5 Question on Cybersecurity
These are my prep notes for appearing on a cyber security podcast in a couple of weeks.
These are my prep notes for appearing on a cyber security podcast in a couple of weeks.
Nokia Lab | LAB 8 RSVP-TE Resiliency |
Hello!
Today I'm going to lab one of my favorite topic - RSVP-TE Resiliency. It's a real pleasure to see how different methods of network resiliency can make your network more stable and reliable.
Please check my first lab for input information.
Topology example
Lab tasks and questions:
- Preparing
- create LSP to_R6 on R1 (parameters: "totally loose" path, cspf)
- create LSP to_R1 on R6 (parameters: "totally loose" path, cspf)
- create Epipe service between CPE1 and CPE6. It helps to compare convergency time in the different cases. I use Virtual PC nodes as CPE devices and simple ping as a tool. It's not a production-ready tool suite, but it's relevant for the education lab. (Depend on your CPE devices, but I recommend use rapid ping or adjust send/receive timers. Results will be more clearly)
- configure BFD (I use TX/RX equal 100ms):
- on L3 interfaces
- on OSPF interfaces
- on RSVP interfaces
- The first method is Non-standby secondary path. Add secondary path to exist LSPs
- check secondary path operation status
- our goal is investigation the reconvergence process
- run ping on CPE and break the primary path of any LSP(you can shut Continue reading
Back to Basics: The History of IP Interface Addresses
In the previous blog post in this series, we figured out that you might not need link-layer addresses on point-to-point links. We also started exploring whether you need network-layer addresses on individual interfaces but didn’t get very far. We’ll fix that today and discover the secrets behind IP address-per-interface design.
In the early days of computer networking, there were three common addressing paradigms:
Back to Basics: The History of IP Interface Addresses
In the previous blog post in this series, we figured out that you might not need link-layer addresses on point-to-point links. We also started exploring whether you need network-layer addresses on individual interfaces but didn’t get very far. We’ll fix that today and discover the secrets behind IP address-per-interface design.
In the early days of computer networking, there were three common addressing paradigms:
The Why and How of a Two-Tier Network Monitoring Topology
A two-tier topology provides the freedom to upgrade the core network and various security and performance tools independently.AMD Finally Breaks The 10 Percent Server Share Barrier
History doesn’t really repeat itself, but it surely does use a lot of synonyms and rhymes, and sometimes, if you listen very closely, you can catch it muttering to itself. …
AMD Finally Breaks The 10 Percent Server Share Barrier was written by Timothy Prickett Morgan at The Next Platform.
Docker Hub Incident Reviews – April 3rd and 15th 2021
In line with our promise last year to continue publishing incident reviews for Docker Hub, we have two to discuss from April. While many users were unaffected, it is important for us to be transparent with our community, and we hope it is both informative and instructive.
April 3rd 2021
Starting at about 07:30 UTC, a small proportion of registry requests (under 3%) against Docker Hub began failing. Initial investigation pointed towards several causes, including overloaded internal DNS services and significant and unusual load from several users and IPs. Changes were made to address all of these (scaling, blocking, etc), and while the issue seemed to resolve for several hours at a time, it continued coming back.
The issue re-occurred intermittently into the next day, at which point the actual root cause was determined to be under-scaled load balancers doing service discovery and routing for our applications.
In the past, the bottleneck for the load balancing system was network bandwidth on the nodes, and auto scaling rules were thus tied to bandwidth metrics. Over time and across some significant changes to this system, the load balancing application had become more CPU intensive, and thus the current auto scaling setup Continue reading
What’s New in Calico v3.19
We’re excited to announce Calico v3.19.0! This release includes a number of cool new features as well as bug fixes. Thank you to each one of the contributors to this release! For detailed release notes, please go here. Here are some highlights from the release…
VPP Data Plane (tech-preview)
We’re very excited to announce that Calico v3.19 includes tech-preview support for FD.io’s Vector Packet Processing (VPP) data plane, joining Calico’s existing iptables, eBPF, and Windows dataplanes.
The VPP data plane promises high performance Kubernetes networking with support for network policy, encryption via WireGuard or IPSec, and MagLev service load balancing.
Interested? Try it out by following the tech-preview getting started guide!
Resource Management with kubectl (tech-preview)
In previous versions of Calico, the “calicoctl” command line tool was required to properly manage Calico API resources. In Calico v3.19, we’ve introduced a new tech-preview feature that allows you to manage all projectcalico.org API resources directly with kubectl using an optional API server add-on.
Try it out on your cluster by following the guide!
Windows Data Plane Support for containerd
Calico v3.19 introduces support for Calico for Windows users to deploy containers using containerd Continue reading
Passed AWS Associate Exam
I took the exam on 8th May 2021 and was able to crack it .Now you can call me AWS certified Associate .
I started thinking of giving the AWS associate exam more than a year back when my company provided us the free license of cloud Guru. We started a group of individuals who were interested in learning and taking the AWS associate exam. Our plan was to go through the cloud guru videos twice in a week during office hrs ( Allocated 1 hrs for learning ) and discuss any doubts related to topics. It all went very well for few weeks and suddenly people started missing sessions due to different reasons such as office meeting and workload. The group which started with 30 people reduced to 10 now and unfortunately I too dropped due to timing clash and office workload.
Almost after 6 months, again I started going through cloud Guru Videos and this time I was able to complete it and at that time i can easily rate myself 6 out of 10.
I went through AWS FAQ’s , I must say that they are must if you are preparing to take AWS exam.
I didn’t stop, Continue reading
Designing the new Cloudflare Web Application Firewall
The Cloudflare Web Application Firewall (WAF) protects websites and applications from malicious traffic attempting to exploit vulnerabilities in server software. It’s a critical piece of the broader security posture of your application. With that in mind, we made sure improvements to the Web Application Firewall dashboard experience made it easier to enable the WAF and configure rules to match the specific requirements of an application. In this post, I’ll share parts of the process we followed and the rationale behind the decisions we took when designing the new Web Application Firewall dashboard experience.
I’ve separated out my design process into three stages:
- Identify the tasks customers are trying to complete using the WAF
- Prioritise the tasks in such a way that it’s clear what the most common tasks are vs what the more involved tasks are
- Define, create, and refine the interface and interactions
Identifying the tasks customers are trying to complete
We support a range of customers — individual developers or hobbyists, small/medium-sized businesses where it’s common for a developer to fulfil multiple roles and responsibilities, through to large global enterprises where often there is an entire department dedicated to information security. Traditionally, product development teams use techniques such Continue reading
We Are the Internet Society: Our Impact in 2020
If there were doubts about how important the Internet is for everyone, 2020 put those to rest. As we push forward through this turbulent time, I want to take a moment to share some inspiration. The Internet Society’s 2020 Impact Report: The Internet Is a Lifeline is a storybook of ingenuity, collaboration, and what happens […]
The post We Are the Internet Society: Our Impact in 2020 appeared first on Internet Society.
NSA, ODNI and CISA Release 5G Analysis Paper
Useful reading to understand network integrity, impacts and risk of mobile networks
BGP-Free MPLS Core with Segment Routing
After I created the Segment Routing lab to test the relationship between Node Segment ID (SID) and MPLS labels, I was just a minor step away from testing BGP-free core with SR-MPLS.
I added two nodes to my lab setup, this time using IOSv as those nodes need nothing more than EBGP support (and IOSv is tiny compared to IOS XE on CSR):
BGP-Free MPLS Core with Segment Routing
After I created the Segment Routing lab to test the relationship between Node Segment ID (SID) and MPLS labels (and added support for IS-IS, SR-MPLS, and BGP to netsim-tools), I was just a minor step away from testing BGP-free core with SR-MPLS.
I added two nodes to my lab setup, this time using IOSv as those nodes need nothing more than EBGP support (and IOSv is tiny compared to IOS XE on CSR):
DockerCon LIVE 2021 Keynotes
Join us for DockerCon LIVE 2021 on Thursday, May 27. DockerCon LIVE is a free, one day virtual event that is a unique experience for developers and development teams who are building the next generation of modern applications. If you want to learn about how to go from code to cloud fast and how to solve your development challenges, DockerCon LIVE 2021 offers engaging live content to help you build, share and run your applications. Register today at https://dockr.ly/2PSJ7vn
With DockerCon just around the corner, we’re pleased to announce our outstanding keynote speaker line-up.
Among the Docker luminaries taking the virtual stage May 27 will be CEO Scott Johnston, CTO Justin Cormack and VP of Products Donnie Berkholz. Look for keynotes, too, from special guests Dana Lawson, GitHub VP of Engineering, and Matt Falk, VP of Engineering, Data Science and Computer Vision at Orbital Insight.
Picking up hosting duties will be Docker’s Peter McKee and William Quiviger, along with DevOps consultant and Docker Captain Bret Fisher.
They’re just part of the one-day event packed with demonstrations, product announcements, company updates and more — all of it focused on modern application delivery in a cloud-native world.
Last year 78,000 registrants Continue reading