Appreciation Society
Given how crazy everything is right now, it’s important to try and stay sane. And that’s harder than it sounds to be honest. Our mental health is being degraded by the day. Work stress, personal stress, and family stress are all contributing to a huge amount of problems for all of us. I can freely admit that I’m there myself. My mental state has been challenged as of late with a lot of things and I’m hoping that I’m going to pull myself out of this funk soon with the help of my wife @MrsNetwrkngnerd and some other things to make me happier.
One of the things that I wanted to share with you all today was one of the things I’ve been trying to be mindful about over the course of the last few months. It’s about appreciation. We show appreciation all the time for people. It’s nothing new, really. But I want you to think about the last time you said “thank you” to someone. Was it a simple exchange for a service? Was it just a reflex to some action? Kind of like saying “you’re welcome” afterwards? I’d be willing to bet that most of the people Continue reading
Heavy Networking 533: Packet Pushers Roundtable – SD-Branch, BGP Over QUIC, Bandwidth Avoidance
Today's episode assembles the Packet Pushers to wrangle over a grab bag of ideas including the evolution from SD-WAN to SD-Branch, new compression standards to preserve Internet bandwidth, and the pros and cons of BGP over QUIC.Heavy Networking 533: Packet Pushers Roundtable – SD-Branch, BGP Over QUIC, Bandwidth Avoidance
Today's episode assembles the Packet Pushers to wrangle over a grab bag of ideas including the evolution from SD-WAN to SD-Branch, new compression standards to preserve Internet bandwidth, and the pros and cons of BGP over QUIC.
The post Heavy Networking 533: Packet Pushers Roundtable – SD-Branch, BGP Over QUIC, Bandwidth Avoidance appeared first on Packet Pushers.
Protecting Remote Desktops at Scale with Cloudflare Access
Early last year, before any of us knew that so many people would be working remotely in 2020, we announced that Cloudflare Access, Cloudflare’s Zero Trust authentication solution, would begin protecting the Remote Desktop Protocol (RDP). To protect RDP, customers would deploy Argo Tunnel to create an encrypted connection between their RDP server and our edge - effectively locking down RDP resources from the public Internet. Once locked down with Tunnel, customers could use Cloudflare Access to create identity-driven rules enforcing who could login to their resources.
Setting Tunnel up initially required installing the Cloudflare daemon, cloudflared, on each RDP server. However, as the adoption of remote work increased we learned that installing and provisioning a new daemon on every server in a network was a tall order for customers managing large fleets of servers.
What should have been a simple, elegant VPN replacement became a deployment headache. As organizations helped tens of thousands of users switch to remote work, no one had the bandwidth to deploy tens of thousands of daemons.
Message received: today we are announcing Argo Tunnel RDP Bastion mode, a simpler way to protect RDP connections at scale. ? By functioning as a Continue reading
MUST READ: IPv4, IPv6, and a Sudden Change in Attitude
Avery Pennarun continued his if only IPv6 would be less academic saga with a must-read IPv4, IPv6, and a sudden change in attitude article in which he (among other things) correctly identified IPv6 as a typical example of second-system effect:
If we were feeling snarky, we could perhaps describe IPv6 as “the String Theory of networking”: a decades-long boondoggle that attracts True Believers, gets you flamed intensely if you question the doctrine, and which is notable mainly for how much progress it has held back.
In the end, his conclusion matches what I said a decade ago: if only the designers of the original Internet wouldn’t be too stubborn to admit a networking stack needs a session layer. For more details, watch The Importance of Network Layers part of Networks Really Work webinar
The Tech Tricks That Make PCI-Express 6.0 And Beyond Possible
Multiplying things by two and putting them on a roadmap is easy, even if it does take a lot of courage to do that. …
The Tech Tricks That Make PCI-Express 6.0 And Beyond Possible was written by Timothy Prickett Morgan at The Next Platform.
Next Platform TV for August 6, 2020
On today’s program we look at the future of Cray as part of HPE with former Cray CEO and current HPC and mission-critical systems lead at HPE-Cray, Pete Ungaro. …
Next Platform TV for August 6, 2020 was written by Nicole Hemsoth at The Next Platform.
Enabling Microsegmentation with Calico Enterprise
Microsegmentation is a security technique that is used to isolate workloads from one another. Microsegmentation limits the blast radius of a data breach by making network security more granular. Should a breach occur, the damage is confined to the affected segment. Application workloads have evolved over time – starting from bare metal, to a mix of on-prem and cloud virtual machines and containers. Similarly, the pace of change has dramatically increased, both in terms of release updates and auto-scaling.
Enforcement of network security has also evolved over time, with organizations using a mix of physical/virtual firewalls and platform-specific security groups to manage network security. This creates the following challenges:
- Management Overhead – Organizations have to maintain different products, teams and workflows to manage and operate segmentation across containers, VMs and bare metal. The diagram above shows how different platforms may require different approaches to segmentation, thereby creating a burden on the operations team.
- Lack of Cloud-Native Performance – With hybrid cloud becoming a norm, products built for traditional workloads can neither scale nor enforce security for cloud-native deployments with minimal latency.
Calico Enterprise provides a common policy language for segmentation that works across all of your hybrid cloud and Continue reading
Cisco Viptela SD-WAN Training
Cisco Viptela SD-WAN Training. I recently added Self Paced Cisco Viptela SD-WAN training under Training on the website. You can purchase it and start studying the course right away.
This course covers all SD-WAN concepts from basic to advance level.
Not only many hours theory and design, but there are more than 12 hours Lab/Configuration in this course to demonstrate, different features in SD-WAN.
Students of this course are placed in a study group, so when they have any problem, we support them in the group. This is key for learning and I follow the same methodology in all my trainings.
It covers at the moment, Cisco Viptela SD-WAN but when the new content is available for the other vendors SD-WAN solution, students will be able to access the new content for free as well.
Starting from installing certificates on the SD-WAN Controller (VBond, VSmart, VManage), all the way cloud integration, Direct Internet Access, Dynamic Path Selection, Application Based Traffic Engineering, QoS, Forward Error Correction, Deduplication, Zero Touch Provisioning and many other topics are covered from theory and design aspects and demonstrated in a Lab environment.
Last but not least, guest designers will discuss their real life SD-WAN design and Continue reading
100+ Hours CCIE Enterprise Infrastructure Training/Bootcamp
100+ hours CCIE Enterprise Infrastructure Training/Bootcamp. Can it happen? Yes, in fact my CCIE Enterprise Instructor Led course is over 100 hours, design , theory and lab content.
In the CCIE Enterprise training I go through not only traditional technologies such as OSPF, EIGRP , BGP , MPLS, Multicast, QoS, IPv6 etc. but also there are so many SD-WAN , SD-Access and Network Programmability and Automation content.
Probably you have seen some topologies on social media (I use LinkedIn mostly), those topologies consists of many tasks and we cover all of them in the training.
I have two versions of CCIE Enterprise Training.
1.Self Paced CCIE Enterprise Infrastructure Training:
In this training, all the content of CCIE Instructor Led training is covered but as a recorded video format. Participant of Self Paced CCIE Enterprise Training gets not only videos but also Config files/Labs , workbooks, design comparison charts (don’t forget there is 3 hours design module in CCIE Enterprise exam), session materials and so on. Self Paced training students are placed in a study group together with the Instructor Led CCIE Enterprise training/bootcamp students.
2. Instructor Led CCIE Enterprise Infrastructure Continue reading
Everything You Need to Know about Network Time Security
This article was first published on NetNod’s Blog. It is reposted here with permission of the author.
A lot of the Internet’s most important security tools are dependent on accurate time. But until recently there was no way to ensure that the time you were getting came from a trusted source. The new Network Time Security (NTS) standard has been designed to fix that. In this post, we will summarise the most important NTS developments and link to a range of recent Netnod articles providing more information on the background, the NTS standard and the latest implementations.
What is NTS and why is it important?
NTS is an essential development of the Network Time Protocol (NTP). It has been developed within the Internet Engineering Task Force (IETF) and adds a much needed layer of security to a protocol that is more than 30 years old and is vulnerable to certain types of attack. Netnod has played an important role in the development of Network Time Security (NTS) from the standardization effort in the IETF to the development of several implementations and the launch of one of the first NTS-enabled NTP services in the world.
NTS consists of two protocols, Continue reading
BGP Convergence and ASn allocation design in Large Scale Networks
BGP Convergence and ASn allocation design in Large Scale Networks covered in this post and the video at the end of the post.
This content is explained in great detail in my BGP Zero to Hero course as well as CCIE Enterprise Training.
BGP is always known as slowly converged protocol. In fact this is wrong knowledge. If you just mention about BGP Control plane convergence, can be true but we always ignore BGP Data Plane Convergence which is commonly known as BGP PIC (Prefix Independent Convergence)
In this post, I will explain the BGP Path Hunting process which slows down the convergence process. Path Hunting is not only BGP but in general distance vector protocols convergence problem.
Effect of Path Hunting gets very problematic in densely meshed topologies such as CLOS or Fat Tree.
Many Leaf and Spine switches might be in the network and when EBGP is used (As it is recommended in RFC 7938) Path Hunting should be avoided by allocation the Autonomous System number to the networking devices wisely.
Otherwise, for the prefix which is not anymore advertised to network due to failure for example, BGP speaking routers try any Continue reading
IPv6 Buzz 057: Thinking Differently With IPv6
What do novice engineers need to know about IPv6? How can v6 help you rethink customer solutions? What will networking look like in 20 years? Today's IPv6 Buzz podcast explores these questions and more with guest Chris Grundemann, author and veteran IPv6 advocate.IPv6 Buzz 057: Thinking Differently With IPv6
What do novice engineers need to know about IPv6? How can v6 help you rethink customer solutions? What will networking look like in 20 years? Today's IPv6 Buzz podcast explores these questions and more with guest Chris Grundemann, author and veteran IPv6 advocate.
The post IPv6 Buzz 057: Thinking Differently With IPv6 appeared first on Packet Pushers.