What is Ethernet?

Ethernet is one of the original networking technologies, having been invented nearly 50 years ago. And yet, because of the simplicity by which the communications protocol can be deployed and its ability to incorporate modern advancements without losing backwards compatibility, Ethernet continues to reign as the de facto standard for computer networking.At its core, Ethernet is a protocol that allows computers (from servers to laptops) to talk to each other over wired networks that use devices like routers, switches and hubs to direct traffic. Ethernet works seamlessly with wireless protocols, too.Its ability to work within almost any environment has led to its universal adoption around the world. This is especially true because it allows organizations to use the same Ethernet protocol in their local area network (LAN) and their wide-area network (WAN). That means that it works well in data centers, in private or internal company networks, for internet applications and almost anything in between. It can even support the most complex forms of networking, like virtual private networks (VPNs) and software-defined networking deployments.To read this article in full, please click here

How SASE uses AI

Secure access service edge, or SASE, combines networking and security into a cloud-based service, and it’s growing fast. According to Gartner projections, enterprise spending on SASE will hit almost $7 billion this year, up from under $5 billion in 2021. Gartner also predicts that more than 50% of organizations will have strategies to adopt SASE by 2025, up from less than 5% in 2020.To read this article in full, please click here

IS-IS Routing Ptrotocol

IS-IS is a link-state routing protocol, similar to OSPF. If you are looking for Service Provider grade, MPLS Traffic Engineering support, and extendible routing protocol for easier future migration then the only choice is IS-IS.

Commonly used in Service Providers, Datacenter (as an underlay), and some large Enterprise networks.

IS-IS Routing Protocol in Networking

IS-IS works based on TLV format. TLVs provide extensibility to the IS-IS protocol.

IS-IS TLV Codes – Specified in RFC 1195

IS-IS TLV format

 

You don’t need totally different protocol to support new extensions. In IS-IS IPv6, MTR and many other protocols just can be used with additional TLVs.

1. IPv6 Address Family support (RFC 2308)
2. Multi-Topology support (RFC 5120)
3. MPLS Traffic Engineering (RFC 3316)
IS-IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks remotely, IS-IS is considered more secure than OSPF.
is-is dataplane

IS-IS uses a NET (Network Entity Title) address similar to OSPF Router ID.

IP support to IS-IS is added by the IETF after ISO invented it for the CLNS. If IS-IS is used together with IP, it is called Integrated IS-IS.

IS-IS doesn’t require an IP address for the neighborship.

Continue reading

Mitigate Supply-Chain Attacks With Microsegmentation And ZTNA

This article originally appeared on Packet Pushers Ignition on January 12, 2021. In broad terms, the SolarWinds attack is a standard (though well-executed) supply-chain compromise that breaches a trusted source of software, hardware, or services to gain entry into an organization’s internal infrastructure. Once inside, it spreads to other systems, installs additional tools, compromises user […]

The post Mitigate Supply-Chain Attacks With Microsegmentation And ZTNA appeared first on Packet Pushers.

OSPF Configuration – A sample template on multi-vendor routers

There are commons and differences to the time when it comes to configuring an OSPF routing protocol on a router you manage, based on the router’s manufacturer.

We will take a look at the basic sample of configuring OSPF on Cisco IOS-XE and Juniper’s JunOS operation systems.

OSPF on Cisco IOS-XE

With ios-xe we start configuring OSPF by mentioning the numerical value of the:

OSPF Process ID

And what that does mean is just a number to isolate some hierarchical designs of the OSPF process on the router of cisco.

Does it have to be matched on both the peering ends?, the answer is NO

Does it affect some priorities in some OSPF election processes?, the answer is also NO

Is it that mandatory?, well based on that “OS” it is, but it is not a general OSPF concept?

As it is missing with the other vendors!!

That makes the first line of configuration look like this:

        OERouter1(config)#router OSPF [Process ID]

i.e. “OERouter1(config)#router ospf 10

OSPF Network Advertisement

the later step after getting into the hierarchical mode of OSPF, specifying the process ID as well, is to advertise the networks.

these networks Continue reading

Weekend Reads 041522


Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.


A few years ago, Ken Crum started getting uncomfortable with how much of his life seemed to be online. The long-time computer programmer was particularly concerned by what companies appeared to know about him.


In a future release of Windows 11, you’re going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software.


The classic line “I have a bad feeling about this” is repeated in every Star Wars movie. It’s become a meme for that uneasy feeling that as bad as things are now, they are about to get much worse. That’s an accurate portrayal of how many of us feel about cybersecurity.


Wouldn’t it be funny if Google ends up being the stalwart supporter of the X86 architecture among the hyperscalers and cloud builders?


In 2019, the US Government Accountability Office (GAO) released a report highlighting the ten most critical legacy systems that needed modernisation.


The gold standard for retailers and financial organizations when it comes to protecting sensitive cardholder data, PCI DSS Continue reading

Practical Python For Networking: 4.1 – SMS Alerting – Introduction To Twilio – Video

This lesson walks through how to use a Python script to send alerts via text messages using Twilio. Course files and code samples for this and the other lessons are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. […]

The post Practical Python For Networking: 4.1 – SMS Alerting – Introduction To Twilio – Video appeared first on Packet Pushers.

OSPF Protocol Basic Overview

What is OSPF

Language-wise it stands for Open Shortest Path First, and Family wise it belongs to the Link-State Interior Gateway Dynamic Routing Protocols.

done with the CV yet?, OSPF is an open standard internal routing protocol that is supported across all the different vendors manufacturing networking platforms.

In this article, we will review the basics and specs of this protocol, and see its own unique features.

OSPF Neighbor States

As a start, the OSPF routing protocol uses a multicast hello message that is destined to the OSPF Multicast address of 244.0.0.5 seeking any possible other OSPF routers in the area.

This message keeps repeating every 10 seconds by default, and that will be out of the interfaces that announced an OSPF configuration, which depends on how you configured it + the vendor-specific configuration template.

Upon receiving a multicast hello message from another router we already sent it a hello message earlier, and that should be within the dead timer of 40 seconds maximum (by default).

An OSPF neighbor process will start by:

  • Init:

    • at the moment of confirmation that a bidirectional multicast hello has initiated

  • 2-Way:

    • communication from the 2 parts has successfully occurred

  • ExStart:

BGP Authentication? User TCP/AO Instead of MD5! With Melchior Aelmans – Video

Melchior Aelmans of Juniper Networks explains what TCP/AO (RFC5925) is to Packet Pushers podcast host Ethan Banks. Then we get a Junos-based demo of TCP/AO in action authenticating a BGP session as an alternative to MD5. https://packetpushers.net https://datatracker.ietf.org/doc/html/rfc5925 Tweets by MelchiorAelmans About You can subscribe to the Packet Pushers’ YouTube channel for more videos as […]

The post BGP Authentication? User TCP/AO Instead of MD5! With Melchior Aelmans – Video appeared first on Packet Pushers.

Heavy Networking 626: Choosing The Right Silicon For The Job (Sponsored)

Today's Heavy Networking, sponsored by Juniper, dives into the custom vs. merchant silicon debate. Juniper makes the case for its Trio 6 ASIC in MX routers. We get into the specifics of Trio 6 capabilities, examine the needs of the multi-service edge, and discuss the technology and business cases for custom hardware.

The post Heavy Networking 626: Choosing The Right Silicon For The Job (Sponsored) appeared first on Packet Pushers.

In Defense of Subscriptions

It’s not hard to see the world has moved away from discrete software releases to a model that favors recurring periodic revenue. Gone are the days of a bi-yearly office suite offering or a tentpole version of an operating system that might gain some features down the road. Instead we now pay a yearly fee to use the program or application and in return we get lots of new things on a somewhat stilted cadence.

There are a lot of things to decry about software subscription models. I’m not a huge fan of the way that popular features are put behind subscription tiers that practically force you to buy the highest, most expensive one because of one or two things you need that can only be found there. It’s a callback to the way that cable companies put their most popular channels together in separate packages to raise the amount you’re paying per month.

I’m also not a fan of the way that the subscription model is a huge driver for profits for investors. If your favorite software program doesn’t have a subscription model just yet you’d better hope they never take a big investment. Because those investors are hungry Continue reading

Technology Short Take 153

Welcome to Technology Short Take #153! My personal and professional life has kept me busy over the last couple of months, so things have been quiet here on the blog. I’ve still been collecting links to share with you, though, and here’s the latest collection. I hope you’re able to find something useful here!

Networking

  • This article contains some good information on IPv6 for those who are just starting to get more familiar with it, although toward the end it turns into a bit of an advertisement.
  • Want to understand kube-proxy, a key part of Kubernetes networking, a bit better? Start here. Arthur Chiao’s post on cracking kube-proxy is also an excellent resource—in fact, there’s so much information packed in there you may need to read it more than once.
  • Xavier Avrillier walks readers through using Antrea (a Kubernetes CNI built on top of Open vSwitch—a topic I’ve touched on a time or two) to provide on-premise load balancing in Kubernetes.

Servers/Hardware

  • Cabling is hardware, right? What happens to submarine cables when there are massive events, like a volcanic eruption? Ulrich Speidel shares some of the findings after the volcanic eruption in Tonga.

Security

1 480 481 482 483 484 3,793