VMware named a Leader in Cloud Networking in GigaOm Radar Report

We’re delighted to report that GigaOm, a global provider of technology industry insights and analysis, has placed VMware in the leader ring in the GigaOm Radar Report for Cloud Networking 2022. In the leader ring, VMware is placed in the Platform Play and Maturity quadrant. This is a testament to the robustness of VMware’s cloud networking solution and its leading position in the cloud networking space. Click here to download the complete report.

Chart, radar chart, sunburst chart Description automatically generated

 

Noting VMware’s broad portfolio of networking solutions, which covers the entire network stack and includes native network features for observability, micro-segmentation, and beyond, GigaOm says that VMware is in a leading position to help enterprises with complex networking requirements “modernize and optimize their infrastructure.”

Cloud Network Evaluation Criteria

The report evaluates 11 vendors that provide tools or platforms to help build and operate cloud networks. They include major enterprises like VMware, as well as several smaller companies.

GigaOm assessed the vendors on a variety of criteria, including:

  • Network traffic security and micro-segmentation.
  • Observability.
  • Troubleshooting and diagnostics.
  • Optimization and autoscaling.
  • APIs and IaC integration.
  • Application-aware infrastructure.
  • Solution management.

VMware received a triple-plus score – the highest evaluation possible – for most of the categories given above.

Continue reading

How Observability Helps Troubleshoot Incidents Faster

It all starts with the dreaded alert. Something went awry, and it needs to be fixed ASAP. Whether it’s the middle of the night and you’re the on-call responder, or it’s the middle of the afternoon, and your whole team is working together to ship a bundle of diffs, having an incident happen is extremely disruptive to your business — and often very expensive, making every minute count. So how can observability (o11y for short) help teams save precious time and resolve incidents faster? First, let’s explore the changing landscape from monitoring to observability. Debugging Using Traditional Monitoring Tools Savannah Morgan Savannah is senior technical customer success manager at Honeycomb. She is passionate about helping users find creative solutions for complex problems. When she is off the clock, Savannah can be found at the park with her family, binge-watching Netflix or spoiling her big pup, Bruce. The key to resolving an incident quickly is to rapidly understand why things went wrong, where in your code it’s happening, and most of all, who it affects and how to fix it. Most of us learned to debug using static dashboards powered by metrics-based monitoring tools like Prometheus or Datadog, plus a whole Continue reading

Configuring an AWS dynamic inventory with Automation controller

One of the core components of Ansible is inventories. In its most basic form, an inventory provides host information to Ansible so it can trigger the tasks on the right host or system. In most environments, the static inventory is sufficient for the Ansible control node to work from, however as we expand our use of automation, we need to transition to more effective methods of gathering ever-changing environment details.

This is where the use of a dynamic inventory is beneficial. This allows the platform to gather information for the inventory from environments that are not static sources. A prime example of this is using a dynamic inventory plugin to gather inventory information from a cloud provider or hypervisor, enabling you to keep an inventory up to date with instance details.

Amazon Web Services (AWS) is one of the biggest public cloud providers used around the world. Organizations use their Elastic Compute Cloud services (EC2) for their workflows, however managing an inventory for your instances running on AWS would typically have to be done manually, which is problematic and time consuming. Using the AWS Identity and Access Management interface (IAM), we are able to get programmatic access to the AWS Continue reading

What Is Zero Trust Security?

Zero Trust is a framework for security in which all users of an application, software, system, or network, inside or outside of an organization, must be authenticated, verified, and frequently validated before being granted access to specific data or tools within the company’s network. In the zero trust framework, networks can be in the cloud, hybrid, or on-premise with employees in any location. The assumption is that no users or devices are to be trusted with access without meeting the necessary validation requirements. In today’s modern digital transformation forward environment, the zero-trust security framework helps to ensure infrastructure and data are kept safe, and more modern business challenges are handled appropriately. For example, as the pandemic has evolved, securing remote workers and their access will be of greater importance for organizations that want to scale their workforce. Ransomware threats and attacks are increasing, and zero trust implementation can detect these threats, from novel ones to custom-crafted malware, far before they cause harm. What Foundation Makes up Zero Trust? Zero Trust security is built on the architecture established by the National Institute of Standards & Technology (NIST). The

Duplicate ARP Replies with Anycast Gateways

A reader sent me the following intriguing question:

I’m trying to understand the ARP behavior with SVI interface configured with anycast gateways of leaf switches, and with distributed anycast gateways configured across the leaf nodes in VXLAN scenario.

Without going into too many details, the core dilemma is: will the ARP request get flooded, and will we get multiple ARP replies. As always, the correct answer is “it depends” 🤷‍♂️

Read more …

Duplicate ARP Replies with Anycast Gateways

A reader sent me the following intriguing question:

I’m trying to understand the ARP behavior with SVI interface configured with anycast gateways of leaf switches, and with distributed anycast gateways configured across the leaf nodes in VXLAN scenario.

Without going into too many details, the core dilemma is: will the ARP request get flooded, and will we get multiple ARP replies. As always, the correct answer is “it depends” 🤷‍♂️

Read more …

Troubleshooting puzzle: What caused the streaming to degrade?

You’ve just been given the task of solving a network problem that has been unresolved for many months. Where do you start? Is it a solvable problem or is it just the way the network works? Maybe you’ve encountered a limitation on how network protocols function. What follows is an account of just such a problem that stumped many good network engineers for months and how it was resolved by NetCraftsmen’s Samuel Bickham. It may provide tips for solving problems you face down the road. As Bickham says, “Troubleshooting is kinda like a magic trick: It’s impressive until it’s explained.”A customer contacted NetCraftsmen to ask if we could diagnose a networking problem that affected only a few applications and a subset of employees on an intermittent basis.To read this article in full, please click here

Aruba service overlays existing infrastructure with virtual networks

Aruba Networks is expanding its Edge Services Platform to better manage and automate the operation of far-flung distributed enterprise networks.Hewlett Packard Enterprise’s network subsidiary rolled out NetConductor, a cloud-based service that Aruba says will help enterprises centrally manage the security of distributed networks while simplifying policy provisioning and automating the orchestration of network configurations in wired, wireless, and WAN infrastructures.What is SDN and where it’s going NetConductor is a service delivered by Aruba Central, the vendor’s core cloud-based management platform and works by delivering an EVPN, VXLAN-based network overlay across a customer’s wired and wireless networks offering a much more unified and simplified view of the network to the networking team, according to Larry Lunetta, vice president of wireless local area network and security solutions marketing at Aruba.To read this article in full, please click here

Optimizing Magic Firewall’s IP lists

Optimizing Magic Firewall’s IP lists
Optimizing Magic Firewall’s IP lists

Magic Firewall is Cloudflare’s replacement for network-level firewall hardware. It evaluates gigabits of traffic every second against user-defined rules that can include millions of IP addresses. Writing a firewall rule for each IP address is cumbersome and verbose, so we have been building out support for various IP lists in Magic Firewall—essentially named groups that make the rules easier to read and write. Some users want to reject packets based on our growing threat intelligence of bad actors, while others know the exact set of IPs they want to match, which Magic Firewall supports via the same API as Cloudflare’s WAF.

With all those IPs, the system was using more of our memory budget than we’d like. To understand why, we need to first peek behind the curtain of our magic.

Life inside a network namespace

Magic Transit and Magic WAN enable Cloudflare to route layer 3 traffic, and they are the front door for Magic Firewall. We have previously written about how Magic Transit uses network namespaces to route packets and isolate customer configuration. Magic Firewall operates inside these namespaces, using nftables as the primary implementation of packet filtering.

Optimizing Magic Firewall’s IP lists

When a user makes an API request to configure their Continue reading

Understanding Data Center Fabrics 09: Other Considerations – Video

In the final video of this series on data center fabrics, Russ White walks through a set of considerations you might want to ponder as you design your data center fabric. These considerations include whether to single-home or dual-home a server in a fabric (it depends!), why Russ isn’t a fan of MLAGs in a […]

The post Understanding Data Center Fabrics 09: Other Considerations – Video appeared first on Packet Pushers.

Can Fantastical Openings Replace Calendly?

TL;DR

Fantastical Openings can’t replace Calendly for my scheduling needs yet, but it’s close.

The Rest Of The Story

I use Calendly so that folks can schedule me for appointments. I send people a Calendly link, and they choose an available time slot. Calendly creates calendar invitations and sends them to me and the requestor. Calendly also integrates with Zoom, so that an invite comes with a Zoom meeting already attached.

In my years of Calendly use, I’ve found it to be…

  • Reliable. It just works.
  • Flexible. The availability rules engine allows me to configure conditions such as “leave a gap of X minutes between appointments” that I rely on to keep my calendar sane.
  • Expensive. $144/year for the features I need.

I also use Fantastical by Flexibits. In my few months as a Fantastical user, I’ve found it to be…

  • Beautiful. It’s the best calendaring interface of anything I’ve tried.
  • Integrated. I use Fantastical to integrate with multiple calendars, Zoom, and the Todoist task manager. I use Fantastical both on my Mac and iOS devices.
  • A super power. Fantastical happens to be highly compatible with how I work. I am more productive with Fantastical.
  • Affordable. $40/year for the features Continue reading

CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities
CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

On Friday, March 25, 2022, Google published an emergency security update for all Chromium-based web browsers to patch a high severity vulnerability (CVE-2022-1096). At the time of writing, the specifics of the vulnerability are restricted until the majority of users have patched their local browsers.

It is important everyone takes a moment to update their local web browser. It’s one quick and easy action everyone can contribute to the cybersecurity posture of their team.

Even if everyone updated their browser straight away, this remains a reactive measure to a threat that existed before the update was available. Let’s explore how Cloudflare takes a proactive approach by mitigating the impact of zero day browser threats with our zero trust and remote browser isolation services. Cloudflare’s remote browser isolation service is built from the ground up to protect against zero day threats, and all remote browsers on our global network have already been patched.

How Cloudflare Zero Trust protects against browser zero day threats

Cloudflare Zero Trust applies a layered defense strategy to protect users from zero day threats while browsing the Internet:

  1. Cloudflare’s roaming client steers Internet traffic over an encrypted tunnel to a nearby Cloudflare data center for inspection and Continue reading
1 540 541 542 543 544 3,841