How to Simplify and Accelerate Network Segmentation 

Network segmentation—splitting a network into subnetworks or segments—is widely accepted to be a powerful and effective method for improving cybersecurity within the data center. Yet even though it’s acknowledged to be an essential component of network security hygieneorganizations have frequently avoided putting segmentation into practice 

Why? Because historically network segmentation has been complex, disruptive, and time-consuming to implement, requiring extensive changes to the physical network and/or network addressesThe potential impact of taking applications offline for network changes means that many organizations decide to forego this industry-wide best practice. Teams that do forge ahead often face months- or years-long effort to create security zones by rearchitecting the network, relocating equipment, and re-assigning IP addresses.  

It doesn’t have to be that way. Today there’s an elegant solution that greatly simplifies and accelerates network segmentation: VMware NSX Service-defined FirewallPurposebuilt to protect east-west trafficVMware Service-defined Firewall enables segmentation without any disruptive physical network or address changes. 

Attackers Love Flat Networks  

To back up a step, let’s examine why network segmentation  Continue reading

AnsibleFest 2020 – The Biggest AnsibleFest EVER

It is almost that time of year again for everyone’s favorite automation event! 2020 has given us our fair share of change (and then some). But we’re not just facing new challenges. We’re adapting to them and innovating to overcome them together. We’re distributed yet we’re connected -- connected to new technologies, to new ways of working, and most importantly, to each other.

This year’s AnsibleFest is now a virtual experience, and we are using this opportunity to engage and collaborate with Ansible users across the globe. It will be a free virtual experience where our communities can connect to a wider audience to collaborate and solve problems. The venue may be different this year, but it is still the same AnsibleFest you know and love.

 

Keynotes

This year we have a great lineup of keynote speakers. We have brought together a group of people rich with Ansible knowledge, tapped to share meaningful insights with you right at home:

  • Richard Henshall, Senior Manager for Product Management - Ansible Product Updates
  • Matt Jones, Ansible Senior Principal Software Engineer - The Future of Automation
  • Chris Wright, Red Hat CTO - Automation at the Edge
  • Robyn Bergeron, Senior Principal Community Architect - Continue reading

Worth Reading: Seamless Suffering

When someone sent me a presentation on seamless MPLS a long while ago my head (almost) exploded just by looking at the diagrams… or in the immortal words of @amyengineer:

“If it requires a very solid CCIE on an obscure protocol mix at 4am, it is a bad design” - Peter Welcher, genius crafter of networks, granter of sage advice.

Turns out I was not that far off… Dmytro Shypovalov documented the underlying complexity and a few things that can go wrong in Seamless Suffering.

Jinja Template Inheritance

Jinja template inheritance uses the concept of block to define sections of the base parent template that can be overridden by sections from a child template. An extends statement links the child template to the parent template so that when the child template is rendered the parent template is also rendered and the block statement contents inherited by the parent template.

Real-time trending of dropped packets

Discard Browser is a recently released open source application running on the sFlow-RT real-time analytics engine. The software uses streaming analytics to trend dropped packets.
Using sFlow to monitor dropped packets describes the recently added packet drop monitoring functionality added to the open source Host sFlow agent. The article describes how to install and configure the agent on Linux-based platforms and stream industry standard sFlow telemetry to an sFlow collector.

Visibility into dropped packets describes instrumentation, recently added to the Linux kernel, that provides visibility into packets dropped by the kernel data path on a host, or dropped by a switch ASIC when packets are forwarded in hardware.  Extending sFlow to provide visibility into dropped packets offers significant benefits for network troubleshooting, providing real-time network-wide visibility into the specific packets that were dropped as well the reason the packet was dropped. This visibility instantly reveals the root cause of drops and the impacted connections.

Packet discard monitoring complements sFlow's existing counter polling and packet sampling mechanisms and shares a common data model so that all three sources of data can be correlated.  For example, if packets are being discarded because of buffer exhaustion, the discard records don't necessarily Continue reading

8 free Wi-Fi stumbling and surveying tools for Windows and Mac

There is enterprise-level software for surveying Wi-Fi networks, but even in large wireless networks, simple freeware tools are handy for a quick peek at the airwaves during design, deployment or troubleshooting.Here is a look at eight free tools – some for Windows and some for Mac OS X – that provide basic details about nearby Wi-Fi signals: SSIDs, signal strength, channels, MAC addresses and security status. Learn about 5G and Wi-Fi 6 What is 5G? How is it better than 4G? How to determine if WiFi 6 is right for you What is MU-MIMO? Why do you need it in your wireless routers? When to use 5G, when to use WiFi 6 How enterprises can prep for 5G networks Some can even reveal “hidden” or non-broadcasted SSIDs, display the noise levels, or display statistics on successful and failed packets of your wireless connection. One of them includes Wi-Fi password-cracking tools that are useful for educational or penetration testing purposes.To read this article in full, please click here

Deploying WordPress to the Cloud

I was curious the other day how hard it would be to actually set up my own blog or rather I was more interested in how easy it is now to do this with containers. There are plenty of platforms that host blogs for you but is it really now as easy to just run one yourself?

In order to get started, you can sign up for a Docker ID, or use your existing Docker ID to download the latest version of Docker Desktop Edge which includes the new Compose on ECS experience. 

Start with the local experience

To start I setup a local WordPress instance on my machine, grabbing a Compose file example from the awesome-compose repo.

Initially I had a go at running this locally on with Docker Compose:

$ docker-compose up -d

Then I can get the list of running containers:

$ docker-compose ps
           Name                          Command               State          Ports
--------------------------------------------------------------------------------------
deploywptocloud_db_1          docker-entrypoint.sh --def ...   Up      3306/tcp, 33060/tcp
deploywptocloud_wordpress_1   docker-entrypoint.sh apach ...   Up      0.0.0.0:80->80/tcp

And then lastly I had a look to see that this was running correctly:

Deploy to the Cloud

Great! Now I needed to look at the contents of the Compose file Continue reading

Heavy Networking 534: Managing Automated Networks With vCenter And Dell SmartFabric Services (Sponsored)

Heavy Networking dives into building cost-effective, practical, and easily managed leaf-spine networks with sponsor Dell Technologies. We discuss Dell's SmartFabric Services offering, including the underlying infrastructure and software overlay, key automation features, interconnects for enterprise uses such as HCI, and more. Our guest is Saleem Muhammad, Director of Product Management and Marketing at Dell Technologies.

Heavy Networking 534: Managing Automated Networks With vCenter And Dell SmartFabric Services (Sponsored)

Heavy Networking dives into building cost-effective, practical, and easily managed leaf-spine networks with sponsor Dell Technologies. We discuss Dell's SmartFabric Services offering, including the underlying infrastructure and software overlay, key automation features, interconnects for enterprise uses such as HCI, and more. Our guest is Saleem Muhammad, Director of Product Management and Marketing at Dell Technologies.

The post Heavy Networking 534: Managing Automated Networks With vCenter And Dell SmartFabric Services (Sponsored) appeared first on Packet Pushers.

Partnering with Euro-IX on Infrastructure Development, Routing Security, and More

We can only be successful in creating an Internet for everyone if everyone is part of the effort. That’s why the Internet Society is thrilled to be entering into a partnership with the European Internet Exchange Association (Euro-IX).

The partnership was made official with a Memorandum of Understanding (MoU) on 14 July. This formal agreement builds on an existing collaboration between the two organizations, who have worked together since 2012. But, whether it’s helping to bring cheaper and faster Internet to the world through the data provided in the IXP Database or making the Internet more secure by supporting the Mutually Agreed Norms for Routing Security (MANRS), our work has only just begun.

Kjetil Otter Olsen, the chair of Euro-IX said, “The Internet Society has been an excellent supporter of Internet exchange points (IXPs) for many years and has lent the support of its teams across the world to promoting the benefits of peering for Internet networks and the end users of those networks globally.

“Signing this MoU, on behalf of Euro-IX and the community of IXPs we represent, reflects our shared commitment with the Internet Society to continue this work into the future.

“This MoU extends our existing relationship Continue reading

Navigating Technical Support

I think we’ve all been there. The network is down, you’ve tried all the things that you know how to do, and now it’s time to call vendor support to figure out what the heck is going on with your network. Some of us dread this situation as navigating the support process can be daunting at times. We’re hoping to give you some tips in today’s episode to make that process go a little smoother. Listen in as we talk about our experiences with vendor support and what we’ve learned along the way to make the support process as painless as possible.

 

A considerable thank you to Unimus for sponsoring today’s episode. Unimus is a fast to deploy and easy to use Network Automation and Configuration Management solution. You can learn more about how you can start automating your network in under 15 minutes at unimus.net/nc.
Trey Aspelund
Guest
Nash King
Guest
Tony Efantis
Host
Jordan Martin
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Navigating Technical Support appeared first on Network Collective.

Measuring the Internet – Mid Year Project Update

photo of a measuring tape showing centimeters

Here at the Internet Society, we believe that the Internet is for everyone. Our work centers on increasing the Internet’s reach, reliability and resilience, as well as ensuring that the network of networks remains open, globally connected, secure, and trustworthy.

But how do we assess whether our efforts – and the efforts of the global ecosystem of organizations that facilitate the smooth functioning of the Internet – are working? How can we see where protocols, such as IPv6, are being deployed and at what rate so we can better understand where more education on the benefits of such technologies might be helpful? Where can policy makers find a comprehensive set of data from various sources to help show decision makers that Internet Showdowns damage local economies and potentially harm citizens?

A Single Platform

There are many people, projects and organizations that are collecting data on various facets of the Internet, but there’s no single site that provides a curated set of insights. So, to help everyone gain deeper, data-driven insight into the Internet, the Internet Society is building a tool that consolidates trusted third-party Internet measurement data from various sources into a single platform – insights.internetsociety.org

Continue reading

How Network Engineers Can Manage Credentials and Keys More Securely in Python

For me, 2020 is going to be the year of taking my automation skills to the next level, and a Pandemic is not going to get in the way of that goal (much)! At the top of the list is handling credentials and API keys in a more secure fashion so lets look at how READ MORE

The post How Network Engineers Can Manage Credentials and Keys More Securely in Python appeared first on The Gratuitous Arp.

Deterministic Networking and New IP

For those not following the current state of the ITU, a proposal has been put forward to (pretty much) reorganize the standards body around “New IP.” Don’t be confused by the name—it’s exactly what it sounds like, a proposal for an entirely new set of transport protocols to replace the current IPv4/IPv6/TCP/QUIC/routing protocol stack nearly 100% of the networks in operation today run on. Ignoring, for the moment, the problem of replacing the entire IP infrastructure, what can we learn from this proposal?

What I’d like to focus on is deterministic networking. Way back in the days when I was in the USAF, one of the various projects I worked on was called PCI. The PCI network was a new system designed to unify the personnel processing across the entire USAF, so there were systems (Z100s, 200s, and 250s) to be installed in every location across the base where personnel actions were managed. Since the only wiring we had on base at the time was an old Strowger mainframe, mechanical crossbars at a dozen or so BDFs, and varying sizes of punch-downs at BDFs and IDFs, everything for this system needed to be punched- or wrapped-down as physical circuits.

Continue reading

Network Break 296: Cisco Acquires Video Analytics Company; F5 Gear Targeted By Botnet

The latest Network Break podcast examines Cisco's acquisition of Modcam for video analytics, discusses how the Mirai botnet takes advantage of vulnerable F5 load balancers, reviews financial results from Extreme and Arista, and tackles even more IT news.

The post Network Break 296: Cisco Acquires Video Analytics Company; F5 Gear Targeted By Botnet appeared first on Packet Pushers.

Eliminate East-West Traffic Hair-Pinning

A firewall is a firewall, right? While on the surface that assumption may appear to be correcta closer look reveals that there are critical differences between a traditional, appliance-based firewall that protects your network perimeter and a distributedscale-out internal firewall that protects east-west traffic within your data center.  

It’s true that both types of firewalls monitor network traffic, detect threats, and block malicious activity. However, appliance-based firewalls are designed to monitor north-south traffic, which has different volumes and characteristics than east-west traffic. Traditional north-south firewalls were never designed to be used interchangeably to protect both north-south and east-west traffic 

East-West Data Center Traffic

Figure 1: Data center traffic patterns

While it might appear to be the right choice, provisioning appliance-based firewalls for east-west traffic monitoring is not only expensive, it’s highly ineffective in delivering the level of control and performance required to protect growing numbers of dynamic workloads.  

Creating Traffic Jams During Volume Spikes     

One of the most common drawbacks of using appliance-based firewalls as internal firewalls is the need to hairpin east-west traffic to and Continue reading

1 917 918 919 920 921 3,849