How to shop for firewalls

Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here

How to buy enterprise firewalls

Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here

The cloud comes down to earth

The cloud is no longer some distant, separate place. Yes, Amazon, Microsoft, and Google maintain unimaginably vast expanses of servers in cloud data centers around the world – as do thousands of SaaS providers. But those clouds and the services they deliver have become so entwined with customers’ on-prem operations, they’re now vital components of almost every enterprise IT estate.This intermingling takes many forms. For starters, Amazon, Microsoft, and Google now enable you to snap off a piece of their platforms in the form of racks of managed servers that live in your data center, preloaded with the same software that powers public clouds. Some of these on-prem cloud outposts can offer access to the gamut of services hosted by the cloud mothership.To read this article in full, please click here

Hybrid cloud demands new tools for performance monitoring

Network performance monitoring has become more complex now that companies have more workloads in the cloud, and network teams are finding visibility into the cloud isn’t on par with what they have into their on-prem resources. Tech Spotlight: Hybrid Cloud Hybrid cloud hurdles — and how to address them (CIO) 5 top hybrid cloud security challenges (CSO) 16 irresistible cloud innovations (InfoWorld) How to choose a SaaS management platform (Computerworld) Migration to the cloud introduced infrastructure that isn’t owned by the organization, and a pandemic-driven surge in remote work is accelerating the shift to the cloud and an associated increase in off-premises environments. Container-based applications deployed on cloud-native architectures further complicate network visibility. For these reasons and more, enterprises need tools that can monitor not only the data center and WAN but also the internet, SaaS applications and multiple providers’ public cloud operations.To read this article in full, please click here

How to buy enterprise firewalls

Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.To read this article in full, please click here(Insider Story)

Using Test-Driven Development for Kustomize Overlays

I am by no means a developer (not by a long shot!), but I have been learning lots of development-related things over the last several years and trying to incorporate those into my workflows. One of these is the idea of test-driven development (see Wikipedia for a definition and some additional information), in which one writes tests to validate functionality before writing the code to implement said functionality (pardon the paraphrasing). In this post, I’ll discuss how to use conftest to (loosely) implement test-driven development for Kustomize overlays.

If you’re unfamiliar with Kustomize, then this introductory article I wrote will probably be useful.

For the discussion around using the principles of test-driven development for Kustomize overlays, I’ll pull in a recent post I did on creating reusable YAML for installing Kuma. In that post, I pointed out four changes that needed to be made to the output of kumactl install control-plane to make it reusable:

  1. Remove the caBundle value for all webhooks.
  2. Annotate all webhooks so that cert-manager will inject the correct caBundle value.
  3. Add a volume and volume mount to the “kuma-control-plane” Deployment.
  4. Change one of the environment variables for the “kuma-control-plane” Deployment to reference the volume added Continue reading

Running OSPF over Unnumbered Ethernet Interfaces

Remember the unnumbered IP interfaces saga? Let’s conclude with the final challenge: can we run link-state routing protocols (OSPF or IS-IS) over unnumbered interfaces?

Quick answer: Sure, just use IPv6.

Cheater! IPv6 doesn’t count. There are no unnumbered interfaces in IPv6 – every interface has at least a link-local address (LLA). Even more, routing protocols are designed to run over LLA addresses, including some EBGP implementations, allowing you to build an LLA-only network (see RFC 7404 for details).

OK, what about IPv4?

TL&DR: It works, but…

Read more …

Running OSPF over Unnumbered Ethernet Interfaces

Remember the unnumbered IP interfaces saga? Let’s conclude it with the final challenge: can we run link-state routing protocols (OSPF or IS-IS) over unnumbered interfaces?

Quick answer: Sure, just use IPv6.

Cheater! IPv6 doesn’t count. There are no unnumbered interfaces in IPv6 – every interface has at least a link-local address (LLA). Even more, routing protocols are designed to run over LLA addresses, including some EBGP implementations, allowing you to build an LLA-only network (see RFC 7404 for details).

OK, what about IPv4?

TL&DR: It works, but…

Read more …

2022 Goals

2022 Goals In 2021, the pandemic managed to get to me. It seemed like alot of curve balls came my way. But, myself and my family came out the other end healthy and in relatively good spirits. 2022 is going to be a bit of a do-over in terms of my goals for the year. Without further...continue reading

F5 BIG-IP DNS Express

As part of a POC I deployed a pair of HA F5 LTM/GTM at home to use for all things DNS based. It is an indulgent over the top DNS solution for a 1 bed flat, but hey-ho we are in a pandemic….. This guide does not go through the HA F5 or GTM (still cant stop calling it that) configuration, it is focussed around using ZoneRunner for DNS (bind) with these zones transferred into DNS express and serviced by a listener.

Monitoring a Multi-Inverter SolarEdge System

Monitoring a Multi-Inverter SolarEdge System

A friend of mine recently had a solar panel system installed on his acreage. Besides being interesting because of the renewable/green aspect of the project, the system itself—from SolarEdge—is actually highly digital.

  • A mobile app is used for commissioning the system.
  • SolarEdge operates a cloud service which collects telemetry from the system and reports various performance metrics in a user-friendly dashboard.
  • The inverters can connect to the IP network and provide a means to collect telemetry from them directly.

The last point interested me the most because any time a device exposes its data or a control connection, it means there’s an opportunity to integrate it with other software. In this case, I wanted to create my own dashboard to display (near) real-time performance data for the system.

Whereas other blogs and articles on this topic describe how to monitor a single inverter system, this post will describe how I built a performance dashboard for a multi-inverter system.

Read the rest of this post.

Carriers Are Scaling Backbones With Merchant Silicon & Disaggregated, Distributed Networking

This post originally appeared on the Packet Pushers’ Ignition site on August 20, 2021. For both individuals and businesses, the past 18-months have vastly increased their reliance on the Internet to access cloud services, online retail and entertainment venues and each other via high-definition video conferences. In the period from just before the initial SARS-CoV-2 […]

The post Carriers Are Scaling Backbones With Merchant Silicon & Disaggregated, Distributed Networking appeared first on Packet Pushers.

Enhanced Networking – 2 – Verifying ENA

Previous Post – https://r2079.wordpress.com/2021/12/28/enhanced-networking-1-sriov-aws/

As Discussed in Part-1 SRIOV (Enhanced Networking on EC2) can be enabled in two ways, the first in the series is by far the simplest one, Enabling it with using ENA (Elastic Network Adapter).

Great, would that work for any instance – The answer is NO!, below are the specifications, to make summarize any Instance other than C4, D2, M4 instances smaller than m4.16xlarge, or T2 from current generation Instances.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html

How do I Check:

The Latest Ubuntu / Amazon Linux AMI include the module required for Enhanced networking with ENA installed and enabled for support, if you happen to use the old AMI’s the procedure listed in the above webpage will help

Testing:

I spin up a T3.large instance and below is how it looks like

You also have the option to verify it in a Cloud shell

How do you know if AMI supports it?

Finally on the interface itself

The next post will be similar but would cover an Intel specific Network Adapter.

-Rakesh

Make Sure You Juggle The Right Way in IT

When my eldest son was just a baby, he had toys that looked like little baseballs. Long story short, I decided to teach myself to juggle with them. I’d always wanted to learn and thought to myself “How hard can it be?” Well, the answer was harder than I thought and it took me more time that I realized to finally get the hang of it.

One of the things that I needed to learn is that adding in one more ball to track while I’m trying to manage the ones that I had wasn’t as simple as it sounded. You would think that adding in a fourth ball should only be about 25% harder than the three you had been working with before. Or, you might even believe the statistical fallacy that you’re only going to fail about a quarter of the time and be successful the rest. The truth is that adding in one more object makes your entire performance subpar until you learn to adjust for it.

Clogging Up the Pipe

I mention this example because the most obvious application for the juggling metaphor is in Quality of Service (QoS). If you’ve ever read any of Continue reading

1 562 563 564 565 566 3,808