Dictionary: Meat Crayon
Define 'Meat Crayon' - its PRINCE2 related.
The post Dictionary: Meat Crayon appeared first on EtherealMind.
Tradeoffs Come in Threes
This, in a nutshell, is what is often wrong with our design thinking in the networking world today. We want things to be efficient, wringing the last little dollar, and the last little bit of bandwidth, out of everything.
This is also, however, a perfect example of the problem of triads and tradeoffs. In the case of the street sweeper, we might thing, “well, we could replace those folks sitting around smoking a cigarette and cracking jokes with a robot, making things Continue reading
The Week in Internet News: Hackers Target COVID-19 Research
Hacking the research: Intelligence agencies from the U.S., U.K., and Canada have accused a Russian hacking group of targeting organizations conducting COVID-19 research, the Washington Post reports. The so-called Cozy Bear hacking group is trying to steal vaccine research specifically, the intelligence groups say.
Hacking the tweets: Meanwhile, 130 of Twitter’s most high-profile accounts were targeted by hackers recently, with a few of them compromised, in an apparent bitcoin scam, the New York Post writes. Among the accounts targeted were Kanye West, Elon Musk, Barack Obama, and Warren Buffett. The hackers reportedly paid a Twitter employee to help them with the attack.
No data collection, please: The government of China is cracking down on apps that collect what it considers too much personal data, the South China Morning Post says. The government has ordered several tech companies, including Alibaba Group and Tencent, to remove non-compliant apps as soon as possible.
Broadband is fundamental: Microsoft CEO Satya Nadella has called broadband a “fundamental right” in an interview with CNN. Many rural areas in the U.S. still lack broadband, and that needs to change, he said. “If you think about the rural community today, they are going to Continue reading
Top Questions for Getting Started with Docker
Does Docker run on Windows?
Yes. Docker is available for Windows, MacOS and Linux. Here are the download links:
What is the difference between Virtual Machines (VM) and Containers?
This is a great question and I get this one a lot. The simplest way I can explain the differences between Virtual Machines and Containers is that a VM virtualizes the hardware and a Container “virtualizes” the OS.
If you take a look at the image above, you can see that there are multiple Operating Systems running when using Virtual Machine technology. Which produces a huge difference in start up times and various other constraints and overhead when installing and maintaining a full blow operating system. Also, with VMs, you can run different flavors of operating systems. For example, I can run Windows 10 and a Linux distribution on the same hardware at the same time. Now let’s take a look at the image for Docker Containers.
As you can see in this image, we only have one Host Operating System installed on our infrastructure. Docker sits “on top” of the host operating system. Each application is then bundled in an Continue reading
The Growing Dependence Of VMware On AWS
Four years ago, VMware and Amazon Web Services announced a partnership in which VMware customers would be able to run their virtualized data center environments on AWS instances. …
The Growing Dependence Of VMware On AWS was written by Jeffrey Burt at The Next Platform.
Network Break 293: HPE Acquires Silver Peak; Dell Teases VMware Sale
Today's Network Break scrutinizes HPE's big payout for Silver Peak and Dell's plans for a possible sale of VMware. We also discuss new capabilities in VMware Cloud on AWS, a new synthetic monitoring service from Kentik, how NIST thinks "giga" is pronounced, and more.Network Break 293: HPE Acquires Silver Peak; Dell Teases VMware Sale
Today's Network Break scrutinizes HPE's big payout for Silver Peak and Dell's plans for a possible sale of VMware. We also discuss new capabilities in VMware Cloud on AWS, a new synthetic monitoring service from Kentik, how NIST thinks "giga" is pronounced, and more.
The post Network Break 293: HPE Acquires Silver Peak; Dell Teases VMware Sale appeared first on Packet Pushers.
Phased Approach to Securing a Data Center
In the fight against relentless cyberattacks, organizations have long relied on traditional perimeter firewalls to protect sensitive workloads and information in the data center. But today, in the era of distributed applications and hybrid cloud environments, we know that perimeter defenses are not enough to stop cybercriminals.
To improve security postures inside corporate networks — which means protecting against both bad actors who penetrate perimeter defenses and malicious insiders — organizations must monitor, detect, and block hostile east-west (internal) traffic using internal firewalls.
To date, network and security professionals have generally viewed securing east-west traffic as too complex, expensive, and time-consuming for their brownfield, and even greenfield, data centers. At VMware, we agree with that perception: it’s certainly true for organizations trying to detect and prevent the lateral movement of attackers by employing traditional, appliance-based perimeter firewalls as internal firewalls.
There’s a Better Way to Secure the Data Center
Instead of awkwardly forcing appliance-based firewalls to serve as internal firewalls, organizations should employ a distributed, scale-out internal firewall specifically Continue reading
Why I’m Helping Cloudflare Grow in Japan
If you'd like to read this post in Japanese click here.
I’m excited to say that I’ve recently joined the Cloudflare team as Head of Japan. Cloudflare has had a presence in Japan for a while now, not only with its network spanning the country, but also with many Japanese customers and partners which I’m now looking forward to growing with. In this new role, I’m focused on expanding our capabilities in the Japanese market, building upon our current efforts, and helping more companies in the region address and put an end to the technical pain points they are facing. This is an exciting time for me and an important time for the company. Today, I’m particularly eager to share that we are opening Cloudflare’s first Japan office, in Tokyo! I can’t wait to grow the Cloudflare business and team here.
Why Cloudflare?
The web was built 25 years ago. This invention changed the way people connected—to anyone and anywhere—and the way we work, play, live, learn, and on. We have seen this become more and more complex. With complexities come difficulties, such as ensuring security, performance, and reliability while online. Cloudflare is helping to solve these challenges that businesses Continue reading
How CEOs think
Recently, Twitter was hacked. CEOs who read about this in the news ask how they can protect themselves from similar threats. The following tweet expresses our frustration with CEOs, that they don't listen to their own people, but instead want to buy a magic pill (a product) or listen to outside consultants (like Gartner). In this post, I describe how CEOs actually think.
CEO : "I read about that Twitter hack. Can that happen to us?"— Wim Remes (@wimremes) July 16, 2020
Security : "Yes, but ..."
CEO : "What products can we buy to prevent this?"
Security : "But ..."
CEO : "Let's call Gartner."
*sobbing sounds*
The only thing more broken than how CEOs view cybersecurity is how cybersecurity experts view cybersecurity. We have this flawed view that cybersecurity is a moral imperative, that it's an aim by itself. We are convinced that people are wrong for not taking security seriously. This isn't true. Security isn't a moral issue but simple cost vs. benefits, risk vs. rewards. Taking risks is more often the correct answer rather than having more security.
Rather than experts dispensing unbiased advice, we've become advocates/activists, trying to convince people that Continue reading
EIGRP Behavior with IP Unnumbered
Carl Zellers asked an excellent question on how EIGRP works when run over FlexVPN with IP unnumbered, considering that routers will not be on a common subnet. I thought this was a great question so I took some help from my great friend, the EIGRP guru, Peter Palúch.
First, let’s examine behavior when EIGRP is run on numbered interface. I have built a very simple lab consisting of three routers, R1, R2, and R3, where R1 and R3 are separated by R2. To demonstrate that EIGRP checks that incoming hellos are received on a common subnet, the following simple configurations were applied to R1 and R2:
R1:
interface GigabitEthernet1 ip address 10.0.0.1 255.255.255.0 ! router eigrp LAB ! address-family ipv4 unicast autonomous-system 64512 ! topology base exit-af-topology network 10.0.0.0 0.0.0.255 exit-address-family
R2:
interface GigabitEthernet1 ip address 10.0.1.1 255.255.255.0 ! router eigrp LAB ! address-family ipv4 unicast autonomous-system 64512 ! topology base exit-af-topology network 10.0.1.0 0.0.0.255 exit-address-family
This results in the well familiar messages on the console:
*Jul 15 08:53:20.966: %DUAL-6-NBRINFO: EIGRP-IPv4 64512: Neighbor 10.0.0.1 (GigabitEthernet1) is blocked: not Continue reading
Cloudflare outage on July 17, 2020
Today a configuration error in our backbone network caused an outage for Internet properties and Cloudflare services that lasted 27 minutes. We saw traffic drop by about 50% across our network. Because of the architecture of our backbone this outage didn’t affect the entire Cloudflare network and was localized to certain geographies.
The outage occurred because, while working on an unrelated issue with a segment of the backbone from Newark to Chicago, our network engineering team updated the configuration on a router in Atlanta to alleviate congestion. This configuration contained an error that caused all traffic across our backbone to be sent to Atlanta. This quickly overwhelmed the Atlanta router and caused Cloudflare network locations connected to the backbone to fail.
The affected locations were San Jose, Dallas, Seattle, Los Angeles, Chicago, Washington, DC, Richmond, Newark, Atlanta, London, Amsterdam, Frankfurt, Paris, Stockholm, Moscow, St. Petersburg, São Paulo, Curitiba, and Porto Alegre. Other locations continued to operate normally.
For the avoidance of doubt: this was not caused by an attack or breach of any kind.
We are sorry for this outage and have already made a global change to the backbone configuration that will prevent it from being able to occur Continue reading
Technology Short Take 129
Welcome to Technology Short Take #129, where I’ve collected a bunch of links and references to technology-centric resources around the Internet. This collection is (mostly) data center- and cloud-focused, and hopefully I’ve managed to curate a list that has some useful information for readers. Sorry this got published so late; it was supposed to go live this morning!
Note there is a slight format change debuting in this Tech Short Take. Moving forward, I won’t include sections where I have no content to share, and I’ll add sections for content that may not typically appear. This will make the list of sections a bit more dynamic between Tech Short Takes. Let me know if you like this new approach—feel free to contact me on Twitter and provide your feedback.
Now, on to the good stuff!
Networking
- Chip Zoller takes a look at Antrea, a new Kubernetes CNI (Container Networking Interface) plugin that leverages Open vSwitch (OVS).
- Ivan Pepelnjak has a fantastic article on adapting network design to acommodate automation. This is a great read overall, but one sentence in particular really caught my eye: “30 years ago I was able to write a complete multitasking operating system in Z80 Continue reading
Dictionary : simplicitarian
Using fancy words gives you credibility.
The post Dictionary : simplicitarian appeared first on EtherealMind.
Heavy Networking 530: Everything You Need To Know About Wireless ISPs
Today's Heavy Networking dives into wireless Internet Service Providers, or WISPs. WISPs typically serve rural areas that have limited access to fiber or copper, but they also serve metro and urban areas and industrial sectors such as energy. Our guests to inform and instruct us about WISPs are Kevin Myers, Senior Network Architect at IP ArchiTechs; and Cory Steele, Senior Consultant at STIGroup.Heavy Networking 530: Everything You Need To Know About Wireless ISPs
Today's Heavy Networking dives into wireless Internet Service Providers, or WISPs. WISPs typically serve rural areas that have limited access to fiber or copper, but they also serve metro and urban areas and industrial sectors such as energy. Our guests to inform and instruct us about WISPs are Kevin Myers, Senior Network Architect at IP ArchiTechs; and Cory Steele, Senior Consultant at STIGroup.
The post Heavy Networking 530: Everything You Need To Know About Wireless ISPs appeared first on Packet Pushers.
The Silver (Peak) Lining For HPE and Cloud
You no doubt saw the news this week that HPE announced that they’re buying Silver Peak for just shy of $1 billion dollars. It’s a good exit for Silver Peak and should provide some great benefits for both companies. There was a bit of interesting discussion around where this fits in the bigger picture for HPE, Aruba, and the cloud. I figured I’d throw my hat in the ring and take a turn discussing it.
Counting Your Chickens
First and foremost, let’s discuss where this acquisition is headed. HPE announced it and they’re the ones holding the purse strings. But the acquisition post was courtesy of Keerti Melkote, who runs the Aruba, a Hewlett Packard Enterprise Company (Aruba) side of the house. Why is that? It’s because HPE “reverse acquired” Aruba and sent all their networking expertise and hardware down to the Arubans to get things done.
I would venture to say that Aruba’s acquisition was the best decision HPE could have made. It gave them immediate expertise in an area they sorely needed help. It gave Aruba a platform to build on and innovate from. And it ultimately allowed HPE to shore up their campus networking story while trying Continue reading
Auto BGP
The NVIDIA® Cumulus Linux 4.2.0 release introduces a nifty new feature called auto BGP, which makes BGP ASN assignment in a two-tier leaf and spine network configuration a breeze. Auto BGP does the work for you without making changes to standard BGP behavior or configuration so that you don’t have to think about which numbers to allocate to your switches. This helps you build optimal ASN configurations in your data center and avoid suboptimal routing and path hunting, which occurs when you assign the wrong spine ASNs.
If you don’t care about ASNs then this feature is for you. But if you do, you can always configure BGP the traditional way where you have control over which ASN to allocate to your switch. What I like about this feature is that you can mix and match; you don’t have to use auto BGP across all switches in your configuration – you can use it to configure one switch but allocate ASN numbers manually to other switches.
So, how does auto BGP assign ASNs?
We use private 32-bit ASN numbers in the range 4200000000 through 4294967294. This is the private space defined in RFC 6996. Each leaf is Continue reading