Utilizing BGP Communities for traffic steering – part 1: Firewalls

Overview:

I typically spend more time in the enterprise data center than most of our team members and this comes with its own unique set of problems. One discussion that seems to never fail to come up is “where do I put the Firewalls (FWs)?”. That is typically followed by I have a disaster recovery or backup site with FWs there as well. This inevitably leads to a state management problem. Let’s look at how we can utilize BGP to address this problem:

  • what is a BGP standard community
  • BGP best path selection process
  • how to utilize them to steer traffic

This is something most service providers deal with on a daily basis but can be new to an enterprise.

BGP Standard communities

A BGP community is a route attribute that, essentially provides extra information for someone to take action or glean information from the route such as where it came from (location, type, organizational role).

By definition, a community is a 32 bit number that can be included with a route and when utilizing the new community format is displayed as (0-65535):(0-65535). It is recommend to utilize the new community format versus the old community format which is Continue reading

ITRenew integrates Pluribus Networks software with its hyperscale servers

ITRenew, the reseller of slightly used hyperscalar servers, has partnered with Pluribus Networks to add Pluribus’s Netvisor ONE operating system and Adaptive Cloud Fabric controllerless SDN cloud networking software to its hardware.ITRenew resells servers it buys from hyperscalers like Amazon and Google that are retiring them, typically after a year or so. It refurbishes them, offers a warrantee, and sells them to enterprises for half the price of new hardware.ITRenew sells the servers under the Sesame brand, which will now include Pluribus’s open networking software with their hyperscale-grade compute, storage and networking infrastructure for a fully integrated hardware and software solution.To read this article in full, please click here

ITRenew integrates Pluribus Networks software with its hyperscale servers

ITRenew, the reseller of slightly used hyperscalar servers, has partnered with Pluribus Networks to add Pluribus’s Netvisor ONE operating system and Adaptive Cloud Fabric controllerless SDN cloud networking software to its hardware.ITRenew resells servers it buys from hyperscalers like Amazon and Google that are retiring them, typically after a year or so. It refurbishes them, offers a warrantee, and sells them to enterprises for half the price of new hardware.ITRenew sells the servers under the Sesame brand, which will now include Pluribus’s open networking software with their hyperscale-grade compute, storage and networking infrastructure for a fully integrated hardware and software solution.To read this article in full, please click here

Cisco tool makes it easier to meld SD-WAN, security domains

Cisco has upgraded two of its core software programs to make it easier for enterprise customers to secure data-center and WAN-connected resources.Cisco has introduced what it calls Integrated Domain, which combines the domain controllers of Cisco DNA Center and Cisco SD-WAN vManage to tie together network connectivity between the two domains as well as ensuring security-policy consistency end-to-end, according to Justin Buchanan, Cisco director of product management, security policy and access.To read this article in full, please click here

Cisco tool makes it easier to meld SD-WAN, security domains

Cisco has upgraded two of its core software programs to make it easier for enterprise customers to secure data-center and WAN-connected resources.https://www.networkworld.com/article/3599213/what-are-data-centers-how-they-work-and-how-they-are-changing-in-size-and-scope.htmlCisco has introduced what it calls Integrated Domain, which combines the domain controllers of Cisco DNA Center and Cisco SD-WAN vManage to tie together network connectivity between the two domains as well as ensuring security-policy consistency end-to-end, according to Justin Buchanan, Cisco director of product management, security policy and access.To read this article in full, please click here

Live Webinar: How Routers Really Work

This Friday (the 12th) I’m presenting a live webinar on How Routers Really Work over at Pearson. From the description:

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

Please join me by registering here.

I’ve changed just a few of the slides from the last time I gave this talk and reordered some things.

Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored)

As forecasts vary between a full return to office and distributed work, IT organizations have to figure out how to monitor and manage work-from-anywhere. This Tech Bytes episode, sponsored by AppNeta, explores how IT can balance on-prem and distributed-work priorities. AppNeta also recently introduced a new monitoring point that runs on Cisco Catalyst switches for improved visibility into app performance at branch and remote sites.

Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored)

As forecasts vary between a full return to office and distributed work, IT organizations have to figure out how to monitor and manage work-from-anywhere. This Tech Bytes episode, sponsored by AppNeta, explores how IT can balance on-prem and distributed-work priorities. AppNeta also recently introduced a new monitoring point that runs on Cisco Catalyst switches for improved visibility into app performance at branch and remote sites.

The post Tech Bytes: Balancing Remote Work And Back-To-Office Priorities With AppNeta (Sponsored) appeared first on Packet Pushers.

Network Break 358: Unpacking Juniper’s Strategic Objectives; Intel Details New Infrastructure Chip

This weeks' Network Break discusses Juniper's Analyst & Influencer day plus a new Wi-Fi 6E announcement. Intel is teaming up with Google to develop a chip for offloading network, security, and storage jobs from the CPU (but Intel won't call it a DPU). And the FCC revokes authorization for China Telecom to operate in the United States.

The post Network Break 358: Unpacking Juniper’s Strategic Objectives; Intel Details New Infrastructure Chip appeared first on Packet Pushers.

Sizing Up Post-Quantum Signatures

Sizing Up Post-Quantum Signatures
Sizing Up Post-Quantum Signatures

Quantum computers are a boon and a bane. Originally conceived by Manin and Feyman to simulate nature efficiently, large-scale quantum computers will speed-up innovation in material sciences by orders of magnitude. Consider the technical advances enabled by the discovery of new materials (with bronze, iron, steel and silicon each ascribed their own age!); quantum computers could help to unlock the next age of innovation. Unfortunately, they will also break the majority of the cryptography that’s currently used in TLS to protect our web browsing. They fall in two categories:

  1. Digital signatures, such as RSA, which ensure you’re talking to the right server.
  2. Key exchanges, such as Diffie–Hellman, which are used to agree on encryption keys.

A moderately-sized stable quantum computer will easily break the signatures and key exchanges currently used in TLS using Shor’s algorithm. Luckily this can be fixed: over the last two decades, there has been great progress in so-called post-quantum cryptography. “Post quantum”, abbreviated PQ, means secure against quantum computers. Five years ago, the standards institute NIST started a public process to standardise post-quantum signature schemes and key exchanges. The outcome is expected to be announced early 2022.

At Cloudflare, we’re not just following this Continue reading

How To Prevent Arthritis From Computer Usage?

Arthritis is one of the most common conditions faced by office workers. It can be mild or severe. Sometimes the pain can be unmanageable too. Besides that, it can affect you permanently.

If you work on computers every day, you are more likely to suffer from arthritis. But worry no more. Here are some measures that you can take to prevent arthritis from computer usage.

Maintain Movement

Does your job require you to sit in front of a computer all day? If so, then you need to consider taking breaks in between. That is because sitting in one position can stiffen your muscles. By moving around, you can release tension.

Besides that, you should also take small breaks when performing a repetitive task. For example, if you type consistently for long periods, stop in between. And for at least five minutes, ensure that your hands are at rest.

Keep Your Feet In Good Position

If you work on a high desk, then it’s most likely your feet won’t be touching the ground. That is something you need to avoid because it can stress your lower back. As a result, the risk of arthritis development will increase.

One way to ensure Continue reading

Example: forensicating the Mesa County system image

Tina Peters, the election clerk in Mesa County (Colorado) went rogue and dumped disk images of an election computer on the Internet. They are available on the Internet via BitTorrent [Mesa1][Mesa2], The Colorado Secretary of State is now suing her over the incident.

The lawsuit describes the facts of the case, how she entered the building with an accomplice on Sunday, May 23, 2021. I thought I'd do some forensics on the image to get more details.

Specifically, I see from the Mesa1 image that she logged on at 4:24pm and was done acquiring the image by 4:30pm, in and (presumably) out in under 7 minutes.

In this blogpost, I go into more detail about how to get that information.


The image

To download the Mesa1 image, you need a program that can access BitTorrent, such as the Brave web browser or a BitTorrent client like qBittorrent. Either click on the "magnet" link or copy/paste into the program you'll use to download. It takes a minute to gather all the "metadata" associated with the link, but it'll soon start the download:

What you get is file named EMSSERVER.E01. This is a container file that contains Continue reading

1 620 621 622 623 624 3,832