BGP Configuration on FortiOS

I’ve never done a post on Forti-anything, but I’m really appreciating the products Fortinet is putting out lately. They’re transitioning from “run your SMB off of our stuff” to “actually, we’re pretty good for larger companies”, so their GUI lacks features to keep the SMB from blowing stuff up, The advanced features are there in the CLI, and I wanted to use it to show that difference between the GUI and the real config.

Let’s review some of the basic configuration elements of BGP first. You need an autonomous system (AS) number and a router ID for your side. You also need the AS number of the remote system. You need the IP address on their side (usually the interface facing you). That looks something like this. We’re going to be ‘Fortigate 1’ for this exercise.

With just this information, we can turn up a BGP neighbor that does absolutely nothing. To actually send some routes, you need to tell BGP what to send. We’ll keep this simple and add just connected networks. Adding to the diagram, we get this.

Now we have something of value (though choosing BGP over OSPF or RIP for this little scenario is pretty horrible). Continue reading

Apple Only Pays 48M per year in Bug Bounties ?

This article from Apple boggles my brain:  Apple Security Bounty. Upgraded. – Apple Security Research – https://security.apple.com/blog/apple-security-bounty-upgraded/ In the past two and a half years since opening our program, we’re incredibly proud to have awarded researchers nearly $20 million in total payments, with an average payout of $40,000 in the Product category, and including 20 […]

Let Ansible keep an eye on your AWS environment

In a cloud model, the security of the environment and compliance becomes the responsibility of both the end users and the cloud provider. This is what we call the shared responsibility model in which every part of the cloud, including the hardware, data, configurations, access rights, and operating system, are protected. Depending on the local legislation and the origin of the data that is handled (for instance laws like HIPAA, the GDPR in Europe, or the Californian CCPA),  you may have to enforce strict rules on your environment and log events for audit purposes. AWS CloudTrail will help you to achieve this goal. The service can collect and record any kind of information coming from your environment and store or send the events to a destination for audit. In addition to security and compliance, this service helps keep track of resource consumption.

Ansible’s CloudTrail module is used to leverage the various features of the CloudTrail service to monitor and audit user activities and API calls in the AWS environment. A trail is a configuration that lets us describe an event filter and decide where the matching entries should be sent. The recent 5.0.0 release of the Amazon.aws Continue reading

Kubernetes 003. Developing and Publishing Cloud-Native Application: Overview of Key Kubernetes Primitives

Hello my friend,

It took a bit since our previous blogpost about the setup of the highly-available Kubernetes cluster with multiple control plane and worker nodes. We aimed to write the blogpost about the upgrade, but we will park it for now for two reasons:

  • Despite this topic is needed for the exam, it is not very often performed within the cluster.
  • We want to provide a broader overview of Kubernetes from the perspective of building and using applications on top of it.

Therefore, we decided to walk you through the main components used to build and publish your application in a cloud native way on Kubernetes. Let’s dive into that.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Can Kubernetes Help to Automate Networks?

These days there are interesting projects emerging with Kubernetes acting as a management plane for network devices. Kubernetes in such projects has a role of the entity, which distributes configuration to the worker nodes, which are either proxies for Continue reading

Generalized Linear Models(GLMs) Rough Notes

Generalized Linear Model

xkcd _linear

In case of Linear Models, we assume a linear relationship between the mean of the response variable and a set of explanatory variables with inference assuming that response variable has a Normal conditional distribution with constant variance. The Generalized Linear Model permits the distribution for the Response Variable other than the normal and permits modeling of non-linear functions of the mean. Linear models are special case of GLM.

GLM extends normal linear models to encompass non-normal distributions and equating linear predictors to nonlinear functions of the mean. The fundamental preimise is that

1) We have a linear predictor. $\eta_{i} = a + Bx$.

2) Predictor is linked to the fitted response variable value of $Y_{i}, \mu_{i}$

3) The linking is done by the link function, such that $g(\mu_{i}) = \eta_{i} $. For example, for a linear function $\mu_{i} = \eta_{i}$, for an exponential function, $log(\mu_{i}) = \eta_{i}$

$ g(\mu_{i}) = \beta_{0} + \beta_{1}x_{i1} + … + \beta_{p}x_{ip} $

The link function $g(\mu_{i})$ is called the link function.

Some common examples:

  • Identity: $\mu = \eta$, example: $\mu = a + bx$
  • Log: $log(\mu) = \eta$, example: $\mu = e^{a + bx}$
  • Logit: $logit(\mu) = \eta$, example: $\mu = Continue reading

Weekend Reads 102822


Data security in the public cloud has been a concern since the computing medium emerged in the mid-2000s, but cloud providers are allaying fears of theft with a new concept: confidential computing.


Fewer than half of 5G users say they’ve experienced improvements in speed or reliability over 4G according to a new survey, but that is not going to stop some in telecoms pushing ahead with efforts to deliver an enhanced version branded 5.5G.


So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)’s VP of Security, this week tweeted, “OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC.”


These include multiple forms of wireless, artificial intelligence, and sustainability, according to Frances Karamouzis, distinguished vice president and analyst at Gartner, and external events are making IT pros’ decisions about them even more difficult.


As the priorities of IT are driven by the needs to support business goals, one of the increasingly important needs IT leaders must to pay attention to is attracting and retaining high-quality employees.


SBOMs are meant to be something like a nutrition label on the back of a grocery store Continue reading

Worth Exploring: NetTowel

A few months ago, Urs Baumann created NetTowel, a very nice CLI wrapper around several popular libraries, including Jinja2, TTP, NetMiko and netaddr. Although it seems he got busy with other things in recent months, and the development stalled a bit, the tool is definitely worth exploring.

Worth Exploring: NetTowel

A few months ago, Urs Baumann created NetTowel, a very nice CLI wrapper around several popular libraries, including Jinja2, TTP, NetMiko and netaddr. Although it seems he got busy with other things in recent months, and the development stalled a bit, the tool is definitely worth exploring.

BrandPost: MSP or DIY: What Is the Best Option for Your SD-WAN Deployment?

The rate of SD-WAN adoption is quickly rising to the point of ubiquity. In an era of distributed environments — including applications, employees, cloud, Edge, and data centers — navigating network complexity has become an increasing common challenge.Recent ESG research found that 54% of survey respondents felt restrained by network complexity in terms of both operational efficiency and user experience. Impacted companies have two solutions for deploying SD-WAN: Do It Yourself (DIY) and or via Managed Service Providers (MSP). It’s up to IT leaders to choose the approach that will most effectively manage their deployments.To read this article in full, please click here

Extreme earnings report: Wireless and cloud gains temper record backlogs

Despite problems getting parts and a gigantic backlog of orders to fill, Extreme Networks landed a record-setting first-quarter FY23 of nearly $300 million, up 11% year-over-year, and 7% quarter-over-quarter.The  backlog CEO Ed Meyercord referred to during the company’s quarterly earnings call this week sits at $555 million, also a record. To put it in perspective, that's nearly three full quarters of product revenue in backlog, mostly due to supply-chain issues. Concerns about the economy are also in the mix, but Meyercord said that when it comes to investing in networks, things look bright.To read this article in full, please click here

Wi-Fi 6E Growing Pains For Apple

You may have seen that the new iPad Pro has Wi-Fi 6E support. That caused a lot of my wireless friends to jump out and order one, as I expected. As I previously mentioned, 2023 is going to be a big year for Wi-Fi 6E. I was wrong about the 6E radio on the new iPhone but given the direction that Apple is going with the iPad Pro and probably the MacBook as well we’re in for a lot of fun. Why? Because Apple is changing their stance on how to configure 6GHz networks.

An SSID By Any Other Name

If you’ve ever set up wireless networks before you know there are some different suggestions about how to configure the SSIDs with multiple bands. One school of thought says that you need to combine both 2.4GHz and 5GHz in the same SSID and let the device figure out which one is the best to use. This is the way that I have mine set up at home.

However, if you do a quick Google search you’ll find a lot of other wisdom that suggests creating two different SSIDs that only work on a single band. The thought process Continue reading

Heavy Networking 653: Design, Deploy, And Operate With Nokia Data Center Fabric Solution (Sponsored)

Today’s Heavy Networking, sponsored by Nokia, dives into Nokia's fabric-based approach to data center automation and operations. That approach includes its SR Linux network OS, its Fabric Services System intent-based platform, its NetOps Development Kit, or NDK, and how all this ties together to address your operational life cycle across Day zero, Day 1, Day Two, and beyond.

Heavy Networking 653: Design, Deploy, And Operate With Nokia Data Center Fabric Solution (Sponsored)

Today’s Heavy Networking, sponsored by Nokia, dives into Nokia's fabric-based approach to data center automation and operations. That approach includes its SR Linux network OS, its Fabric Services System intent-based platform, its NetOps Development Kit, or NDK, and how all this ties together to address your operational life cycle across Day zero, Day 1, Day Two, and beyond.

The post Heavy Networking 653: Design, Deploy, And Operate With Nokia Data Center Fabric Solution (Sponsored) appeared first on Packet Pushers.

Technology Short Take 161

Welcome to Technology Short Take #161! It’s been a little over a month since the last Technology Short Take, although the Full Stack Journey recently did an “Audio Edition” of a Technology Short Take that you should probably check out. In any case, I’ve spent the last month collecting links to articles and tutorials from around the web on all the various technologies that us IT folk are likely to encounter in our day-to-day adventures. I hope there’s something here that you find useful!

Networking

Servers/Hardware

  • Howard Oakley has a great series on Apple Silicon; the series is up to three posts so far. The first post provides a high-level overview of how Apple Silicon M-series chips are different, and the second post has more details on the capabilities of the P and E cores. The third post Continue reading

Could I Use netlab instead of GNS3?

I’m often getting questions like “I’m using GNS3. Could I replace it with netlab?”

TL&DR: No.

You need a set of functions to build a network lab:

  • Virtualization environment (netlab supports VirtualBox, libvirt, Docker, and Podman)
  • An orchestration tool/system that will deploy network device images in such an environment (netlab supports Vagrant and containerlab)
  • A tool that will build orchestration system configuration (netlab core functionality)
Read more …

Could I Use netlab instead of GNS3?

I’m often getting questions along the lines of “I’m using GNS3. Could I replace it with netlab?"

TL&DR: No.

You need a set of functions to build a network lab:

  • Virtualization environment (netlab supports VirtualBox, libvirt, Docker, Podman)
  • An orchestration tool/system that will deploy network device images in such an environment (netlab supports Vagrant and containerlab)
  • A tool that will build orchestration system configuration (netlab core functionality)
Read more …
1 364 365 366 367 368 3,793