Tech Bytes: Why SASE Is An Architecture, Not A Product (Sponsored)

Today on the Tech Bytes podcast, we’ll be investigating Secure Access Service Edge, or SASE, including the current state of the market and how SASE is evolving. We’ll also look at how sponsor Juniper Networks is moving into the SASE space. Our guest is Kate Adam, Sr. Director of Security Product Marketing at Juniper Networks.

The post Tech Bytes: Why SASE Is An Architecture, Not A Product (Sponsored) appeared first on Packet Pushers.

Network Break 406: Gluware Adds API Modeling To Network Automation; Arista Revenues Rise

This week's Network Break covers new features in Gluware and Aviatrix, new servers from HPE, and new partner specializations from Cisco. We also cover financial results from Fortinet and Arista and Russian threats against commercial satellites.

The post Network Break 406: Gluware Adds API Modeling To Network Automation; Arista Revenues Rise appeared first on Packet Pushers.

Adventures in Upgrading Netbox

I’ve been using Netbox for a while now, and, frankly, I can’t live without it. If you’ve never heard of it, it’s a Source of Truth for your network automation tasks started by Jeremy Stretch. I use it to document my networks (hardware inventory, subnets, physical connections, etc.), which provides my automation tasks a place to pull and push all sorts of information like management IPs, rack locations, power connections, network drops…the list goes on. In better words, your automation tools can ask Netbox what the state of your network is, and send it an update if that tool discovers something different. There are plenty of better places to discuss the benefits of a Souce of Truth, so just do the Googles for it.

My production instance is running Netbox 2.7.6, which is very old. The latest version of Netbox as of today is 3.3.7, so that should tell you how far behind we are. I’ve had mine running for over two years, and, in the meantime, the world has moved forward. If I update the server it’s running on (Ubuntu 20.04), then Netbox breaks. Yes, it’s so far behind Continue reading

3 ways to reach the cloud and keep loss and latency low

Adoption of public cloud IaaS platforms like AWS and Azure, and PaaS and SaaS solutions too, has been driven in part by the simplicity of consuming the services: connect securely over the public internet and start spinning up resources. But when it comes to communicating privately with those resources, there are challenges to address and choices to be made.The simplest option is to use the internet—preferably an internet VPN—to connect to the enterprise’s virtual private clouds (VPC) or their equivalent from company data centers, branches, or other clouds.However, using the internet can create problems for modern applications that depend on lots of network communications among different services and microservices. Or rather, the people using those applications can run into problems with performance, thanks to latency and packet loss.To read this article in full, please click here

Mashing Up CXL And OpenCAPI For Shared Disaggregated Memory

The industry is impatient for disaggregated and shared memory for a lot of reasons, and many system architects don’t want to wait until PCI-Express 6.0 or 7.0 transports are in the field and the CXL 3.0 and beyond protocols that ride on it to reach out to external memory have been tweaked to do proper sharing across servers.

Mashing Up CXL And OpenCAPI For Shared Disaggregated Memory was written by Timothy Prickett Morgan at The Next Platform.

Continuity is Not Recovery

It was a long weekend for me but it wasn’t quite as long as it could have been. The school district my son attends is in the middle of a ransomware attack. I got an email from them on Friday afternoon telling us to make sure that any district-owned assets are powered off until further notice to keep our home networks from being compromised. That’s pretty sound advice so we did it immediately.

I know that the folks working on the problem spent the whole weekend trying to clean it up and make sure there isn’t any chance of getting reinfected. However, I also wondered how that would impact school this week. The growing amount of coursework that happens online or is delivered via computer is large enough that going from that to a full stop of no devices is probably jarring. That got me to thinking once more about the difference between continuity and recovery

Keeping The Lights On

We talk about disaster recovery a lot. Backups of any kind are designed to get back what was lost. Whether it’s a natural disaster or a security incident you want to be able to recover things back to the way Continue reading

Adventures in Upgrading Netbox

I’ve been using Netbox for a while now, and, frankly, I can’t live without it. If you’ve never heard of it, it’s a Source of Truth for your network automation tasks started by Jeremy Stretch. I use it to document my networks (hardware inventory, subnets, physical connections, etc.), which provides my automation tasks a place to pull and push all sorts of information like management IPs, rack locations, power connections, network drops…the list goes on. In better words, your automation tools can ask Netbox what the state of your network is, and send it an update if that tool discovers something different. There are plenty of better places to discuss the benefits of a Souce of Truth, so just do the Googles for it.

My production instance is running Netbox 2.7.6, which is very old. The latest version of Netbox as of today is 3.3.7, so that should tell you how far behind we are. I’ve had mine running for over two years, and, in the meantime, the world has moved forward. If I update the server it’s running on (Ubuntu 20.04), then Netbox breaks. Yes, it’s so far behind Continue reading

Find and delete ServiceNow records en masse with the updated Ansible Content Collection

Have you ever had to query and remove a long list of ServiceNow records? Yeah, neither have I until recently. Nobody broke into my instance, and this isn't a one-time operation, I just happen to maintain an instance that we use to test our Red Hat Ansible Certified Content Collection for ServiceNow ITSM

To set up the environment, I use a demo system and another workflow to create a random user and then allow a learner to progress through some challenges using full Red Hat Ansible Automation Platform deployments and a shared ServiceNow instance. Because this is a real live instance, there's no telling what sort of records learners will create. For this reason, I recently had to develop some automation to clean up records created by these demo user accounts.

Although my use-case was to clean up demo user accounts, this could just as well have been a critical ServiceNow instance that had erroneous records that needed cleaning up. This Collection can be leveraged to create, update, modify, or delete just about anything on ServiceNow.

If you’re following along, make sure you install a version of the servicenow.itsm Collection equal to or greater than 2.0.0 Continue reading

Integer handling is broken

Floating point can be tricky. You can’t really check for equality, and with IEEE 754 you have a bunch of fun things like values of not a number, infinities, and positive and negative zero.

But integers are simple, right? Nope.

I’ll use “integers” to refer to all integer types. E.g. C’s int, unsigned int, gid_t, size_t, ssize_t, unsigned long long, and Java’s int, Integer, etc…

Let’s list some problems:

What’s wrong with casting?

Casting an integer from one type to another changes three things:

  1. The type in the language’s type system.
  2. Crops values that don’t fit.
  3. May change the semantic value, by changing sign.

The first is obvious, and is even safe for the language to do implicitly. Why even bother telling the human that a conversion was done?

But think about the other two for a minute. Is there any reason that you want your Continue reading

Weekend Reads 110422


The recent rise of HTTP request smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessible systems with a reverse proxy front-end… until now.


Eternity typically keeps its activities on the down low—in the Dark Web. Still, we sought to determine if LilithBot and Eternity also engaged in dealings on the Surface Web.


The Financial Conduct Authority, the UK’s financial services regulator, has begun discussions with the aim of understanding the impact of Big Tech on industry competition.


You really shouldn’t be trying to manage your own passwords when high-performance graphics cards featuring GPUs as powerful as Nvidia’s GeForce RTX 4090 could be in use by hackers.


The U.S. Federal Trade Commission enforcement action against Drizly demonstrates how the agency plans to give teeth to its new emphasis on data minimization.


In October 2020, the Global Privacy Control was created to allow consumers to exercise their privacy rights with the click of a mouse.


Finding new ways to collect information about a network and limit the meta-data exposed to others is a constant struggle we see in research as this data can be used for both Continue reading

Transit Gateway — a one-stop shop!

< MEDIUM: https://towardsaws.com/transit-gateway-a-one-stop-shop-e520d2f0afe3 >

I like Transit Gateway on so many levels, truly an NG service integrating many different points of ingress in a way with VPCs

Few important points to start with

  1. AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and on-premises networks to a single gateway.
  2. Transit Gateway is a hub that controls traffic routed among all the connected networks.
  3. Transit Gateway supports both IPv4 and IPv6 traffic.
  4. Transit Gateway is highly scalable and can support thousands of VPCs and on-premises networks.
  5. Transit Gateway uses route tables to determine how traffic is routed.
  6. Transit Gateway supports VPC peering and VPN connections.
  7. Transit Gateway can be used with AWS Direct Connect to create a private connection between an on-premises network and a VPN

Scenario 1 — Connect your VPCs

Interconnecting VPCs’s typically done through VPC-Peering, now while that is still valid you can easily interconnect VPCs through the transit gateway attachments feature, while VPC peering does only well VPC, transit gateway can connect VPCs, DX-Gateways and you can terminate IPSEC-VPN’s directly onto the transit gateway.

  • Routing tables are not auto-propagated, meaning you have to add static routes individually in Continue reading
1 370 371 372 373 374 3,805