Multi-datacenter Firewall Policy Automation

Back in that world where I reinvent the commercially available wheel, I’ve been wondering for a while about how to automate the creation of firewall policies in a multi-datacenter environment. This week I started tinkering with possible ways to achieve this, and knocked up some proof of concept code in my favorite untrendy, archaic language, Perl. Don’t say it.

The key issue is that given a firewall request (source IP, destination IP, port) it’s necessary to identify the firewalls and zones to which those rules apply, in order that rules can be automatically built in the right place(s). An additional twist I’ve seen is firewalls that have multiple routing instances, each of which maintains its own set of zones, effectively isolated from each other, even though they’re all on the same firewall.

Graphing Firewalls

I spent a while thinking about ways to model the firewall architecture, and kept on getting caught up on the firewalls with multiple routing instances. Because of the routing isolation, they behave like two separate firewalls, which makes it a little tricky to figure out the correct paths. I also wanted a solution that might also tell me which specific firewall zones were involved in the path; Continue reading

Response: The Wetware Crisis: the Dead Sea effect Or Where Have All the Good Staff Gone

Nodding my head so hard my chin is hitting my chest. "What tends to remain behind is the ‘residue’ — the least talented and effective IT engineers. They tend to be grateful they have a job and make fewer demands on management; even if they find the workplace unpleasant, they are the least likely to be able to find a job elsewhere. "

The post Response: The Wetware Crisis: the Dead Sea effect Or Where Have All the Good Staff Gone appeared first on EtherealMind.

Review: The best password managers for PCs, Macs, and mobile devices

Thanks to a continuous barrage of high-profile computer security scares and reports of cloud-scale government snooping, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too.A password manager won't shield you against Heartbleed or the NSA, but it's an excellent first step in securing your identity, helping you increase the strength of the passwords that protect your online accounts because it will remember those passwords for you. A password manager will even randomly generate strong passwords, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables, or brute-force attacks.To read this article in full or to leave a comment, please click here

Review: Building Microservices

bulding microservices Building Microservices
Sam Newman
ISBN: 978-1-491-95035-7

Scale out where you can, scale up where you must.

Someone, somewhere, should probably start a collection of “where you can, where must” sayings, as these rules of thumb (thumbs were used by carpenters instead of a ruler to measure an inch, apparently) are important to remember, even if they’re imprecise. Route where you can, switch where you must — really refers to using layer 3 versus layer 2 networking as much as possible — for instance. Scaling out, from the perspective of network engineering, is all about repeatable modules, spine and leaf fabrics, and distribution of the control plane (didn’t think of that last one, did you?).

But what does scaling out mean in the application development world? It means splitting services into modular pieces which interact over the network. The ultimate goal of splitting services is to get to the microservice.

But what is a microservice?

To answer this question, you need to turn to the first chapter of Scaling Microservices, which says, “Microservices are small, autonomous services that work together.” Sam Newman, in the rest of the first chapter, explains the concept well, from a number of different angles, Continue reading

Cisco Certifications To Kickstart Your Career

Cisco certifications are some of the most prestigious in technology, encompassing far more than routing and switching. Find out which options can improve your resume and skill set.

The Upload: Your tech news briefing for Wednesday, June 17

Say it ain’t so: FBI probes alleged Cardinals-Astros hackEven America’s pastime isn’t safe from cybercrime: the FBI is investigating allegations that the St. Louis Cardinals hacked into computer systems belonging to rival baseball team the Houston Astros. The investigation centers on the baseball operations database, which is said to contain statistics, video and other vital information about players.Airbus joins the Internet satellite crowdCount European consortium Airbus in on the business of delivering Internet service via satellites, the Verge reports. It’s going to design and build 900 orbiters for Richard Branson’s OneWeb, which aims to provide LTE, 3G, and Wi-Fi to rural communities.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, June 17

Survey: Container Adoption Is Skyrocketing

The latest numbers are a little hard to believe.

Worth Reading: Net Neutrality Media Coverage

The government may as well mandate that you can’t pay for different delivery speeds of postage and packages. And they can start with their very own Postal Service.

The post Worth Reading: Net Neutrality Media Coverage appeared first on 'net work.

Networking Pros Enjoy New Resources At Cisco Live

New educational focuses at Cisco Live -- including DevNet, virtual labs, and mentoring -- show the impact of SDN and the shifting role of the networking professional.

Google-infused storage startup Cohesity reveals itself

Mohit Aron has a tough act to follow: His previous startup, Nutanix, may be on the cusp of filing for an IPO that values the hyperconverged infrastructure company at $2.5 billion. But Aron is off to a good start with his new venture, Cohesity, which this week emerges from stealth mode with $70 million in venture funding, reference-able customers such as Tribune Media, and a focus on a potentially big market in converging the secondary storage that houses so much DevOps, data protection, analytics and other unstructured data.To read this article in full or to leave a comment, please click here

SDN/OpenFlow/NFV Workshop: Frequent Questions

One of the potential attendees of my SDN workshop sent me a long list of questions. Almost every networking engineer, team leader or CIO asks the first one:

What will happen, if we don¬¥t follow the SDN hype (in the short term, in the medium term and in the long term)?

Answering this question is the whole idea of the workshop.

The up-to-date list of scheduled SDN workshops is available on my web site.

Free SSL/TLS certificate project moves closer to launch

Let’s Encrypt, a project aimed at increasing the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month.Digital certificates are used to encrypt data traffic between a computer and a server using SSL/TLS (Secure Sockets Layer/Transport Layer Security) and for checking that a website isn’t a spoof.Let’s Encrypt is run by the Internet Security Research Group (ISRG), a new California public-benefit corporation. Its backers include Mozilla, the Electronic Frontier Foundation, Cisco and Akamai.The first certificates will not be valid unless administrators install the organization’s root certificate in their client software, wrote Josh Aas, ISRG’s executive director, in a blog post.To read this article in full or to leave a comment, please click here

HTC move to test ads on BlinkFeed app angers users

As HTC faces shrinking revenue, the smartphone vendor is testing ads over its BlinkFeed media aggregation app, and some users aren’t happy.On Tuesday, HTC said it had begun rolling out an update to its BlinkFeed app that would include advertisements for users in the U.S., the U.K., China and a few other markets.The ads, for now, will be in a limited number, and promote sponsored apps, in addition to HTC accessories and devices, the company said in a blog post.“Because these are native ads, they will appear like a typical BlinkFeed post rather than as a pop-up or banner ad,” HTC added. However, users will be given an option to opt out from seeing the ads.To read this article in full or to leave a comment, please click here

How a bad keystroke can lead you to SpeedUpKit ‘scareware’

Dozens of misspelled domain names that spoof major brands are leading unsuspecting PC users to a questionable tune-up application called SpeedUpKit.Since people are unlikely to seek out the application, its promoters rely partly on people misspelling the domain name for prominent brands to lead them to it. If you try to access the obituary website legacy.com from a Windows PC in the U.S., for instance, but type “legady” by accident, you’re likely to end up on a page promoting SpeedUpKit.The practice, known as typosquatting, can sometimes violate consumer protection laws or constitute trademark infringement. Big brands police the web for such misspellings, and domain name registrars often try to stop the practice, but it still happens.To read this article in full or to leave a comment, please click here

Worth Reading: IANA and Internet Numbers

HTIRW: That Big Number Database in the Sky

The post Worth Reading: IANA and Internet Numbers appeared first on 'net work.

HTIRW: That Big Number Database in the Sky

As we come close to ending this rather long running series on how the Internet really works (because I’m certain you’re about bored of this series, and ready for me to talk about something else!), I’d like to discuss three more topics I think are really important to the Internet’s operation on a day to […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White has scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, nibbled and noodled at a lot of networks, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, LinkedIn, and his author page on Amazon.

The post HTIRW: That Big Number Database in the Sky appeared first on Packet Pushers Podcast and was written by Russ White.

AT&T looking at white boxes as CPE

SANTA CLARA -- AT&T is considering offering bare metal switches and servers to consumers as customer premises equipment for the carrier’s services. At the Open Network Summit conference here, Andre Fuetsch, AT&T senior vice president, Architecture & Design, said the economics of commodity bare metal switching, as well as the scale, performance and programmability, make it appealing for the carrier to sell into the customer premises. +MORE ON NETWORK WORLD: AT&T lays out 'radical' network changes with SDN+To read this article in full or to leave a comment, please click here

AT&T Wants to Push NFV Down to Optical Transport

'All in' on NFV means going down to the fiber.

Can GitHub really be worth $2 billion?

If youre looking to hire a developer, which is more important: her LinkedIn profile or samples of her code on GitHub?Many would argue the latter, which helps to explain why the online code repository is reportedly closing in on a valuation of $2 billion.“GitHub is an interesting company,” said analyst Frank Scavo, president of Computer Economics. “It is partly a hosting service for developers and partly a social media site.”The San Francisco startup, which offers a popular code-sharing platform for software developers, is seeking a whopping $200 million in an upcoming private funding round that values the company as high as $2 billion, according to a report Monday from Bloomberg, which cited people familiar with the matter.To read this article in full or to leave a comment, please click here

« Previous 1 … 3,431 3,432 3,433 3,434 3,435 … 3,840 Next »