VXLAN-to-VXLAN Bridging in DCI Environments
Almost exactly a decade ago I wrote that VXLAN isn’t a data center interconnect technology. That’s still true, but you can make it a bit better with EVPN – at the very minimum you’ll get an ARP proxy and anycast gateway. Even this combo does not address the other requirements I listed a decade ago, but maybe I’m too demanding and good enough works well enough.
However, there is one other bit that was missing from most VXLAN implementations: LAN-to-WAN VXLAN-to-VXLAN bridging. Sounds weird? Supposedly a picture is worth a thousand words, so here we go.
VXLAN-to-VXLAN Bridging in DCI Environments
Almost exactly a decade ago I wrote that VXLAN isn’t a data center interconnect technology. That’s still true, but you can make it a bit better with EVPN – at the very minimum you’ll get an ARP proxy and anycast gateway. Even this combo does not address the other requirements I listed a decade ago, but maybe I’m too demanding and good enough works well enough.
However, there is one other bit that was missing from most VXLAN implementations: LAN-to-WAN VXLAN-to-VXLAN bridging. Sounds weird? Supposedly a picture is worth a thousand words, so here we go.
Tech Bytes: Fortinet Firewall Integrates SD-WAN, ZTNA, LAN Controller (Sponsored)
The Tech Bytes podcast welcomes Fortinet to to discuss the universal nature of Fortinet hardware and software. The same FortiGate NGFW appliance includes networking capabilities including a router, SD-WAN, ZTNA, and a LAN controller.Tech Bytes: Fortinet Firewall Integrates SD-WAN, ZTNA, LAN Controller (Sponsored)
The Tech Bytes podcast welcomes Fortinet to to discuss the universal nature of Fortinet hardware and software. The same FortiGate NGFW appliance includes networking capabilities including a router, SD-WAN, ZTNA, and a LAN controller.
The post Tech Bytes: Fortinet Firewall Integrates SD-WAN, ZTNA, LAN Controller (Sponsored) appeared first on Packet Pushers.
IEEE Conference on Network Softwarization
I’m moderating a panel at the upcoming IEEE Conference on Network Softwarization. This is one of the various “good sources” out there for understanding what might be coming in the future for computer networks. The conference is hybrid, so you can register and watch the sessions live from the comfort of your home (or office).
I’m moderating the distinguished experts panel on the afternoon of the 30th.
How the Internet Really Works
Gentle reminder that I’m teaching a three-hour webinar on Safari Books this coming Friday on Internet operations. The course is roughly divided into three parts.
The first part covers DNS operations, including a high-level overview of how DNS works and some thoughts on how DNS providers “work” financially. The second part is a high-level overview of packet transport, focusing on routing, the different kinds of providers, and how each of of the different kinds of providers “work” financially. The third part is a collection of other odds and ends.
Anyone who registers is able to watch a recorded version of the training afterwords.
I’m teaching part 2 next month, which I call Navigating the DFZ.
Nashville Professional Women’s Networking Meetups
Nashville is home to a vibrant professional women’s networking scene. There are meetups for women in a variety of industries, including tech, healthcare, and entrepreneurship. These meetups provide a great opportunity for women to connect with others in their field, share resources and best practices, and build relationships. In addition to networking, these meetups often feature guest speakers, workshops, and other events that can help professional women further their careers. Whether you’re new to town or looking to expand your network, attending a professional women’s networking meetup is a great way to connect with like-minded women in Nashville.
Popular Women’s Networking Meetups in Nashville
Women in Technology Nashville
A women’s business networking organization with a mission to connect, inspire, and empower women in the tech industry. WiTT hosts monthly events featuring guest speakers, workshops, and networking opportunities. Attendees can expect to gain valuable insights from women leaders in the tech industry, learn about new technology trends, and build meaningful connections with other women in the field. WiTT also offers membership levels for individuals and corporate partners, providing access to exclusive resources and benefits. Whether you’re looking to learn more about technology or connect with like-minded women in the industry, women Continue reading
Network Break 387: Cisco Goes All-In On Cloud; Covid And Tech Conferences
Today's Network Break podcast surfs a tidal wave of announcements from Cisco Live 2022, discusses Juniper Networks calling an end to several routers, and looks at the potential impact of Covid and in-person tech events.Can Private Wireless Finally Bridge the Digital Divide?
Communities across the country are actively exploring private wireless based on CBRS as a way to bridge the digital divide.Bring your own license and threat feeds to use with Cloudflare One
At Cloudflare, we strive to make our customers’ lives simpler by building products that solve their problems, are extremely easy to use, and integrate well with their existing tech stack. Another element of ensuring that we fit well with existing deployments is integrating seamlessly with additional solutions that customers subscribe to, and making sure those solutions work collaboratively together to solve a pain point.
Today, we are announcing new integrations that enable our customers to integrate third-party threat intel data with the rich threat intelligence from Cloudflare One products — all within the Cloudflare dashboard. We are releasing this feature in partnership with Mandiant, Recorded Future, and VirusTotal, and will be adding new partners in the coming months.
Customers of these threat intel partners can upload their API keys to the Cloudflare Security Center to enable the use of additional threat data to create rules within Cloudflare One products such as Gateway and Magic Firewall, and infrastructure security products including the Web Application Firewall and API Gateway. Additionally, search results from Security Center’s threat investigations portal will also be automatically enriched with licensed data.
Entering your API keys
Customers will be able to enter their keys by navigating to Security Continue reading
Launching In-Line Data Loss Prevention
Data Loss Prevention (DLP) enables you to protect your data based on its characteristics — or what it is. Today, we are very excited to announce that Data Loss Prevention is arriving as a native part of the Cloudflare One platform. If you’re interested in early access, please see the bottom of this post!
In the process of building Cloudflare One's DLP solution, we talked to customers of all sizes and across dozens of industries. We focused on learning about their experiences, what products they are using, and what solutions they lack. The answers revealed significant customer challenges and frustrations. We are excited to deliver a product to put those problems in the past — and to do so as part of a comprehensive Zero Trust solution.
Customers are struggling to understand their data flow
Some customers have been using DLP solutions in their organizations for many years. They have deployed endpoint agents, crafted custom rulesets, and created incident response pipelines. Some built homemade tools to trace credit card numbers on the corporate network or rulesets to track hundreds of thousands of exact data match hashes.
Meanwhile, other customers are brand new to the space. They have small, scrappy teams Continue reading
Area 1 threat indicators now available in Cloudflare Zero Trust
Over the last several years, both Area 1 and Cloudflare built pipelines for ingesting threat indicator data, for use within our products. During the acquisition process we compared notes, and we discovered that the overlap of indicators between our two respective systems was smaller than we expected. This presented us with an opportunity: as one of our first tasks in bringing the two companies together, we have started bringing Area 1’s threat indicator data into the Cloudflare suite of products. This means that all the products today that use indicator data from Cloudflare’s own pipeline now get the benefit of Area 1’s data, too.
Area 1 built a data pipeline focused on identifying new and active phishing threats, which now supplements the Phishing category available today in Gateway. If you have a policy that references this category, you’re already benefiting from this additional threat coverage.
How Cloudflare identifies potential phishing threats
Cloudflare is able to combine the data, procedures and techniques developed independently by both the Cloudflare team and the Area 1 team prior to acquisition. Customers are able to benefit from the work of both teams across the suite of Cloudflare products.
Cloudflare curates a set of data feeds Continue reading
How to replace your email gateway with Cloudflare Area 1
Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware. It’s likely true that they have spent considerable time, money, and staffing on their Secure Email Gateway (SEG) to stop phishing, malware, and other email-borne threats. Despite this, it’s also true that email continues to be the most frequent source of Internet threats, with Deloitte research finding that 91% of all cyber attacks begin with phishing.
If anti-phishing and SEG services have both been around for so long, why do so many phish still get through? If you’re sympathetic to Occam’s razor, it’s because the SEG was not designed to protect the email environments of today, nor is it effective at reliably stopping today’s phishing attacks.
But if you need a stronger case than Occam delivers — then keep on reading.
Why the world has moved past the SEG
The most prominent change within the email market is also what makes a traditional SEG redundant – the move to cloud-native email services. More than 85% of organizations are expected Continue reading
Scaling Automation Controller for API Driven Workloads
When scaling automation controller in an enterprise organization, administrators are faced with more clients automating their interactions with its REST API. As with any web application, automation controller has a finite capacity to serve web requests, and web clients can experience degraded service if that capacity is met or superseded.
In this blog, we will explore methods to:
- Increase the number of web requests an Red Hat Ansible Automation Platform cluster can serve.
- Implement best practices on the client side to reduce the load on the automation controller API to improve performance and uptime.
We will use automation controller 4.2 in our examples, but many of the best practices and solutions described in this blog apply to most versions, including Ansible Tower 3.8.z.
Use cases that cause high-volume API requests
In this section, we will outline some of the use cases that can drive a high volume of API requests. In the recommendations section, we will address options to improve the quality of service at the client, load balancer, and controller levels.
External inventory management
In some use cases, organizations maintain their inventory in an external system. This practice can lead to a pattern Continue reading
Introducing browser isolation for email links to stop modern phishing threats
This post is also available in 简体中文, 日本語 and Español.
There is an implicit and unearned trust we place in our email communications. This realization — that an organization can't truly have a Zero Trust security posture without including email — was the driving force behind Cloudflare’s acquisition of Area 1 Security earlier this year. Today, we have taken our first step in this exciting journey of integrating Cloudflare Area 1 email security into our broader Cloudflare One platform. Cloudflare Secure Web Gateway customers can soon enable Remote Browser Isolation (RBI) for email links, giving them an unmatched level of protection from modern multi-channel email-based attacks.
Research from Cloudflare Area 1 found that nearly 10% of all observed malicious attacks involved credential harvesters, highlighting that victim identity is what threat actors usually seek. While commodity phishing attacks are blocked by existing security controls, modern attacks and payloads don’t have a set pattern that can reliably be matched with a block or quarantine rule. Additionally, with the growth of multi-channel phishing attacks, an effective email security solution needs the ability to detect blended campaigns spanning email and Web delivery, as well as deferred campaigns that are benign at delivery time, Continue reading