I’ve had network monitoring systems on my mind recently as we’ve been looking to determine the right specification for a number of fiber taps and aggregation devices so that we can fulfill the needs of both the security teams (for … Continue reading
If you liked this post, please do click through to the source at Network Monitoring – So Many Choices! and give me a share/like. Thank you!
The cloud is one of those technology trends that seems to be perpetually on the cusp of becoming ubiquitous. But if recent analyst reports are any indication, cloud’s breakthrough moment is imminent. Late last year, Gartner predicted that in 2016, the bulk of new IT spend would shift to the public cloud, and that by the end of 2017, nearly half of all enterprises will have hybrid cloud deployments.
But if cloud has been around for so long, why will it take so long for cloud to become the dominant source of IT spend?
The determinant for most change is the underlying psychology that drives individuals and organizations. The IT industry as a whole has been underpinned by a deep-seeded need for control. The reason that most companies keep expertise in-house is that they want to maintain control—over their data, over the integration with their business workflows, over their schedules, and over their spend.
Of course control is under constant attack by cost. While traffic is booming, IT spend in most organizations continues to trend flat to down. This means that organizations need to constantly provide more compute resources, more storage, and faster interconnect while working with Continue reading
If you care about building your own SDN skills, SDN certifications should matter to you, at least for the purpose of figuring out what to study (an argument I’ve made in an earlier post.) Since that time, the SDN world has seen several updates to vendor SDN certifications. (I’m also hopeful that we’ll see a few more at the upcoming Interop New York show towards the end of September.) Today’s post summarizes those that merit a look, at least for the purposes of figuring out what you might want to learn to retool for an SDN world.
Here’s a quick list of surprises and other goodies from this latest scan of the state of the art:
Dig into the rest of the post for more details!
I spent last Tuesday in Bern attending the SIGS DC Day Event, and came back home extremely pleasantly surprised. The conference was nice and cozy, giving everyone plenty of opportunities to chat about data center technical challenges (thanks for all the wonderful conversations we had – you know who you are!).
Having the opportunity to meet fellow networking engineers and compare notes is great, but it’s even better to combine that with new knowledge, and that’s where the event really excelled.
Read more ...Breathin' so free on non-extradition soil now. Breakup with USA is done now.
— Andrew Auernheimer (@rabite) September 14, 2014IP NAT is a very common configuration. One of the challenges that sometimes surfaces is the need for internal hosts to connect to the public address of a locally hosted server. Anyone who has tried to configure something like the following has likely faced this issue.
In this example, the top of the diagram represents the outside (Internet, ISP, or External Server), the left represents the DMZ area, and the bottom represents the inside. The goal is to enable dynamic port address translation for internal hosts and static port address translation for the host or hosts found in the DMZ area.
This configuration is fairly straightforward and typically covered in the CCNA curriculum. This includes identifying each interface as inside or outside and configuring the appropriate nat statements.
interface FastEthernet1/0 description To INSIDE ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface FastEthernet1/1 description To ACME WWW ip address 192.168.2.1 255.255.255.0 ip nat inside ! interface FastEthernet1/2 description To OUTSIDE ip address 192.0.2.100 255.255.255.0 ip nat outside ! ip nat inside source list 1 interface FastEthernet1/2 overload ip nat inside source static tcp 192.168. Continue reading
 |
| CC BY-NC-ND 2.0 licensed photo by smif Needs deduplication |
The Sourcefire NGIPS/NGFW solution is a way to quickly get some interesting information about traffic on a network. One of the things I like about the solution is that actionable information is almost immediately available after deployment.
There are five deployment modes for a Sourcefire Firepower appliance:
Passive and inline modes are the two deployment options for the Virtual versions of the Firepower appliances. Inline mode provides significant advantages over simple passive monitoring. Inline mode allows the appliance to block offending traffic or communications that violates the configured policy. Following the installation guide is straightforward and should allow a security engineer to quickly get this solution up and running.
The first time I ran through this process, I couldn’t get traffic to flow through the inline appliance. After struggling a while, I reconfigured the device into passive mode and spanned some traffic over to it. At first I didn’t see any statistics. After realizing that I also needed to configure VMWare to accept promiscuous mode, I quickly started getting interesting information in the Firesight dashboard.
At this point, a thought occurred to me. What if the Firepower appliance had no layer 2 hooks and forwarded traffic that blindly Continue reading
1 | /c/slb/virt 86_13 |
1 | when HTTP_REQUEST { |
This post will provide a quick introduction to a tool called Vagrant. Unless you’ve been hiding under a rock—or, more likely, been too busy doing real work in your data center to pay attention—you’ve probably heard of Vagrant. Maybe, like me, you had some ideas about what Vagrant is (or isn’t) and what it does (or doesn’t) do. Hopefully I can clear up some of the confusion in this post.
In its simplest form, Vagrant is an automation tool with a domain-specific language (DSL) that is used to automate the creation of VMs and VM environments. The idea is that a user can create a set of instructions, using Vagrant’s DSL, that will set up one or more VMs and possibly configure those VMs. Every time the user uses the precreated set of instructions, the end result will look exactly the same. This can be beneficial for a number of use cases, including developers who want a consistent development environment or folks wanting to share a demo environment with other users.
Vagrant makes this work by using a number of different components:
This week, EVO:RAIL & Converged thingies, Cisco's multiple SDN strategies, Don't be a precious snowflake and Congress open source project.
The post Network Break 16 appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Last year my colleague Jim Cowie broke a story about routing hijacks that resulted in Internet traffic being redirected through Iceland and Belarus. Unfortunately, little has changed since then and the phenomenon of BGP route hijacking continues unabated and on an almost daily basis.
In the past three days, the situation has gone from bad to downright strange as we have observed a flurry of this activity. Now, for the first time, we’re seeing major US carriers, Sprint and Windstream, involved in hijacking, along with the return of an operation out of Poland targeting Brazilian networks. We see router misconfigurations regularly in BGP data – could these incidents also be explained by simple command-line typos?
Route hijacking continues
In May my colleague, Earl Zmijewski gave a presentation about routing hijacks at the LINX 85 meeting, describing a comprehensive system that can be used to identify suspicious hijacks on a global basis and without any prior knowledge about the networks involved. While we now detect suspicious routing events on an almost daily basis, in the last couple of days we have witnessed a flurry of hijacks that really make you scratch your head.
To mention a few recent events, last Continue reading
I passed the ROUTE exam a few days/weeks/months/something ago and decided to pursue certifications of another sort for a while. The wife and I are trying our best to help the community through our ham radio training, so I decided to go down that path a bit further. One thing I was interested in doing is to do EmComm during declared emergencies. That meant I had to take two FEMA courses online to be allowed in the EOC. I thought they would be terribly boring, but I found them to be quite familiar.
The first course was on the Incident Command System (ICS). The main idea is that, in the event of an emergency of any kind or size, an Incident Commander (IC) is assigned to be responsible for the recovery effort. This mean analysis of the incident, generating an action plan (a very key component), and execution of said plan. If the IC can complete the action plan by himself, then off he goes. If he or she needs some additional resources like people or equipment, then he or she is empowered to draft that help from any entity that’s involved.
Another one of the big points of ICS is Continue reading
This post will provide a quick introduction to a tool called Vagrant. Unless you’ve been hiding under a rock—or, more likely, been too busy doing real work in your data center to pay attention—you’ve probably heard of Vagrant. Maybe, like me, you had some ideas about what Vagrant is (or isn’t) and what it does (or doesn’t) do. Hopefully I can clear up some of the confusion in this post.
In its simplest form, Vagrant is an automation tool with a domain-specific language (DSL) that is used to automate the creation of VMs and VM environments. The idea is that a user can create a set of instructions, using Vagrant’s DSL, that will set up one or more VMs and possibly configure those VMs. Every time the user uses the precreated set of instructions, the end result will look exactly the same. This can be beneficial for a number of use cases, including developers who want a consistent development environment or folks wanting to share a demo environment with other users.
Vagrant makes this work by using a number of different components:
Providers: These are the “back end” of Vagrant. Vagrant itself doesn’t provide any virtualization functionality; it relies on Continue reading
Seamus Gilchrist sent me a fantastic list of MPLS- and MPLS-TE-related questions. Instead of starting an email exchange we agreed on something that should benefit a wider community: a lengthy whiteboard session discussing the basics of MPLS, MPLS-TE, load balancing and QoS in MPLS networks…
The first part of our conversation is already online: The Essence of MPLS.
We would like to share our experiences with Customer SDN deployments that require OpenFlow hybrid mode. Why it matters, implementation considerations, and how to achieve better support for it in ODL
OpenFlow-compliant switches come in two types: OpenFlow-only, and OpenFlow-hybrid. OpenFlow-only switches support only OpenFlow operation, in those switches all packets are processed by the OpenFlow pipeline, and cannot be processed otherwise. OpenFlow-hybrid switches support both OpenFlow operation and normal Ethernet switching operation, i.e. traditional L2 Ethernet switching, VLAN isolation, L3 routing (IPv4 routing, IPv6 routing...), ACL and QoS processing
The rationale for supporting hybrid mode is twofold:
- Controlled switches have decades of embedded traditional networking logic. The controller does not add value to a solution if it replicates traditional forwarding logic. One alternative controller responsibility is that provides forwarding decisions when it wants to override the traditional data-plane forwarding decision.
- Controllers can be gradually incorporated into a traditional network. Continue reading
