Is Cisco ACI Too Different?

A friend of mine involved in multiple Cisco ACI installations sent me this comment on their tenant connectivity model:

I’m a bit allergic to ACI. The abstraction is mis-aligned with familiar configurations, in particular contracts being independent of and over-riding routing, tenants, etc. You can really make a mess with that, and I’ve seen some! One needs to impose some structure, naming conventions…, and most people don’t seem to get that done.

As I noticed in the NSX-or-ACI webinar, it’s interesting how NSX decided to stay with the familiar VLAN/routing/filtering paradigm (more details), whereas the designers of Cisco ACI decided to go down a totally different path.

Read more …

Aligning superhuman AI with human behaviour: chess as a model system

Aligning superhuman AI with human behavior: chess as a model system, McIlroy-Young et al., KDD’20

It’s been a while, but it’s time to start reading CS papers again! We’ll ease back into it with one or two papers a week for a few weeks, building back up to something like 3 papers a week at steady state.

How human-like is superhuman AI?

AI models can learn to perform some tasks to human or even super-human levels, but do they then perform those tasks in a human-like way? And does that even matter so long as the outcomes are good? If we’re going to hand everything over to AI and get out of the way, then maybe not. But where humans are still involved in task performance, supervision, or evaluation, then McIlroy-Young et al. make the case that this difference in approaches really does matter. Human-machine collaboration offers a lot of potential to enhance and augment human performance, but this requires the human and the machine to be ‘on the same page’ to be truly effective (see e.g. ‘Ten challenges for making automation a ‘team player’ in joint human-agent activity‘).

The central challenge in realizing these Continue reading

Duty Calls: CPU Is Not Designed for Packet Forwarding

Junhui Liu added this comment to my Where Do We Need Smart NICs? blog post:

CPU is not designed for the purpose of packet forwarding. One example is packet order retaining. It is impossible for a multicore CPU to retain the packet order as is received after parallel processing by multiple cores. Another example is scheduling. Yes CPU can do scheduling, but at a very high tax of CPU cycles.

Duty calls.

Read more …

Cliché: Security through obscurity (yet again)

Infosec is a largely non-technical field. People learn a topic only as far as they need to regurgitate the right answer on a certification test. Over time, they start to believe misconceptions about that topic that they never learned. Eventually, these misconceptions displace the original concept in the community.

A good demonstration is this discussion of the "security through obscurity fallacy". The top rated comment makes the claim this fallacy means "if your only security is obscurity, it's bad". Wikipedia substantiates this, claiming experts advise that "obscurity should never be the only security mechanism".

Nope, nope, nope, nope, nope. It's the very opposite of what you suppose to understand. Obscurity has problems, always, even if it's just an additional layer in your "defense in depth". The entire point of the fallacy is to counteract people's instinct to suppress information. The effort has failed. Instead, people have persevered in believing that obscurity is good, and that this entire conversation is only about specific types of obscurity being bad.


Hypothetical: non-standard SSH

The above discussion mentions running SSH on a non-standard port, such as 7837 instead of 22, as a hypothetical example.

Let's continue this hypothetical. You do this. Then an 0day Continue reading

Python Pieces: Using PyEnv

If you’re like me – one of the most frustrating things about Python is version management. You get a new Mac, the system default is 2.x something, you need 3.x something, and you’re wondering what the best (right) way to get the version you want installed. You install Python 3 but the default Python version stays the same until you do some symlink hack thing that you know is just creating a mess. So for awhile you just call python3 explicitly but then you realize that all of the packages you installed using pip are no longer available and you need to install them again using pip3.

Sound familiar? Maybe I’m the only one that struggles with this – but I tend to muddle my way through just making things work while in the back of my head I know that Im creating a complete disaster of the local Python installation. I shall muddle no longer thanks to PyEnv. I was recently introduced to the tool and it’s a total game changer. It allows you to seemlessly manage your local Python install, easily install different versions, easily switch versions, and even has the capability of automgically switching versions Continue reading

Worth Reading: The Making of an RFC in today’s IETF

Years ago I was naive enough to participate in writing an IETF document. Three years later we finally managed to turn it into an RFC, and I decided that was enough for one lifetime.

But wait, it gets worse… as Geoff Huston argues in his article, the lengthy review process doesn’t necessarily result in better (or more precise) documents.

Seems like we managed to turn IETF into yet another standard body like IEEE, ISO or ITU/T.

Kubernetes Pod Networking on AWS: Getting There from Here

Thinking about running Kubernetes on AWS? To optimize your chances of success, you’ll need to have a solid understanding of Kubernetes pod networking. As applications grow to span multiple containers deployed across multiple clusters, operating them becomes more complex. Containers are grouped into pods, and those pods can be networked and scaled to meet your specific needs.

Kubernetes provides an open source API to manage this complexity, but one size doesn’t fit all. So you’ll want to get a handle on the different methods available to support your project. Then when you’re ready to move forward, you’ll have a much clearer idea of what will work best for you. If this sounds challenging, not to worry. Our short video explains Kubernetes pod networking on AWS and can answer many of the questions you may have. We’ve also included some great examples to help guide you.

Want to learn more about Calico Enterprise? Check out these resources.

————————————————-

Free Online Training
Access Live and On-Demand Kubernetes Training

Calico Enterprise – Free Trial
Network Security, Monitoring, and Troubleshooting
for Microservices Running on Kubernetes

The post Kubernetes Pod Networking on AWS: Getting There from Here appeared first on Tigera.

A Place for Things and Things in Their Place

This morning I was going to go for a run and I needed to find a rain jacket to keep from getting completely soaked. I knew I had one in my hiking backpack but couldn’t locate it. I searched for at least ten minutes in every spot I could think of and couldn’t find it. That is, until I looked under the brain of the pack and found it right next to the pack’s rain cover. Then I remembered that my past self had put the jacket there for safe keeping because I knew that if I ever needed to use the pack rain cover I would likely need to have my rain jacket as well. Present me wasn’t as happy to find out past me was so accommodating.

I realized after this little situation that I’ve grown accustomed to keeping my bags organized in a certain way both for ease of use and ease of inspection. Whether it’s a hiking backpack or an IT sling bag full of gadgets I’ve always tried to set things up in simple, sane manner to figure out how to find the tools I need quickly and also discover if any of them are Continue reading

How Peering and Infrastructure Development Improved Connectivity in Kenya, Speeding Economic Growth

The country can become a continental digital leader with strengthened Internet Exchange Points (IXPs).

In January this year, Internet users in Kenya reached 22.86 million, a 16% jump from 2019. A leap that was made with no major impact on network quality and speed, and no increase in connectivity costs. Between 2012 and now, the percentage of mobile broadband subscribers increased 100-fold to cover nearly 42% of the country’s population, while the price of data decreased by 50%. This would have been unimaginable a decade ago when around 70% of the country’s traffic went through Europe.

A recent Internet Society report shows IXPs played an important role in this success. The report shines a light on how the combination of peering and Internet infrastructure development improved connectivity in Kenya. It discusses how Kenya was able to localize Internet traffic – from 30% in 2012 to 70% in 2019 – by growing its IXP membership, through attracting local, regional, and international networks, including popular Content Delivery Networks (CDNs). This allowed the local networks to efficiently exchange regional and international traffic without incurring major additional costs.

The report reveals how informed stakeholders and the local technical community in Kenya Continue reading

Heavy Networking 539: Preventing The 4poKalypse With Inter-Domain Multicast

The 4poKalypse is coming, and service providers need more tools in their toolbox to combat congestion in eyeball networks. Local content caches close to the eyeballs (pretty much how we do it today) isn’t going to be quite enough. Jake Holland of Akamai is here to tell us just why inter-domain multicast is important, and why...this time...we can make it work.

The post Heavy Networking 539: Preventing The 4poKalypse With Inter-Domain Multicast appeared first on Packet Pushers.

Weekend Reads 091120

In our final article on Kubernetes RBAC, we are focusing on RBAC itself. Everything else in the series led towards this key piece. In part one we discussed authentication and authorization on a high level and in part two we focused specifically on authentication. Now let’s dive into authorization.

LitmusChaos is a CNCF sandbox project. Its mission is to help Kubernetes SREs and developers to find weaknesses in Kubernetes platform and applications running on Kubernetes by providing a complete Chaos Engineering framework and associated chaos experiments.

China’s drive for technological dominance has resulted in a long-term, government-driven national strategy. This includes the creation of native technologies which reflect local policies and politics, micromanagement of the internet from the top down, and the use of international standards development organisations (SDOs), such as the UN agency the International Telecommunication Union (ITU), to legitimize and protect these technologies in the global marketplace.

The implementation of prop-132 (AS0 for unallocated and unassigned spaces) is completed, and APNIC is now publishing an AS0 Route Origin Authorization (ROA) covering the undelegated IPv4 and IPv6 ranges under our management.

Privacy has become a business imperative. May 25, 2020, marked the two-year anniversary of General Data Protection Regulation Continue reading

DNS Flag Day 2020 – ISC

The DNS protocol needs refreshing but a global, distributed database is not easy to change. The folks leading the DNS architecture are making small but substantial changes once per year. There is a non-zero but small risk that something will break for some people.  This year they are addressing DNS Fragmentation on UDP and required […]

Security Channel at AnsibleFest 2020

Security automation is an area that encompasses different practices, such as investigation & response, security compliance, hardening, etc. While security is a prominent topic now more than ever, all of these activities also greatly benefit from automation. 

For the second year at AnsibleFest, we will have a channel dedicated to security automation. We talked with channel Lead Massimo Ferrari to learn more about the security automation channel and the sessions within it. 

 

Security Channel

The sessions in this channel will show you how to introduce and consume Red Hat Ansible Automation Platform in different stages of maturity of your security organization as well as using it to share processes through cross-functional teams. Sessions include guidance from customers, Red Hat subject matter experts and certified partners.

 

What will Attendees learn?

The target audience is security professionals who want to learn how Ansible can support and simplify their activities, and automation experts tasked with expanding the footprint of their automation practice and support security teams in their organization. This track is focused on customer stories and technical guidance on response & remediation, security operations and vulnerability management use cases. 

Content is suitable for both automation veterans and Continue reading

Guide to the Virtual Cloud Network at VMworld 2020

VMworld 2020

 

The countdown to VMworld 2020 is nearly at an end and we are eager to share our latest advancements in network and security virtualization that are powering the Virtual Cloud Network with you. With this year’s FREE virtual event having such a jam-packed agenda on all things virtualization, we’ve put together this comprehensive guide to navigating the Virtual Cloud Network.

Our engineers, technologists and customers will be dropping knowledge in over 100+ live and on-demand technical sessions, hands-on labs, and interactive roundtable sessions throughout the event, covering all technical levels from beginner to advanced. Read on to get a curated list of can’t-miss activities going on between September 29 and October 1.

If you haven’t already registered, make sure to do so here and then jump into the content catalog and schedule your sessions today. See you online!

(For Security-specific programming, check out this post on the top security sessions you must attend at VMworld)

 Virtual Cloud Networking Education Track at VMworld

(Note: Scheduled Sessions are offered during several timeslots to

accommodate regional time zones. Click the session links to attend the most convenient one for you. And for the full-list of scheduled and on-demand sessions, click here. Continue reading

NTC – Cisco Devnet With Stuart Clark

From barber to Technical Leader and Developer Advocate, learn how Stuart Clark on the Cisco DevNet team transformed his career over the past 15 years.  In this episode, we talk with Stuart about his career journey, his role as a Developer Advocate focused on network automation, and the role Cisco DevNet can play along the way for those looking to enhance their automation skills.  We close by asking the question, “Will there be a DevNet Expert exam?” Listen and find out!

Links:

DevNet: https://developer.cisco.com/
Automation Exchange: https://developer.cisco.com/network-automation/
Code Exchange: https://developer.cisco.com/codeexchange/
DevNet Certifications: https://developer.cisco.com/certification/

Stuart Clark
Guest
Jason Edelman
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post NTC – Cisco Devnet With Stuart Clark appeared first on Network Collective.

1 893 894 895 896 897 3,841