SP. Part 9. Health check of Segment Routing Traffic Engineering (SR-TE) tunnels with seamless BFD in Nokia SR OS

Hello my friend,

For a long time we haven’t posted blogs about pure network technologies. However, recently we were working on some interesting use case, which so far is not yet covered at a level of the working details nowhere in the internet. As such, we decided to share with you our findings and working details.


1
2
3
4
5
No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.

How automation can help with SR-TE in SP network?

In some (big) networks the BGP-SR-TE is a good signal the SR-TE policies, so that the PE routers can build the SR-TE tunnels without the need to configure them locally. However, the BGP-SR-TE requires a full pledged SDN controller, so that you can generate the SR-TE policy in the backend using some UI/API and send the policies down to the network elements using the BGP. If you want to have a somewhat simpler setup, you may need need to deploy the tunnels manually. In this case, the automation is your closest Continue reading

Join us at our inaugural Kubernetes Security and Observability Summit

We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.

The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.

What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.

As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.

What to expect

The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading

BrandPost: The secret of delivering private-line experience over optical networks

The world stands on the brink of the fourth industrial revolution – the confluence of new technologies like cloud computing, big data analytics, and IoT have reached a tipping point where enterprises can successfully process workloads in the cloud like never before.Indeed, 85% of enterprises will have deployed new digital infrastructure in the cloud by 2025, according to industry analyst IDC. In the US, the cloud migration rate of enterprises has exceeded 85% and in EU countries has reached 70%.Governments are a key catalyst for this change, as they push whole economies to digitize to improve whole of society benefits and increase national productivity. To read this article in full, please click here

The Hedge 83: Bruce Davie and the System View

Network engineers tend to look at the world through the lens of a single device—an individual appliance, sold by a vendor, with a well-developed CLI for configuration and maintenance. Networks, however, are the “odd person out” in the world of information technology. In the broader technology world, a stronger systems-oriented view is more common. In this episode of the Hedge, Bruce Davie joins Tom Ammon and Russ White to discuss a systems view of the world, as well as a new publishing model he’s working on, and some thoughts on the place of SDN.

download

You can find Bruce’s book, Computer Networks: A Systems Approach, here.

Join us at our inaugural Kubernetes Security and Observability Summit

We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.

The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.

What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.

As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.

What to expect

The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading

Threat Landscape Report – Threats Evading Perimeter Defenses

Today’s reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses. A new VMware Threat Analysis Unit report bears this out. In North-by-South-West: See What Evaded Perimeter Defenses, the findings are clear: despite a cadre of perimeter defenses being deployed, malicious actors are actively operating in the network. The research presents a clear picture of how attackers evade perimeter detection, infect systems, and then attempt to spread laterally across the network to execute their objective.

Watch Chad Skipper, Global Security Technologist, provide an overview of the findings.

Key insights include:

  • The best offense is to evade defense: Threat actors’ first order of business is to evade detection. Evasion of defense systems is the most encountered MITRE ATT&CK ® tactic used by malware, followed by execution and discovery.
  • Email attacks lead the pack: Email continues to be used as the most common attack vector to gain initial access with more than four percent of all business emails analyzed contained a malicious component
  • ZIP-ing through defenses: More than half of all malicious artifacts analyzed were delivered by a Zip archive. Attackers have massively scaled up operations Continue reading

Avoiding Azure VNet Spaghetti With Virtual WAN feat. Microsoft’s Pierre Roman – Video

Pierre Roman talks Day Two Cloud podcast hosts Ned Bellavance & Ethan Banks through joining different Azure networks together, and how to avoid that spaghetti. You can listen to the full episode here. SO MUCH MORE FOR IT PROS at Packetpushers.net/subscribe. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they […]

The post Avoiding Azure VNet Spaghetti With Virtual WAN feat. Microsoft’s Pierre Roman – Video appeared first on Packet Pushers.

Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness

Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness
Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness

Select all the buses. Click on bikes. Does this photo have traffic lights? As ridiculous as these questions are, you’re almost guaranteed to have seen one recently. They are a way for online services to separate humans from bots, and they’re called CAPTCHAs. CAPTCHAs strengthen the security of online services. But while they do that, there’s a very real cost associated with them.

Based on our data, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users. We assume a typical Internet user sees approximately one CAPTCHA every 10 days.

This very simple back of the envelope math equates to somewhere in the order of 500 human years wasted every single day — just for us to prove our humanity.

Today, we are launching an experiment to end this madness. We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is Continue reading

Getting started with Route Maps Resource Modules

Red Hat Ansible Engine v2.9 introduced the first set of Resource Modules that make network automation easier and more consistent, especially in multi-vendor environments. These network resource specific and opinionated Ansible modules help us avoid creating overly complex Jinja2 templates to render and push network configurations, thereby easing the adoption of network automation both in green and brownfield environments. The resource modules, along with the tools provided in ansible.utils, are highly focused on allowing the end user to manipulate network configuration as “structured data” and not have to worry about network platform specific details.

In the past, we have gone through resource modules that facilitate managing BGP, OSPFv2, ACLs and VLANS configurations on network devices. In this blog post, we’ll cover the newly added route maps resource modules using cisco.nxos.nxos_route_maps as an example.

Route maps are used to define which routes from a source routing protocol are to be distributed to a target routing protocol. It also allows filtering routes that are sent or received between BGP peers. Every route map can have multiple entries, with each entry having a sequence number and an action (the “permit” or “deny” clause) associated with it. Continue reading

AMD chips keep claiming more of the server market

AMD saw another quarter of outstanding growth in sales of its server chips, giving the company its highest single-quarter gain for server CPUs since 2006 and eating into Intel’s most valuable market segment, according to the latest market report from Mercury Research.We’ll get to the desktop segment later, but AMD’s server CPU share grew 1.8 percentage points from Q4 2020 to Q1 2021, from 7.1% to 8.9%. That is astonishing as server numbers just don’t move like that so quickly. In the same single-quarter period, Intel slipped 1.8 percentage points, from 92.9% to 91.1%.[Get regularly scheduled insights by signing up for Network World newsletters.] There is seasonality in the server market, where it is normal for sales to go down in Q1, Dean McCarron, president of Mercury Research, told me. Cloud-server companies like AWS and Google go through a build/burn cycle where they buy a lot, then take time to deploy it all. Right now we are at the very bottom of build cycle where they buy the least amount, so if they are putting up these kinds of numbers during a low point, it will be even better when they Continue reading

AMD chips keep claiming more of the server market

AMD saw another quarter of outstanding growth in sales of its server chips, giving the company its highest single-quarter gain for server CPUs since 2006 and eating into Intel’s most valuable market segment, according to the latest market report from Mercury Research.We’ll get to the desktop segment later, but AMD’s server CPU share grew 1.8 percentage points from Q4 2020 to Q1 2021, from 7.1% to 8.9%. That is astonishing as server numbers just don’t move like that so quickly. In the same single-quarter period, Intel slipped 1.8 percentage points, from 92.9% to 91.1%.[Get regularly scheduled insights by signing up for Network World newsletters.] There is seasonality in the server market, where it is normal for sales to go down in Q1, Dean McCarron, president of Mercury Research, told me. Cloud-server companies like AWS and Google go through a build/burn cycle where they buy a lot, then take time to deploy it all. Right now we are at the very bottom of build cycle where they buy the least amount, so if they are putting up these kinds of numbers during a low point, it will be even better when they Continue reading

Does Small Packet Forwarding Performance Matter in Data Center Switches?

TL&DR: No.

Here’s another never-ending vi-versus-emacs-type discussion: merchant silicon like Broadcom Trident cannot forward small (64-byte) packets at line rate. Does that matter, or is it yet another stimulating academic talking point and/or red herring used by vendor marketing teams to justify their high prices?

Here’s what I wrote about that topic a few weeks ago:

Does Small Packet Forwarding Performance Matter in Data Center Switches?

TL&DR: No.

Here’s another never-ending vi-versus-emacs-type discussion: merchant silicon like Broadcom Trident cannot forward small (64-byte) packets at line rate. Does that matter, or is it yet another stimulating academic talking point and/or red herring used by vendor marketing teams to justify their high prices?

Here’s what I wrote about that topic a few weeks ago:

VMware picks an in-house exec for its new CEO

VMware says its COO for products and cloud services, Raghu Raghuram, will be its next permanent CEO, a signal that the company’s board intends to keep VMware on its present course.When Raghuram takes the reins in June, it will end a four-month interregnum, during which the company has been helmed by CFO Zane Rowe. Former CEO Pat Gelsinger became the CEO at Intel in February, returning to the company where he had worked for 30 years.VMware is the unquestioned 800-pound gorilla of the enterprise hypervisor market and has pursued both internal technology development and a succession of strategic acquisitions to diversify its business. The company’s hypervisor business, buttressed by deals with AWS, Azure, Google Cloud and other hyperscalers to provide its core products as cloud services, is still the main revenue stream. But VMware also plays in security, containerization, and cloud-native applications.To read this article in full, please click here

VMware picks an in-house exec for its new CEO

VMware says its COO for products and cloud services, Raghu Raghuram, will be its next permanent CEO, a signal that the company’s board intends to keep VMware on its present course.When Raghuram takes the reins in June, it will end a four-month interregnum, during which the company has been helmed by CFO Zane Rowe. Former CEO Pat Gelsinger became the CEO at Intel in February, returning to the company where he had worked for 30 years.VMware is the unquestioned 800-pound gorilla of the enterprise hypervisor market and has pursued both internal technology development and a succession of strategic acquisitions to diversify its business. The company’s hypervisor business, buttressed by deals with AWS, Azure, Google Cloud and other hyperscalers to provide its core products as cloud services, is still the main revenue stream. But VMware also plays in security, containerization, and cloud-native applications.To read this article in full, please click here

IT vendors push on-prem, pay-per-use hardware

A flurry of announcements from hardware vendors points to a change in how enterprises are purchasing servers, storage and networking resources for their data centers and edge deployments.To entice companies to keep workloads on premises, hardware vendors including Cisco, Dell, HPE, IBM, Lenovo and others are offering consumption-based pricing for data-center infrastructure. These pay-per-use products are designed to shorten procurement cycles, allow customers to scale up or down with demand, and more economically link hardware spending with usage.HPE, for example, pledged to transform its entire portfolio to pay-per-use and as-a-service offerings by 2022, and last week, the company added to its GreenLake lineup with new data services and infrastructure. Dell, for its part, unveiled the first products in its Apex portfolio of managed storage, servers, and hyperconverged infrastructure.To read this article in full, please click here