Getting Started with Docker

It can’t be helped.  There’s just too much cool stuff out there and not enough time to spend dedicating myself to one piece of technology.  That being said, I fully intend on continuing the Chef posts, but Im going to be mixing in some docker posts as well.  Im hoping that there’s some cross-connect as well where we can talk about using docker in conjunction with Chef as well.

Docker is something that I haven’t seen before.  From what I have seen so far, it appears to be an incredibly easy way to containerize applications and software on a linux system.  The docker website summarizes docker as..

“An open platform for distributed applications for developers and sysadmins.”

That summarizes things nicely, but again, why is a network guy interested in this?  First off, I’m a little tired of VMware.  Don’t confuse me being tired with a general dislike of the product.  I’ve been using VMware for years and for the most part, it works well and provides the functions I need.  On the flip side, Im not convinced there’s anything particularly special about VMware.

I’ve been using ProxMox at home for some time and it does everything that I Continue reading

What’s in a Name?

Most home users select their wireless network name without much thought to the actual name except to make it easy for them to see and connect to. So many people never think that the networks name also known as the Service Set Identifier or SSID could be a security risk. Okay, a security risk may be a reach, but let’s just say some SSIDs are more secure than others, and I will list some dos and don’ts when selecting an SSID.

Before the list lets discuss what makes the SSID important. Hackers need to gather several pieces of information including the SSID to crack a networks WPA/WPA2 password. Hackers have pre-configured tables with this information including common or default SSID names and if you’re using one of these common names you have made their job easier and your network more of a target.

• Do change the SSID from the factory set default wireless network name.
• Don’t select a name in top 1000 most common SSIDs. Now this list is very long and at first glance you will notice a lot of factory given default names (dlink, Linksys, 2wire, Netgear, etc…), so as mentioned above change the default name.
• Don’t use your Continue reading

Internets of Interest for 12th June 2014

  Collection of useful, relevant or just fun places on the Internets for 12th June 2014 and a bit commentary about what I’ve found interesting about them: Will Network Engineers Become Programmers? « ipSpace.net by @ioshints – Ivan explains his view on the ways that network folks will work with programmers. I think he describes […]

The post Internets of Interest for 12th June 2014 appeared first on EtherealMind.

Amid raging violence, Iraq orders Internet shutdowns

Update (10:00ET, 14-Jun-2014): See below for a copy of Friday’s Iraqi MoC order to disconnect social media.

Iraq is descending into further violence, as militant group ISIL takes control of Mosul and beyond. Renesys has observed two large Internet outages this week (here and here) that our sources confirmed to be government-directed outages. These interruptions appear to coincide with military operations, amid concerns that ISIL forces are using Internet websites to coordinate their attacks.

2nd massive outage this week in Iraq at 14:27UTC lasted over 3hrs. ISPs Earthlink, IQNetworks impacted pic.twitter.com/pR8ab7jFAa

— Renesys Corporation (@renesys) June 12, 2014

#iraq-i government to shutdown internet in #Nenwah #Kirkuk #salah_al_deen #alanbar #leaked -no prove- #email #ISIS pic.twitter.com/eM3OqkVzyo

— Jassey (@eng_mohamedarif) June 12, 2014

The screencapture image in this tweet shows an email message announcing the latest shutdown. It reads:

Dear Valued customers

Due to the current security situation in iraq and as per the MOC instruction sent by the PM Mr Nori Kamel Al-Maliki ,the internet service will be suspended for the below provinces until further notice starting from today Thursday 12/6/2014 , Continue reading

Musing: Cisco Playing the Underdog

Couple of quotes from John Chambers keynote during Cisco Live that I seemed to leap out at me: “You are going to see a brutal, brutal consolidation of the IT industry where out of the top five players, only two or three of us will be meaningful in as quick as five years.” “When we […]

The post Musing: Cisco Playing the Underdog appeared first on EtherealMind.

Coffee Break Show 9

Coffee Break Show 9

[player] This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Show Links Cisco’s 3 Commandments – Drew’s take on Chambers’ CLUS keynote Cisco […]

The post Coffee Break Show 9 appeared first on Packet Pushers.

Coffee Break Show 9

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Show Links Cisco’s 3 Commandments – Drew’s take on Chambers’ CLUS keynote Cisco Faces […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Coffee Break Show 9 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

SDN: Déjà vu all over again?

SDN: Déjà vu all over again?

Having been in this industry longer than I care to think about (I cut my teeth in operations and systems programming on mainframes and early Intel 8080-based ‘microcomputers’), I’ve seen a few technology innovations that were truly disruptive and some that claimed to be but ultimately morphed into something else or were relegated to a niche (remember the Infiniband ‘revolution’ in the early 2000s?). Software defined networking and network functions virtualization clearly threaten to upset the status quo, which in this case, is the vast ecosystem of hardware-based switched and routed networks, and the network equipment manufacturers who build the gear. Cisco, arguably, has the most to lose, but potentially, the most to win also. 

In Peter Burrows’ recent Bloomberg article, reflecting how SDN has become mainstream news, he points out that the existing market for switches and routers is growing at the very modest rate of three percent a year. While this business is the lifeblood of companies like Cisco, Juniper, Alcatel-Lucent and Huawei, it is becoming commoditized with downward price pressure and diminishing technological differentiation. These players can certainly Continue reading

Docker Networking

Briefing: Corsa Technology

Takeaway - Corsa Networks is focussed on provided a hardware data plane for SDN WAN use cases.

The post Briefing: Corsa Technology appeared first on EtherealMind.

Response: John Chambers sold more than 30% of his Cisco shares in last month. Heavy sales from others. Thats not good.

This article at Seeking Alpha shows that John Chambers sold more than 30% his Cisco shares last month and is just one of 8 other executives who sold significant numbers of shares in the last month.

The post Response: John Chambers sold more than 30% of his Cisco shares in last month. Heavy sales from others. Thats not good. appeared first on EtherealMind.

Video over Internet

Couple days ago I made an interesting talk about Video Traffic over Internet. Sales engineer goes to company and he claims that Video traffic can be carried over Internet without any problem. This is of course wrong and to understand why I have to explain some technical concepts. Main take away from this article is […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Video over Internet appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

Planning a Project Before Your Execution

This year I have worked on a number of projects and most of them had no planning while others had very little. The planning phase of a project is the most critical part of a project. Planning can not only make or break a project, but your reputation as well. If a project doesn’t go […]

Author information

Charles Galler

Charles is a network and UC engineer for a mainly Cisco reseller. He has worked in the networking industry for about 13 years. He started as a network administrator for a small CLEC (carrier) where he did it all in IT and worked on the carrier network. After the CLEC, Charles went to work for a large healthcare organization in the Houston area and stayed with them for about three and a half years. Now he works for a reseller in the professional services part of the organization. He is currently studying for his CCIE in Routing and Switching and plans on passing it before the end of 2014. You can find him on the Twitter @twidfeki.

Twitter

The post Planning a Project Before Your Execution appeared first on Packet Pushers Podcast and was written by Charles Galler.

Lets Meet: Travelling in San Francisco Jun16-22, 2014

I'm be in San Francisco next week and available of meetings and #BeerOclocks

The post Lets Meet: Travelling in San Francisco Jun16-22, 2014 appeared first on EtherealMind.

Starting with Chef

You might be asking yourself why a network engineer would be concerning himself with a product like Chef.  It’s a long story, but lets start by saying that my interest was first peaked when I heard that the new line of Cisco Nexus switches would have a integrated Chef client.  I’ve known about Chef and Puppet for a long time, but I’ve never really sat down and looked to see how they worked.  So rather than starting with Chef on Nexus, I thought it would be prudent to get some base experience with the application in a more ‘normal’ application.

So how does this fit into networking?  I think we can all agree that data center networking can change.  I’m carefully phrasing that statement by using the word ‘can’.  If you don’t know it already, I don’t buy the ‘SDN will change everything you do’ line of thinking.  In fact, I try as hard as I can not even to use the term SDN.  Why?  Because it’s far too vague of a term that can mean almost anything depending on you how you want to interpret it.  Beyond being a Continue reading

“This account is locked. You can’t log in” for super user in Junos Space

After a few fat-fingered attempts to get the password entered, i realised I had locked myself out of a new Space installation.  There’s only one user at that stage – ‘super’.  And now I’ve locked the account.  Damn.

To unlock this, you will need to go on the console and enter debug mode.  This means you need to know the admin and maintenance mode passwords.  Assuming you do, do the following:

mysql> use build_db

Database changed
mysql> select * from USER_IP_ADDRESS;
+--------+--------------+---------------------+--------------+----------+---------+
| id     | ipAddress    | ipLockedTime        | failureCount | isLocked | user_id |
+--------+--------------+---------------------+--------------+----------+---------+
| 229377 | 172.20.45.85 | 2014-06-11 16:29:07 |            0 |        1 |     610 |
+--------+--------------+---------------------+--------------+----------+---------+
1 row in set (0.00 sec)

 Update the table to make isLocked 0:

mysql> update USER_IP_ADDRESS set isLocked=0;
Query OK, 1 row affected (0.08 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select * from USER_IP_ADDRESS;
+--------+--------------+---------------------+--------------+----------+---------+
| id     | ipAddress    | ipLockedTime        | failureCount | isLocked | user_id |
+--------+--------------+---------------------+--------------+----------+---------+
| 229377 | 172.20.45.85 | 2014-06-11 16:29:07 |            0 |        0 |     610 |
+--------+--------------+---------------------+--------------+----------+---------+
1 row in set (0.00 sec)

mysql> quit

An introduction to Zero Trust virtualization-centric security

This post will be the first in a series that examine what I think are some of the powerful security capabilities of the VMware NSX platform and the implications to the data center network architecture. In this post we’ll look at the concepts of Zero Trust (as opposed to Trust Zones), and virtualization-centric grouping (as opposed to network-centric grouping).

Note: Zero Trust as a guiding principle to enterprise wide security is inspired by Forrester’s “Zero Trust Network Architecture”.

What are we trying to accomplish?

We want to be able to secure all traffic in the data center without compromise to performance (user experience) or introducing unmanageable complexity. Most notably the proliferation of East-West traffic; we want to secure traffic between any two VMs, or between any VM and physical host, with the best possible security controls and visibility – per flow, per packet, stateful inspection with policy actions, and detailed logging – in a way that’s both economical to obtain and practical to deploy.

Trust Zones of Insecurity

Until now, it hasn’t been possible (much less economically feasible or even practical) to directly connect every virtual machine to its own port on a firewall. Because of this, the Continue reading

An introduction to Zero Trust virtualization-centric security

This post will be the first in a series that examine what I think are some of the powerful security capabilities of the VMware NSX platform and the implications to the data center network architecture. In this post we’ll look at the concepts of Zero Trust (as opposed to Trust Zones), and virtualization-centric grouping (as opposed to network-centric grouping).

Note: Zero Trust as a guiding principle to enterprise wide security is inspired by Forrester’s “Zero Trust Network Architecture”.

What are we trying to accomplish?

We want to be able to secure all traffic in the data center without compromise to performance (user experience) or introducing unmanageable complexity. Most notably the proliferation of East-West traffic; we want to secure traffic between any two VMs, or between any VM and physical host, with the best possible security controls and visibility – per flow, per packet, stateful inspection with policy actions, and detailed logging – in a way that’s both economical to obtain and practical to deploy.

Trust Zones of Insecurity

Until now, it hasn’t been possible (much less economically feasible or even practical) to directly connect every virtual machine to its own port on a firewall. Because of this, the Continue reading

An introduction to Zero Trust virtualization-centric security

This post will be the first in a series that examine what I think are some of the powerful security capabilities of the VMware NSX platform and the implications to the data center network architecture. In this post we’ll look at the concepts of Zero Trust (as opposed to Trust Zones), and virtualization-centric grouping (as opposed to network-centric grouping).

Note: Zero Trust as a guiding principle to enterprise wide security is inspired by Forrester’s “Zero Trust Network Architecture”.

What are we trying to accomplish?

We want to be able to secure all traffic in the data center without compromise to performance (user experience) or introducing unmanageable complexity. Most notably the proliferation of East-West traffic; we want to secure traffic between any two VMs, or between any VM and physical host, with the best possible security controls and visibility – per flow, per packet, stateful inspection with policy actions, and detailed logging – in a way that’s both economical to obtain and practical to deploy.

Trust Zones of Insecurity

Until now, it hasn’t been possible (much less economically feasible or even practical) to directly connect every virtual machine to its own port on a firewall. Because of this, the Continue reading