This blog provides an in-depth overview of Palo Alto Networks recently introduced Prisma SASE for MSPs, a scalable multi-tenant cloud management portal solution for managed service providers (MSPs) to fast track enterprise digital transformation with managed SASE services.
The post Fast-Track Enterprise Digital Transformation With Managed Prisma SASE appeared first on Packet Pushers.
Nvidia and VMware have forged a tight partnership when it comes to bringing AI to the enterprise, which stands to reason given the prevalence of VMware’s ESXi hypervisor and vSphere management tools across more than 300,000 companies worldwide. …
Red Hat Stacks Up Software To Contain AI On Nvidia Platforms was written by Jeffrey Burt at The Next Platform.
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Our understanding is that during January 2022, hackers outside Okta had access to an Okta support employee’s account and were able to take actions as if they were that employee. In a screenshot shared on social media, a Cloudflare employee’s email address was visible, along with a popup indicating the hacker was posing as an Okta employee and could have initiated a password reset.
We learnt of this incident via Cloudflare’s internal SIRT. SIRT is our Security Incident Response Team and any employee at Cloudflare can alert SIRT to a potential problem. At exactly 03:30 UTC, a Cloudflare employee emailed SIRT with a link to a tweet that had been sent at 03:22 UTC. The tweet indicated that Okta had potentially been breached. Multiple other Cloudflare employees contacted SIRT over the following Continue reading
In this article I cover some common "show" commands to view information about our devices as well as tools to refine the commands’ outputs to get exactly the information we require.
The post Device Management From The Ground Up: Part 4 – Viewing Operational State appeared first on Packet Pushers.
When running ‘apt update’ on Ubuntu 18.04 to prepare for routine system patching, the system kicked back the following error.
N: Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository
'http://nginx.org/packages/ubuntu bionic InRelease' doesn't support architecture 'i386'The issue is that the existing sources list file for NGINX has gone stale, and appears to be requesting the i386 package. NGINX does not support i386 on Ubuntu 18.04 (Bionic). The solution is to update the sources list file for NGINX.
deb http://nginx.org/packages/ubuntu bionic nginxdeb [arch=amd64] http://nginx.org/packages/mainline/ubuntu/ bionic nginxAfter this change, the error should be gone when running ‘apt update’.
NGINX update issue (Ubuntu 18.04 Bionic) – Vesta Control Panel Forum
Ubuntu Server 18.04 Nginx i386 – StackOverflow
We are thrilled to announce the availability of Health Checks in the Cloudflare Dashboard’s Notifications tab, available to all Pro, Business, and Enterprise customers. Now, you can get critical alerts on the health of your origin without checking your inbox! Keep reading to learn more about how this update streamlines notification management and unlocks countless ways to stay informed on the health of your servers.
We first announced Health Checks when we realized some customers were setting up Load Balancers for their origins to monitor the origins’ availability and responsiveness. The Health Checks product provides a similarly powerful interface to Load Balancing, offering users the ability to ensure their origins meet criteria such as reachability, responsiveness, correct HTTP status codes, and correct HTTP body content. Customers can also receive email alerts when a Health Check finds their origin is unhealthy based on their custom criteria. In building a more focused product, we’ve added a slimmer, monitoring-based configuration, Health Check Analytics, and made it available for all paid customers. Health Checks run in multiple locations within Cloudflare’s edge network, meaning customers can monitor site performance across geographic locations.
Health Checks email Continue reading
In the second part of this 9-video series, Russ White describes crossbar fabrics and how they interconnect, using historical telephone networks as an example. He jumps from this to help you understand what’s going on inside of data center fabrics, including Clos architectures. Other details Russ touches on include non-blocking fabrics, how an undertaker impacted […]
The post Understanding Data Center Fabrics 02: Clos Fabric History – Video appeared first on Packet Pushers.
Michael Levan reviews the differences between firewalling on premises and in the public cloud and how to set basic rules in AWS and Azure. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and Greg, plus selected videos from […]
The post Cloud Engineering For The Network Pro: Part 5 – Cloud Firewalls And Security Groups In Azure And AWS (Video) appeared first on Packet Pushers.
This article describes how to use the Containerlab DDoS testbed to simulate variety of flood attacks and observe the automated mitigation action designed to eliminate the attack traffic.
docker run --rm -it --privileged --network host --pid="host" \Start Containerlab.
-v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
-v ~/clab:/home/clab -w /home/clab \
ghcr.io/srl-labs/clab bash
curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/ddos.ymlDownload the Containerlab topology file.
containerlab deploy -t ddos.ymlDeploy the topology and access the DDoS Protect screen at http://localhost:8008/app/ddos-protect/html/.
docker exec -it clab-ddos-sp-router vtysh -c "show bgp ipv4 flowspec detail"
At any time, run the command above to see the BGP Flowspec rules installed on the sp-router. Simulate the volumetric attacks using hping3.
Note: While the hping3 --rand-source option to generate packets with random source addresses would create a more authentic DDoS attack simulation, the option is not used in these examples because the victims responses to the attack packets (ICMP Port Unreachable) will be sent back to the random addresses and may leak out of the Containerlab test network. Instead varying source / destination ports are used to create entropy in the attacks.
When you are finished trying the examples below, run the following command Continue reading
When the “Aldebaran” datacenter GPUs were launched by AMD last November for the HPC and AI crowd pushing up into the exascale stratosphere, only the two top-end models of the Instinct GPU accelerators –ones that use the Open Accelerator Module (OAM) form factor put forth by Facebook and Microsoft under the Open Compute Project – were actually available. …
AMD Rounds Out “Aldebaran” GPU Lineup With Instinct MI210 was written by Timothy Prickett Morgan at The Next Platform.
Cloudflare has a large base of Software-as-a-Service (SaaS) customers who manage thousands or millions of their customers’ domains that use their SaaS service. We have helped those SaaS providers grow by extending our infrastructure and services to their customer’s domains through a product called Cloudflare for SaaS. Today, we’re excited to give our SaaS providers a new tool that will help their customers add an extra layer of security: they can now enable mutual TLS authentication on their customer’s domains through our Access product.
When you connect to a website, you should see a lock icon in the address bar — that’s your browser telling you that you’re connecting to a website over a secure connection and that the website has a valid public TLS certificate. TLS certificates keep Internet traffic encrypted using a public/private key pair to encrypt and decrypt traffic. They also provide authentication, proving to clients that they are connecting to the correct server.
To make a secure connection, a TLS handshake needs to take place. During the handshake, the client and the server exchange cryptographic keys, the client authenticates the identity of the server, and both the client and the server generate Continue reading
Hannes Gredler wrote an interesting comment to my Segment Routing vs LDP in Hub-and-Spoke Networks blog post:
In 2014 when I did the first prototype implementation of MPLS-SR node labels, I was stunned that just with an incremental add of 500 lines of code to the vanilla IPv4/IPv6 IS-IS codebase I got full any-to-any connectivity, no sync issues, no targeted sessions for R-LFA …. essentially labeled transport comes for free.
Based on that, one has to wonder “why did we take the LDP detour and all the complexity it brings?”. Here’s what Hannes found out:
Hannes Gredler wrote an interesting comment to my Segment Routing vs LDP in Hub-and-Spoke Networks blog post:
In 2014 when I did the first prototype implementation of MPLS-SR node labels, I was stunned that just with an incremental add of 500 lines of code to the vanilla IPv4/IPv6 IS-IS codebase I got full any-to-any connectivity, no sync issues, no targeted sessions for R-LFA …. essentially labeled transport comes for free.
Based on that, one has to wonder “why did we take the LDP detour and all the complexity it brings?”. Here’s what Hannes found out:
There are a lot of things that compute engine makers have to do if they want to compete in the datacenter, but perhaps the most important thing is to be consistent. …
“Hopper” GH100 GPUs Are The Heart Of A More Expansive Nvidia System was written by Timothy Prickett Morgan at The Next Platform.