Configuring an AWS dynamic inventory with Automation controller

One of the core components of Ansible is inventories. In its most basic form, an inventory provides host information to Ansible so it can trigger the tasks on the right host or system. In most environments, the static inventory is sufficient for the Ansible control node to work from, however as we expand our use of automation, we need to transition to more effective methods of gathering ever-changing environment details.

This is where the use of a dynamic inventory is beneficial. This allows the platform to gather information for the inventory from environments that are not static sources. A prime example of this is using a dynamic inventory plugin to gather inventory information from a cloud provider or hypervisor, enabling you to keep an inventory up to date with instance details.

Amazon Web Services (AWS) is one of the biggest public cloud providers used around the world. Organizations use their Elastic Compute Cloud services (EC2) for their workflows, however managing an inventory for your instances running on AWS would typically have to be done manually, which is problematic and time consuming. Using the AWS Identity and Access Management interface (IAM), we are able to get programmatic access to the AWS Continue reading

What Is Zero Trust Security?

Zero Trust is a framework for security in which all users of an application, software, system, or network, inside or outside of an organization, must be authenticated, verified, and frequently validated before being granted access to specific data or tools within the company’s network. In the zero trust framework, networks can be in the cloud, hybrid, or on-premise with employees in any location. The assumption is that no users or devices are to be trusted with access without meeting the necessary validation requirements. In today’s modern digital transformation forward environment, the zero-trust security framework helps to ensure infrastructure and data are kept safe, and more modern business challenges are handled appropriately. For example, as the pandemic has evolved, securing remote workers and their access will be of greater importance for organizations that want to scale their workforce. Ransomware threats and attacks are increasing, and zero trust implementation can detect these threats, from novel ones to custom-crafted malware, far before they cause harm. What Foundation Makes up Zero Trust? Zero Trust security is built on the architecture established by the National Institute of Standards & Technology (NIST). The

Duplicate ARP Replies with Anycast Gateways

A reader sent me the following intriguing question:

I’m trying to understand the ARP behavior with SVI interface configured with anycast gateways of leaf switches, and with distributed anycast gateways configured across the leaf nodes in VXLAN scenario.

Without going into too many details, the core dilemma is: will the ARP request get flooded, and will we get multiple ARP replies. As always, the correct answer is “it depends” 🤷‍♂️

Read more …

Duplicate ARP Replies with Anycast Gateways

A reader sent me the following intriguing question:

I’m trying to understand the ARP behavior with SVI interface configured with anycast gateways of leaf switches, and with distributed anycast gateways configured across the leaf nodes in VXLAN scenario.

Without going into too many details, the core dilemma is: will the ARP request get flooded, and will we get multiple ARP replies. As always, the correct answer is “it depends” 🤷‍♂️

Read more …

Troubleshooting puzzle: What caused the streaming to degrade?

You’ve just been given the task of solving a network problem that has been unresolved for many months. Where do you start? Is it a solvable problem or is it just the way the network works? Maybe you’ve encountered a limitation on how network protocols function. What follows is an account of just such a problem that stumped many good network engineers for months and how it was resolved by NetCraftsmen’s Samuel Bickham. It may provide tips for solving problems you face down the road. As Bickham says, “Troubleshooting is kinda like a magic trick: It’s impressive until it’s explained.”A customer contacted NetCraftsmen to ask if we could diagnose a networking problem that affected only a few applications and a subset of employees on an intermittent basis.To read this article in full, please click here

Aruba service overlays existing infrastructure with virtual networks

Aruba Networks is expanding its Edge Services Platform to better manage and automate the operation of far-flung distributed enterprise networks.Hewlett Packard Enterprise’s network subsidiary rolled out NetConductor, a cloud-based service that Aruba says will help enterprises centrally manage the security of distributed networks while simplifying policy provisioning and automating the orchestration of network configurations in wired, wireless, and WAN infrastructures.What is SDN and where it’s going NetConductor is a service delivered by Aruba Central, the vendor’s core cloud-based management platform and works by delivering an EVPN, VXLAN-based network overlay across a customer’s wired and wireless networks offering a much more unified and simplified view of the network to the networking team, according to Larry Lunetta, vice president of wireless local area network and security solutions marketing at Aruba.To read this article in full, please click here

Optimizing Magic Firewall’s IP lists

Optimizing Magic Firewall’s IP lists
Optimizing Magic Firewall’s IP lists

Magic Firewall is Cloudflare’s replacement for network-level firewall hardware. It evaluates gigabits of traffic every second against user-defined rules that can include millions of IP addresses. Writing a firewall rule for each IP address is cumbersome and verbose, so we have been building out support for various IP lists in Magic Firewall—essentially named groups that make the rules easier to read and write. Some users want to reject packets based on our growing threat intelligence of bad actors, while others know the exact set of IPs they want to match, which Magic Firewall supports via the same API as Cloudflare’s WAF.

With all those IPs, the system was using more of our memory budget than we’d like. To understand why, we need to first peek behind the curtain of our magic.

Life inside a network namespace

Magic Transit and Magic WAN enable Cloudflare to route layer 3 traffic, and they are the front door for Magic Firewall. We have previously written about how Magic Transit uses network namespaces to route packets and isolate customer configuration. Magic Firewall operates inside these namespaces, using nftables as the primary implementation of packet filtering.

Optimizing Magic Firewall’s IP lists

When a user makes an API request to configure their Continue reading

Understanding Data Center Fabrics 09: Other Considerations – Video

In the final video of this series on data center fabrics, Russ White walks through a set of considerations you might want to ponder as you design your data center fabric. These considerations include whether to single-home or dual-home a server in a fabric (it depends!), why Russ isn’t a fan of MLAGs in a […]

The post Understanding Data Center Fabrics 09: Other Considerations – Video appeared first on Packet Pushers.

Can Fantastical Openings Replace Calendly?

TL;DR

Fantastical Openings can’t replace Calendly for my scheduling needs yet, but it’s close.

The Rest Of The Story

I use Calendly so that folks can schedule me for appointments. I send people a Calendly link, and they choose an available time slot. Calendly creates calendar invitations and sends them to me and the requestor. Calendly also integrates with Zoom, so that an invite comes with a Zoom meeting already attached.

In my years of Calendly use, I’ve found it to be…

  • Reliable. It just works.
  • Flexible. The availability rules engine allows me to configure conditions such as “leave a gap of X minutes between appointments” that I rely on to keep my calendar sane.
  • Expensive. $144/year for the features I need.

I also use Fantastical by Flexibits. In my few months as a Fantastical user, I’ve found it to be…

  • Beautiful. It’s the best calendaring interface of anything I’ve tried.
  • Integrated. I use Fantastical to integrate with multiple calendars, Zoom, and the Todoist task manager. I use Fantastical both on my Mac and iOS devices.
  • A super power. Fantastical happens to be highly compatible with how I work. I am more productive with Fantastical.
  • Affordable. $40/year for the features Continue reading

CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities
CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

On Friday, March 25, 2022, Google published an emergency security update for all Chromium-based web browsers to patch a high severity vulnerability (CVE-2022-1096). At the time of writing, the specifics of the vulnerability are restricted until the majority of users have patched their local browsers.

It is important everyone takes a moment to update their local web browser. It’s one quick and easy action everyone can contribute to the cybersecurity posture of their team.

Even if everyone updated their browser straight away, this remains a reactive measure to a threat that existed before the update was available. Let’s explore how Cloudflare takes a proactive approach by mitigating the impact of zero day browser threats with our zero trust and remote browser isolation services. Cloudflare’s remote browser isolation service is built from the ground up to protect against zero day threats, and all remote browsers on our global network have already been patched.

How Cloudflare Zero Trust protects against browser zero day threats

Cloudflare Zero Trust applies a layered defense strategy to protect users from zero day threats while browsing the Internet:

  1. Cloudflare’s roaming client steers Internet traffic over an encrypted tunnel to a nearby Cloudflare data center for inspection and Continue reading

Arista bundles edge networking gear for small enterprises

Arista will soon roll out a  cloud-based package of edge networking and security services for small to medium sized businesses that have limited IT management resources.Arista’s Cognitive Unified Edge (CUE) service is a turnkey package of new and existing Arista network and security gear that can be installed on a customer site and be controlled via a single dashboard on by the company’s core CloudVision management platform. How to choose an edge gateway CloudVision provides wired and wireless visibility, automation, orchestration, provisioning, telemetry, and analytics across the data center, campus, and IoT devices on edge networks. CloudVision’s network information can be utilized by Arista networking partners such as VMware and Microsoft.To read this article in full, please click here

The New Edge as a Service

The New Edge as a Service

As we enter 2022, there is much discussion on the “post-pandemic” world of campus and how it’s changing. Undoubtedly, the legacy 2000 era campus was mired in complexity, with proprietary features, siloed designs, and fragile software ripe for change. This oversubscribed campus is riddled with challenges, including critical outages causing risk-adverse behaviors and labor-intensive roll-outs hampering improvements. The future of the campus has changed as the lines between corporate headquarters, home, remote and transit workers are blurring and creating distributed workspaces. Before the pandemic, the most common network designs were rigidly hierarchical. They were based upon a manual model developed in the mid-1990s. As the demand for scale increased, the end user experience was degraded and the cost per connected host continued to escalate.

Are we ready to evolve the legacy campus to a new cognitive edge for the new and dispersed class of users, devices and IoT/OT? I think so and the time to recalibrate and redesign the campus is now!

How the Oscars impacted the Internet (at least in the US)

How the Oscars impacted the Internet (at least in the US)
How the Oscars impacted the Internet (at least in the US)

The 94th Academy Awards happened this past Sunday, March 27, 2022. In the global event we got to see several Oscars attributed to winners like CODA, Jane Campion (the director of The Power of the Dog) and also Dune (which won six Oscars), but also moments that had a clear impact in the Internet traffic, like the altercation on stage between Will Smith and Chris Rock.

Cloudflare Radar uses a variety of sources to provide aggregate information about Internet traffic and attack trends. In this blog post, we will use DNS name resolution data as a proxy for traffic to Internet services, as we did for the Super Bowl LVI.

The baseline value for the charts (that are only focused on the US) was calculated by taking the mean DNS traffic level for the associated Internet services between 08:00 - 12:00 PST on Sunday (March 27, 2022) — usually we use UTC, but we chose to use Los Angeles time as that’s where the event took place.

The event started with Beyoncé singing at 17:00 PST and ended at around 20:30. In terms of growth in traffic, the start of the show didn’t show much for social media, although TikTok Continue reading

1 535 536 537 538 539 3,836