Google and Cloudflare: Encrypting the WWW

A couple of months ago, Google announced that it had started using SSL as a factor in SEO ranking. Since the search giant is the referrer for most website traffic, this is the type of announcement that gets the attention of website owners.

Cloudflare, a popular and easy to implement Content Delivery Network, seems to be stepping up to this challenge. Even their free offering has an option to provide forward facing SSL services. As discussed on Packet Pushsers Priority Queue show 34, they are also modifying SSL in ways that allow them to provide services to organizations without the need to obtain the site owner’s private keys. The likely result of the offering is that many existing and many new Cloudflare customers will take advantage of their SSL services.

Paul’s Take–I think Google’s announcement, combined with Cloudflare’s SSL offerings, will result in a significant increase of SSL encrypted traffic. This will have an interesting effect on how organizations do security. Traditionally, there has been a lower (but increasing) ratio of https to http traffic. Scanning SSL traffic, for troubleshooting or security, is significantly more challenging than its clear text counterpart.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. Continue reading

Network Break 18

This week we round up the news and talk about latest vendor happenings.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Network Break 18 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

JNCIE Ent Workbook

  Over the past few months I have been preparing to take the JNCIE-ENT lab exam.  As part of my studies I adopted the plan of “Teaching What I Am Studying.” The culmination of all the study, over 500 pages of text,  will be for sale  via Leanpub shortly. The reason I have chosen Leanpub is […]

Plexxi Pulse—Challenging the Value of the Public Cloud + DemoFriday

Plexxi recently teamed up with Colovore, Piston Cloud Computing and King Star Computers to publish a whitepaper that challenges the assumption that the public cloud is inherently cheaper than the private cloud. Though the rapid speed of deployment and reduced capital expenditure has made services such as Amazon EC2 very attractive, the study shows that the rate of cost increase is often higher than that of a self-hosted private cloud solution. Brandon Butler recently reported on the paper’s findings for Network World.

We hope you were able to tune into DemoFriday today on SDNCentral. Our own Ed Henry and Nils Stewart did an excellent job of explaining how to construct Big Data fabrics that easily integrate with systems like OpenStack and Cloudera. We’ll share the full webinar once it’s live on SDNCentral’s site.

In this week’s PlexxiTube of the week, Dan Backman explains how Plexxi’s datacenter transport fabric can light up dark fiber between buildings on university campuses.

We’ve had a busy October! Check out what we’ve been up to on social media this month below. Have a great weekend!

The post Plexxi Pulse—Challenging the Value of the Continue reading

Response: Cisco Announces Membership of Open Compute Project


A blog post on the Cisco’s website announces Cisco joins Open Compute Project as a Gold member: To that list, I am pleased to announce that we recently joined the Open Compute Project as a Gold member. The motivation behind our membership is similar to our involvement in the aforementioned open networking projects: we see […]

The post Response: Cisco Announces Membership of Open Compute Project appeared first on EtherealMind.

The A10 Health Monitor You Didn’t Know About

If you’re used to configuring f5 LTM load balancers, you’re probably used to the idea that you normally set two health checks for each VIP you have. The first is at the node level, often just an ICMP ping, which … Continue reading

If you liked this post, please do click through to the source at The A10 Health Monitor You Didn’t Know About and give me a share/like. Thank you!

INE v5 Full-Scale Practice Lab1 TS GNS3 topology

How does the internet work - We know what is networking

Few days ago I added an article with Config GNS3 topology for newly published INE Routing and Switching Workbook v5 Full-Scale LAB1. Here’s now the topology with starting config of TS section for LAB1. I will not insert here any of my stories today as the same article was published before but with other topology files so if you would like more info, just go to previous post INE R&Sv5 Workbook Full-Scale Practice Lab1 made in GNS3 DOWNLOAD Everything should work fine in this lab except OSPF Loop-Free Alternate Fast Reroute which is not supported so you will be unable

INE v5 Full-Scale Practice Lab1 TS GNS3 topology

Docker networking

When docker launches a linux container it will, by default, assign it a private IP address out of RFC 1918 space. It connects this container to the host OS using a bridged interface (docker0). Connectivity between the outside world and the container depends on NAT.

Outbound traffic is NATed using the host’s IP address. Inbound traffic requires explicit port mapping rules that map a port on the host to a port in the container. Given that typically one runs multiple containers in the same host there needs to be a map between a host port (in the dynamic port range) and a service port on the container.

For example, the HTTP service port (80) in container-1 will be mapped to port 49153 while container-2 would see its HTTP port mapped to host port 49154. Ports that are not explicitly mapped cannot receive incoming traffic. Also containers within the same host will see different IP address ports than containers across different hosts (not very ‘cloudy’).

This is the reason why using a network virtualization solution such as OpenContrail is so appealing. OpenContrail, replaces docker’s networking implementation which can be disabled by using –net=none. It provides each container its own IP address in Continue reading

Network Engineers, Pay Attention to Big Data

You have probably realized we are having a Big Data kind of week here at the Plexxi blog. And for good reason. The amount of development and change in this big bucket of applications we conveniently label “Big Data”, is astonishing.

Walking around at Hadoopworld in New York last week, I initially felt somewhat lost as a “networking guy”. But that feeling of “not belonging” is only superficial, the network has a tremendously important role in these applications. The challenge is that many “networking” folks don’t quite understand or realize that yet, but contrary to what I believed not too long ago, Big Data Application folks have a pretty good understanding of the role of the network in their overall application and its performance.

As an industry we have been talking about the increase in east-west traffic for quite a few years now. For your typical datacenter infrastructure today this is based on loosely coupled applications and semi-distributed storage. A web based application has many components that together make up the application we see as users. There are application load balancers, web server front ends, application back ends that in turn have databases for their data storage. And those databases Continue reading

Thoughts of My Day: VCE Always Was An EMC Property


EMC announced during it’s quarterly results that it was taking a larger position in VCE. VCE was always an EMC asset, co-operation with partners Cisco, Intel and VMware has never been strong and this simply closes out the current chapter.  The end result positions EMC to also be a “IBM style” company with a full […]

The post Thoughts of My Day: VCE Always Was An EMC Property appeared first on EtherealMind.

IPv6 in a Global Company – a Real-World Example

More than a year ago I wrote a response to a comment Pascal wrote on my Predicting the IPv6 BGP table size blog post. I recently rediscovered it and figured out that it’s (unfortunately) as relevant as it was almost 18 months ago.

Other people have realized we have this problem in the meantime, and are still being told to stop yammering because the problem is not real. Let’s see what happens in a few years.

Read more ...

Show 209 – HP Networks and Network Management – Sponsored

Talking about Network Management get mixed reactions in the network industry with a rich history of products that didn't match our expectations or needs. In today's sponsored podcast, HP Networking continues their mission to change the way network engineers feel about their NMS's through the HP Intelligent Management Center.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Show 209 – HP Networks and Network Management – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.

New CCIE RSv5 Troubleshooting/Full Scale Rack Rentals & Labs

Rack Rentals for INE’s CCIE RSv5 Workbook’s Troubleshooting Labs and Full Scale Labs are now available via the Members Site. To access them login to http://members.ine.com, click “Rack Rentals” on the dashboard on the left, and then click “Schedule” under “CCIE Routing & Switching v5 Full Scale.”

This topology uses 20 routers and 4 switches and is for both Troubleshooting and Full Scale Labs. The topology above it, “CCIE Routing & Switching v5″, uses 10 routers and 4 switches, and supports all the Advanced Technology Labs and Foundation Labs.

The loading and saving of initial configs is supported through the Rack Control Panel, which can greatly save you time in your studies, especially with very large topologies such as those used in the Troubleshooting and Full Scale Labs.

Additionally, Full Scale Lab 2 and Troubleshooting Lab 2 have been posted to the CCIE RSv5 Workbook. More Foundation, Troubleshooting, and Full Scale Labs are currently in development and will be posted soon. For discussion on these new labs please visit the CCIE RSv5 Workbook section of IEOC, our online community.

Gathering Ansible facts from network devices using SNMP

ansible-snmp-factsAt times when I look at the tools available for server admins today I long for the times when I didn’t work in networking. Sure we can use tools like Puppet and Ansible for networking too. However the tools are made for servers. Of course there are tie-ins into network automation, but the functionality is rudimentary at best. The current problem as I see it is the lack of decent APIs, granted some vendors are better than others. And I haven’t had the pleasure of working with those who understand XML. Sometime in a not too distant future when we have flying skateboards, SDN and nano bots these problems will disappear, but we’re not there yet. Before I take a deep dive to see what’s actually possible to do with onePK, OpenDaylight and all that good stuff I wanted to see how much is possible to do today. So this post is about Ansible which is really simple to learn and SNMP, where one of the words in the acronym is “simple”. It should be a perfect match, right?
Continue reading

Multi-Machine Vagrant with YAML

In this post, I’ll describe a technique I found for simplifying the use of multi-machine Vagrantfiles by extracting configuration data into a separate YAML file. This technique is by no means something that I invented or created, so I can’t take any credit whatsoever; this is an idea I first saw here. I wanted to share it here in the hopes that it might prove useful to a larger audience.

If you aren’t familiar with Vagrant and Vagrantfiles, you might start with my quick introduction to Vagrant.

I found this technique after trying to find a way to simplify the creation of multiple machines using Vagrant. Specifically, I was trying to create multiple instances of CoreOS along with an Ubuntu instance for testing things like etcd, fleet, Docker, etc. The Vagrantfile was getting more and more complex, and making changes (to add another CoreOS node, for example) wasn’t as straightforward as I would have liked.

So what’s the fix? As with other DSLs (domain-specific languages) such as Puppet, the fix was found in separating the data from the code. In Puppet, that means parameterizing the module or class, and I needed to use a similar technique here with Vagrant. So, Continue reading

1 3,542 3,543 3,544 3,545 3,546 3,694