Kubernetes 101 – External access into the cluster

In our last post, we looked at how Kubernetes handles the bulk of it’s networking.  What we didn’t cover yet, was how to access services deployed in the Kubernetes cluster from outside the cluster.  Obviously services that live in pods can be accessed directly as each pod has its own routable IP address.  But what if we want something a little more dynamic?  What if we used a replication controller to scale our web front end? We have the Kubernetes service, but what I would call its VIP range (Portal Net) isn’t routable on the network.  There are a couple of ways to solve this problem.  Let’s walk through the problem and talk about a couple of ways to solve it.  I’ll demonstrate the way I chose to solve it but that doesn’t imply that there aren’t other better ways as well.

As we’ve seen, Kubernetes has a built-in load balancer which it refers to as a service.  A service is group of pods that all provide the same function.  Services are accessible by other pods through an IP address which is allocated out of the clusters portal net allocation.  Continue reading

The Cisco CNPES Cert, First Exam (600-504) and Course

Do you think of yourself as a network engineer? Cisco’s Network Programmability Engineer Specialist (CPNES) certification represents Cisco’s first crack at a certification focused on network engineering in an SDN world. Today’s post begins to examine this certification by looking at the first of the two required exams: the 600-504 NPENG exam. We’ll look at both the exam and a related video course.

Other posts in this series:

Overview

First, to set the stage, Cisco currently offers four network programmability certifications. Loosely you can think of these as two networking-focused certs, and two development-focused certs, based on job roles. For the two networking-focused certs, one focuses on design, while one (the one discussed here) looks at engineering and implementation.

Figure 1: Overview of Cisco SDN Certifications

 

Today’s post focuses on the cisco network programmability engineering specialist (CNPES) cert, and specifically the first exam: the 600-504 NPENG exam. Basically, the NPENG exam covers SDN implementation but excludes ACI, while the second required exam, 600-512 NPENGACI, includes ACI.

This list provides the links for more details – for the certification, each of the two exams, and each of Cisco’s two Continue reading

Some notes on SuperFish

What's the big deal?

Lenovo, a huge maker of laptops, bundles software on laptops for the consumer market (it doesn't for business laptops). Much of this software is from vendors who pay Lenovo to be included. Such software is usually limited versions, hoping users will pay to upgrade. Other software is add supported. Some software, such as the notorious "Ask.com Toolbar", hijacks the browser to display advertisements.

Such software is usually bad, especially the ad-supported software, but the SuperFish software is particularly bad. It's designed to intercept all encrypted connections, things is shouldn't be able to see. It does this in a poor way that it leaves the system open to hackers or NSA-style spies.

Marc Rogers has a post where he points out that what the software does is hijack your connections, monitors them, collects personal information, injects advertising into legitimate pages, and causes popup advertisement.

What's the technical detail?

It does two things. The first is that SuperFish installs a transparent-proxy (MitM) service on the computer intercepting browser connections. I don't know the details of exactly how they do this, but Windows provides easy hooks for such interception.

But such interception still cannot decrypt SSL. Therefore, SuperFish Continue reading

MPLS VPN and DMVPN Design Challenge

MPLS VPN is used mostly as primary connectivity and DMVPN as a backup in the small medium business. You might see in some cases DMVPN is the only the circuit between remote offices and the datacenter/HQ, or for some applications MPLS VPN might be the primary,DMVPN for the others. As an example high throughput, high… Read More »

The post MPLS VPN and DMVPN Design Challenge appeared first on Network Design and Architecture.

Google worried US could use amended warrant rule to search computers abroad

Google has opposed moves by the U.S. Department of Justice to extend the warrant issuing authority of magistrate judges to searches of computers in districts other than their own.Innocuous as that may sound, Google is concerned that the proposed amendment would likely end up being used by U.S. law enforcement to directly search computers and devices anywhere in the world.There is nothing in the proposed change to the Federal Rule of Criminal Procedure 41 that would prevent access to computers and devices worldwide, wrote Richard Salgado, Google’s legal director for law enforcement and information security, in a blog post Wednesday.To read this article in full or to leave a comment, please click here

Swedish man pleads guilty to peddling Blackshades malware

A Swedish man pleaded guilty Wednesday to peddling one of the most prevalent spying programs called Blackshades that was widely used by the criminal underground.Alex Yucel, 24, pleaded guilty to one count of distributing malicious software. He could face a maximum of 10 years in prison, the U.S. Attorney’s Office for the Southern District of New York said. He is expected to be sentenced on May 22.BlackShades, a remote access trojan, was marketed by its developers as a program for legitimate computer monitoring but was mostly used for stealing payment card data, recording a computer’s keystrokes and secretly controlling webcams. It was sold for between US$40 to $100.To read this article in full or to leave a comment, please click here

Tens of thousands of home routers at risk with duplicate SSH keys

A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys.John Matherly used Shodan, a specialized search engine for querying Internet-connected devices, and found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key.+ ON THE LIGHTER SIDE: Most Memorable Saturday Night Live Techie Skits & Bits +Matherly, who founded Shodan, performed the search after someone posted a shorter version of a public key—called a fingerprint—for their device.To read this article in full or to leave a comment, please click here

Mobile networks limber up for the Internet of Things

Changes starting to take place behind the scenes in mobile networks may eventually pay dividends to anyone with a smartphone, a connected refrigerator or an IT department.Carriers have done things pretty much the same way for years, with cellular base stations at the edge of their networks feeding into a series of specialized appliances at central facilities. Now they’re virtualizing those networks in several ways, seeking the same rewards that enterprises have reaped by virtualizing data centers: efficiency and flexibility. The trend will be in full swing at Mobile World Congress in Barcelona next month.It’s good news for mobile users that they may not hear much about. A more efficient network leaves more free capacity for the video or application you want to run, and a more flexible carrier could quickly launch services in the future that you don’t even know you’ll need yet. The new architectures may even change how some businesses pay for mobile services.To read this article in full or to leave a comment, please click here

Mobile networks limber up for the Internet of Things

Changes starting to take place behind the scenes in mobile networks may eventually pay dividends to anyone with a smartphone, a connected refrigerator or an IT department.Carriers have done things pretty much the same way for years, with cellular base stations at the edge of their networks feeding into a series of specialized appliances at central facilities. Now they’re virtualizing those networks in several ways, seeking the same rewards that enterprises have reaped by virtualizing data centers: efficiency and flexibility. The trend will be in full swing at Mobile World Congress in Barcelona next month.It’s good news for mobile users that they may not hear much about. A more efficient network leaves more free capacity for the video or application you want to run, and a more flexible carrier could quickly launch services in the future that you don’t even know you’ll need yet. The new architectures may even change how some businesses pay for mobile services.To read this article in full or to leave a comment, please click here

Liquid Telecom raises $150 million to extend broadband in Africa

Liquid Telecom has raised US$150 million to extend its fiber networks across Africa, a sign of the growing need for broadband services on the continent.The company, controlled by African telecom company Econet Wireless, has already invested heavily in East Africa, where it is laying thousands of kilometers of new fiber-optic cable to connect Burundi and the Democratic Republic of Congo.The company has also already completed its East Africa fiber ring, which connects Kenya, Uganda and Tanzania, in order to provide high speeds and continuous uptime across the region.Liquid will use the additional funds it raised to build fibre broadband networks in several other countries.To read this article in full or to leave a comment, please click here

Long-awaited Blackphone tablet may emerge at MWC

Paranoid tablet users, rejoice. The first units of the secure Blackphone tablet will be demonstrated at the upcoming Mobile World Congress show in Barcelona early next month.The tablet will be the second product from SGP Technologies, which makes the privacy-centric Blackphone smartphone. A pre-release version of the tablet will be shown at the booth of Graphite Software, which has written a special interface for the device to run sensitive applications.SGP is planning a press conference at MWC where it will probably announce the tablet. A Blackphone spokesman declined to share details on the tablet launch or the press conference. However, a Graphite Software executive said the tablet would be announced at MWC and would be on display at Blackphone’s booth as well as Graphite’s.To read this article in full or to leave a comment, please click here

Long-awaited Blackphone tablet may emerge at MWC

Paranoid tablet users, rejoice. The first units of the secure Blackphone tablet will be demonstrated at the upcoming Mobile World Congress show in Barcelona early next month.The tablet will be the second product from SGP Technologies, which makes the privacy-centric Blackphone smartphone. A pre-release version of the tablet will be shown at the booth of Graphite Software, which has written a special interface for the device to run sensitive applications.SGP is planning a press conference at MWC where it will probably announce the tablet. A Blackphone spokesman declined to share details on the tablet launch or the press conference. However, a Graphite Software executive said the tablet would be announced at MWC and would be on display at Blackphone’s booth as well as Graphite’s.To read this article in full or to leave a comment, please click here

Former GM CEO warns Apple not to get into the car business

With all of the varying news reports claiming that Apple has plans to develop its own car, there has been a lot of debate regarding the wisdom behind such a strategy. While some Apple enthusiasts might understandably welcome an Apple-inspired car, there is certainly no shortage of arguments to make against Apple entering an entirely new industry.Falling in the latter category, former GM CEO Dan Akerson recently sat down for an interview with Bloomberg where he advised Apple that it has no idea what it's getting itself into.To read this article in full or to leave a comment, please click here

Sony looks to PlayStation to revive fortunes, could ditch smartphones

Sony will invest more money in the PlayStation as it fights to return to a profit, and could reportedly exit from selling smartphones and TVs.Sony will pump extra cash into its games and network services division in a bid to attract more users to the PlayStation and its PlayStation Network of online games. The company has sold 18.5 million PlayStation 4s since they went on sale in late 2013, of which 4.1 million were sold in the 2014 holiday season.Sony will also provide more funding for the division that makes image sensors for devices including the iPhone 6. That cash will go towards researching new technologies and increasing production.To read this article in full or to leave a comment, please click here

Apple Watch launch projected to be 7 times more successful than Android Wear

The Wall Street Journal reported yesterday that Apple placed its first Apple Watch orders with its manufacturing partner Quanta for 5 to 6 million watches. That's extremely bullish for Apple because only 720,000 Android Wear watches shipped in 2014 from such companies as Motorola, Samsung, and LG, while Pebble shipped 1 million smartwatches, according to market watcher Canalys. Apple's rosy forecast for its premium-priced watch appears aggressive when one considers that Canalys reported a total 4.6 million smart wearable bands shipped in 2014.To read this article in full or to leave a comment, please click here

1 3,600 3,601 3,602 3,603 3,604 3,819