Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored)
Today's Heavy Networking explores a partnership between Juniper Networks and Anuta Networks to bring low-code network automation to service providers and enterprises. In this sponsored show, we'll dive into how Anuta's ATOM platform integrates with Juniper's NorthStar SDN controller and HealthBot diagnostic software to automate and orchestrate common networking tasks. Our guests are Peter Weinberger, Principal Product Manager at Juniper Networks; and Kiran Sirupa, Head of Marketing at Anuta Networks.
The post Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored) appeared first on Packet Pushers.
Next Platform TV for July 14, 2020
A wide-ranging program for you today with everything from neuromorphic hardware and software research; some impressive FPGA acceleration for Caffe from Samsung AI Research; why the datacenter industry is booming (the answers might surprise you); the state of Lustre and OpenSFS; and where some unique opportunities are in HPC on the pandemic modeling front. …
Next Platform TV for July 14, 2020 was written by Nicole Hemsoth at The Next Platform.
MANRS Welcomes Three New CDN and Cloud Participants
The MANRS Content Delivery Network (CDN) and Cloud Program continues to grow in numbers and in strength with three new participants.
Hostmein, Verisign, and Vultr have deepened their commitment to strengthening the security and resilience of the Internet’s global routing system. Participants of this program, which launched in March 2020, implement important practices for mitigating common routing security threats.
Joining means committing to taking five mandatory, and one optional, security-strengthening actions. These include preventing propagation of incorrect routing information and traffic with illegitimate source IP addresses, and facilitating global operational communication and coordination. Read the full list of actions.
“MANRS is more an idea than a framework, and it is a tremendous idea,” said Hostmein CTO Alexander Stamatis. “It raises awareness, it raises new checks to be implemented in the industry, and it keeps us more in line with the primary mission: keeping the network clean, keeping it safe.
“[MANRS] is better because it was built by engineers for engineers. We discovered issues no other initiatives could detect.”
“MANRS is the best implementation that we have done to date. We have found it to be more effective than other specialised IT certifications. And it is better because it Continue reading
Bringing Order to the Cloud: Day 2 Operations in AWS with Ansible
Cloud environments do not lend themselves to manual management or interference, and only thrive in well-automated environments. Many cloud environments are created and deployed from a known definition/template, but what do you do on day 2? In this blog post, we will cover some of the top day 2 operations use cases available through our Red Hat Certified Ansible Content Collection for AWS (requires a Red Hat Ansible Automation Platform subscription) or from Ansible Galaxy (community supported).
Let’s manage some clouds!
No matter the road that led you to managing a cloud environment, you’ll likely have run into the ever-scaling challenge of maintaining cloud-based services over time. Cloud environments do not operate the same ways the old datacenter-based infrastructures did. Coupled with the ease of access for just about anyone to deploy services, you’ll have a potential recipe for years of unlimited maintenance headaches.
The good news is that there is one way to bring order to all the cloud-based chaos: Ansible. In this blog post we will explore common day 2 operations use cases for Amazon Web Services using the amazon.aws Ansible Certified Content Collection. For more information on how to use Ansible Content Collections, check out Continue reading
flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking
Magic Transit is Cloudflare’s L3 DDoS Scrubbing service for protecting network infrastructure. As part of our ongoing investment in Magic Transit and our DDoS protection capabilities, we’re excited to talk about a new piece of software helping to protect Magic Transit customers: flowtrackd. flowrackd is a software-defined DDoS protection system that significantly improves our ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks. If you are a Magic Transit customer, this feature will be enabled by default at no additional cost on July 29, 2020.
TCP-Based DDoS Attacks
In the first quarter of 2020, one out of every two L3/4 DDoS attacks Cloudflare mitigated was an ACK Flood, and over 66% of all L3/4 attacks were TCP based. Most types of DDoS attacks can be mitigated by finding unique characteristics that are present in all attack packets and using that to distinguish ‘good’ packets from the ‘bad’ ones. This is called "stateless" mitigation, because any packet that has these unique characteristics can simply be dropped without remembering any information (or "state") about the other packets that came before it. However, when attack packets have no unique characteristics, then "stateful" mitigation is required, because whether a Continue reading
In defense of open debate
Recently, Harper's published a Letter on Justice and Open Debate. It's a rather boring defense of liberalism and the norm of tolerating differing points of view. Mike Masnick wrote rebuttal on Techdirt. In this post, I'm going to rebut his rebuttal, writing a counter-counter-argument.
The Letter said that the norms of liberalism tolerate disagreement, and that these norms are under attack by increasing illiberalism on both sides, both the left and the right.
My point is this: Masnick avoids the rebutting the letter. He's recycling his arguments against right-wingers who want their speech coddled, rather than the addressing the concerns of (mostly) left-wingers worried about the fanaticism on their own side.
The Letter said that the norms of liberalism tolerate disagreement, and that these norms are under attack by increasing illiberalism on both sides, both the left and the right.
My point is this: Masnick avoids the rebutting the letter. He's recycling his arguments against right-wingers who want their speech coddled, rather than the addressing the concerns of (mostly) left-wingers worried about the fanaticism on their own side.
Free speech
Masnick mentions "free speech" 19 times in his rebuttal -- but the term does not appear in the Harper's letter, not even once. This demonstrates my thesis that his rebuttal misses the point.
The term "free speech" has lost its meaning. It's no longer useful for such conversations.
Left-wingers want media sites like Facebook, YouTube, the New York Times to remove "bad" speech, like right-wing "misinformation". But, as we've been taught, censoring speech is bad. Therefore, "censoring free speech" has to be redefined to as to not Continue reading
How To Deploy Containers to Azure ACI using Docker CLI and Compose
Running containers in the cloud can be hard and confusing. There are so many options to choose from and then understanding how all the different clouds work from virtual networks to security. Not to mention orchestrators. It’s a learning curve to say the least.
At Docker we are making the Developer Experience (DX) more simple. As an extension of that we want to provide the same beloved Docker experience that developers use daily and integrate it with the cloud. Microsoft’s Azure ACI provided an awesome platform to do just that.
In this tutorial, we take a look at running single containers and multiple containers with Compose in Azure ACI. We’ll walk you through setting up your docker context and even simplifying logging into Azure. At the end of this tutorial, you will be able to use familiar Docker commands to deploy your applications into your own Azure ACI account.
Prerequisites
To complete this tutorial, you will need:
- Docker installed on your development machine. You can download and install Docker Desktop Edge version 2.3.3.0 or later from the links below:
- Docker Hub account. Get your free account here.
- An Azure Continue reading
Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN
On today's Network Break we discuss Nokia's new network OS, examine a Cisco/AT&T partnership on SD-WAN, and analyze Google's pullback from a cloud venture in China. We also cover a new video codec and an image format that will save bandwidth, the rise of online learning, and what Uber's Postmates acquisition can tell us about IT startups.Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN
On today's Network Break we discuss Nokia's new network OS, examine a Cisco/AT&T partnership on SD-WAN, and analyze Google's pullback from a cloud venture in China. We also cover a new video codec and an image format that will save bandwidth, the rise of online learning, and what Uber's Postmates acquisition can tell us about IT startups.
The post Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN appeared first on Packet Pushers.
Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored)
Today's Tech Bytes dives into Intent-Based Networking (IBN) as an evolution of network automation. Apstra is our sponsor for this episode and our guest is Mansour Karam, fouder and President. We discuss how IBN advances traditional automation, Apstra's support for open networking, customer use cases, and more.Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored)
Today's Tech Bytes dives into Intent-Based Networking (IBN) as an evolution of network automation. Apstra is our sponsor for this episode and our guest is Mansour Karam, fouder and President. We discuss how IBN advances traditional automation, Apstra's support for open networking, customer use cases, and more.
The post Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored) appeared first on Packet Pushers.
Holding Steady: How CDNs, IXPs, and Network Providers Help Keep us Online
Although the COVID-19 pandemic is, unfortunately, far from over, the Internet continues to be resilient, supporting the additional demands that we have placed on it, including the rapid growth in online learning, work videoconferences, e-commerce, streaming video entertainment, and more.
Because the Internet exists as a network of networks, this resilience is largely due to the planning, actions, and cooperation of all of the interconnected participants. These participants include, but are certainly not limited to, network providers, Internet Exchange Points (IXPs), and Content Delivery Networks (CDNs).
Expanding Infrastructure
On the network side, major providers such as Comcast have invested billions of dollars over the last several years in expanding fiber infrastructure and growing network capacity. In contrast, community network provider NYC Mesh is leveraging DIY customer installations to grow its own infrastructure during the pandemic. While there is still much work to be done, these efforts by both large and small network operators as well as similar operators all over the world, are making reliable broadband connectivity more widely available. Infrastructure expansion is vital as the current pandemic has shown that access to reliable Internet is now more important than ever before.
Fast and Reliable Content Delivery
CDN providers are also doing their Continue reading
Your Security Products Are Insecure, With Data
The video is queued on the section where the talk highlights the security software (firewalls, threat detection etc) is actually the weakest link. He then presents the data that security vendors have become the weakest link in the security landscape. The asymmetry of defence is highlighted by the fact that security appliances have 10MM lines […]
The post Your Security Products Are Insecure, With Data appeared first on EtherealMind.
Zero Trust and the Cookie Metaphor
In old presentations on network security (watch this space; I’m working on a new security course for Ignition in the next six months or so), I would use a pair of chocolate chip cookies as an illustration for network security. In the old days, I’d opine, network security was like a cookie that was baked to be crunchy on the outside and gooey on the inside. Now-a-days, however, I’d say network security needs to be more like a store-bought cookie—crunchy all the way through. I always used this illustration to make a point about defense-in-depth. You cannot assume the thin crunchy security layer at the edge of your network—generally in the form of stateful packet filters and the like (okay, firewalls, but let’s leave the appliance world behind for a moment)—is what you really need.
There are such things as insider attacks, after all. Further, once someone breaks through the thin crunchy layer at the edge, you really don’t want them being able to move laterally through your network.
The United States National Institute of Standards and Technology (NIST) has released a draft paper describing Zero Trust Architecture, which addresses many of the same concerns as the cookie that’s crunchy Continue reading
How to Create a Self-Organized Network of Vendors for Your Small Business
When you start a business, there are many things that you need to look into – from what brands you will allow being a part of your business to which vendors to use. These are all essential decisions that need to be taken by you so that you can decide on the future of your business.
The only way to get through to it is to do your research. By research, what is meant is to do your work on finding the perfect brands and perfect vendors that will help you and your business grow seamlessly and without any issues.
Hence, in this article, you will be told how to create a self-organized network and how you can incorporate vendors into it. Let’s begin.
How to Create a Self-Organised Network of Vendors
Now, this is where the article helps you fulfil the reason why you are here in the first place. We’ll briefly review how to create a good network of vendors that will help in increasing the outlook and the growth of your business.
The relationship that you have with your vendors will be key and will be the basis of your business doing good, so you need to Continue reading
From Micro-segmentation to Internal Firewalling
The Evolution of VMware NSX Service-defined Firewall
Today, many people take micro-segmentation for granted. It’s incredible to recall that just a few years ago, VMware introduced micro-segmentation to support the concept of Zero Trust — a security model that does not automatically trust entities within the security perimeter. Fast forward to the present, and many people have embraced that concept and made it their own. Meanwhile, VMware has extended its solution for micro-segmentation into a full-blown internal firewall. Let’s step back in time and see how VMware progressed from the initial micro-segmentation use case to today’s powerful Service-defined Firewall, deployed by thousands of organizations.
Pioneering the Market for Micro-segmentation
Back in 2013, VMware pioneered micro-segmentation with the release of VMware NSX, the VMware network virtualization and security platform, which propelled VMware into the world of software-defined network and security virtualization. This initial release enabled customers to run a complete Layer 2-Layer 4 stack in software. The guiding philosophy was to make world-class security easy to operationalize.
Some customers used NSX for network segmentation: they created virtual security zones in software where they had previously used hardware. Other customers adopted NSX for micro-segmentation: they were now able to provide Continue reading
Get The Picture With Video Acceleration In The Datacenter
With all of us now learning to live, work, and learn from home, it is becoming apparent how critical video streaming is as a tool to support our new normal. …
Get The Picture With Video Acceleration In The Datacenter was written by Timothy Prickett Morgan at The Next Platform.
An Architecture for Artificial Intelligence Storage
As we’ve talked about in the past, the focus on data – how much is being generated, where it’s being created, the tools needed to take advantage of it, the shortage of skilled talent to manage it, and so on – is rapidly changing the way enterprises are operating both in the datacenter and in the cloud and dictating many of the product roadmaps being developed by tech vendors. …
An Architecture for Artificial Intelligence Storage was written by Jeffrey Burt at The Next Platform.
The Week in Internet News: Balloon-Based Internet Comes to Kenya
Up, up and away: Google’s Project Loon, focused on providing Internet access with balloons floating in the stratosphere, has begun providing service in Kenya, CNN reports. The project will use about 35 balloons floating 20 kilometers above the ground to provide 4G LTE service covering 50,000 square kilometers in central and western Kenya.
Reach the sky: A broadband cooperative in rural Pennsylvania has built its own wireless network to provider faster Internet service, The Philadelphia Inquirer says. The Rural Broadband Cooperative, made up mostly of retirees, uses a 120-foot, former HAM radio tower that they erected on Stone Mountain. The service, with about 40 paying customers, offers speeds of up to 25 megabits per second.
The great divide: The COVID-19 pandemic has shown the seriousness of the digital divide in Pakistan, The Diplomat says. While the country has moved to online school, many areas lack broadband service, and in some areas, mobile services are shut down by the government because of security concerns. “Students across the country, from the former Federally Administered Tribal Areas to Balochistan, have been protesting against online classes, not only on social media but in front of various press clubs, universities, and on roads. They have Continue reading