What I Think I Know About COVID-19 and Its Personal Impact
I'm writing this for myself to process the
The post What I Think I Know About COVID-19 and Its Personal Impact appeared first on EtherealMind.
Day Two Cloud 043: Git For Ops People
Day Two Cloud dives into Git for operations people. Git is a version-control system used to track changes in software. If you've heard of it but aren't familiar with it and want to learn more, this is your show. Our guest is Damien Garros, Managing Director at Network To Code.Day Two Cloud 043: Git For Ops People
Day Two Cloud dives into Git for operations people. Git is a version-control system used to track changes in software. If you've heard of it but aren't familiar with it and want to learn more, this is your show. Our guest is Damien Garros, Managing Director at Network To Code.
The post Day Two Cloud 043: Git For Ops People appeared first on Packet Pushers.
Sysdig Burrows Deeper Into IBM Cloud
The DevOps monitoring platform extended support to several IBM Cloud services including IBM Watson...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
NTC – Navigating Enterprise Process
Technology is only a small piece of the automation puzzle and automation efforts often require adjustments or updates to the ways companies do their day to day work. Today we’re continuing our focus on Network Automation and Programmability by talking about Navigating Enterprise Process during automation projects.
Bryan Culver
Guest
Daryn Johnson
Guest
Rick Sherman
Host
Jordan Martin
Host
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post NTC – Navigating Enterprise Process appeared first on Network Collective.
What Does a Global Pandemic Mean for the Internet?
This interview was originally published in Technical.ly.
The Internet has long been a connector beyond the physical. Now, it’s the only reason people are able to see their faraway loved ones and complete remote projects with their coworkers amid pandemic-prompted social distancing. It’s a great moment for the technology — and for hackers.
Reston, Virginia-based Internet Society is an advocacy organization that, in its words, promotes “the development of the Internet as a global technical infrastructure, a resource to enrich people’s lives, and a force for good in society.”
Katie Jordan, a resident of Philadelphia’s Graduate Hospital neighborhood, joined the team in 2018 after serving as a policy and program manager at Next Century Cities where she worked with emerging tech issues. As Internet Society’s senior policy manager, Jordan develops and advocates for policy related to Internet access and security.
She talked to Technical.ly about what the Internet Society is focusing on now and if COVID-19 is going to change the way we use the Internet.
Technical.ly: What does Internet Society do when there’s not a pandemic, and how has your work shifted recently?
Jordan: It’s made everything feel more urgent. We’re not doing anything Continue reading
Moving from reCAPTCHA to hCaptcha
We recently migrated the CAPTCHA provider we use from Google's reCAPTCHA to a service provided by the independent hCaptcha. We're excited about this change because it helps address a privacy concern inherent to relying on a Google service that we've had for some time and also gives us more flexibility to customize the CAPTCHAs we show. Since this change potentially impacts all Cloudflare customers, we wanted to walk through the rationale in more detail.
CAPTCHAs at Cloudflare
One of the services Cloudflare provides is a way to block malicious automated ("bot") traffic. We use a number of techniques to accomplish that. When we are confident something is malicious bot activity we block it entirely. When we are confident it's good human traffic (or a good bot like a search engine crawler) then we let it through. But, sometimes, when we're not 100% sure if something is malicious or good we issue it a “challenge”.
We have different types of challenges, some are entirely automatic, but one requires human intervention. Those challenges are known as CAPTCHAs. That's an acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart (a few Ts are dropped otherwise it'd be CAPTTTCHA). These Continue reading
Migrating Existing Content Into a Dedicated Ansible Collection
Today, we will demonstrate how to migrate part of the existing Ansible content (modules and plugins) into a dedicated Ansible Collection. We will be using modules for managing DigitalOcean's resources as an example so you can follow along and test your development setup. But first, let us get the big question out of the way: Why would we want to do that?
Ansible on a Diet
In late March 2020, Ansible's main development branch lost almost all of its modules and plugins. Where did they go? Many of them moved to the ansible-collections GitHub organization. More specifically, the vast majority landed in the community.general GitHub repository that serves as their temporary home (refer to the Community overview README for more information).
The ultimate goal is to get as much content in the community.general Ansible Collection "adopted" by a caring team of developers and moved into a dedicated upstream location, with a dedicated Galaxy namespace. Maintainers of the newly migrated Ansible Collection can then set up the development and release processes as they see fit, (almost) free from the requirements of the comunity.general collection. For more information about the future of Ansible content delivery, please Continue reading
Using Python and Pandas to look at Pandemic Data
The script and supporting files in this repository are intended to show how the Python Pandas module can be used to analyze data, specifically COVID-19 data. I am going to recommend 3 data sets to "investigate": WHO (Download from 06 April 2020) CSSEGISandData on GitHub New York Times US Data GitHub Repository Background WHO Data READ MORE
The post Using Python and Pandas to look at Pandemic Data appeared first on The Gratuitous Arp.
VMware Claims SD-WAN Dominance Over Cisco
More than 225,000 branch offices have deployed VMware’s SD-WAN, said VMware’s Tom Gillis....
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
VMware Delivers NSX-T 3.0 with Innovations in Cloud, Security, Containers, and Operations
We are excited to announce the general availability of VMware NSX-T
3.0, a major release of our full stack Layer 2 to Layer 7 networking platform that offers virtual networking, security, load balancing, visibility, and analytics in a single platform. NSX-T 3.0 includes key innovations across cloud-scale networking, security, containers, and operations that help enterprises achieve one-click public cloud experience wherever their workloads are deployed. As enterprises adopt cloud, containers, and new applications, IT teams are managing more heterogenous and distributed environments that need to be secured, automated, and monitored. The need to run and manage workloads on all types of infrastructure, VMs, containers, bare metal across both private and public clouds, is greater than ever. Enterprises need end-to-end software-defined solutions to fully automate, connect, and protect all their workloads.
As a key component of VMware Virtual Cloud Network, VMware NSX-T 3.0 includes groundbreaking innovations that make it easier to replace legacy appliances that congest data center traffic, achieve stronger security posture, and run virtual Continue reading
HPE Readies $2B in Loan Relief for Enterprises
The company earlier this week, like many others, withdrew its previously issued financial guidance...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
How To Use 1.1.1.1 w/ WARP App And Cloudflare Gateway To Protect Your Phone From Security Threats
Cloudflare Gateway protects users and devices from security threats. You can now use Gateway inside the 1.1.1.1 w/ WARP app to secure your phone from malware, phishing and other security threats.
The 1.1.1.1 w/ WARP app has secured millions of mobile Internet connections. When installed, 1.1.1.1 w/ WARP encrypts the traffic leaving your device, giving you a more private browsing experience.
Starting today, you can get even more out of your 1.1.1.1 w/ WARP. By adding Cloudflare Gateway’s secure DNS filtering to the app, you can add a layer of security and block malicious domains flagged as phishing, command and control, or spam. This protection isn’t dependent on what network you’re connected to - it follows you everywhere you go.
You can read more about how Cloudflare Gateway builds on our 1.1.1.1 resolver to secure Internet connections in our announcement. Ready to get started bringing that security to your mobile device? Follow the steps below.
Download the 1.1.1.1 w/ WARP mobile app
If you don’t have the latest version of the 1.1.1.1 w/ WARP app go to the Apple Continue reading
RFC 1 Was Fifty One Years Ago
Has much changed since then ?
The post RFC 1 Was Fifty One Years Ago appeared first on EtherealMind.
Building BGP Route Reflector Configuration with Ansible/Jinja2
One of our subscribers sent me this email when trying to use ideas from Ansible for Networking Engineers webinar to build BGP route reflector configuration:
I’m currently discovering Ansible/Jinja2 and trying to create BGP route reflector configuration from Jinja2 template using Ansible playbook. As part of group_vars YAML file, I wish to list all route reflector clients IP address. When I have 50+ neighbors, the YAML file gets quite unreadable and it’s hard to see data model anymore.
Whenever you hit a roadblock like this one, you should start with the bigger picture and maybe redefine the problem.
Why use Typha in your Calico Kubernetes Deployments?
Calico is an open source networking and network security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal. In this blog, we will focus on Kubernetes pod networking and network security using Calico.
Calico uses etcd as the back-end datastore. When you run Calico on Kubernetes, you can use the same etcd datastore through the Kubernetes API server. This is called a Kubernetes backed datastore (KDD) in Calico. The following diagram shows a block-level architecture of Calico.
Calico-node runs as a Daemonset, and has a fair amount of interaction with the Kubernetes API server. It’s easy for you to profile that by simply enabling audit logs for calico-node. For example, in my kubeadm cluster, I used the following audit configuration
To set the context, this is my cluster configuration.
As we are running Typha already, let us profile the API calls for both Calico and Typha components. I used the following commands to extract the unique API calls for each.
If you ignore the license key API calls from calico-node, you will see that the API calls Continue reading
Juniper QFX10K IPFIX Gotchas
IPFIX is problematic on the Juniper QFX10K switches. Documentation is sparse, and doesn’t have a complete configuration. Behavior changes between versions in undocumented ways. Here’s a couple of things I noticed when upgrading from Junos 17.3 to 17.4. These also apply if you are running 18.4 code. I hit more problems with 18.4, and ended up rolling back to 17.4.
Big Changes in Reported Throughput
Here’s a graph showing total reported throughput for a QFX10K I upgraded:
There’s a few things going on there. First the reported traffic drops to zero after I upgraded. Then it starts coming up, after I fixed the first problem. But then after that the reported traffic is flat, and lower than it should be. Then it starts coming up again after I made the second fix.
First Problem: Chassis Sample Instance
The first configuration change I needed to add was this: set chassis fpc 0 sampling-instance sample-border, where sample-border is the name of the sampling instance I have configured under forwarding-options. This was not required with 17.3. If you don’t do it with 17.4, you won’t get any data.
Second Problem: DDoS-Protection
Some Juniper platforms implement Continue reading
Juniper QFX10K IPFIX Gotchas
IPFIX is problematic on the Juniper QFX10K switches. Documentation is sparse, and doesn’t have a complete configuration. Behavior changes between versions in undocumented ways. Here’s a couple of things I noticed when upgrading from Junos 17.3 to 17.4. These also apply if you are running 18.4 code. I hit more problems with 18.4, and ended up rolling back to 17.4.
Big Changes in Reported Throughput
Here’s a graph showing total reported throughput for a QFX10K I upgraded:
There’s a few things going on there. First the reported traffic drops to zero after I upgraded. Then it starts coming up, after I fixed the first problem. But then after that the reported traffic is flat, and lower than it should be. Then it starts coming up again after I made the second fix.
First Problem: Chassis Sample Instance
The first configuration change I needed to add was this: set chassis fpc 0 sampling-instance sample-border, where sample-border is the name of the sampling instance I have configured under forwarding-options. This was not required with 17.3. If you don’t do it with 17.4, you won’t get any data.
Second Problem: DDoS-Protection
Some Juniper platforms implement Continue reading
April Customer Newsletter
Welcome to the April 2020 edition of the Tigera Calicommunication newsletter! In the March edition, we discussed context-aware flow logs. This edition covers the next component of logging, the audit logs.
Using Calico Enterprise Audit Logs to Improve Visibility, Security, and Compliance
Watch this short video to see how you can benefit from using Calico Enterprise Audit Logs.
What problems are we solving?
Kubernetes is an API-driven platform. Every action happens through an API call into the kube API server. Consequently, recording and monitoring API activity is very important. While most deployments end up sending these logs to a remote destination for compliance purposes, these logs are often not easily accessible when needed. Moreover, different roles (platform, network, security) have different requirements, and many may not even have access to the logs. Some use cases relevant to log analysis are as follows.
- A policy change resulted in a sudden outage of a service. How do you find out which policies have changed in the last 24 hours? [network, security]
- You are maintaining a critical namespace and want to monitor every pod that comes up in that namespace. Can you get an alert if a pod is created in that Continue reading