AWS IPSEC Site-to-Site VPN

Notes

https://meteor-honeycup-16b.notion.site/Site-to-Site-VPN-144441a6ac0b4e39a514adc67a8348d5 — This will be updated frequently and has the entire notes on the topics

Intro

  • VPN — Virtual Private Network, often used to communicate securely over untrusted networks like the internet.
  • IPSEC is the protocol which is used for securing the data. Some other tunnelling protocols and frameworks are GRE, DMVPN, Wireguard etc
  • Two types of VPNs — Site-to-Site other is Client-to-site /Remote Access VPN, this lab will be a site-to-site VPN.
  • Site-to-Site, as the name suggests usually connects two sites and a Site is typically referred to as a group of devices in a Data-Center. Site-to-Site will enable two sites separated from the internet to communicate privately and securely over the internet.

Site-to-Site

  • Think along the lines of two boundary devices which encrypt and decrypt LAN traffic
  • Design Redundancy and Scalability along these lines for these two end-points
  • It is important to note that you can have VPN to access any services within your VPC as VPC can be visualised as a virtual Data-Center and thus you can not have a VPN for a service like S3 which is a public offering and can be reached via the Internet

Let’s imagine you have built your Continue reading

Intelligence and Wisdom

I spent the last week at the Philmont Leadership Challenge in beautiful Cimarron, NM. I had the chance to learn a bit more about servant leadership and work on my outdoor skills a little. I also had some time to reflect on an interesting question posed to me by one of the members of my crew.

He asked me, “You seem wise. How did you get so wise?” This caught me flat-flooted for a moment because I’d never really considered myself to be a very wise person. Experienced perhaps but not wise like Yoda or Gandalf. So I answered him as I thought more about it.

Intelligence is knowing what to do. Wisdom is knowing what not to do.

The more I thought about that quote the more I realized the importance of the distinction.

Basic Botany

There’s another saying that people tweeted back at me when I shared the above quote. It’s used in the context of describing Intelligence and Wisdom for Dungeons and Dragons roleplaying:

Intelligence is knowing that a tomato is a fruit. Wisdom is not putting tomatoes in a fruit salad.

It’s silly and funny but it gets right to the point and is a Continue reading

Shortages force network vendors into creative product redesigns

Supply chain problems have triggered most major networking players such as Cisco, Juniper, Arista, and others to redesign or re-engineer some products in an attempt to overcome component shortages and deliver products to customers.Lead times for some routers, switches and other gear is already delayed well beyond six months. Retooling to get hardware out the door can add is own delay and put additional pressure on engineers looking to reshape things like power supplies and board-level features without causing major problems themselves.To read this article in full, please click here

The first Zero Trust SIM

The first Zero Trust SIM

This post is also available in Deutsch, Français and Español.

The first Zero Trust SIM

The humble cell phone is now a critical tool in the modern workplace; even more so as the modern workplace has shifted out of the office. Given the billions of mobile devices on the planet — they now outnumber PCs by an order of magnitude — it should come as no surprise that they have become the threat vector of choice for those attempting to break through corporate defenses.

The problem you face in defending against such attacks is that for most Zero Trust solutions, mobile is often a second-class citizen. Those solutions are typically hard to install and manage. And they only work at the software layer, such as with WARP, the mobile (and desktop) apps that connect devices directly into our Zero Trust network. And all this is before you add in the further complication of Bring Your Own Device (BYOD) that more employees are using — you’re trying to deploy Zero Trust on a device that doesn’t belong to the company.

It’s a tricky — and increasingly critical — problem to solve. But it’s also a problem which we think we can help with.

What Continue reading

Bringing Zero Trust to mobile network operators

Bringing Zero Trust to mobile network operators
Bringing Zero Trust to mobile network operators

At Cloudflare, we’re excited about the quickly-approaching 5G future. Increasingly, we’ll have access to high throughput and low-latency wireless networks wherever we are. It will make the Internet feel instantaneous, and we’ll find new uses for this connectivity such as sensors that will help us be more productive and energy-efficient. However, this type of connectivity doesn’t have to come at the expense of security, a concern raised in this recent Wired article. Today we’re announcing the creation of a new partnership program for mobile networks—Zero Trust for Mobile Operators—to jointly solve the biggest security and performance challenges.

SASE for Mobile Networks

Every network is different, and the key to managing the complicated security environment of an enterprise network is having lots of tools in the toolbox. Most of these functions fall under the industry buzzword SASE, which stands for Secure Access Service Edge. Cloudflare’s SASE product is Cloudflare One, and it’s a comprehensive platform for network operators.  It includes:

  • Magic WAN, which offers secure Network-as-a-Service (NaaS) connectivity for your data centers, branch offices and cloud VPCs and integrates with your legacy MPLS networks
  • Cloudflare Access, which is a Zero Trust Network Access (ZTNA) service requiring strict verification for every Continue reading

Securing the Internet of Things

Securing the Internet of Things
Securing the Internet of Things

It’s hard to imagine life without our smartphones. Whereas computers were mostly fixed and often shared, smartphones meant that every individual on the planet became a permanent, mobile node on the Internet — with some 6.5B smartphones on the planet today.

While that represents an explosion of devices on the Internet, it will be dwarfed by the next stage of the Internet’s evolution: connecting devices to give them intelligence. Already, Internet of Things (IoT) devices represent somewhere in the order of double the number of smartphones connected to the Internet today — and unlike smartphones, this number is expected to continue to grow tremendously, since they aren’t bound to the number of humans that can carry them.

But the exponential growth in devices has brought with it an explosion in risk. We’ve been defending against DDoS attacks from Internet of Things (IoT) driven botnets like Mirai and Meris for years now. They keep growing, because securing IoT devices still remains challenging, and manufacturers are often not incentivized to secure them. This has driven NIST (the U.S. National Institute of Standards and Technology) to actively define requirements to address the (lack of) IoT device security, and the EU Continue reading

Migrate to Azure Monitor Agent on Azure Arc using Red Hat Ansible Automation Platform

azure arc blog

Azure Arc is becoming the default Microsoft Azure service for connecting non-Azure infrastructure into Azure monitoring and administration.  Azure has also issued a deprecation notice for the Azure Log Analytics Agents; Microsoft Monitoring Agent and Log Analytics (OMS).  Azure Monitor Agent replaces these agents, introducing a simplified, flexible method of configuring collection configuration called Data Collection Rules. To leverage Azure Monitor Agent with their non-Azure servers, customers will need to onboard their machines to Azure Arc-enabled servers. 

This article covers how to use Red Hat Ansible Automation Platform to migrate servers that are currently using Azure Log Analytics Agent to Azure Monitor Agent on Azure Arc using Ansible Automation Platform.  When you have completed the configuration in this blog, you will be able to run a workflow against an automation controller inventory that performs the following tasks:

  1. Ensures that the Azure Arc agent is installed on each machine.  In cases where the agent is not installed, then it will be installed.
  2. Enable the Azure Monitor Agent on Arc enabled machines.
  3. Disable the Log Analytics Agent.
  4. Uninstall the Log Analytics Agent.

Since the example workflow in this blog post is modular, you may also implement the Continue reading

Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks

This week's Network Break podcast covers a startup backed by ex-Cisco CEO John Chambers, US federal agencies wanting service providers to get serious about BGP security, SASE growing 30% in a quarter, a thriving floppy disk business, and more IT news.

The post Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks appeared first on Packet Pushers.

Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored)

Today on the Tech Bytes podcast we talk with sponsor Palo Alto Networks about the latest AI Ops features for SD-WAN. AI Ops analyzes network data and then recommends fixes for probems, a capability that's becoming increasingly necessary as network complexity grows to encompass underlays, overlays, on and off-prem cloud destinations, remote working, and more.

The post Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored) appeared first on Packet Pushers.

Fragmentation

One of the discussion topics at the recent ICANN 75 meeting was an old favourite of mine, namely the topic of Internet Fragmentation. Here, I’d like to explore this topic in a little more detail and look behinds the kneejerk response of declaiming fragmentation as bad under any and all circumstances. Perhaps there are more subtleties in this topic than simple judgements of good or bad.

Kubernetes 002. Scaling Out Cluster and Turning It in Highly Available One

Hello my friend,

As mentioned in the previous blogpost, we continue looking into Kubernetes. In the previous blogpost we have built a simple cluster consisting of one control plane node, which is the one ruling the cluster, and two worker nodes, which are the ones hosting the customers’ workloads. Today we will add a few more nodes, both workers and control plane, to the cluster to convert it into a high available one.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Are You Still Teaching Network Automation?

We absolutely are. One of the important things we have figured out is that automation is for sure the cross-platform technology. Therefore, whatever area you are coming from or heading two (networking, system administration, or cloud engineering), knowledge of automation frameworks and components, such as Ansible, Bash, Python, YAML, JSON, REST API, GRPC/GNMI is very beneficial and, in fact, is almost mandatory these days.

And in our Network Automation Trainings we have put it together in Continue reading

Cloudflare’s 2022 Annual Founders’ Letter

Cloudflare’s 2022 Annual Founders’ Letter
Cloudflare’s 2022 Annual Founders’ Letter

Cloudflare launched on September 27, 2010. This week we'll celebrate our 12th birthday. As has become our tradition, we'll be announcing a series of products that we think of as our gifts back to the Internet. In previous years, these have included products and initiatives like Universal SSL, Cloudflare Workers, our Zero Markup Registrar, the Bandwidth Alliance, and R2 our zero egress fee object store — which went GA last week.

We're really excited for what we'll be announcing this year and hope to surprise and delight all of you over the course of the week with the products and features we believe live up to our mission of helping build a better Internet.

Cloudflare’s 2022 Annual Founders’ Letter

Founders' letter

While this will be our 12th Birthday Week of product announcements, for the last two years, as the cofounders of the company, we've also taken this time as an opportunity to write a letter publicly reflecting on the previous year and what's on our minds as we go into the year ahead.

Since our last birthday, it's been a tale of two halves of a very different year. At the end of 2021 and into the first two months Continue reading

1 459 460 461 462 463 3,870