Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored)

On today's Heavy Networking episode, sponsored by Cisco, we discuss reasons why automation isn't more pervasive, particularly in networking, and look at complications such as source of truth, getting state information, the need for orchestration, and user trust. Our guests are Omar Sultan, Leader, Product Management at Cisco; and Kevin Corbin, Sr. Solutions Engineer at HashiCorp.

The post Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored) appeared first on Packet Pushers.

Chapter Training Program 2020: The Power of Us!

“Vulnerability is the birthplace of innovation, creativity and change.”
—Brené Brown

Three months ago, the Internet Society decided to face a new challenge. We took ourselves out of our comfort zone to move our community to the next level: empowerment through education. We began the Chapter Training Program, born to satisfy the increasing need of our Chapter leaders to engage their members in an impactful and informed way. The purpose was to identify and help form new leaders to work together to create local awareness, as part of our 2020 Action Plan .

This journey was not easy. However, our community embraced vulnerability and we overcame many obstacles, like change and uncertainty. In the end, we succeeded – because together our strength is bigger than our challenges. It’s part of our community’s DNA: having the conviction to build an Internet that enriches people’s lives and enables opportunities to all.We demonstrated that when we work together, we accomplish great things. Challenge becomes just a word… To be brave, first we need to be vulnerable and once we are brave, the sky is the limit!

I want to share the results of our work – and I hope we can Continue reading

IDC: Covid-19 hits SD-WAN, data center gear; enterprise impact varies

While the previously hot SD-WAN market has slowed and IT budgets overall are under pressure, the COVID-19 pandemic has created demand for other network capabilities such as improved network-management and collaboration tools, according to IDC.The virus has caused recessionary economy that has forced enterprises across the globe to rapidly and dramatically shift their operations, according to Rohit Mehra, vice president, Network Infrastructure at IDC. “The reality of that is we have seen two years of IT digital transformation in two months,” Mehra told the online audience of an IDC webinar about the impact of the pandemic on enterprise networking.To read this article in full, please click here

Next Platform TV for July 9, 2020

From Arm server chip market and technology momentum to the future of spin wave computing, as well as some insight about current situation and subsequent (too quick?) …

Next Platform TV for July 9, 2020 was written by Nicole Hemsoth at The Next Platform.

Now GA: Data-in-Transit Encryption in Calico v3.15

We’re excited to announce that the latest release of Calico includes encryption for data-in-transit. Calico is the open source networking and network security solution for containers, virtual machines, and host-based workloads, offering connectivity and security for container workloads.

One of Calico’s best-known security features is its implementation of Kubernetes Network Policy, providing a way to secure container workloads by restricting traffic to and from trusted sources. This enables the traffic to be controlled, however, the traffic itself had previously remained vulnerable to interception.

A common solution to this problem is to encrypt traffic at the application layer using protocols like Transport Layer Security (TLS). Traffic can also be encrypted at a lower infrastructure level using IPsec. However, these approaches introduce an additional layer of complexity. Calico avoids that complexity by utilizing WireGuard to implement data-in-transit encryption.

WireGuard is run as a module inside the Linux kernel and provides better performance and lower power consumption than IPsec and OpenVPN tunneling protocols. The Linux version of WireGuard reached a stable production release in March and was introduced as a tech preview in the 3.14 release of Project Calico. We are pleased to announce that WireGuard encryption is now generally available with Continue reading

How Does Technology Affect the Generation Gap?

One of the biggest divisions between the generations today is technology. And with a huge disparity in attitudes towards technology as well as competence levels, there is a danger that each generation is becoming even more separated, settling into their own niche areas regarding the way that we all socialize, receive news, and communicate with each other. When asking how technology affects the generation gap, there is a lot more to it than having the ability to download a movie or app or do online shopping.

First up the most digital savvy group of adults are the Millennials. These people born between 1981 and 1996 cannot remember a time without email and the internet. Millennials are technically competent, and this generation tends to want to share their lives online in a way that would appeal to older people. There is an attitude that if it isn’t posted on social media, it just didn’t happen!

By contrast, Generation X , the people born in the early 1960s through to the ’70s are often technically able to use the internet and use online banking , shopping and to occasionally post on social media, but in most cases, technology is not a major Continue reading

Centralize your Automation Logs with Ansible Tower and Splunk Enterprise

For many IT teams, automation is a core component these days. But automation is not something on it’s own - it is a part of a puzzle and needs to interact with the surrounding IT. So one way to grade automation is how well it integrates with other tooling of the IT ecosystem - like the central logging infrastructure. After all, through the central logging the IT team can quickly survey what is happening, where, and what the state of it is.

The Red Hat Ansible Automation Platform is a solution to build and operate automation at scale. As part of the platform, Ansible Tower integrates well with external logging solutions, such as Splunk, and it is easy to set that up. In this blog post we will demonstrate how to perform the necessary configurations in both Splunk and Ansible Tower to let them work well together.

Setup of Splunk

The first step is to get Splunk up and running. You can download a Splunk RPM after you register yourself at the Splunk home page.

After the registration, download the rpm and perform the installation:

$ rpm -ivh splunk-8.0.3-a6754d8441bf-linux-2.6-x86_64.rpm
warning: splunk-8.0.3-a6754d8441bf-linux-2.6-x86_64.rpm:  Continue reading

IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston

We discuss the challenges and opportunities of IPv6 with Geoff Huston, APNIC's chief scientist and network analyst nonpareil. Topics include how dual-stack and Happy Eyeballs have papered over v6 deficiencies, why the address space may not be as vast as advertised, and why v6 is still the future.

IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston

The post IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston appeared first on Packet Pushers.

From Docker Straight to AWS

Just about six years ago to the day Docker hit the first milestone for Docker Compose, a simple way to layout your containers and their connections. A talks to B, B talks to C, and C is a database. Fast forward six years and the container ecosystem has become complex. New managed container services have arrived bringing their own runtime environments, CLIs, and configuration languages. This complexity serves the needs of the operations teams who require fine grained control, but carries a high price for developers.

One thing has remained constant over this time is that developers love the simplicity of Docker and Compose. This led us to ask, why do developers now have to choose between simple and powerful? Today, I am excited to finally be able to talk about the result of what we have been working on for over a year to provide developers power and simplicity from desktop to the cloud using Compose. Docker is expanding our strategic partnership with Amazon and integrating the Docker experience you already know and love with Amazon Elastic Container Service (ECS) with AWS Fargate. Deploying straight from Docker straight to AWS has never been easier.

Today this functionality is Continue reading

HS. Part 6. First impression from Nokia SRLinux.

Hello my friend,

In this HS blog series we have covered so far the automated build of the network topology for hyper scale data centre using Microsoft Azure SONiC. Today Nokia has announced a new product for data centre, which is called SRLinux. In the next couple of articles we’ll review it from the architectural and automation standpoint.


1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Thanks

We want to thank Nokia team for providing us the details and assisting in creating these materials. It won’t be possible without your help, dear partners.

Network automation training – now as a self-paced course as well

Following your asks we open a new format for the network automation training – self-paced format:

It doesn’t matter what your timezone is.
It doesn’t matter how much hours weekly do you have to study.
It doesn’t matter how solid is your current background in automation, scripting and software development.

Because you decide on your own when, how often and Continue reading

From Docker Straight to AWS

Today this functionality is Continue reading

IXPs: Keeping Local Infrastructure Resilient during COVID-19

The COVID-19 pandemic has proven how important a strong Internet infrastructure is.

Internet exchange points are a vital part of that. They are key to bringing better, faster, and more affordable Internet to people.

Recently, the Asia Pacific Internet Exchange Association (APIX) and the Internet Society did a comprehensive survey to understand the impact of COVID-19 on IXP operations in the region.

IXPs from Japan, Hong Kong, Taiwan, Thailand, Myanmar, Philippines, Singapore, Vietnam, Indonesia, Malaysia, Nepal, and Australia provided data. Here are some of the key findings.

What is an Internet Exchange Point?

If you want to see your neighbor, taking a route that sends you across town and back again is not the quickest or most efficient way to get there. And yet, in many parts of the world, that is what happens with Internet traffic. IXPs help create shorter, more direct routes for Internet traffic.

Read the Explainer

Changes in Internet Traffic

There was a significant increase in Internet exchange traffic, between 7- 40%. Traffic patterns during the pandemic show that there is either no difference left between peak and off-peak time or the peak time has increased from a few to more hours.

The increase is highest Continue reading

draft-knodel-terminology-03 – Terminology, Power, and Inclusive Language in Internet-Drafts and RFCs

Add to your documentation style guide.

The post draft-knodel-terminology-03 – Terminology, Power, and Inclusive Language in Internet-Drafts and RFCs appeared first on EtherealMind.

No Humans Involved: Mitigating a 754 Million PPS DDoS Attack Automatically

On June 21, Cloudflare automatically mitigated a highly volumetric DDoS attack that peaked at 754 million packets per second. The attack was part of an organized four day campaign starting on June 18 and ending on June 21: attack traffic was sent from over 316,000 IP addresses towards a single Cloudflare IP address that was mostly used for websites on our Free plan. No downtime or service degradation was reported during the attack, and no charges accrued to customers due to our unmetered mitigation guarantee.

The attack was detected and handled automatically by Gatebot, our global DDoS detection and mitigation system without any manual intervention by our teams. Notably, because our automated systems were able to mitigate the attack without issue, no alerts or pages were sent to our on-call teams and no humans were involved at all.

During those four days, the attack utilized a combination of three attack vectors over the TCP protocol: SYN floods, ACK floods and SYN-ACK floods. The attack campaign sustained for multiple hours at rates exceeding 400-600 million packets per second Continue reading

Contour Ingress Controller Joins CNCF at Incubation Level

The open source Envoy proxy, joined the Cloud Native Computing Foundation (CNCF) as an incubation level project, skipping over the traditional sandbox level entry point. The project, originally developed in 2017 at Heptio before the company’s acquisition by VMware, displayed a level of usage in the field, support in the community and activity in its ecosystem that warranted skipping the sandbox, said

Fannie Mae’s journey to SD-WAN means less reliance on MPLS and VPNs

About a year and a half ago, some Texas employees of the Federal National Mortgage Association (Fannie Mae) were leaving work early to work at home over the enterprise VNP because it gave them better application performance and less congestion than the office network.That’s also when the agency started moving toward a cloud-first environment and away from its legacy hub-and-spoke WAN.More about SD-WAN: How to buy SD-WAN technology: Key questions to consider when selecting a supplier • How to pick an off-site data-backup method • SD-Branch: What it is and why you’ll need it • What are the options for security SD-WAN?To read this article in full, please click here

Who's Hiring?

InterviewCamp.io has hours of system design content. They also do live system design discussions every week. They break down interview prep into fundamental building blocks. Try out their platform.

Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

Need excellent people? Advertise your job here!

Cool Products and Services

Developers care about shipping secure applications. Application security products and processes, however, have not kept up with advances in software development. There are a new breed of tools hitting the market that enable developers to take the lead on AppSec. Learn how engineering teams are using products like StackHawk and Snyk to add security bug testing to their CI pipelines.

Learn the stuff they don't teach you in the AWS docs. Filter out the distracting hype, and focus on the parts of AWS that you'd be foolish not to use. Learn the Good Parts of AWS. Created by former senior-level AWS engineers of 15 years.

Stateful JavaScript Apps. Effortlessly add state to your Javascript apps with FaunaDB. Generous free tier. Try Continue reading

Getting Started with IBM QRadar and Red Hat Ansible Automation Platform

IBM Security QRadar is a Security Information and Event Management (SIEM), which can help security teams to accurately detect and prioritize threats across the organization, providing intelligent insights that enable organisations to respond quickly to reduce the impact of incidents. By consolidating log events and network flow data from thousands of devices, endpoints, users and applications distributed throughout your network, QRadar correlates all this different information and aggregates related events into single alerts to accelerate incident analysis and remediation.

Ansible and QRadar, better together

Ansible is the open and powerful language security teams can use to interoperate across the various security technologies involved in their day-to-day activities.

Customers can take advantage of the IBM QRadar Content Collection to create sophisticated security workflows through the automation of the following functionalities:

Log sources configuration
Offense rules enablement
Offense management

Ansible allows security organizations to integrate QRadar into automated security processes, enabling them to automate QRadar configuration deployments in recurring situations like automated test environments, but also in large scale deployments where similar tasks have to be rolled out and managed across multiple nodes.

Security practitioners can automate investigation activities enabling QRadar to programmatically access newdata sources. Also, they now have Continue reading

Working Around Docker Desktop’s Outdated Kubernetes Version

As of the time that I published this blog post in early July 2020, Docker Desktop for macOS was at version 2.2.0.4 (for the “stable” channel). That version includes a relatively recent version of the Docker engine (19.03.8, compared to 19.03.12 on my Fedora 31 box), but a quite outdated version of Kubernetes (1.15.5, which isn’t supported by upstream). Now, this may not be a problem for users who only use Kubernetes via Docker Desktop. For me, however, the old version of Kubernetes—specifically the old version of kubectl—causes problems. Here’s how I worked around the old version that Docker Desktop supplies.

First, you’ll note that Docker Desktop automatically symlinks its version of kubectl into your system path at /usr/local/bin. You can verify the version of Docker Desktop’s kubectl by running this command:

/usr/local/bin/kubectl version --client=true

On my macOS 10.14.6-based system, this returned a version of 1.15.5. According to GitHub, v1.15.5 was released in October of 2019. Per the Kubernetes version skew policy, this version of kubectl would work with with 1.14, 1.15, and 1.16. What if I need to Continue reading

« Previous 1 … 924 925 926 927 928 … 3,841 Next »