Netadmins: Grab a plate and wander down El Reg's network buffet

The Broadband Forum has dropped the first open-source code in an access interoperability project designed to support cloud-based access infrastructure and services.

The Open Broadband – Broadband Access Abstraction (OB-BAA) project was announced here and published here.

Broadband Forum CEO Robin Mersh said the project helps network operators take an optimised approach to infrastructure rather than having to fetch the upgrade forklift.

OB-BAA specifies core components, northbound, and southbound interfaces for virtualized access devices (for example, a virtual CPE in which the "box in the home" supports connectivity and nearly nothing else, with cloud services providing smarts like the firewall), in an architecture designed for SDN automation.

The aim is to simplify operators' deployment, since business decisions are decoupled from the device and implementation decisions they make.

OB-BAA is also part of the Broadband Forum's CloudCO project, and is designed to complement other industry initiatives such as the work of the Open Networking Foundation.

The project involved contributions from "Broadcom, BT, Calix, CenturyLink, China Telecom, Huawei, Nokia, Telecom Italia, Tibit, the University of New Hampshire InterOperability Lab (UNH-IOL) and ZTE", the forum said.

Optical market 'suffered' from ZTE ban

America's brief ban on Chinese vendor ZTE crimped the optical networking market's growth in the second quarter of 2018, the Dell'Oro Group said in its latest number-crunching.

The ban resulted in a 13 per cent fall in Chinese market revenues, saith the soothsayers, and was responsible for a global fall for the quarter on a year-on-year basis.

Its announcement gives Huawei the top spot in the optical transport market, with Ciena and Nokia the followers. Wavelength-division multiplexing (WDM)-based data centre interconnect grew nearly 40 per cent year-on-year on the back of US and Chinese content providers.

The market is demanding faster interconnect, the report added, with 200Gbps coherent systems "exceptionally strong in the quarter".

With 200Gbps already displacing 100Gbps, Dell'Oro said, "we predict 200Gbps shipments will be two times higher in 2018".

Cumulus Networks waves Broadcom's Trident at white boxen

Cumulus Networks has added support for Broadcom's Trident silicon to its Linux-based network operating system.

The Trident3 ASIC is now supported by Cumulus' Ethernet Virtual Private Network (EVPN) solution, providing customers a way to avoid proprietary Ethernet VPN controllers.

The white-box OS company said that as well as simplifying Ethernet VPN operations, the solution provides control plan scalability and robustness. Running EVPN on T3, Cumulus said, supports VXLAN routing and tunnelling "in a single pass, at 100Gbps and 25Gbps line rate", and supporting both symmetric and asymmetric routing.

With 2Tbps and 3.2Tbps throughput variants, the Trident3 ASICs target networks from enterprise up to service provider capacity.

Arista expands security portfolio

Three high-performance encryption offerings, VMware and Zscaler integration, and "Places-in-the-Cloud" (PIC)-based security headlined this announcement from Arista Networks.

The encryption products include the 7020SRG, a 10Gbps platform with hardware-based IPSec to provide site-to-site VPN connectivity; three leaf-based MACsec implementations for data centre interconnect, the 7280CR2M-30 and 7280SRAM-48C6 supporting encryption at 10Gbps to 100Gbps at distances up to 100km, and the 7280SRM-40CX2 to provide encryption over 200Gbps coherent interfaces up to 2,500km; and service provider leaf platforms offering MACsec to hosting, cable, and mobile access networks.

The company's partnership with Zscaler integrates the vEOS router with Zscaler's Private Access (ZPA) offering.

vEOS provides stateful policy enforcement for cloud traffic across AWS, Azure, and Google clouds, via a new Zone Segmentation Security capability. Integrating ZPA into vEOS extends the Arista security across multiple cloud traffic: vEOS handles east-west traffic, while Zscaler protects north-south traffic.

Arista and VMware's collaboration improves the integration between CloudVision and VMware NSX. This means NSX security policies can be enforced natively on Arista switches, and the company's security partner products (Palo Alto Networks, Checkpoint, and Fortinet) "allows the enforcement of existing firewall security rules on the traffic to and from physical workloads", Arista said.

Netgear offering easier network admin for Oz SMEs

Netgear's small business network management platform, Insight, has landed in Australia.

Covering the company's Wi-Fi access points, switches, and storage, Insight combines the company's cloud management and "manageable hardware" offerings, providing discovery, configuration, monitoring and management, and managed firmware updates.

Insight can be accessed from a cloud web portal of a mobile app (either on iOS or Android). There are two subscription plans: the app-only Insight Basic, free for up to two devices, with a subscription of AU$7.50 per month per year, per device; and Insight Premium, which adds access to the Insight Cloud Web portal, and more advanced features such as Smart Wi-Fi roaming and Power-over-Ethernet scheduling, either as a monthly $1.50 per device or $14.50 per device annually.

Cisco gets to work weeding out Apace Struts vuln

Cisco is one of the first third parties to announce a security audit of its products in case they've inherited this week's Apache Struts vulnerability.

Admins need to bookmark this URL to keep an eye on which products turn out to be vulnerable.

Switchzilla's advisory includes a swathe of products under investigation, covering data centre network management; network and content devices; management and provisioning products; its broadband access router/switch management application; 17 voice and unified communications products; video distribution; and 14 cloud products including Webex.

Watch this space...

Proton Mail's JS library also passes security audit

Proton Mail this month announced that its OpenPGP.js encryption library passed a security audit conducted by Cure53.

The auditors said: "Tested cryptographic implementations were top notch and excellent quality given the platform. The only limitations come from the platform itself (JavaScript/web), which do not allow for side channel resistance or reliable constant time operations. Overall however this is an exceptional library for JavaScript cryptography."

Cure53's full report is here. ®