Fixing Firewall Ruleset Problem For Good

Before we start: if you’re new to my blog (or stumbled upon this blog post by incident) you might want to read the Considerations for Host-Based Firewalls for a brief overview of the challenge, and my explanation why flow-tracking tools cannot be used to auto-generate firewall policies.

As expected, the “you cannot do it” post on LinkedIn generated numerous comments, ranging from good ideas to borderline ridiculous attempts to fix a problem that has been proven to be unfixable (see also: perpetual motion).

Fixing Firewall Ruleset Problem For Good

What is a network switch, and how does it work?

Networks today are essential for supporting businesses, providing communication, delivering entertainment—the list goes on and on. A fundamental element networks have in common is the network switch, which helps connect devices for the purpose of sharing resources.What is a network switch? A network switch is a device that operates at the Data Link layer of the OSI model—Layer 2. It takes in packets being sent by devices that are connected to its physical ports and sends them out again, but only through the ports that lead to the devices the packets are intended to reach.To read this article in full, please click here

Porting to AMD GPUs in the Corona Age

“Times were simpler not so long ago” is an understatement these days, but when it comes to supercomputing, this has yet another meaning. …

Porting to AMD GPUs in the Corona Age was written by Nicole Hemsoth at The Next Platform.

Ultra-Wideband Tech Powers COVID-19 Contact Tracing Tools for Enterprises

Technology is allowing IT managers to address safety concerns with sensors now; smartphone chips on the way.

Cisco slapped with $1.9 billion judgement in security patent lawsuit

Cisco this week lost a patent infringement case brought by security vendor Centripetal Networks and was hit with a $1.9 billion judgement.A non-jury judgement from U.S. District Judge Henry Morgan determined Cisco infringed on four security patents related to encrypted traffic and packet filtering technology belonging to plaintiff Centripetal Networks. The award directs $755.8 million in actual damages, multiplied by 2.5 to reflect "willful and egregious" conduct from Cisco, the judge found. The award also includes past damages and a running royalty of 10% on the apportioned sales of the patented products for a period of three years, followed by a second three-year term with a running royalty of 5% on such sales, which could take damages from the case north of $3 billion, according to a Centripetal statement about the case.To read this article in full, please click here

Cisco slapped with $1.9 billion judgement in security patent lawsuit

AppIQ – Unprecedented visibility that Aviatrix CoPilot brings

Earlier in my career, I worked as a Network Engineer in the high-frequency trading industry at a capital market exchange. It was the time when electronic trading was gaining heavy momentum as open outcry was receding. This was thanks mainly in part to vendors such as Arista who leveraged merchant silicon from Broadcom to lead … Continue reading →

RFC1925 Rule 2

According to RFC1925, the second fundamental truth of networking is: No matter how hard you push and no matter what the priority, you can’t increase the speed of light.

However early in the world of network engineering this problem was first observed (see, for instance, Tanenbaum’s “station wagon example” in Computer Networks), human impatience is forever trying to overcome the limitations of the physical world, and push more data down the pipe than mother nature intended (or Shannon’s theory allows).

One attempt at solving this problem is the description of an infinitely fat pipe (helpfully called an “infan(t)”) described in RFC5984. While packets would still need to be clocked onto such a network, incurring serialization delay, the ability to clock an infinite number of packets onto the network at the same moment in time would represent a massive gain in a network’s ability, potentially reaching speeds faster than the speed of light. The authors of RFC5984 describe several attempts to build such a network, including black fiber, on which the lack of light implies data transmission. This is problematic, however, because a lack of information can be interpreted differently depending on the context. A pregnant pause has far different meaning Continue reading

Getting Started With AWS Ansible Module Development and Community Contribution

We often hear from cloud admins and developers that they’re interested in giving back to Ansible and using their knowledge to benefit the community, but they don’t know how to get started. Lots of folks may even already be carrying new Ansible modules or plugins in their local environments, and are looking to get them included upstream for more broad use.

Luckily, it doesn’t take much to get started as an Ansible contributor. If you’re already using the Ansible AWS modules, there are many ways to use your existing knowledge, skills and experience to contribute. If you need some ideas on where to contribute, take a look at the following:

Creating integration tests: Creating missing tests for modules is a great way to get started, and integration tests are just Ansible tasks!
Module porting: If you’re familiar with the boto3 Python library, there’s also a backlog of modules that need to be ported from boto2 to boto3.
Repository issue triage: And of course there’s always open Github issues and pull requests. Testing bugs or patches and providing feedback on your use cases and experiences is very valuable.

The AWS Ansible Content Collections

Starting with Ansible 2.10, the AWS Continue reading

Let’s build a Cloudflare Worker with WebAssembly and Haskell

This is a guest post by Cristhian Motoche of Stack Builders.

At Stack Builders, we believe that Haskell’s system of expressive static types offers many benefits to the software industry and the world-wide community that depends on our services. In order to fully realize these benefits, it is necessary to have proper training and access to an ecosystem that allows for reliable deployment of services. In exploring the tools that help us run our systems based on Haskell, our developer Cristhian Motoche has created a tutorial that shows how to compile Haskell to WebAssembly using Asterius for deployment on Cloudflare.

What is a Cloudflare Worker?

Cloudflare Workers is a serverless platform that allows us to run our code on the edge of the Cloudflare infrastructure. It's built on Google V8, so it’s possible to write functionalities in JavaScript or any other language that targets WebAssembly.

WebAssembly is a portable binary instruction format that can be executed fast in a memory-safe sandboxed environment. For this reason, it’s especially useful for tasks that need to perform resource-demanding and self-contained operations.

Why use Haskell to target WebAssembly?

Haskell is a pure functional languages that can target WebAssembly. As such, It helps developers Continue reading

EVPN Control Plane in Infrastructure Cloud Networking

One of my readers sent me this question (probably after stumbling upon a remark I made in the AWS Networking webinar):

You had mentioned that AWS is probably not using EVPN for their overlay control-plane because it doesn’t work for their scale. Can you elaborate please? I’m going through an EVPN PoC and curious to learn more.

It’s safe to assume AWS uses some sort of overlay virtual networking (like every other sane large-scale cloud provider). We don’t know any details; AWS never felt the need to use conferences as recruitment drives, and what little they told us at re:Invent described the system mostly from the customer perspective.

EVPN Control Plane in Infrastructure Cloud Networking

One of my readers sent me this question (probably after stumbling upon a remark I made in the AWS Networking webinar):

You had mentioned that AWS is probably not using EVPN for their overlay control-plane because it doesn’t work for their scale. Can you elaborate please? I’m going through an EVPN PoC and curious to learn more.

NFA is officially out of Beta!

It’s been almost a year since our first NFA Beta commit. From there on, we’ve seen the product achieve widespread interest and

The post NFA is officially out of Beta! appeared first on Noction.

What is a service mesh what it means to data center networking

Microservices-style applications rely on fast, dependable network infrastructure in order to respond quickly and reliably, and the service mesh can be a powerful enabler.At the same time, service-mesh infrastructure can be difficult to deploy and manage at scale and may be too complex for smaller applications, so enterprises need to carefully consider its potential upsides and downsides in relation to their particular circumstances.[Get regularly scheduled insights by signing up for Network World newsletters.] What is a service mesh? A service mesh is infrastructure software that provides fast and reliable communications between the microservices that applications may need. Its networking features include application identification, load balancing, authentication, and encryption. To read this article in full, please click here

NFA is officially out of Beta!

The post NFA is officially out of Beta! appeared first on Noction.

VMware, Nvidia partner to boost AI, networking capabilities

If there was any doubt Nvidia has arrived as an enterprise player, its deal with VMware should erase all doubt.The GPU developer and VMware announced at the recent VMworld 2020 conference that they plan to integrate their respective core technologies through a series of development and networking partnerships.As part of the collaboration, Nvidia’s set of AI software-research tools on the Nvidia NGC hub will be integrated into VMware’s vSphere, Cloud Foundation, and Tanzu platforms. This will help accelerate AI adoption, enabling enterprises to extend existing infrastructure for AI, manage all applications with a single set of operations, and deploy AI-ready infrastructure where the data resides, across the data center, cloud and edge.To read this article in full, please click here