Full speed ahead for contested 5G, W-Fi spectrum

Recent wrangling over 5G and Wi-Fi wireless spectrum indiates the breakneck pace of new bandwidths being opoened up to broadband use will continue.The underlying issues are whether newly alloted 5G bandwidth will interfere with airplane safety and whether new unlicensed spectrum will interfere with the backhaul of communications from cell towers.[Get regularly scheduled insights by signing up for Network World newsletters.] Airlines vs. telecoms The FAA’s well-publicized worries over 5G deployments in the recently auctioned C-band frequencies center on the potential of those 5G services to interfere with radio altimeter equipment in older aircraft. A radio altimeter is an avionics device that measures the distance between the bottom of an airplane and the ground directly, using radio waves, rather than measuring the surrounding air density like barometric altimeters do. It’s a key technology for bad-weather and low-visibility landings, and the possibility of any interference with those systems is worrisome from a safety perspective.To read this article in full, please click here

IoT in 2022: IoT turns into a service

The Internet of Things has been a hyped technology for years, but the pandemic and its associated tidal wave of remote work pushed its actual use in the enterprise into overdrive. What’s more, IoT is maturing as vendors begin to sell fully functioning applications, not just the components needed for businesses to build their own.The pandemic has already driven sharp growth in the types of technologies for which the IoT is already well-known including predictive maintenance in industry and automation at ports and other transportation facilities. In those areas IoT limits the amount of time workers spend on-site because remotely monitored systems don’t need to be maintained in-person nearly as often as they might otherwise. Some functions, including certain types of inspection and servicing, can be handled fully remotely, further reducing the amount of time workers have to spend on-site and in close proximity to one another.To read this article in full, please click here

Sacrificing Some Performance To Make Cloud Data Analytics Portable

The big three clouds – Amazon Web Services, Microsoft Azure, and Google Cloud – are all addressing the same issues of scale, performance, and economics and are also trying to attract the same workloads from the same pool of enterprise, government, and academic customers.

Sacrificing Some Performance To Make Cloud Data Analytics Portable was written by Timothy Prickett Morgan at The Next Platform.

Want To Create Content? Consider The Packet Pushers’ Community Blog And Newsletter

If you’ve got “Create Content” as a 2022 goal but aren’t sure how to start, consider the Packet Pushers’ Community blog or our Human Infrastructure newsletter. We welcome articles from folks in networking and IT who have ideas to share or the inclination to write, but don’t have the interest in setting up their own […]

The post Want To Create Content? Consider The Packet Pushers’ Community Blog And Newsletter appeared first on Packet Pushers.

6 East-West Security Myths Busted

With the world at our fingertips via a simple Google search, it can sometimes be tough to figure out what’s fact and what’s fiction. Whether you’re an expert, novice, or beginner in the tech world, time should be spent putting capabilities and terms into action – rather than trying to piece them together and understand them like a Sudoku puzzle. That’s why we’re going to debunk six major East-West security myths for you – so you can get back to the good stuff. 

1. East-West security is the monitoring and inspection of traffic moving medially within the network perimeter, working to identify and block threats and enable access rights.

Busted. East-West security does all of the fancy stuff mentioned, with one very important difference: it moves laterally through the network perimeter. This is a key understanding, since East-West security operates on the premise that threat factors will eventually find a way through next-generation firewalls – which means all internal network traffic is vulnerable.

2. A traditional firewall that manages North-South traffic can handle a modern network breach by itself. 

Busted. While it’s important to have North-South security in place (filtering the traffic that is exiting and entering the network), it cannot protect the network on its own Continue reading

Day Two Cloud 129: Practical Advice On Optimizing Cloud Costs

Optimizing cloud costs means more than looking at your bill and hunting down unused instances. It's about understanding the full lifecycle of cloud workloads, dealing with management that wants predictable spending even as your actual usage varies, and setting up repeatable processes. Guests Fred Chagnon and Jeremy Roberts, both at Info-Tech Research Group, offer practical advice for optimizing your cloud spending.

Day Two Cloud 129: Practical Advice On Optimizing Cloud Costs

Optimizing cloud costs means more than looking at your bill and hunting down unused instances. It's about understanding the full lifecycle of cloud workloads, dealing with management that wants predictable spending even as your actual usage varies, and setting up repeatable processes. Guests Fred Chagnon and Jeremy Roberts, both at Info-Tech Research Group, offer practical advice for optimizing your cloud spending.

The post Day Two Cloud 129: Practical Advice On Optimizing Cloud Costs appeared first on Packet Pushers.

Catch 2022: Networking Ice Bucket Challenge

A sample topology

At the start of this exciting new year of 2022, I figured this might be a good time to introduce a new challenge:

Using Netsim-Tools, build the most complicated virtual network topology that still allows host A to ping host B

Anything goes — and if you have to extend the tooling to make things work, even better. Varying latency and occasional packet loss are acceptable, but there needs to be at least 1 ping reply being delivered to A.

For example, how about multi-vendor EVPN-VXLAN over SRv6 with MACsec encryption and Traffic Engineering?

Happy 2022 networking everyone! 🎆

Solo.io Brings ‘Docker-Like Experience’ to eBPF with BumbleBee

Service mesh integration software provider BumbleBee, a new open source project that it extended Berkeley Packet Filter (eBPF) in order to “shortcut the HTTP stack,” said Solo.io CEO and founder BPF Type Format (BTF), explained Levine, “(along with some smarts added to clang) enables the BPF program loader to fix the BPF byte code to work correctly on different versions of the kernel. For example, if a BPF program accesses a struct, clang now stores all these struct access in a special location in the BPF program binary. libbpf can go to each of these struct accesses, and use BTF information from the current kernel (obtained at runtime) to fix these accesses to the correct offset.” BumbleBee to the Rescue With the addition of BTF, Solo.io created BumbleBee, which not only uses BTF to parse and bring to the user space the maps of eBPF programs, but also uses the get started.

Getting Certificate Details from HashiCorp Vault

It seems there are lots of tutorials on setting up a PKI (public key infrastructure) using HashiCorp Vault. What I’ve found missing from most of these tutorials, however, is how to get details on certificates issued by a Vault-driven PKI after the initial creation. For example, someone other than you issued a certificate, but now you need to get the details for said certificate. How is that done? In this post, I’ll show you a couple ways to get details on certificates issued and stored in HashiCorp Vault.

For the commands and API calls I’ve shared below, I’m using “pki” as the name/path you (or someone else) assigned to a PKI secrets engine within Vault. If you’re using a different name/path, then be sure to substitute the correct name/path as appropriate.

To use the Vault CLI to see the list of certificates issued by Vault, you can use this command:

vault list pki/certs

This will return a list of the serial numbers of the certificates issued by this PKI. Looking at just serial numbers isn’t terribly helpful, though. To get more details, you first need to read the certificate details (note singular “cert” here versus plural “certs” in the previous Continue reading

Feedback: Recursive BGP Next Hop Resolution

The Recursive BGP Next Hops: an RFC 4271 Quirk blog post generated tons of feedback (thanks a million to everyone writing a comment on my blog or LinkedIn).

Starting with Robert Razsuk who managed to track down the original email that triggered the (maybe dubious) text in RFC 4271:

The text in section 5.1.3 was not really targeting to prohibit load balancing. Keep in mind that it is FIB layer which constructs actual forwarding paths.

The text has been suggested by Tom Petch in discussion about BGP advertising valid paths or even paths it actually installs in the RIB/FIB. The entire section 5.1.3 is about rules when advertising paths by BGP.

Read more …

Feedback: Recursive BGP Next Hop Resolution

The Recursive BGP Next Hops: an RFC 4271 Quirk blog post generated tons of feedback (thanks a million to everyone writing a comment on my blog or LinkedIn).

Starting with Robert Razsuk who managed to track down the original email that triggered the (maybe dubious) text in RFC 4271:

The text in section 5.1.3 was not really targeting to prohibit load balancing. Keep in mind that it is FIB layer which constructs actual forwarding paths.

The text has been suggested by Tom Petch in discussion about BGP advertising valid paths or even paths it actually installs in the RIB/FIB. The entire section 5.1.3 is about rules when advertising paths by BGP.

Read more …

I Can Hardly Contain(erize) Myself!

Happy New Year! Last year I wrote a series of blogs under the “Infrastructure as Software” banner exploring how to build a Django three-tiered application from pyATS that parsed network state data. Now that I’ve built a working Django application locally the challenge is to make it available to others. README After I had built […]

The post I Can Hardly Contain(erize) Myself! appeared first on Packet Pushers.

1 544 545 546 547 548 3,792