0

AWS Networking – Part IV: Create VPC Using the AWZ CloudFormation

The focus of this section is to show how we can create a VPC using AWS CloudFormation service. Figure 1-12 shows our example AWS CloudFormation Templates. Its first section, AWSTemplateFormatVersion, specifies the template language format. At the time of writing, 2010-09-09 is the latest and only valid version. We can use the Description section to describe our template. Note that it must follow the AWSTemplateFormatVersion Section. AWSTemplateFormation-Version and Description are optional sections. The Resourcessection specifies the actual AWS resources and their properties. Each AWS resource is identified with a logical name. I have given the logical name NwktVPC for our example VPC. We can use resource-specific logical names for defining dependencies between resources. For example, when adding the AWS::EC2::Subnet resource to our template, we assign the VpcId value by calling it from the AWS::EC2::VPC resource using !REF intrinsinc function. I will explain the process in the Subnet section later. The resources and their properties are defined under logical names. The Resources section is the only required section in AWS CloudFormation-Template. AWS CloudFormation Templates are identified by using Stack Names in AWS Cloud Formation. Our example Stack Name is MyNetworkStack.

Figure 1-12: AWS CloudFormation: VPC.

Continue reading

0

Another SD-WAN Security SNAFU: SQL Injections in Cisco SD-WAN Admin Interface

Christoph Jaggi sent me a link to an interesting article describing security vulnerabilities pentesters found in Cisco SD-WAN admin/management code.

I’m positive the bugs have been fixed in the meantime, but what riled me most was the root cause: Little Bobby Tables (aka SQL injection) dropped by. Come on, it’s 2021, SD-WAN is supposed to be about building secure replacements for MPLS/VPN networks, and they couldn’t get someone who could write SQL-injection-safe code (the top web application security risk)?

0

Another SD-WAN Security SNAFU: SQL Injections in Cisco SD-WAN Admin Interface

Christoph Jaggi sent me a link to an interesting article describing security vulnerabilities pentesters found in Cisco SD-WAN admin/management code.

I’m positive the bugs have been fixed in the meantime, but what riled me most was the root cause: Little Bobby Tables (aka SQL injection) dropped by. Come on, it’s 2021, SD-WAN is supposed to be about building secure replacements for MPLS/VPN networks, and they couldn’t get someone who could write SQL-injection-safe code (the top web application security risk)?

0

Bird on Bird, Episode 4 of BGP Perf testing

1st Post Comparing Open Source BGP Stacks 2nd Post Followup Measuring BGP Stacks Performance 3rd Post Comparing Open Source BGP stacks with internet routes After the last post, I thought the this post would be either adding interesting BGP policy. But that’s tricky. It’s going to take some rethinking about...

0

Looking at your Linux system’s network interface with ethtool

The ethtool utility on Linux allows you to view and change some of your network-driver and interface-card settings, especially for wired devices. These include their speed, whether the interface uses auto-negotiation, and whether it runs in half- or full-duplex mode. Ethtool also provides an easy way to view or troubleshoot your network interface.More than likely, ethtool is already available on your Linux system. However, to check, you can use one or both of these commands:$ which ethtool /usr/sbin/ethtool $ sudo ethtool —version ethtool version 5.13 To get a sense of how this utility can control settings, run a command like the one below. The -h means “help”. You’ll likely find yourself looking at 10 pages or so of syntax like what is shown here.To read this article in full, please click here

0

Looking at your Linux system’s network interface with ethtool

The ethtool utility on Linux allows you to view and change some of your network-driver and interface-card settings, especially for wired devices. These include their speed, whether the interface uses auto-negotiation, and whether it runs in half- or full-duplex mode. Ethtool also provides an easy way to view or troubleshoot your network interface.More than likely, ethtool is already available on your Linux system. However, to check, you can use one or both of these commands:$ which ethtool /usr/sbin/ethtool $ sudo ethtool —version ethtool version 5.13 To get a sense of how this utility can control settings, run a command like the one below. The -h means “help”. You’ll likely find yourself looking at 10 pages or so of syntax like what is shown here.To read this article in full, please click here

0

Tape backup as a defense vs. ransomware

Tape is definitely not the best choice for primary recovery, but it does have features that make it a credible option for restoring systems and data that have fallen victim to ransomware without having to pay the ransom.The cloud has many more upsides than tape as a recovery tool in general, but there are circumstances where tape should be seriously considerd, and ransomware recovery is one of them.How to choose the best NVMe storage array When cloud’s not good enough Using the cloud for ransomware recovery—or not—has become somewhat of a religious discussion in many circles. Choosing the cloud offers many positive things, including cost, speed, and immediate availability—all great advantages when responding to a ransomware attack.To read this article in full, please click here

0

Tape backup as a defense vs. ransomware

Tape is definitely not the best choice for primary recovery, but it does have features that make it a credible option for restoring systems and data that have fallen victim to ransomware without having to pay the ransom.The cloud has many more upsides than tape as a recovery tool in general, but there are circumstances where tape should be seriously considerd, and ransomware recovery is one of them.How to choose the best NVMe storage array When cloud’s not good enough Using the cloud for ransomware recovery—or not—has become somewhat of a religious discussion in many circles. Choosing the cloud offers many positive things, including cost, speed, and immediate availability—all great advantages when responding to a ransomware attack.To read this article in full, please click here

0

Tape backup as a defense vs. ransomware

Tape is definitely not the best choice for primary recovery, but it does have features that make it a credible option for restoring systems and data that have fallen victim to ransomware without having to pay the ransom.The cloud has many more upsides than tape as a recovery tool in general, but there are circumstances where tape should be seriously considerd, and ransomware recovery is one of them.How to choose the best NVMe storage array When cloud’s not good enough Using the cloud for ransomware recovery—or not—has become somewhat of a religious discussion in many circles. Choosing the cloud offers many positive things, including cost, speed, and immediate availability—all great advantages when responding to a ransomware attack.To read this article in full, please click here

0

Tech Bytes: Operationalizing EVPN For Data Center Networks With Nokia (Sponsored)

On today’s Tech Bytes podcast, sponsored by Nokia, we dive into data center networking and EVPN. Nokia’s SR-Linux operating system can help you build a data center fabric with EVPN, and in this episode we’re going to discuss how Nokia operationalizes that protocol.

0

Tech Bytes: Operationalizing EVPN For Data Center Networks With Nokia (Sponsored)

On today’s Tech Bytes podcast, sponsored by Nokia, we dive into data center networking and EVPN. Nokia’s SR-Linux operating system can help you build a data center fabric with EVPN, and in this episode we’re going to discuss how Nokia operationalizes that protocol.

The post Tech Bytes: Operationalizing EVPN For Data Center Networks With Nokia (Sponsored) appeared first on Packet Pushers.

0

Arrcus Brings Network Automation and API Accessibility to the Edge

Arrcus, a well-funded edge network software startup that is working to make a name for itself in the expanding multicloud arena. But even as enterprise adoption of multicloud and hybrid cloud strategies continues to rise, he sees the future being at the network and compute edge. “Everybody talks about how you can get benefits from large pools of centralized capacity in the public cloud,” said Ayyar, whose was announced as chairman and CEO on Sept. 15. “What I feel very, very confident about is that this action is almost passé in terms of the clouds, and it’s moving a lot more into the edge. The pendulum is swinging from consolidated and large data centers doing everything to highly distributed and disaggregated infrastructures doing things that are point of consumption, point of sale, Continue reading

0

Network Break 351: Juniper’s Wired Campus Fabric Challenges Cisco; More Azure Holes Revealed

Today's Network Break podcast discusses Juniper's new wired campus effort and how it leverages Mist Cloud for to help automate its campus fabric, a new set of Azure vulnerabilities, robust SD-WAN growth with the biggest players reaping most of the rewards, free space optics for hard-to-wire regions, and more tech news.

0

Network Break 351: Juniper’s Wired Campus Fabric Challenges Cisco; More Azure Holes Revealed

Today's Network Break podcast discusses Juniper's new wired campus effort and how it leverages Mist Cloud for to help automate its campus fabric, a new set of Azure vulnerabilities, robust SD-WAN growth with the biggest players reaping most of the rewards, free space optics for hard-to-wire regions, and more tech news.

The post Network Break 351: Juniper’s Wired Campus Fabric Challenges Cisco; More Azure Holes Revealed appeared first on Packet Pushers.

0

Despite Disruptions, Oil and Gas HPC Market Steadfast

The last several years have been challenging for the oil and gas industry on nearly all fronts. …

Despite Disruptions, Oil and Gas HPC Market Steadfast was written by Nicole Hemsoth at The Next Platform.

0

Where China’s Long Road To Datacenter Compute Independence Leads

While we are big fans of laissez faire capitalism like that of the United States and sometimes Europe — right up to the point where monopolies naturally form and therefore competition essentially stops, and thus monopolists need to be regulated in some fashion to promote the common good as well as their own profits — we also see the benefits that accrue from a command economy like that which China has built over the past four decades. …

Where China’s Long Road To Datacenter Compute Independence Leads was written by Timothy Prickett Morgan at The Next Platform.

0

RISC-V Upstart Targets ML Inference Performance, Power Efficiency

There is a growing number of vendors big and small going hard to the hoop to make processors for artificial intelligence workloads. …

RISC-V Upstart Targets ML Inference Performance, Power Efficiency was written by Jeffrey Burt at The Next Platform.

0

Containernet

Containernet is a fork of the Mininet network emulator that uses Docker containers as hosts in emulated network topologies.

Multipass describes how build a Mininet testbed that provides real-time traffic visbility using sFlow-RT. This article adapts the testbed for Containernet.

multipass launch --name=containernet bionic
multipass exec containernet -- sudo apt update
multipass exec containernet -- sudo apt -y install ansible git aptitude default-jre
multipass exec containernet -- git clone https://github.com/containernet/containernet.git
multipass exec containernet -- sudo ansible-playbook -i "localhost," -c local containernet/ansible/install.yml
multipass exec containernet -- sudo /bin/sh -c "cd containernet; make develop"
multipass exec containernet -- wget https://inmon.com/products/sFlow-RT/sflow-rt.tar.gz
multipass exec containernet -- tar -xzf sflow-rt.tar.gz
multipass exec containernet -- ./sflow-rt/get-app.sh sflow-rt mininet-dashboard

Run the above commands in a terminal to create the Containernet virtual machine. 

multipass list

List the virtual machines

Name                    State             IPv4             Image
primary                 Stopped           --               Ubuntu 20.04 LTS
containernet            Running           192.168.64.12    Ubuntu 18.04 LTS
                                          172.17.0.1

Find the IP address of the mininet virtual machine we just created (192.168.64.12).

multipass exec containernet -- ./sflow-rt/start.sh

Start sFlow-RT. Use a web browser to connect to the VM and Continue reading

0

How to customize your HTTP DDoS protection settings

We’re excited to announce the availability of the HTTP DDoS Managed Ruleset. This new feature allows Cloudflare customers to independently tailor their HTTP DDoS protection settings. Whether you’re on the Free plan or the Enterprise plan, you can now tweak and optimize the settings directly from within the Cloudflare dashboard or via API.

We expect that in most cases, Cloudflare customers won't need to customize any settings. Our mission is to make DDoS disruptions a thing of the past, with no customer overhead. To achieve this mission we’re constantly investing in our automated detection and mitigation systems. In some rare cases, there is a need to make some configuration changes, and so now, Cloudflare customers can customize those protection mechanisms independently. The next evolutionary step is to make those settings learn and auto-tune themselves for our customers, based on their unique traffic patterns. Zero-touch DDoS protection at scale.

Unmetered DDoS Protection

Back in 2017, we announced that we will never kick a customer off of our network because they face large attacks, even if they are not paying us at all (i.e., using the Free plan). Furthermore, we committed to never charge a customer for DDoS attack traffic Continue reading

0

Imaging mounted disk volumes under duress

Imaging mounted disk volumes under duress

Backups are critical. If you are lucky and organised you have a set of useful backup primitives, such as Point in Time snapshots on your Infra