BGP Policy (Part 6)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

In this post I’m going to cover local preference via communities, longer prefix match, and conditional advertisement from the perspective of AS65001 in the following network—

Communities an Local Preference
As noted above, MED is the tool “designed into” BGP for selecting an entrance point into the local AS for specific reachable destinations. MED is not very effective, however, because a route’s preference will always win over MED, and because it is not carried between autonomous systems.
Some operators provide an alternate for MED in the form of communities that set a route’s preference within the AS. For instance, assume 100::/64 is geographically closer to the [65001,65003] link than either of the [65001,65002] links, so AS65001 would prefer traffic destined to 100::/64 enter through AS65003.
In this case, AS65001 can advertise 100::/64 with Continue reading

Learning BGP Module 1 Lesson 2: How BGP Builds Loop-Free Paths – Video

Russ White’s BGP series continues with a discussion of building loop-free paths with the Border Gateway Protocol (BGP). Topics include AS (Autonomous System) paths, loop prevention, why loop checks are inbound, and more on IBGP and EBGP. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel […]

The post Learning BGP Module 1 Lesson 2: How BGP Builds Loop-Free Paths – Video appeared first on Packet Pushers.

The deluge of digital attacks against journalists

The deluge of digital attacks against journalists
“A free press can, of course, be good or bad, but, most certainly without freedom, the press will never be anything but bad.”
Albert Camus
The deluge of digital attacks against journalists

Since its founding in 1993, World Press Freedom Day has been a time to acknowledge the importance of press freedom and call attention to concerted attempts to thwart journalists’ essential work. That mission is also embedded in the foundations of our Project Galileo, which has a goal of protecting free expression online — after the war in Ukraine started, applications to the project increased by 177% in March 2022 alone.

In Uruguay today, UNESCO’s World Press Freedom Day Global Conference is underway, with a 2022 theme of “Journalism under Digital Siege.”

It is a fitting and timely theme.

While the Internet has limitless potential to make every person a publisher, bad actors — both individuals and governments — routinely deploy attacks to silence free expression. For example, Cloudflare data illustrate a trend of increased cyber attacks since the invasion of Ukraine, and journalists are frequent targets. Covering topics such as war, government corruption, and crime makes journalists vulnerable to aggression online and offline. Beyond the issue of cyber attacks, Russian authorities’ Continue reading

Wildcard proxy for everyone

Wildcard proxy for everyone
Wildcard proxy for everyone

Today, I have the pleasure to announce that we’re giving everyone the ability to proxy DNS wildcard records. Previously, this feature was only available to our Enterprise customers. After many of our free and pay-as-you-go users reached out, we decided that this feature should be available to everyone.

What is a wildcard DNS record?

A DNS record usually maps a domain name to one or multiple IP addresses or another resource associated with that name, so it’s a one-to-many mapping. Let’s look at an example:

Wildcard proxy for everyone

When I do a DNS lookup for the IP address of subdomain1.mycoolwebpage.xyz, I get two IP addresses back, because I have added two A records on that subdomain:

$ dig subdomain1.mycoolwebpage.xyz -t a +short
192.0.2.1
192.0.2.2

I could specify the target of all subdomains like this, with one or multiple DNS records per subdomain. But what if I have hundreds or even thousands of subdomains that I all want to point to the same resource?

This is where a wildcard DNS record comes in. By using the asterisk symbol "*" in the Name field, I can create one or multiple DNS records that are Continue reading

Arista CEO details supply chain woes, mulls price hike

Like its competitors in the past few days Arista Networks spent a lot of its financial analysts call this week detailing the impact of the ongoing  supply chain problem and trying to find a light at the end of the tunnel.Arista, like competitors Juniper and Extreme, says it is doing well financially—quarterly revenues up 31.4% to $877.1 million from $667.5 year-over-year, a record for the company. But the supply chain issues are getting worse, the company said. [ Get regularly scheduled insights by signing up for Network World newsletters. ] Arista CEO and President Jayshree Ullal pointed to last-minute unavailability of parts (or what she called “decommittal of components”) from at least two unnamed suppliers that has hurt the company most recently.To read this article in full, please click here

What Happened to FabricPath and Its Friends?

Continuing the what happened to old technologies saga, here’s another question by Enrique Vallejo:

Are FabricPath, TRILL or SPB still alive, or has everyone moved to VXLAN? Are they worth studying?

TL&DR: Barely. Yes. No.

Layer-2 Fabric craziness exploded in 2010 with vendors playing the usual misinformation games that eventually resulted in totally fragmented market full of partial- or proprietary solutions. At one point in time, some HP data center switches supported only TRILL, and other data center switches from the same company supported only SPB.

Now for individual technologies:

Read more …

What Happened to FabricPath and Its Friends?

Continuing the what happened to old technologies saga, here’s another question by Enrique Vallejo:

Are FabricPath, TRILL or SPB still alive, or has everyone moved to VXLAN? Are they worth studying?

TL&DR: Barely. Yes. No.

Layer-2 Fabric craziness exploded in 2010 with vendors playing the usual misinformation games that eventually resulted in totally fragmented market full of partial- or proprietary solutions. At one point in time, some HP data center switches supported only TRILL, and other data center switches from the same company supported only SPB.

Now for individual technologies:

Read more …

Learning BGP Module 1 Lesson 1: Why BGP? – Video

Russ White kicks off a ten-video series on the Border Gateway Protocol (BGP). The series is divided into two modules, with short lessons within each module. This first video covers a brief history of BGP and then gets into the purpose of BPG, reachability vs. a route, Autonomous System (AS) rules, problems that BGP solves, […]

The post Learning BGP Module 1 Lesson 1: Why BGP? – Video appeared first on Packet Pushers.

Private 5G: The 4 things that determine if you need it

By this time, you’ve probably read so many stories about enterprises adopting private 5G networks that you feel like a student who finds out they’re not one of the cool kids. Can you ever hold your head up in a tech conference and admit you’re not running private 5G yet?Take heart!  Maybe you’re not supposed to be. The best wireless network technology for an enterprise depends on four things: devices, spread, privacy, and mission.5G is a cellular network technology used almost exclusively by telcos, but you can buy equipment to build your own 5G network, and even get hosted 5G from cloud providers like Amazon. You can use open spectrum so you don’t need to bid at an auction for a license. There’s a lot of excitement about private 5G, but in that excitement it’s easy to forget that you could have adopted private 4G/LTE long ago, and that Wi-Fi is still the most popular wireless technology of all.  You’ve got to look at the four factors just mentioned to decide whether you want to read about private 5G or adopt it.To read this article in full, please click here

Practical Python For Networking: 7.1 Distributing Python Packages – Introduction – Video

This lesson provides an introduction to distributing Python packages. Creating packages was covered in lessons 6.1, 6.2, and 6.3. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Additional resources: https://packaging.python.org/tutorials/packaging-projects/ https://dzone.com/articles/executable-package-pip-install Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of […]

The post Practical Python For Networking: 7.1 Distributing Python Packages – Introduction – Video appeared first on Packet Pushers.

What Is Zero Trust Network Access (ZTNA)?

In the first article in this series, we discussed what zero trust security is and why it matters. In this article, we will take a deep dive into zero trust network access, how it works, and its benefits to the modern organization.   What Is Zero Trust Network Access? Zero Trust Network Access, or ZTNA, is a security solution that many IT departments and IT organizations use to ensure secure remote access to a range of data, applications, networks, and services within an organization. ZTNA is based on defined access control policies that clearly communicate who has access to what and for how long that access is granted. ZTNA is a gap-filler when it comes to secure remote access tools, methods, and technologies. VPNs or virtual private networks are different from zero trust network access because VPNs give access to an entire network rather than specific applications or data. As the remote workforce continues to take shape and many companies lean on it as a source of employee satisfaction and employer productivity. Zero trust network access is pertinent to keeping the right people in and the wrong people out of your organization’s systems. How Does Zero Trust Network Access Work Continue reading

1 481 482 483 484 485 3,804