Worth Reading: Addressing in 2016

The process of exhausting the remaining pools of IPv4 addresses in each of the Regional Internet Registries (RIRs) is continuing. Yet, despite this hiatus in the supply of IPv4 addresses, the Internet continues to grow. The reasons for this growth are changing, however. Personal computers have gone the way of mainframes and are no longer the staple of the consumer IT market. It looks as if laptops are now also feeling the pinch as the mainstream computer industry continues to focus on the smart device market. But even in the personal device sector, we see a market that is no longer expanding at massive rates. —APNIC

The post Worth Reading: Addressing in 2016 appeared first on 'net work.

Upcoming Webinar: Open Networking for Large Scale Networks

Shawn Zandi and I are doing a two part webinar over at ipspace.net—

Most modern data centers are still using vendor-driven “future proof” routers and switches with offering lots of (often unnecessary) capabilities. To build large, however, it is often better to build simple—radically simple. This webinar will cover the design components involved in building a data center or cloud fabric using a single, disaggregated device—the way some hyperscale and web scale operators build their networks. The first live session of the webinar will consider the benefits of disaggregated switch, focusing on the components, sources, and challenges in using disaggregated hardware and software in data center fabrics. The second live session will focus on the topologies and design concepts used in large scale data center fabrics using a single switching device as a leaf, spine and superspine switch.

Jump over to ipspace if you want to learn more.

The post Upcoming Webinar: Open Networking for Large Scale Networks appeared first on 'net work.

Worth Reading: Shopping for tax information

The 2016 tax season is now in full swing in the United States, which means scammers are once again assembling vast dossiers of personal data and preparing to file fraudulent tax refund requests on behalf of millions of Americans. But for those lazy identity thieves who can’t be bothered to phish or steal the needed data, there is now another option: Buying stolen W-2 tax forms from other crooks who have phished the documents wholesale from corporations. —Krebs on Security

The post Worth Reading: Shopping for tax information appeared first on 'net work.

Worth Reading: The right to an explanation

In just over a year, the General Data Protection Regulation (GDPR) becomes law in European member states. This paper focuses on just one particular aspect of the new law, article 22, as it relates to profiling, non-discrimination, and the right to an explanation.

The post Worth Reading: The right to an explanation appeared first on 'net work.

Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic (assuming perfect efficiency, of course—YMMV). Dispersing a DDoS in this way may impact performance—but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack.

But what if you cannot, for some reason, disperse the attack? Maybe you only have two edge connections, or if the size of the DDoS is larger than your total edge bandwidth combined? It is typically difficult to mitigate a DDoS attack, but there is an escalating chain of actions you can take that often prove useful. Let’s deal with local mitigation techniques first, and then consider some fancier methods.

• TCP SYN filtering: A lot of DDoS attacks rely on exhausting TCP open resources. If all inbound TCP sessions can be terminated in a proxy (such as a load balancer), Continue reading

Worth Reading: Why SPF needs forwarding addresses

OSPF tries to solve some broken designs with Forwarding Address field in Type-5 LSA – a kludge that unnecessarily increases the already too-high complexity of OSPF. NSSA areas make the whole thing worse: OSPF needs Forwarding Address in Type-5 LSAs generated from Type-7 LSAs to ensure optimal packet forwarding. —ipspace

The post Worth Reading: Why SPF needs forwarding addresses appeared first on 'net work.

Worth Reading: Quantum safe glossary

The Cloud Security Alliance’s Quantum-Safe Security (QSS) Working Group announces their latest release with the Quantum-Safe Security Glossary. The QSS Working Group was formed to address key generation and transmission methods and to help the industry understand quantum-safe methods for protecting networks and data. The working group is focused on long-term data protection amidst a climate of rising cryptanalysis capabilities. As the working group continues to produce documents to address concerns in a quantum world, the opportunity to share terms to provide a starting point to learn more about quantum-safe security. —Cloud Security Alliance

The post Worth Reading: Quantum safe glossary appeared first on 'net work.

Running

The post Running appeared first on 'net work.

LiveLessons on Sale

My two LiveLessons are currently on sale at Pearson sites. Use the code RW60 to receive the discount. The sale price, $79 for each one, is available until the 15th of March.

The post LiveLessons on Sale appeared first on 'net work.

Worth Reading: Sorting through SD-WAN

I’ve written a lot about SDN and SD-WAN. SD-WAN is the best example of how SDN should be marketed to people. Instead of talking about features like APIs, orchestration, and programmability, you need to focus on the right hook. Do you see a food processor by talking about how many attachments it has? Or do you sell a Swiss Army knife by talking about all the crazy screwdrivers it holds? Or do you simply boil it down to “This thing makes your life easier”? —Networking Nerd

The post Worth Reading: Sorting through SD-WAN appeared first on 'net work.

Worth Reading: Automation and ethics

As technologists, we have to mix together two concerns: relentlessly automating all aspects of business and life, while at the same time resisting the urge to become job-destroying, and, thus life-destroying jerks. “I was just doing my job” will be poor solace when we’re all licking the slime out of empty dog food cans. In the same way that we expect oil, chemical, and soda companies to manage the negative effects of their profits, we need to keep a closer eye on the negative effects of automation and, more broadly, IT innovation. —The New Stack

The post Worth Reading: Automation and ethics appeared first on 'net work.

Worth Reading: Lazy thinking and modularity

There are two flaws in the Modularity Always Wins theory. In order to succeed, “disruptive modularity” needs a stable architecture with well-defined and documented boundaries. Module innovators need to be able to slide their creations into place without playing havoc with the rest of the edifice. This is how it worked in the Wintel PC world…sort of. In PC reality, as many of us have experienced, the sliding in and out of modules wasn’t so neat and often landed us in Device Driver purgatory. In the mid-nineties, one Microsoft director told me that the Redmond company actually spent more engineering resources on drivers than on Windows’ core software. —Monday Note

The post Worth Reading: Lazy thinking and modularity appeared first on 'net work.

Worth Reading: Massive networks of fake accounts on Twitter

Massive collections of fake accounts are lying dormant on Twitter, suggests research. The largest network ties together more than 350,000 accounts and further work suggests others may be even bigger. UK researchers accidentally uncovered the lurking networks while probing Twitter to see how people use it. Some of the accounts have been used to fake follower numbers, send spam and boost interest in trending topics. —BBC

The post Worth Reading: Massive networks of fake accounts on Twitter appeared first on 'net work.

On the ‘net: Getting to know…

Russ White is on LinkedIn’s Infrastructure Engineering team, working on next-generation network design and architecture. He has worked in networking since the late 1980s, and has a long history contributing knowledge back to the networking community. A short list of his contributions to the field include being a published author, having published several papers in the Internet Protocol Journal, and serving in the past as a an organizational council co-chair for the Internet Society. He is also a member of the IETF Routing Area Directorate. —LinkedIn Engineering Blog

The post On the ‘net: Getting to know… appeared first on 'net work.

Worth Reading: Running from DDoS

As we look back over 2016, one of the most obvious stories will be the dramatic rise in the weaponization and size of DDoS attacks. At the beginning of 2016 we noted the largest attack being approximately 500Gbps. In the later months of 2016, we saw the monetization of multiple IoT-based botnet DDoS attacks that were close to breaking the 1 Tbps mark. —Arbor

The post Worth Reading: Running from DDoS appeared first on 'net work.

Worth Reading: BGP in 2016

Figure 2 illustrates an important principle in BGP, that there is no single authoritative view of the routing table – all views are in fact relative to the perspective of the BGP speaker. It also illustrates that at times the cause of changes in routing is not necessarily a change at the point of origination of the route which would be visible to all BGP speakers across the entire Internet, but it may well be a change in transit arrangements within the interior of the network that may expose, or hide, collections of routes. And thirdly, this illustrates the prevalent use of more specifics to affect traffic engineering. It is often the case that these more specifics are advertised with a limited scope, and if the changes to the transit arrangements move a BGP speaker in or out of this scope, then one can expect changes in the set of visible routes as a consequence. —Potaroo

The post Worth Reading: BGP in 2016 appeared first on 'net work.

RTGWG Interim Meeting on Data Center Challenges

Last week, the Routing Area Working Group (IETF) held an interim meeting on challenges and (potential) solutions to large scale data center fabric design. I’ve filed this here because I spoke for all of about 3 minutes out of the entire meeting—but I really wanted to highlight this meeting, as it will be of interest to just about every network engineer “out there” who deals with data center design at all.

There are three key URLs for the interim

The agenda
The session slides and links to drafts presented
A Webex recording of the entire proceedings

My reaction, in general, is that we are starting to really understand the challenges in a networking way, rather than just as a coding problem, or a “wow, that’s really big.” I’m not certain we are heading down the right path in all areas; I am becoming more convinced than ever that the true path to scale is to layer the control plane in ways we are not doing today. You can see this in the LinkedIn presentation, which Shawn and I shared. I tend to think the move towards sucking every bit of state possible out of the control plane is a Continue reading

Worth Reading: The CCDE “aha” moment

The problem with my mindset was this need to ‘jump to conclusions’, and the core of my issues with being successful with the CCDE practical exam. Hello, I’m Zig the preconceived notion guy! I will forever be known in our CCDE Study group as the preconceived notion guy! Leave your preconceived notions at the door! I cannot emphasize enough how important this is. Bring all of your technical experience and understanding, but leave every other attribute that’s not related to the technology at the door. The scenario will be feeding you all of the information you need to make a valid decision. Your personal experience and opinion about a technology that isn’t technical will only get in your way, as it was in my way. —Cisco Learning

The post Worth Reading: The CCDE “aha” moment appeared first on 'net work.

Worth Reading: An infrastructure for on demand service profiling

LinkedIn has built hundreds of application services, with thousands of instances running in data centers. Optimizing the performance of these services can dramatically improve user experience and reduce operational costs, and profilers are commonly used to help achieve this. LinkedIn’s On-Demand Profiling infrastructure (“ODP”) is one method we use to identify these optimizations. Profiling is a useful method to improve the performance of services. However, the tooling solutions for profiling don’t have fixed standards, are often decentralized, can be costly, and for a company with a large server footprint such as LinkedIn, are inconvenient to use at best. —Linkedin Engineering Blog

The post Worth Reading: An infrastructure for on demand service profiling appeared first on 'net work.

Toxic Cultures and Reality

I have lived through multiple toxic cultures in my life. It’s easy to say, “just quit,” or “just go to HR,” but—for various reasons—these are not always a good solution. For instance, if you are in the military, “just quit” is not, precisely, an option. So how should you deal with these sorts of bad situations?

Start here: you are not going to change the culture. Just like I tell my daughters not to date guys so they can “fix” them, I have never seen anyone “fix” a culture through any sort of “mass action.” You are not going to “win” by going to the boss, or by getting someone from the outside to force everyone to change. You are not going to change the culture by griping about it. Believe me, I’ve tried all these things. They don’t (really) work.

Given these points, what can you do?

Start with a large dose of humility. First, you are probably a part of a number of toxic cultures yourself, and you probably even contribute at least some amount of the poison. Second, you are almost always limited in your power to change things; your influence, no matter how right you Continue reading