The New Era of AI Centers

In 1984, Sun was famous for declaring, “The Network is the Computer.” Forty years later we are seeing this cycle come true again with the advent of AI. The collective nature of AI training models relies on a lossless, highly-available network to seamlessly connect every GPU in the cluster to one another and enable peak performance. Networks also connect trained AI models to end users and other systems in the data center such as storage, allowing the system to become more than the sum of its parts. As a result, data centers are evolving into new AI Centers where the networks become the epicenter of AI management.

Must Read: Make Two Trips

Tom Limoncelli wrote another must-read masterpiece: sometimes you’ll save time if you make two trips instead of one.

The same lesson applies to network design: cramming too many features into a single device will inevitably result in complex, hard-to-understand configurations and weird bugs. Sometimes, it’s cheaper to split the required functionality across multiple devices.

Container Security: Protect your data with Calico Egress Access Controls

23andMe is a popular genetics testing company, which was valued at $6B in 2021. Unfortunately, there was a massive data breach in December 2023, which caused a steep decline in the company’s value and trust, plummeting the company to a penny stock. While this breach was not directly related to Kubernetes, the same risks apply to containers running in your Kubernetes environments. If your containerized applications do not have the right egress access controls defined, chances of data exfiltration are much higher.

The basics

A typical modus operandi for threat actors is to look for vulnerabilities or misconfiguration in the environment and workloads, install malicious pods through privilege escalation techniques, and then exploit this unsecured pod to exfiltrate data.

Fig 1: Anatomy of a data exfiltration attack

An easy reconnaissance technique by just scanning the cluster network for public-facing workloads will be a first starting point for most attackers. Privilege escalation occurs mostly due to inconsistent or incorrect RBAC policies in Kubernetes through which unauthorized users can gain root privileges. Vulnerabilities in container images as part of the supply chain are also another attack path. All of these techniques will ultimately land on an exposed pod with a remote code Continue reading

Introducing NFA 24.05: SNMP Explorer Parameter Sets, TACACS+, Microsoft Teams support and more

The post Introducing NFA 24.05: SNMP Explorer Parameter Sets, TACACS+, Microsoft Teams support and more appeared first on Noction.

With Thor 2, Broadcom Wants To Become The AI Network Adapter

Aside from all of the buzz that optics get in datacenter networking, copper is still king of the short haul. …

With Thor 2, Broadcom Wants To Become The AI Network Adapter was written by Timothy Prickett Morgan at The Next Platform.

PP016: Tabletop Security Exercises: D&D for Grown-ups

Tabletop security exercises can help organizations game out their response to a security incident. From the technical and business considerations to legal and PR implications, a tabletop exercise, like Dungeons and Dragons, lets you play-test attack and defense scenarios. Johna Till Johnson, CEO of Nemertes consulting firm and co-host of the Heavy Strategy podcast, joins... Read more »

HW028: Highlights from Wi-Fi World Congress USA

A cardboard box with a circuit printed on it that harvests just enough power to activate a radio and have it chirp something out a short distance: that’s just one of the cool products and 802.11 standards that stood out at this year’s Wi-Fi World Congress USA. Drew Lentz joins the show to recap the... Read more »

On the ‘net: Grey Failures and the Law of Large Numbers

You’ve just finished building a 1,000 router fabric using a proper underlay and overlay. You’ve thought of everything, including doing it all with a single SKU, carefully choosing transceivers, using only the best optical cables, and running all the software through a rigorous testing cycle. Time to relax? Perhaps—or perhaps not.

Rule 11 Academy Update 052724

Three new posts this week:

coupon code for first six months for free: BEAG2DRUP0TORNSKUT

Heavy Strategy: Failure and Resilience

Welcome to a crossover episode with the Heavy Strategy podcast! Firing the wrong person, mistakenly rebooting core switches in a massive network, not passing the CCIE exam– today we talk all about failure. For this conversation, we’re joined by fellow Packet Pushers Kyler Middleton and Ned Bellavance, hosts of the Day Two Cloud podcast. We... Read more »

HS073: Failure and Resilience

Firing the wrong person, mistakenly rebooting core switches in a massive network, not passing the CCIE exam– today we talk all about failure. For this conversation, we’re joined by fellow Packet Pushers Kyler Middleton and Ned Bellavance, hosts of the Day Two Cloud podcast. We swap stories, discuss response and prevention, and talk about accountability,... Read more »

Subaru Drives Its EyeSight System Forward With AI Augmentation

Several years ago, Subaru set a goal to stop fatal accidents involving its cars in 2030 and is leaning heavily on AI to reach the target. …

Subaru Drives Its EyeSight System Forward With AI Augmentation was written by Jeffrey Burt at The Next Platform.

BGP Route Reflectors Considered Harmful

The recent IBGP Full Mesh Between EVPN Leaf Switches blog post generated an interesting discussion on LinkedIn focused on whether we need route reflectors (in small fabrics) and whether they do more harm than good. Here are some of the highlights of that discussion, together with a running commentary.

Please note that we’re talking about BGP route reflectors in reasonably small data center fabrics. Large service provider networks with millions of customer VPN routes are a completely different story. As always, what you read in a random blog post might not apply to your network design. YMMV.

Calling Time on DNSSEC

Through the lack of clear signals of general adoption of DNSSEC over three decades, then is it time to acknowledge that DNSSEC is just not going anywhere? Is it time to call it a day for DNSSEC and just move on?

NB480: New Dell Switch Targets Ethernet AI Fabrics; Nvidia Net Income Leaps 628%

Take a Network Break! Lots of hardware news in today’s episode. We start with a new data center Ethernet switch from Dell designed to accelerate workloads on AI Ethernet fabrics. Public cloud networking startup Alkira raises $100 million in funding. Broadcom announces a 400G NIC that targets AI workloads, and Allegro Packets announces a 400G... Read more »

Reclaiming IPv4 Class E’s 240.0.0.0/4

A video recording of

My Network Lab is a Text File

Yes, you read that right. My Network Lab is indeed a text file (YAML file to be more specific). I can share the file with anyone, put it into version control, and never worry about re-creating the lab manually. No more clicking through the GUI and connecting interfaces. How is that even possible? You must be thinking this is clickbait right? Well, I'm talking about using Containerlab to create and manage your network topologies and labs.

My Life Before Containerlab

I started my networking journey with Packet Tracer, then moved on to GNS3. Most of the time, I've used EVE-NG and some Cisco CML. EVE-NG is a great tool, and I still use it for building complex, large topologies with Cisco ISE, multiple firewalls, Active Directory, etc. But when it comes to labbing up pure networking protocols like BGP, OSPF, STP, or even simple IP routing, I needed something very simple that is easy to deploy and manage.

That's when I came across Containerlab which is a Lab-as-a-code tool that helps you set up and manage your network labs easily. Instead of dealing with complex setups and configurations, containerlab simplifies everything for you. Containerlab provides a command-line interface (CLI) that Continue reading

Testing Device Configuration Templates

Many network automation solutions generate device configurations from a data model and deploy those configurations. Last week, we focused on “how do we know the device data model is correct?” This time, we’ll take a step further and ask ourselves, “how do we know the device configurations work as expected?”

There are four (increasingly complex) questions our tests should answer:

Lagrange

GeoGebra Interactive Graph

Case Study: NAT64

Introduction

Front

IPng’s network is built up in two main layers, (1) an MPLS transport layer, which is disconnected from the Internet, and (2) a VPP overlay, which carries the Internet. I created a BGP Free core transport network, which uses MPLS switches from a company called Centec. These switches offer IPv4, IPv6, VxLAN, GENEVE and GRE all in silicon, are very cheap on power and relatively affordable per port.

Centec switches allow for a modest but not huge amount of routes in the hardware forwarding tables. I loadtested them in [a previous article] at line rate (well, at least 8x10G at 64b packets and around 110Mpps), and they forward IPv4, IPv6 and MPLS traffic effortlessly, at 45 watts.

I wrote more about the Centec switches in [my review] of them back in 2022.

IPng Site Local

IPng SL

I leverage this internal transport network for more than just MPLS. The transport switches are perfectly capable of line rate (at 100G+) IPv4 and IPv6 forwarding as well. When designing IPng Site Local, I created a number plan that assigns IPv4 from the 198.19.0.0/16 prefix, and IPv6 from the 2001:678:d78:500::/56 prefix. Within these, I allocate blocks for Continue reading

« Previous 1 … 42 43 44 45 46 … 3,698 Next »