Interview with John Kindervag, the Godfather of Zero Trust Networking

Last month, I had the pleasure of spending a few minutes with John Kindervag, the industry-described “Godfather” and thought leader behind Zero Trust Networking. John developed these concepts during his tenure as Vice President and Principal Analyst at Forrester Research.

Zero Trust, rooted in the principle of “never trust, always verify,” is primarily designed to address the threats of lateral movement within the network by utilizing micro-segmentation and by redefining the perimeter as that based on user, data and location.

We are at an inflection point in the industry where Zero Trust principles are starting to take hold, and many organizations are adopting these principles in order to adopt a stronger security posture. John eloquently describes these principles in this interview.

John’s Twitter – https://twitter.com/Kindervag

John’s LinkedIn – https://www.linkedin.com/in/john-kindervag-40572b1/

More background on Zero Trust architecture – https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture

Preparing for the Juniper Networks Certified Design Associate (JNCDA) Exam

Recently I set my sights on Juniper Networks‘ Design track as I am working with customers on an almost daily basis with regards to Data Center design. As such the Juniper Network Design – Data Center curriculum and associated JNCDS-DC certification looked very appealing. To top that off, according to Certification Magazine, the JNCDA and the JNCDS-DC certifications are two of the top six design related certifications at the moment, as of October 2016.

Continue reading “Preparing for the Juniper Networks Certified Design Associate (JNCDA) Exam”

Book Review :: Juniper QFX5100 Series: A Comprehensive Guide to Building Next-Generation Networks

Juniper QFX5100 Series: A Comprehensive Guide to Building Next-Generation Networks
by Douglas Richard Hanks, Jr.
Paperback: 310 pages
Publisher: O’Reilly Media
ISBN-13: 978-1491949573

5stars

Much more than just a book about the QFX5100

This was an easy weekend read, and quite honestly I’d never thought I’d say this about a technical book but I literally could not put the book down. Doug has amassed a wealth of great information, approaching the subject matter from a standpoint of brevity, applying the Goldilocks principle — not too much and not too little — but rather just the right amount of information.

Continue reading “Book Review :: Juniper QFX5100 Series: A Comprehensive Guide to Building Next-Generation Networks”

Carrier Grade NAT and the DoS Consequences

Republished from Corero DDoS Blog:

The Internet has a very long history of utilizing mechanisms that may breathe new life into older technologies, stretching it out so that newer technologies may be delayed or obviated altogether. IPv4 addressing, and the well known depletion associated with it, is one such area that has seen a plethora of mechanisms employed in order to give it more shelf life.

Continue reading “Carrier Grade NAT and the DoS Consequences”

Is DDoS Mitigation as-a-Service Becoming a Defacto Offering for Providers?

Republished from Corero DDoS Blog:

It’s well known in the industry that DDoS attacks are becoming more frequent and increasingly debilitating, turning DDoS mitigation into a mission critical initiative. From the largest of carriers to small and mid-level enterprises, more and more Internet connected businesses are becoming a target of DDoS attacks. What was once a problem that only a select few dealt with is now becoming a regularly occurring burden faced by network operators.

Continue reading “Is DDoS Mitigation as-a-Service Becoming a Defacto Offering for Providers?”

Juniper Networks Announces New Network Design Training Curriculum and Certification Program

Juniper took a big step forward in rounding out their certification programs by announcing a new Design Training and Certification curriculum, focusing on best practices and techniques that can be used across the spectrum of network architecture and design. Slated to be included in this program are also technologies around software-defined networking (SDN) and network functions virtualization (NFV).

Continue reading “Juniper Networks Announces New Network Design Training Curriculum and Certification Program”

What’s a Steiner Tree?

Any of you who have worked with VPLS or NG-MVPNs are likely already familiar with using Point-to-Multipoint (P2MP) LSPs to get traffic from a single ingress PE to multiple egress PEs.  The reason that P2MP LSPs are desired in these cases is that it can reduce unnecessary replication by doing so only where absolutely required, for example where a given P2MP LSP must diverge in order to reach two different PEs.

However, typically the sub-LSPs which are part of a given P2MP LSP traverse the shortest-path from ingress to egress based on whatever user defined constraints have been configured.  While this is fine for many applications, additional optimizations might be required such that additional bandwidth savings can be realized.

We will take a look at something called a Steiner-Tree which can help the network operator to realize these additional savings, when warranted, reducing the overall bandwidth used in the network and fundamentally changing the way in which paths are computed. Continue reading “What’s a Steiner Tree?”