Networking, Engineering and Safety

You might remember my occasional rants about lack of engineering in networking. A long while ago David Barroso nicely summarized the situation in a tweet responding to my BGP and Car Safety blog post:

If we were in a proper engineering we’d be discussing how to regulate and add safeties to an important tech that is unsafe and hard to operate. Instead, we blog about how to do crazy shit to it or how it’s a hot mess. Let’s be honest, if BGP was a car it’d be one pulled by horses.

Read more …

Weekend Reads 090420

Running a bit late this week … ?

Researchers at University College London (UCL) have set a new bandwidth record for fiber optic bandwidth transmission. They’ve been able to communicate through a fiber optic cable at over 178 terabits per second, or 178,000 gigabits per second.

Having spent my career in various roles in IT security, Ivan and I always bounced thoughts on the overlap between networking and security (and, more recently, Cloud/Container) around. One of the hot challenges on that boundary that regularly comes up in network/security discussions is the topic of this blog post: microsegmentation and host-based firewalls (HBFs).

For engineers, instead of whodunit, the question is often “what failed and why?” When a problem occurs, we put on our detective hats and start our mystery-solving process by gathering evidence. The more complex a system, the more places to look for clues. An engineer can find herself digging through logs, poring over traces, and staring at dozens of dashboards.

A vast majority of IoT hardware in homes and offices is vulnerable to attacks that allow devices to be easily taken over and manipulated for malicious purposes.

That said, Intel over the past couple of years has expanded its Continue reading

VXLAN Fabric with BGP EVPN Control-Plane: Design Considerations – Book Description and ToC





About this book

 

The intent of this book is to explain various design models for Overlay Network and Underlay Network used in VXLAN Fabric with BGP EVPN Control-Plane. The first two chapters are focusing on the Underlay Network solution. The OSPF is introduced first. Among other things, the book explains how OSPF flooding can be minimized with area design. After OSPF there is a chapter about BGP in the Underlay network. Both OSPF and BGP are covered deeply and things like convergence are discussed. After the Underlay Network part, the book focuses on BGP design. It explains the following models: (a) BGP Multi-AS with OSPF Underlay, this chapter discusses two design models – Shared Spine ASN and Unique Spien ASN, (b) BGP-Only Multi-ASN where both direct and loopback overlay BGP peering models are explained, (c) Single-ASN with OSPF Underlay, (d) Hybrid-ASN with OSPF Underlay – Pod-specific shared ASN connected via Super-Spine layer using eBGP peering, (e) Dual-ASN model where leafs share the same ASN, and spines share their ASN. Each of the design model chapters includes a “Complexity Map” that should help readers to understand the complexity of each solution. This book also explains BGP ECMP and related to Continue reading

MUST READ: Lessons from load balancers and multicast

Justin Pietsch published another must-read article, this time dealing with operational complexity of load balancers and IP multicast. Here are just a few choice quotes to get you started:

  • A critical lesson I learned is that running out of capacity is the worst thing you can do in networking
  • You can prevent a lot of problems if you can deep dive into an architecture and understand it’s tradeoffs and limitations
  • Magic infrastructure is often extremely hard to troubleshoot and debug

You might find what he learned useful the next time you’re facing a unicorn-colored slide deck from your favorite software-defined or intent-based vendor ;))

Fast Friday- Labor Day Eve Edition

It’s a long weekend in the US thanks to Labor Day. Which is basically signaling the end of the summer months. Or maybe the end of March depending on how you look at it. The rest of the year is packed full of more virtual Zoom calls, conferences, Tech Field Day events, and all the fun you can have looking at virtual leaves turning colors.

It’s been an interesting news week for some things. And if you take out all the speculation about who is going to end up watching TikTok you are left with not much else. So I’ve been wondering out loud about a few things that I thought I would share.

  • You need a backup video conferencing platform. If Zoom isn’t crashing on you then someone is deleting WebEx VMs. Or maybe your callers can’t get the hang of the interface. Treat it like a failing demo during a presentation: if it doesn’t work in five minutes, go to plan B. Don’t leave your people waiting for something that may not happen.
  • If you work in the backbone service provider market, you need to do two things next week. First, you need to make sure all your Continue reading

Evolution of Excel 4.0 (XL4) Macro Weaponization Presentation

What is Virus Bulletin?

Virus Bulletin (often abbreviated as “VB”) is a magazine devoted to the discussion of malware and spam and has been around over 30 years. It is the forum in which security researchers and professionals discuss and share new directions in both the development of and protection against malware and spam. VB’s annual conference is almost as old as the magazine and has traditionally takes place in late September or early October each year.

VB2020 localhost

Why Attend VB2020?

As always, this year’s VB conference covers a broad spectrum of topics by some of the most talented security researchers in the world. Included in the agenda is a paper published by three members of our VMware Threat Analysis Unit discussing how the weaponization of XL4 macros in Excel has evolved.

Excel 4.0 (XL4) macros have become increasingly popular for attackers, as many security vendors struggle to play catchup and detect them properly. This technique provides attackers with a simple and reliable method to get a foothold on a target network, as it simply represents an abuse of a legitimate 30-year-old feature of Excel and does not rely on any vulnerability or exploit to be successful.

Register to attend Continue reading

VMware certifications, virtualization skills get a boost from pandemic

CEO Yves Sandfort is bullish on certifications. His company, Comdivision Consulting, uses VMware's NSX network virtualization and security platform on its own network and implements NSX for its clients. He not only encourages all employees to get VMware certs, but he also earned his own VCDX-NV, the Ph.D. of VMware certifications, in April."We see a constant demand [for networking skills]. Most of our people were certified on NSX-V and have in the last 12 months also recertified on NSX-T as we see constant, growing need for highly qualified resources," Sandfort says. "For me, certification is one level to prove my skillset and experience with the product."To read this article in full, please click here

Video: Define the Problem Before Searching for a Solution

In December 2019 I finally turned my focus on business challenges first presentation into a short webinar session (part of Business Aspects of Networking Technologies webinar) starting with defining the problem before searching for a solution including three simple questions:

  • What BUSINESS problem are you trying to solve?
  • Are there good-enough alternatives or should you really invest into new technology and/or equipment?
  • Is the problem worth solving?
Watch the video
You need Free ipSpace.net Subscription to watch the video.

The Memory Area Network At The Heart Of IBM’s Power10

It must have been something in the cosmic ether.

Apopros of nothing except the need to fill a blank page with something interesting back when we were analyzing IBM’s second quarter financials and considering the options that Big Blue has with the “Cirrus” Power10 systems it will be launching about a year from now, we did a thought experiment about what it would mean if IBM started to believe in big iron machines again.

The Memory Area Network At The Heart Of IBM’s Power10 was written by Timothy Prickett Morgan at The Next Platform.

Marvell exits the general purpose Arm server business

Marvell Technology Group announced last week that it has decided to cancel its ThunderX3 Arm-based server processor for general-purpose server use in favor of vertical markets and the hyperscaler server market.Marvell was best known for making controllers for storage and networking devices before it bought Cavium, an Arm server developer, in 2018. The company announced the ThunderX3 in March and on paper it looked like a real monster, with 96 cores and four threads per core.To read this article in full, please click here

Marvell exits the general purpose Arm server business

Marvell Technology Group announced last week that it has decided to cancel its ThunderX3 Arm-based server processor for general-purpose server use in favor of vertical markets and the hyperscaler server market.Marvell was best known for making controllers for storage and networking devices before it bought Cavium, an Arm server developer, in 2018. The company announced the ThunderX3 in March and on paper it looked like a real monster, with 96 cores and four threads per core.To read this article in full, please click here

The New Model for Network Security: Zero Trust

The old security model, which followed the “trust but verify” method, is broken. That model granted excessive implicit trust that attackers abused, putting the organization at risk from malicious internal actors and allowing unauthorized outsiders wide-reaching access once inside. The new model, Zero Trust networking, presents an approach where the default posture is to deny access. Access is granted based on the identity of workloads, plus other attributes and context (like time/date, source, destination), and the appropriate trust required is offered at the time.

Calico Enterprise Zero Trust Network Security is one of the most effective ways for organizations to control access to their Kubernetes networks, applications, and data. It combines a wide range of preventative techniques including identity verification, least privilege controls, layered defense-in-depth, and encryption of data-in-transit to deter threats and limit access in the event of a breach. Kubernetes is particularly vulnerable to the spread of malware as a result of the open nature of cluster networking. By default, any pod can connect to any other pod, even across namespaces. Without a strong security framework, it’s very difficult to detect malware or its spread within a Kubernetes cluster.

Zero Trust policies rely on real-time visibility into workloads, Continue reading

Getting Started with Docker Using Node.js(Part I)

A step-by-step guide to help you get started using Docker containers with your Node.js apps.

Prerequisites

To complete this tutorial, you will need the following:

Docker Overview

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. 

With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly, you can significantly reduce the delay between writing code and running it in production.

Sample Application

Let’s create a simple Node.js application that we’ll use as our example. Create a directory on your local machine named node-docker and follow the steps below to create a simple REST API.

$ cd [path to your node-docker directory]
$ npm init -y
$ npm install ronin-server ronin-mocks
$  Continue reading

Next Platform TV for September 3, 2020

A Linux distro natively tuned for containers (and open source); FPGAs in Space; funding for spin qubits (among other quantum tech); the IO500 and evaluating large-scale storage systems; an automotive company’s AI supercomputer; much more…

Linked timestamps for all interviews below for those who want to skip ahead/around.

Next Platform TV for September 3, 2020 was written by Nicole Hemsoth at The Next Platform.

Sponsored Post: Ipdata, StackHawk, InterviewCamp.io, Educative, Triplebyte, Stream, Fauna

Who's Hiring? 

  • InterviewCamp.io has hours of system design content. They also do live system design discussions every week. They break down interview prep into fundamental building blocks. Try out their platform.

  • Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

  • Need excellent people? Advertise your job here! 

Cool Products and Services

  • ipdata is a reliable IP Address Geolocation API that allows you to lookup the approximate location of any IP Address, detect proxies and identify a company from an IP Address. Trusted by 10,000+ developers. Try it now!

  • Developers care about shipping secure applications. Application security products and processes, however, have not kept up with advances in software development. There are a new breed of tools hitting the market that enable developers to take the lead on AppSec. Learn how engineering teams are using products like StackHawk and Snyk to add security bug testing to their CI pipelines.

  • Learn the stuff they don't teach you in the AWS docs. Filter out the distracting hype, and focus on the parts of AWS that Continue reading

How to try open networking for free.

Want to try open networking for free? Try NVIDIA® Cumulus VX – a free virtual appliance that provides all the features of NVIDIA Cumulus Linux. You can preview and test NVIDIA Cumulus Linux in your own environment, at your own pace, without organizational and economic barriers. You can also produce sandbox environments for prototype assessment, pre-production rollouts, and script development.

NVIDIA Cumulus VX runs on all popular hypervisors, such VirtualBox and VMware VSphere, and orchestrators, such as Vagrant and GNS3.

Our website has the images needed to run NVIDIA Cumulus VX on your preferred hypervisor—download is simple. What’s more, we provide a detailed guide on how to install and set up NVIDIA Cumulus VX to create this simple two leaf, one spine topology:

With these three switches up and running, you are all set to try out NVIDIA Cumulus Linux features, such as traditional networking protocols (BGP and MLAG), and NVIDIA, formally Cumulus Networks-specific technologies, such as ONIE and Prescriptive Topology Manager (PTM). And, not to worry, the NVIDIA Cumulus Linux user guide is always close at hand to help you out, as well as the community Slack channel, where you can submit questions and engage with the wider Continue reading

1 897 898 899 900 901 3,841