .io domain. The New Stack uses the .io domain. It’s everywhere. But there’s a problem, and it’s one that could have a cascading effect within the realm of the tech sector. What has happened is that the

Global Protect Internal Host Detection & Internal Gateways – Lessons Learnt

Global Protect Internal Host Detection & Internal Gateways - Lessons Learnt

I already had Palo Alto GlobalProtect VPN configured with an external gateway and portal, allowing me to connect back to my home network when I'm outside. Even when I'm inside my internal network, I can still connect to the VPN. However, I wanted to use the Internal Host Detection feature of GlobalProtect VPN, so that if I'm on my internal network and try to connect, it won't connect to the external gateway. Throughout the configurations, I learned a few lessons. Let’s dive in.

If you're completely new to GlobalProtect VPN, please check out my introductory blog post linked below.

Palo Alto Global Protect VPN Configuration Example
In this blog post, we will cover how to configure Palo Alto Global Protect VPN. We’ll go through setting up the portal, gateway, authentication profile, IP pools, split-tunnel, security policy, NAT policy and other necessary components.
Global Protect Internal Host Detection & Internal Gateways - Lessons LearntPacketswitchSuresh Vina
Global Protect Internal Host Detection & Internal Gateways - Lessons Learnt

Please note that this setup was tested on PAN-OS 10.2.9-h1 and the GlobalProtect macOS client version 6.2.4.

What is Internal Host Detection?

If you're already in your office or internal network, there's no need to connect to the VPN, what’s the point, right? This is especially relevant if you're using an Continue reading

Before Facebook, the Late Ward Christensen Booted Up the First Social Network

Back in the 70s, if you wanted to be online, you had to be a college student, researcher, or in the military to be on the internet. That was it. Joe or Jane User? Forget about it. Then, during a Chicago blizzard, a young computer scientist, online services such as CompuServe started as early as 1969. However, unlike the free BBSs, these services could cost as much as $30 an hour in 1970s dollars or $130 an hour in today’s money. XMODEM file transfer protocol in 1977. This innovative method broke binary files into packets, ensuring reliable delivery over unstable analog telephone lines. XMODEM became a cornerstone of early online file sharing and inspired numerous subsequent file transfer protocols. While considered inefficient by today’s standards, XMODEM established key concepts that are still used in file transfers. These include breaking data into packets for transmission, using checksums or CRCs for error detection, and implementing handshaking between sender and receiver. Thanks to XMODEM, people began sharing files with one another. This, in turn, helped create

Building a Simple HTTP Source for Firewall EDL

Building a Simple HTTP Source for Firewall EDL

Recently, I wanted to add a list of domains to the Palo Alto DNS policy to block them from resolving. However, I soon realized that I couldn't just add a list of domains directly to the firewall, I needed to use an External Dynamic List (EDL). Palo Alto and I believe other firewalls as well, require a simple HTTP URL that hosts a list of domains or IP addresses. While there are amazing EDL projects available, in this blog post, we'll explore the simplest way to deploy an EDL.

Python HTTP Server

Python's HTTP server module lets you create a basic web server using just a single command. This server can serve files from a directory over the network, making it an excellent tool for quick testing and file sharing without the complexity of setting up a full-fledged web server.

All you need to do is create a list of domains, save it as a text file, and run python -m http.server 8085 from the directory where the file is saved. You can use any port, but remember that a lower number of ports like 80 require admin privileges. Once the server is running, navigate to http://IP_ADDRESS:8085/domains.txt in Continue reading

IPB162: IPv6 Basics: Address Provisioning

IPv6 address provisioning is the topic of this latest installment of the IPv6 Basics series.   The hosts focus on Stateless Address Auto Configuration (SLAAC) and Dynamic Host Configuration Protocol for IPv6 (DHCPv6).  The differences between SLAAC and DHCPv6 are explained, including their use cases, the complexities of address management, and the importance of understanding... Read more »

The story of web framework Hono, from the creator of Hono

Hono is a fast, lightweight web framework that runs anywhere JavaScript does, built with Web Standards. Of course, it runs on Cloudflare Workers.

It was three years ago, in December 2021. At that time, I wanted to create applications for Cloudflare Workers, but the code became verbose without using a framework, and couldn't find a framework that suited my needs. Itty-router was very nice but too simple. Worktop and Sunder did the same things I wanted to do, but their APIs weren't quite to my liking. I was also interested in creating a router — a program that determines which action is executed based on the HTTP method and URL path of the Request — made of a Trie tree structure because it’s fast. So, I started building a web framework with a Trie tree-based router.

 “While trying to create my applications, I ended up creating my framework for them.” — a classic example of yak shaving. However, Hono is now used by many developers, including Cloudflare, which uses Hono in core products. So, this journey into the depths of yak shaving was ultimately meaningful.

Write once, run anywhere

Hono truly runs anywhere — not just on Cloudflare Continue reading

1 30 31 32 33 34 3,769