Public Videos: Leaf-and-Spine Fabric Design
The initial videos of the Leaf-and-Spine Fabric Architectures webinar are now public. You can watch the Leaf-and-Spine Fabric Basics, Physical Fabric Design, and Layer-3 Fabrics sections without an ipSpace.net account.
TSMC Can’t Be Caught Or Bought, Only Sought Or Stolen
It is not hard to figure out who is in the catbird seat in the semiconductor foundry business. …
TSMC Can’t Be Caught Or Bought, Only Sought Or Stolen was written by Timothy Prickett Morgan at The Next Platform.
Using NIM Guardrails To Keep Agentic AI From Jumping To Wrong Conclusions
AI agents are the latest evolution in the relatively short life span of generative AI, and while some organizations are still trying to figure out how the emerging technology fits in their operations, others are making strides into agentic AI. …
Using NIM Guardrails To Keep Agentic AI From Jumping To Wrong Conclusions was written by Jeffrey Burt at The Next Platform.
Can Synthetic Data Help Us Scale AI’s Data Wall?
COMMISSIONED: As with any emerging technology, implementing generative AI large language models (LLMs) isn’t easy and it’s totally fair to look side-eyed at anyone who suggests otherwise. …
Can Synthetic Data Help Us Scale AI’s Data Wall? was written by Timothy Prickett Morgan at The Next Platform.
N4N009: High-Speed Ethernet Lanes Explained
On today’s episode, we’re explaining high-speed Ethernet lanes at the request of listener Matthew. We cover lanes, channels, and their physical representation in networking – think actual cables. We explain both 40Gb and 100Gb technologies and compare them to Link Aggregation Control Protocol (LACP). We also have a discussion on standards and practical implications for... Read more »Lab: Level-1 and Level-2 IS-IS Routing
One of the recipes for easy IS-IS deployments claims that you should use only level-2 routing (although most vendors enable level-1 and level-2 routing by default).
What does that mean, and why does it matter? You’ll find the answers in the Optimize Simple IS-IS Deployments lab exercise.
Securely Deploying & Running Multiple Tenants on Kubernetes
As Kubernetes becomes the backbone of modern cloud native applications, organizations increasingly seek to consolidate workloads and resources by running multiple tenants within the same Kubernetes infrastructure. These tenants could be:
- Internal teams: Departments within a company that share a Kubernetes cluster for development and production.
- External clients: SaaS providers hosting customer workloads on shared infrastructure.
While multitenancy offers cost efficiency and centralized management, it also introduces security and operational challenges:
- How do you ensure strong isolation between tenants?
- How do you manage resources and prevent one tenant from affecting another?
- How do you meet regulatory and compliance requirements?
To address these concerns, practitioners have three primary options for deploying multiple tenants securely on Kubernetes.
How to Deploy Multiple Tenants on Kubernetes
Option 1: Namespace-Based Isolation with Network Policies, RBAC and Security Controls
Namespaces are Kubernetes’ built-in mechanism for logical isolation. This approach uses:
- Namespaces: Logical boundaries for separating tenant workloads.
- RBAC (role-based access control): Restricts tenant access to their namespace and resources.
- Network policies: Controls ingress and egress traffic between pods and namespaces.
- Resource quotas: Limits CPU, memory and other resources to prevent noisy neighbors.
Advantages:
- Cost-effective: Tenants share the cluster infrastructure.
- Simple to manage: Centralized operations within a Continue reading
Red Hat Woos VMware Shops With OpenShift Virtualization Engine
Broadcom’s $61 billion acquisition of VMware in November 2023 and the subsequent changes to venerable virtualization company’s business model and pricing have rankled many long-time enterprise users, a situation that has been highly publicized despite assertions by Broadcom and VMware executives that such reports are little than FUD – short for fear, uncertainty, and doubt. …
Red Hat Woos VMware Shops With OpenShift Virtualization Engine was written by Jeffrey Burt at The Next Platform.
NAN082: Mastering Python One Bite at a Time
How do you master Python? One bite at a time. On today’s show we talk with Bob Belderbos, co-founder of PyBites, a community and learning platform for Python. Bob shares his philosophy for learning Python in small bites with practical exercises, hands-on learning, and daily coding for improvement. We discuss the importance of small wins,... Read more »Comparing IGP and BGP Data Center Convergence
A Thought Leader1 recently published a LinkedIn article comparing IGP and BGP convergence in data center fabrics2. In it, they3 claimed that:
iBGP designs would require route reflectors and additional processing, which could result in slightly slower convergence.
Let’s see whether that claim makes any sense.
TL&DR: No. If you’re building a simple leaf-and-spine fabric, the choice of the routing protocol does not matter (but you already knew that if you read this blog).
Kerberos tickets on Mac OS
I’m using Mac at work and I found out that Kerberos needs sometimes a “kick” for the SSO to work properly. Sometimes after being offline the renewal of Kerberos ticket fails (especially when remote and connected via ZTA or VPN), even though everything looks alright in the “Ticket Viewer” app. Here is we where the […]
<p>The post Kerberos tickets on Mac OS first appeared on IPNET.</p>
It’s January: Datacenter Compute Rumors And Moves
As one year ends and another begins, this is often the time when people change jobs and companies change strategies. …
It’s January: Datacenter Compute Rumors And Moves was written by Timothy Prickett Morgan at The Next Platform.
HS092: Make a Plan…and Change It!
It’s better to plan for your IT strategy than not. But sometimes circumstances arise such that the plan, no matter how well conceived, just doesn’t work any more. On today’s Heavy Strategy, we explore how and why you should change a plan in the context of IT and business objectives. Sometimes this means small changes... Read more »
PP045: Reducing the Risk of Compromised Digital Certificates with CAA and Certificate Transparency
Transport Layer Security (TLS) relies on certificates to authenticate Web sites and enable encryption. On today’s Packet Protector we look at mechanisms that domain owners can take to ensure the validity of their digital certificates. More specifically, we cover Certification Authority Authorization (CAA) and Certificate Transparency (CT). Our guest is Ed Harmoush. Ed is a... Read more »Demonstrating reduction of vulnerability classes: a key step in CISA’s “Secure by Design” pledge
In today’s rapidly evolving digital landscape, securing software systems has never been more critical. Cyber threats continue to exploit systemic vulnerabilities in widely used technologies, leading to widespread damage and disruption. That said, the United States Cybersecurity and Infrastructure Agency (CISA) helped shape best practices for the technology industry with their Secure-by-Design pledge. Cloudflare signed this pledge on May 8, 2024, reinforcing our commitment to creating resilient systems where security is not just a feature, but a foundational principle.
We’re excited to share an update aligned with one of CISA’s goals in the pledge: To reduce entire classes of vulnerabilities. This goal aligns with the Cloudflare Product Security program’s initiatives to continuously automate proactive detection and vigorously prevent vulnerabilities at scale.
Cloudflare’s commitment to the CISA pledge reflects our dedication to transparency and accountability to our customers. This blog post outlines why we prioritized certain vulnerability classes, the steps we took to further eliminate vulnerabilities, and the measurable outcomes of our work.
Cloudflare’s core security philosophy is to prevent security vulnerabilities from entering production environments. One of the goals for Cloudflare’s Product Security team is to champion this philosophy and ensure Continue reading
Weird Junos IS-IS Metrics
As part of the netlab development process, I run almost 200 integration tests on more than 20 platforms (over a dozen operating systems), and the amount of weirdness I discover is unbelievable.
Today’s special: Junos is failing the IS-IS metrics test.
The test is trivial:
- The device under test is connected to two IS-IS routers (X1 and X2)
- It has a low metric configured on the link with X1 and a high metric configured on the link with X2
The validation process is equally trivial:
Unstable Diffusion: Artificial Intelligence Meets Military Intelligence
Perhaps no document has ever had a more appropriate title than the “Interim Final Rule on Artificial Intelligence Diffusion” announced by the Biden Administration and the US Department of Commerce today. …
Unstable Diffusion: Artificial Intelligence Meets Military Intelligence was written by Timothy Prickett Morgan at The Next Platform.