0

Data Center and WAN Virtualization Technologies Step Forward in 2021

With 2020 thankfully fading into history, virtualization technologies are set to take IT to new levels of flexibility and efficiency.

0

Master Class: DC Fabrics

I’m teaching another master class over at Juniper on the 13th at 9AM PT:

Spine-and-leaf fabric is the “new standard,” but how much do you know about this topology, its origins, and its properties? This session will consider the history of the Clos, explain the butterfly and Benes, look at why a fabric is a fabric and why “normal networks” are not, and cover some key design considerations when building a fabric.

You can register here.

0

Cloudflare Radar’s 2020 Year In Review

Throughout 2020, we tracked changing Internet trends as the SARS-Cov-2 pandemic forced us all to change the way we were living, working, exercising and learning. In early April, we created a dedicated website https://builtforthis.net/ that showed some of the ways in which Internet use had changed, suddenly, because of the crisis.

On that website, we showed how traffic patterns had changed; for example, where people accessed the Internet from, how usage had jumped up dramatically, and how Internet attacks continued unabated and ultimately increased.

Today we are launching a dedicated Year In Review page with interactive maps and charts you can use to explore what changed on the Internet in 2020. Year In Review is part of Cloudflare Radar. We launched Radar in September 2020 to give anyone access to Internet use and abuse trends that Cloudflare normally had reserved only for employees.

Where people accessed the Internet

To get a sense for the Year In Review, let’s zoom in on London (you can do the same with any city from a long list of locations that we’ve analyzed). Here’s a map showing the change in Internet use comparing April (post-lockdown) and February (pre-lockdown). This map compares working hours Continue reading

0

The Attention Economy And The IT Talent Dearth

In IT operations, finding talent is difficult. For years, there has been a shortage of folks who are capable of maintaining complex infrastructure. To be sure, some of this is geographical. And certainly, the rate of technology change makes it difficult to find people with specific product skills. Hard to find a Kubernetes expert with ten years of experience.

But I suspect there’s a couple of other things going on that, when combined, make the talent dearth even worse.

The Brutality Of Complexity

When I was studying for Novell Netware 3 (before directory services) certifications decades ago, there was a lot to know. Networking with IPX. Architecture of x86 servers. NLMs. Storage strategies. Mail systems. Whatever else was in those red books many of us had on our shelves.

Pre-AD Microsoft certifications were similarly challenging. Domain controllers. Backup domain controllers. File & print systems. User permissions and design strategies. The GINA. Networking with IP, IPX, and NetBEUI. Mail systems. IIS. So much more.

That was before the addition of directory services to Novell and Microsoft operating systems. Directory services changed the game for file, print, email, and more back in the day, and it put a major burden on IT Continue reading

0

Build Resilient, Secure Microservices with Microsegmentation

About 10 to 12 years ago, the world of software experienced a shift in the architectural aspects of enterprise applications. Architects and software builders started moving away from the giant, tightly coupled, monolithic applications deployed in the private data centers to a more microservices-oriented architecture hosted in public cloud infrastructure. The inherent distributed nature of microservices is a new security challenge in the public cloud. Over the last decade, despite the growing adoption of microservices-oriented architecture for building scalable, autonomous, and robust enterprise applications, organizations often struggle to protect against this new attack surface in the cloud compared to the traditional data centers. It includes concerns around multitenancy and lack of visibility and control over the infrastructure, as well as the operational environment. This architectural shift makes meeting security goals harder, especially with the paramount emphasis placed on faster container-based deployments. The purpose of this article is to understand what microsegmentation is and how it can empower software architects, DevOps engineers, and IT security architects to build secure and resilient microservices. Specifically, I’ll discuss the network security challenges associated with the popular container orchestration mechanism Kubernetes, and I will illustrate the value of microsegmentation to prevent lateral movement when a Continue reading

0

Interconnecting GNS3 Virtual Machines – Video

GNS3 co-founder and developer Jeremy Grossman and networking instructor David Bombal talk with Ethan Banks about how separate GNS3 VMs communicate. You can listen to the full episode, “Heavy Networking 556: The State Of GNS3 For Network Labs,” by clicking this link. Heavy Networking is part of the Packet Pushers network of technical podcasts, including […]

The post Interconnecting GNS3 Virtual Machines – Video appeared first on Packet Pushers.

0

Automation Win: Chatops-Based Security

It’s amazing how quickly you can deploy new functionality once you have a solid foundation in place. In his latest blog post Adrian Giacometti described how he implemented a security solution that allows network operators to block source IP addresses (identified by security tools) across dozens of firewalls using a bot listening to a Slack channel.

Would you be surprised if I told you we covered similar topics in our automation course? 😇

0

Automation Win: Chatops-Based Security

It’s amazing how quickly you can deploy new functionality once you have a solid foundation in place. In his latest blog post Adrian Giacometti described how he implemented a security solution that allows network operators to block source IP addresses (identified by security tools) across dozens of firewalls using a bot listening to a Slack channel.

Would you be surprised if I told you we covered similar topics in our automation course? ?

0

Automating responses to scripts on Linux using expect and autoexpect

The Linux expect command takes script writing to an entirely new level. Instead of automating processes, it automates running and responding to other scripts. In other words, you can write a script that asks how you are and then create an expect script that both runs it and tells it that you're ok.Here's the bash script:#!/bin/bash echo "How are you doing?" read ans [Get regularly scheduled insights by signing up for Network World newsletters.] Here's the expect script that provides the response to the query:#!/usr/bin/expect set timeout -1 spawn ./ask # ask is name of script to be run expect "How are you doing?\r" send -- "ok\r" expect eof When you run the script, you should see this:To read this article in full, please click here

0

Network Break 315: Pluralsight Sold For $3.5 Billion; Dent NOS Hitchhikes To The Edge

This week's Network Break discusses the jaw-dropping $3.5 billion purchase of Pluralsight; welcomes a new network OS to life, the universe, and everything; debates whether ICANN was cautious or tardy in implementing DNSSEC for gTLD name servers, catches up on the SolarWinds hack, and more tech conversation.

0

Network Break 315: Pluralsight Sold For $3.5 Billion; Dent NOS Hitchhikes To The Edge

This week's Network Break discusses the jaw-dropping $3.5 billion purchase of Pluralsight; welcomes a new network OS to life, the universe, and everything; debates whether ICANN was cautious or tardy in implementing DNSSEC for gTLD name servers, catches up on the SolarWinds hack, and more tech conversation.

The post Network Break 315: Pluralsight Sold For $3.5 Billion; Dent NOS Hitchhikes To The Edge appeared first on Packet Pushers.

0

Tight SASE Function Integration Required to Meet Today’s Dynamic Requirements

SASE is not a new technology offering, but it is a more rigorous and strategic approach for tightly integrating several existing security technologies.

0

Protecting Workloads with Global Network Backing Using Site Recovery Manager

Many thanks to Dimitri Desmidt from VMware, NSBU for providing the Design details of Multi-Location and Federation.

Preface

Starting NSX-T version 3.0.2 workloads with NSX-T global network backing (L2 stretched segment) can be protected and recovered using Site Recovery Manager (SRM). More details on Multi-Locations with Federation are available here.

Note: This post does not contain the installation and configuration details of NSX-T federation, vSphere Replication and Site Recovery Manager. Hence, it is necessary to meet the following pre-requisite to achieve the goal of protecting workloads with global segments using SRM.

Pre-requisite

• Understanding of NSX-T Federation and its configuration is necessary.
• Understanding the installation and configuration of vSphere Replication and Site Recovery Manager (SRM) is necessary.

Limitations

SRM is not currently supported with Federation with VM Tags, Segment Ports, or Segment Ports Tags. As mentioned in the Design Guide for Multi-Locations here:

• Currently recovered VMs via SRM does not recover their NSX VM Tags.
• Recovered VMs will receive new Segment Ports on the new LM.
• If the Federation Security is based on VM Tags, Segment Ports or Segment Ports Tags then the recovered compute VMs in another location (London in our example here) do not have their Continue reading

0

Give The Network Designer That Came Before You A Break

When you take over a network as a technical lead, you often run into design elements that make you do a spit-take. They did WHAT? Really? Were they...stupid? Clueless? Stupid AND clueless? Maybe they were, but I argue that you should give those humans that came before you a break. You weren't there. You don't know what constraints they were operating under. Since you don't know those things, it's hard to pass fair judgement. Unfair judgement? Oh, yeah. All day long, and you can even feel righteous while doing so. Super smug.

The post Give The Network Designer That Came Before You A Break appeared first on Packet Pushers.

0

Understanding GNS3 Appliances – Video

The labbing tool GNS3 has a capability called “appliances” but it may not mean what you think it means. GNS3 co-founder and developer Jeremy Grossman and networking instructor David Bombal talk with Ethan Banks about what appliances mean in the context of this software. You can listen to the full episode, “Heavy Networking 556: The […]

The post Understanding GNS3 Appliances – Video appeared first on Packet Pushers.

0

2021 Could Be the Year of Quantum Drug Discovery

While this new year might not mark the moment when the first drugs are discovered via molecular dynamics simulations running on a full-scale quantum, there are several signs that a number of important collaborations between the few quantum vendors and major biotech companies are announced. …

2021 Could Be the Year of Quantum Drug Discovery was written by Nicole Hemsoth at The Next Platform.

0

Tech Bytes: SD-WAN Helps Medical Imaging Company Get The Picture Faster (Sponsored)

This Tech Bytes podcast explores how SimonMed, a medical imaging company, turned to an SD-WAN deployment from Silver Peak to reduce image delivery time from minutes to seconds, improve performance of VoIP, and begin a migration from expensive MPLS circuits.

0

Tech Bytes: SD-WAN Helps Medical Imaging Company Get The Picture Faster (Sponsored)

This Tech Bytes podcast explores how SimonMed, a medical imaging company, turned to an SD-WAN deployment from Silver Peak to reduce image delivery time from minutes to seconds, improve performance of VoIP, and begin a migration from expensive MPLS circuits.

The post Tech Bytes: SD-WAN Helps Medical Imaging Company Get The Picture Faster (Sponsored) appeared first on Packet Pushers.

0

Who Shoulders the Supercomputing Resiliency Burden?

While the related topics of fault tolerance and resiliency do not garner the same attention as performance and efficiency, being able to recover from and work around failures, especially as applications take over ever-large and increasingly heterogenous machines, is more important than ever. …

Who Shoulders the Supercomputing Resiliency Burden? was written by Nicole Hemsoth at The Next Platform.

0

Using Velero to Protect Cluster API

Cluster API (also known as CAPI) is, as you may already know, an effort within the upstream Kubernetes community to apply Kubernetes-style APIs to cluster lifecycle management—in short, to use Kubernetes to manage the lifecycle of Kubernetes clusters. If you’re unfamiliar with CAPI, I’d encourage you to check out my introduction to Cluster API before proceeding. In this post, I’m going to show you how to use Velero (formerly Heptio Ark) to backup and restore Cluster API objects so as to protect your organization against an unrecoverable issue on your Cluster API management cluster.

To be honest, this process is so straightforward it almost doesn’t need to be explained. In general, the process for backing up the CAPI management cluster looks like this:

1. Pause CAPI reconciliation on the management cluster.
2. Back up the CAPI resources.
3. Resume CAPI reconciliation.

In the event of catastrophic failure, the recovery process looks like this:

1. Restore from backup onto another management cluster.
2. Resume CAPI reconciliation.

Let’s look at these steps in a bit more detail.

Pausing and Resuming Reconciliation

The process for pausing and resuming reconciliation of CAPI resources is outlined in this separate blog post. To summarize that post here for convenience, the Cluster Continue reading