Advizex: Automating Security Audits & Remediation with Gluware: LiveStream June 28, 2022 (2/7) – Video

Advizex, a reseller and Gluware customer, discusses how it uses Gluware for security audits and remediation with its clients. This includes network and device discovery, addressing configuration drift, and managing multiple vendors using the Gluware platform. Packet Pushers host Greg Ferro is joined by Michael Burns, Network Architect at Advizex to discuss real-world use cases. […]

The post Advizex: Automating Security Audits & Remediation with Gluware: LiveStream June 28, 2022 (2/7) – Video appeared first on Packet Pushers.

Ansible For Network Automation Lesson 6: Ansible Vault And Loops – Video

In this lesson on using Ansible for network automation, Josh VanDeraa looks at how to get started with Ansible Vault, re-using tasks in multiple playbooks with include_tasks, and leveraging loops in your playbooks. Josh has created a GitHub repo to store additional material, including links and documentation: https://github.com/jvanderaa/AnsibleForNetworkAutomation You can subscribe to the Packet Pushers’ […]

The post Ansible For Network Automation Lesson 6: Ansible Vault And Loops – Video appeared first on Packet Pushers.

Heavy Networking 638: Don’t Block DNS Over TCP

DNS is our subject on today's Heavy Networking. More specifically, DNS transport over TCP. We talk with John Kristoff, one of the forces behind RFC9210, which covers the operational requirements for DNS transport over TCP. This is not an esoteric document covering a tiny, nuanced DNS use case. Instead this doc will likely affect most of you listening, whether you’re a network operator or a name server operator. We talk with John about the implications of this RFC.

Heavy Networking 638: Don’t Block DNS Over TCP

DNS is our subject on today's Heavy Networking. More specifically, DNS transport over TCP. We talk with John Kristoff, one of the forces behind RFC9210, which covers the operational requirements for DNS transport over TCP. This is not an esoteric document covering a tiny, nuanced DNS use case. Instead this doc will likely affect most of you listening, whether you’re a network operator or a name server operator. We talk with John about the implications of this RFC.

The post Heavy Networking 638: Don’t Block DNS Over TCP appeared first on Packet Pushers.

Mobile Edge Computing: Lightning Speed from Factory to Personal Devices

It seems like we’ve been hearing about 5G for years now, and how when it’s here, it will revolutionize connectivity as we know it. Steve Dalby Steve is a director in the MongoDB Industry Solutions team, where he focuses on how MongoDB technology can be leveraged to solve challenges faced by organizations working in the telecommunications industry. Prior to this role, Steve held numerous leadership roles with MongoDB’s professional services team in EMEA. Well, 5G is here, but beyond faster or more reliable cell service, few companies have begun to tap into the potential 5G holds for both business-to-business and business-to-consumer innovation. In fact, this potential extends beyond the telecommunications industry into nearly all sectors that rely on connectivity, like the manufacturing, automotive and even agricultural industries, among others. By using the power of 5G networks and pairing that with intelligent software, enterprises can embrace the next generation of industry by launching IoT solutions and enabling enhanced data collection at the edge. This article will explore key questions around the slow move toward 5G innovation and how mobile edge computing can accelerate the push to near-instantaneous network connectivity. What’s Standing in the Way of Innovation? When COVID-19 hit, numerous companies Continue reading

Setting Up Public-Private Keys For SSH Authentication

This post originally appeared on the Packet Pushers’ Ignition site on February 18, 2020.   The more pedantic in the tech community argue about the merits of public-private key authentication vs. simple password authentication when logging into an SSH host. I have no strong opinion regarding your security posture when using one vs. the other. […]

The post Setting Up Public-Private Keys For SSH Authentication appeared first on Packet Pushers.

Working in public — our docs-as-code approach

Working in public — our docs-as-code approach
Working in public — our docs-as-code approach

Docs-as-code is an approach to writing and publishing documentation with the same tools and processes developers use to create code. This philosophy has become more popular in recent years, especially in tech companies. Automatic link checking is part of this process, which ensures that writer's changes are sound and safe to deploy. By setting the stage with a docs-as-code approach, technical writers can focus on what they do best: ensure that our readers get useful and accurate information that is easy to find, and our documentation speaks a single language.

Besides following a docs-as-code approach, at Cloudflare we handle our documentation changes in public, in our cloudflare-docs GitHub repository. Having our documentation open to external contributions has helped us improve our documentation over time — our community is great at finding issues! While we need to review these contributions and ensure that they fit our style guide and content strategy, the contributions provided by the Cloudflare community have been instrumental in making our documentation better every day. While Cloudflare helps build a better Internet, our community helps build better documentation.

Docs-as-code at Cloudflare

At Cloudflare, we follow a docs-as-code approach to create and publish product documentation in Developer Docs.

Such Continue reading

Are you doing enough to secure your network infrastructure?

It’s time to take a hard look at whether you’re devoting enough resources to securing your network infrastructure. Short answer: You’re probably not.If you work for a hyperscaler, your organization is probably doing everything it can to secure the network. For almost everyone else, it is pretty safe to assume that the answer is no.This is not necessarily a blameworthy failing. In many cases it is down to available resources and perceived risk: Given too little money for cybersecurity and too little time from too few people to tackle all possible risks in the network, what should network cybersecurity staff focus on? They tend to focus less on the inward-facing aspects of their networks and more on explicitly outward-facing pieces.To read this article in full, please click here

Are you doing enough to secure your network infrastructure?

It’s time to take a hard look at whether you’re devoting enough resources to securing your network infrastructure. Short answer: You’re probably not.If you work for a hyperscaler, your organization is probably doing everything it can to secure the network. For almost everyone else, it is pretty safe to assume that the answer is no.This is not necessarily a blameworthy failing. In many cases it is down to available resources and perceived risk: Given too little money for cybersecurity and too little time from too few people to tackle all possible risks in the network, what should network cybersecurity staff focus on? They tend to focus less on the inward-facing aspects of their networks and more on explicitly outward-facing pieces.To read this article in full, please click here

Are you doing enough to secure your network infrastructure?

It’s time to take a hard look at whether you’re devoting enough resources to securing your network infrastructure. Short answer: You’re probably not.If you work for a hyperscaler, your organization is probably doing everything it can to secure the network. For almost everyone else, it is pretty safe to assume that the answer is no.This is not necessarily a blameworthy failing. In many cases it is down to available resources and perceived risk: Given too little money for cybersecurity and too little time from too few people to tackle all possible risks in the network, what should network cybersecurity staff focus on? They tend to focus less on the inward-facing aspects of their networks and more on explicitly outward-facing pieces.To read this article in full, please click here

Worth Exploring: Akvorado Flow Collector and Visualizer

The results you can get when you know how to apply proper glue to a bunch of open-source tools never cease to amaze me. The latest entrant in that category: Akvorado, a Netflow/IPFIX collector and analyzer by Vincent Bernat.

Some of the sample graphs (shown in the GitHub repo) are not far off from those that knocked our socks off during the first Kentik Networking Field Day presentation. Definitely a tool worth exploring ;)

Worth Exploring: Akvorado Flow Collector and Visualizer

The results you can get when you know how to apply proper glue to a bunch of open-source tools never cease to amaze me. The latest entrant in that category: Akvorado, a Netflow/IPFIX collector and analyzer by Vincent Bernat.

Some of the sample graphs (shown in the GitHub repo) are not far off from those that knocked our socks off during the first Kentik Networking Field Day presentation. Definitely a tool worth exploring ;)

Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes

On today's Kubernetes Unpacked podcast we explore tradeoffs that come with using Terraform to manage Kubernetes. My guest is Luke Orellana, an SRE who uses Kubernetes. He's also a HashiCorp Ambassador. We also discuss differences between managing VMs and Kubernetes, Kubernetes benefits including self-healing, and downsides such as dealing with the complexity that comes from containers and microservices.

Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes

On today's Kubernetes Unpacked podcast we explore tradeoffs that come with using Terraform to manage Kubernetes. My guest is Luke Orellana, an SRE who uses Kubernetes. He's also a HashiCorp Ambassador. We also discuss differences between managing VMs and Kubernetes, Kubernetes benefits including self-healing, and downsides such as dealing with the complexity that comes from containers and microservices.

The post Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes appeared first on Packet Pushers.

Marketing Docs Are Not Written For Engineers

When reading marketing literature as an engineer, you must always be careful to parse the words correctly. For example, I was reviewing a vendor’s pitch deck on a new hardware switch. The switch was described as having the following attributes.

  • Cloud-native
  • AI-driven
  • Secure
  • Next-generation

From an engineering perspective, nothing of value has been described to you in that list.

I have no idea what they are trying to get at with cloud-native. I can think of no greater antithesis to “cloud-native” than a chunk of hardware you bolt into a rack to do network things. Someone on Twitter suggested that because the switch supports ZTP, it’s cloud-native…which, if so, is comedy gold.

AI-driven means…what, exactly? That there is some AI on the switch itself doing data analysis and changing the network configuration in response to whatever the algorithm thinks is best? It could mean that, although then we’d have to discuss what’s meant by AI, whether or not the “AI” is happening off- or on-box, and why that’s different from software-defined.

Secure is a word you sprinkle over every technology product. Because of course it’s secure. But again, what does secure mean in this context? That the switch was built Continue reading

Transit VPC — AWS — Advanced Networking

What is Transit Gateway in AWS used for ?
a. Interconnect One or more VPC's eliminating need for full mesh 
b. customer gateway in only one region
c. Enhanced NAT gateway 
d. Can be used to Connect SD-Wan with VPC's Answer is at the end of the post, feel free to skip it, I just did not want to make a spoiler residing just below the question

The post from transitive routing in AWS had a few different solutions at the end, the one which is most efficient and future-proof would be transit-gateway implementation for inter-VPC communication without needing a full mesh.

https://raaki-88.medium.com/transitive-routing-aws-advanced-networking-984ca492d2d7

We will first explore an example and then come back to some of the concepts

Consider below VPCs, by default, there is no VPC peering and if we want to achieve connectivity we need to do n*(n-1)/2 number of peerings, this will quickly get out of hand as the VPCs increase.

The easiest way to achieve connectivity will be in 3 steps

  1. Create transit gateway
  2. Attach all the VPCs as attachments in the Transit gateway
  3. Most Importantly, create a route in the sub-net table for the destination sub-net via Transit gateway else connectivity will never work.

Continue reading

How the James Webb Telescope’s cosmic pictures impacted the Internet

How the James Webb Telescope's cosmic pictures impacted the Internet
The James Webb Telescope reveals emerging stellar nurseries and individual stars in the Carina Nebula that were previously obscured. Credits: NASA, ESA, CSA, and STScI. Full image here.
“Somewhere, something incredible is waiting to be known.” Carl Sagan
How the James Webb Telescope's cosmic pictures impacted the Internet

In the past few years, space technology and travel have been trending with increased  attention and endeavors (including private ones). In our 2021 Year in Review we showed how NASA and SpaceX flew higher, at least in terms of interest on the Internet.

This week, NASA in collaboration with the European Space Agency (ESA) and the Canadian Space Agency (CSA), released the first images from the James Webb Telescope (JWST) which conducts infrared astronomy to “reveal the unseen universe”.

How the James Webb Telescope's cosmic pictures impacted the Internet
Webb's First Deep Field is the first operational image taken by the James Webb Space Telescope, depicting a galaxy cluster with a distance of 5.12 billion light-years from Earth. Revealed to the public on 11 July 2022. Credits: NASA, ESA, CSA, and STScI. Full image here.

So, let’s dig into something we really like here at Cloudflare, checking how real life and human interest has an impact on the Internet. In terms of general Continue reading

Transitive Routing — AWS — Advanced Networking

Before understanding the way AWS does transitive routing, let us try to wrap our head on transitive property in mathematics

What is Transitive Property?A property is called transitive property, if x, y and z 
are the three quantities, and if x is related to y by some rule, 
and y is related to z by the same rule, then we can say x is related to z by the same rule.

Alright, now let’s look at the following scenario

So Connectivity from VPC3-VPC1 would work just fine, VPC2-VPC1 will also work just fine while VPC2-VPC3/VPC3-VPC2 via VPC1 will never work in AWS, this is the first thing that we should remember.

I see only downsides! — well not everything is lost in this case, there are security benefits as well, large part of it plays a role in IP Address spoofing. Imagine someone is trying to send a packet to your VPC, check to make sure that the instance won’t accept the packet as that is not locally configured and also instance cannot send any of the packets with any source IP as well, that is one of the preliminary reasons why Source and Destination checks are turned off.

Continue reading

1 435 436 437 438 439 3,807