0

Welcome to Birthday Week 2020

Each year we celebrate our launch on September 27, 2010 with a week of product announcements. We call this Birthday Week, but rather than receiving gifts, we give them away. This year is no different, except that it is… Cloudflare is 10 years old.

Before looking forward to the coming week, let’s take a look back at announcements from previous Birthday Weeks.

A year into Cloudflare’s life (in 2011) we launched automatic support for IPv6. This was the first of a long line of announcements that support our goal of making available to everyone the latest technologies. If you’ve been following Cloudflare’s growth you’ll know those include SPDY/HTTP/2, TLS 1.3, QUIC/HTTP/3, DoH and DoT, WebP, … At two years old we celebrated with a timeline of our first two years and the fact that we’d reached 500,000 domains using the service. A year later that number had tripled.

In 2014 we released Universal SSL and gave all our customers SSL certificates. In one go we massively increased the size of the encrypted web and made it free and simple to go from http:// to https://. Other HTTPS related features we’ve Continue reading

0

Duty Calls: Technologies that Didn’t: CLNS

Russ White published an interesting story explaining why we’re using IP and not CLNS to build today’s Internet.

Let’s start with a few minor details he missed that I feel obliged to point out (apologies to Russ for being too pedantic, but you know me…):

0

New ACI deployment? Watch out when connecting APICs to Leafs

It’s one of those articles aimed at the people with Cisco ACI experience who don’t bother with reading all the install and other guides again while going through n’th time of building and ACI fabric, like me. When it comes to Cisco ACI, you really should. There’s a small change with the physical build of the third generation of APIC server where 10G SFP interfaces from APIC towards the Leaf switches (used for fabric discovery and later for the in-band controller to fabric communication) where 4x10G card is built in the server and not like 2x10G on M2/L2 and other

The post New ACI deployment? Watch out when connecting APICs to Leafs appeared first on How Does Internet Work.

0

Configure NXOS with Napalm

Napalm offers an easy way to configure and gather information from network devices using a unified API. No matter what vendor it is used against the input task and returned output will be the same. The only thing that will not be vendor neutral is the actual commands run and configuration being applied. This post documents experiences of trying to replace the whole configuration on NXOS using Napalm with Ansible.

0

Aws Deeplens – meet the devil dog – part 1

Now on first look she is so adorable, don’t be fooled by looks this dog is responsible for destruction of usb cables, foot wear , headphones, trash can openings and garden destruction.

Idea inspired from : https://youtu.be/ALKz1eKj4n0

Aws deeplens – https://aws.amazon.com/deeplens/

So here is the idea, over the course of next few days to months, I will start capturing many constructive and destructive images of my dog and start training a AI model which will give us a reasonable idea on what exactly she is up to when we leave her alone and alert us accordingly.

Am not a ML developer let alone be an expert, but aws makes it easy to train and deploy models and you don’t have to know much to get started. I developed another ML model with aws rekognition which identifies unwanted plants and shrubs in a raised bed.

I got set up this deeplens and deployed a model project in no less than 5 minutes and am being honest. Here is a sample model which identifies cat vs dog , this model comes is among example models.

It has a Mqtt topic which you can subscribe as well

-Rakesh

0

Worth Reading: Iron Chef – Certification Edition

In one of his recent blog posts Tom Hollingsworth described what I semi-consciously felt about the CCIE lab exam for at least 25 years: it’s full of contrived scenarios that look more like Iron Chef than real life.

I understand they had to make the lab harder and harder to stop cheating (because talking with candidates and flunking the incompetents is obviously not an option), and there’s only so much one can do with a limited set of technologies… but forcing networking engineers to find ever-more-devious ways to solve overly-complex problems is nothing else but fuel for rampant MacGyverism.

Anyway, I don’t think this mess will ever be fixed, so the only thing we can do is to enjoy the rant.

0

Weekend Reads 092520

Cybercrime rewards innovative organizations. These can innovate at the tactical level (e.g. new or updated tactics, techniques, and procedures (TTP)), the strategic level (e.g. new monetisation methods), or at the operational level—the management of resources and personnel to achieve strategic objectives. This is operational art.

Enterprises cannot afford to ignore the threat posed by encrypted inbound network traffic. Adversaries now commonly use encrypted traffic flows to cloak cyberattacks, slipping malware, ransomware, and other malicious content past perimeter detection systems.

Major cloud services providers are about half as likely (46%) to experience a data breach compared with large enterprises, a new study suggests.

In short: The Trolley Problem is not the kind of a problem that is open to a solution. The Trolley Problem is not for solving, it’s for teaching—for stimulating, for illustrating, for provoking, for exposing predilections and contradictions. It’s a thought experiment. (Philosophy also performs thought experiments with zombies.) The point is not to work out the answer to a riddle; the point is to think about the implications of the circumstances. We open Pandora’s Box, but we don’t intend to catch the demons and stuff them back in; we let them fly around wreaking Continue reading

0

Government cybersecurity agency warns of Windows Server exploit

The federal government's Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare emergency directive to federal government agencies to roll out a Windows Server patch within days, an indication of the severity of the exploit.The directive was issued on September 18, and agencies were given four days to apply the security update. It demands that executive agencies take "immediate and emergency action" to patch CVE-2020-1472, issued August 11.The vulnerability is in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory from Windows Server 2008 to Server 2019. It has been named "Zerologon" because of how it works.To read this article in full, please click here

0

Government cybersecurity agency warns of Windows Server exploit

The federal government's Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare emergency directive to federal government agencies to roll out a Windows Server patch within days, an indication of the severity of the exploit.The directive was issued on September 18, and agencies were given four days to apply the security update. It demands that executive agencies take "immediate and emergency action" to patch CVE-2020-1472, issued August 11.The vulnerability is in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory from Windows Server 2008 to Server 2019. It has been named "Zerologon" because of how it works.To read this article in full, please click here

0

What Does Normal Look Like Now? COVID’s Impact on the Internet

Six months ago, when the World Health Organization declared COVID-19 a pandemic, it accelerated the shift out of offices and schools and onto the Internet. Back then, we asked if the Internet was resilient enough to withstand Coronavirus. After several months of observations, we confirmed that it is, thanks to the strength, resilience and success of the open architecture that underpins it. Since then, concerns about the Internet’s ability to handle the increase in lockdown-driven traffic seem to have abated, resulting in fewer articles and blog posts on the topic.

Getting Back to Normal

As we head into the final months of 2020, some businesses have reopened in a limited capacity, allowing employees to return to their brick-and-mortar workplaces. Many students are also returning to school, whether in person or online. Yet, the lack of affordable and available Internet access remains a significant issue. Earlier this year, we heard stories about students sitting outside schools and libraries in search of reliable WiFi in order to attend classes. As the new school year starts in North America, we heard about students using WiFi signals from a local fast food chain restaurant to complete their homework. And with students now needing to Continue reading

0

Heavy Networking 541: An Update On Free Range Routing

Today's Heavy Networking jumps into the Free Range Routing (FRR) project, including features of the latest release, what's on the roadmap, and use cases and platform support. Our guest is Donald Sharp, a longtime FRR contributor and  Principle Engineer at NVIDIA.

0

Heavy Networking 541: An Update On Free Range Routing

Today's Heavy Networking jumps into the Free Range Routing (FRR) project, including features of the latest release, what's on the roadmap, and use cases and platform support. Our guest is Donald Sharp, a longtime FRR contributor and  Principle Engineer at NVIDIA.

The post Heavy Networking 541: An Update On Free Range Routing appeared first on Packet Pushers.

0

TAYGA: Bridge an IPv6 Network Back to IPv4 using NAT64

Every network admin on the planet knows this dirty little secret: We’re running out of IPv4 addresses. This was an inevitability, given how wide-spread the network and network devices have become. Even on your LAN, you sometimes have to use subnetting, simply because you’ve found the devices on your massive enterprise network have gobbled up all the 192.68.1.x addresses. It’s a problem. Which is why IPv6 was developed. IPv6 offers a larger pool of addresses from which to use. The problem is that IPv6 isn’t nearly as easy to employ as IPv4. After all, 192.168.1.1 is much easier to remember than 0:0:0:0:0:ffff:c0a8:101. But what’s a network administrator to do? Migrate all of those servers and various hardware devices from IPv4 to IPv6? In theory, yes, that is exactly what should happen. However, that’s not nearly as easy as one would like to think it would be. After all, you might have hundreds upon hundreds of devices and numerous locations. On top of which, there’s always that pesky DNS that must be updated (which could equate to downtime). Oh, and let’s not forget that IPv6 is not backward compatible with IPv4. Why was this decision Continue reading

0

Cisco turns out security patches 25 high-threat flaws for IOS, IOS XE

If you are a security admin with lots of systems running Cisco IOS and IOS XE software today is decidedly not your day.Cisco this week posted 25 “High” rated security advisories that stem from 34 vulnerabilities the company suggests should be fixed as soon as possible. The vulnerabilities impact a wide-range of Cisco gear as IOS and IOS XE are the company’s most widely used operating systems. The warnings affect firewalls, wireless access points and switches.Network pros react to new Cisco certification curriculum For example, one of the highest rated threats--with an 8.6 out of 10 threat level, are multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software that could let an remote attacker to cause the device to reload or stop forwarding traffic through the firewall,resulting in a denial of service (DoS).To read this article in full, please click here

0

Cisco turns out security patches 25 high-threat flaws for IOS, IOS XE

If you are a security admin with lots of systems running Cisco IOS and IOS XE software today is decidedly not your day.Cisco this week posted 25 “High” rated security advisories that stem from 34 vulnerabilities the company suggests should be fixed as soon as possible. The vulnerabilities impact a wide-range of Cisco gear as IOS and IOS XE are the company’s most widely used operating systems. The warnings affect firewalls, wireless access points and switches.Network pros react to new Cisco certification curriculum For example, one of the highest rated threats--with an 8.6 out of 10 threat level, are multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software that could let an remote attacker to cause the device to reload or stop forwarding traffic through the firewall,resulting in a denial of service (DoS).To read this article in full, please click here

0

A scrounger, scumbag and admitted thief get 140MM in VC funding

The CEO of Bolt seems to be a piece of work

0

MemVerge ships software-defined persistent memory software

Big Memory software startup MemVerge launched its Memory Machine software designed to turn DRAM and Intel Optane persistent memory into a software-defined memory pool, bringing DRAM performance to persistent memory (PMEM).For some use cases, SSDs just aren’t fast enough. “Despite all the great advances in storage, the latency difference between memory and storage remains at more than three orders of magnitude, making this data movement inefficient,” said Alper Ilkbahar, vice president and general manager of the memory and storage product group at Intel in a conference call with MemVerge.To read this article in full, please click here

0

MemVerge ships software-defined persistent memory software

Big Memory software startup MemVerge launched its Memory Machine software designed to turn DRAM and Intel Optane persistent memory into a software-defined memory pool, bringing DRAM performance to persistent memory (PMEM).For some use cases, SSDs just aren’t fast enough. “Despite all the great advances in storage, the latency difference between memory and storage remains at more than three orders of magnitude, making this data movement inefficient,” said Alper Ilkbahar, vice president and general manager of the memory and storage product group at Intel in a conference call with MemVerge.To read this article in full, please click here

0

The Smörgåsbord

No plan, no script, no net. In this episode Tony and Jordan give a peek behind the curtains on what has been going on with them both personally and professionally. This episode has a bit of everything. Personal struggles, new hobbies, work news, and a Defcon capture the flag story. This is the Smörgåsbord.

 

Network Collective thanks NVIDIA for sponsoring today’s episode. NVIDIA is positioned as the leader in open networking and provides end-to-end solutions at all layers of the software and hardware stack. You can experience NVIDIA Cumulus in the Cloud for free!  Head on over to: https://cumulusnetworks.com/ncpod to see what a modern open network operating system looks like for yourself.

---

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post The Smörgåsbord appeared first on Network Collective.

0

Video: Bridging, Routing, Switching

If you’re working solely with IP-based networks, you’re probably quick to assume that hop-by-hop destination-only forwarding is the only packet forwarding paradigm that makes sense. Not true, even today’s networks use a variety of forwarding mechanisms, most of them called some variant of routing or switching.

What exactly is the difference between the two, and what is bridging? I’m answering these questions (and a few others like what’s the difference between data-, control- and management planes) in the Bridging, Routing and Switching Terminology video.