Archive

Category Archives for "Russ White"

It’s not a CLOS, it’s a Clos

Way back in the day, when telephone lines were first being installed, running the physical infrastructure was quite expensive. The first attempt to maximize the infrastructure was the party line. In modern terms, the party line is just an Ethernet segment for the telephone. Anyone can pick up and talk to anyone else who happens to be listening. In order to schedule things, a user could contact an operator, who could then “ring” the appropriate phone to signal another user to “pick up.” CSMA/CA, in essence, with a human scheduler.

This proved to be somewhat unacceptable to everyone other than various intelligence agencies, so the operator’s position was “upgraded.” A line was run to each structure (house or business) and terminated at a switchboard. Each line terminated into a jack, and patch cables were supplied to the operator, who could then connect two telephone lines by inserting a jumper cable between the appropriate jacks.

An important concept: this kind of operator driven system is nonblocking. If Joe calls Susan, then Joe and Susan cannot also talk to someone other than one another for the duration of their call. If Joe’s line is tied up, when someone tries to Continue reading

Weekend Reads 061519

Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. —Swati Khandelwal

Recursive resolvers are often overlooked when it comes to their role and importance in the Domain Name System (DNS). —Metin Açıkalın

NRE != Automated Networks, just the same as a fast car != driving fast. —David Gee

It’s easy to view iPadOS as just a fun name, another one of Apple’s catchy coinages. But in this case it’s also not just a name. —Lauren Goode

Currently, at release candidate 3, the Linux 5.2 kernel is coming soon and promises to offer quite a host of impressive new features and improvements. —Jack Wallen

We are also seeing for the first time a true multi-vendor DWDM standard emerge around 400GZR/ZR+. —Jonathan Homa

RFC1925, Rule 1

According to RFC1925, the first fundamental truth of networking is: it has to work. While this might seem to be overly simplistic, it has proven—over the years—to be much more difficult to implement in real life than it looks like in a slide deck. Interestingly, those with extensive experience in failures, however, can often make a better guess at what is possible to make work than those without such experience. The good news, however, is the experience of failure can be shared, especially through self-deprecating humor.

Reaction: Overly Attached

In a recent edition of ACM Queue, Kate Matsudaira has an article discussing the problem of being overly attached to a project or solution.

The longer you work on one system or application, the deeper the attachment. For years you have been investing in it—adding new features, updating functionality, fixing bugs and corner cases, polishing, and refactoring. If the product serves a need, you likely reap satisfaction for a job well done (and maybe you even received some raises or promotions as a result of your great work).

Attachment is a two-edged sword—without some form of attachment, it seems there is no way to have pride in your work. On the other hand, attachment leads to poorly designed solutions. For instance, we all know the hyper-certified person who knows every in and out of a particular vendor’s solution, and hence solves every problem in terms of that vendor’s products. Or the person who knows a particular network automation system and, as a result, solves every problem through automation.

The most pernicious forms of attachment in the network engineering world are to a single technology or vendor. One of the cycles I have seen play out many times across the last Continue reading

Weekend Reads 060619

When most people speak of exascale supercomputers, they tend to focus on the computational aspect of these systems. That’s certainly understandable inasmuch as exascale has been generally equated with performing calculations at the level of exaflops. —Michael Feldman

Although it was originally developed by Google, Kohn said Kubernetes has been built on a decade of learning and incorporates a host of technologies from other companies. “There is no vendor lock-in,” he said. “Google has encouraged developers from other companies to take part.” —Cliff Saran

The exposed areas needing improvement by ICANN — both the organization as well as its global community of stakeholders — provide a target-rich environment. —Greg Thomas

The market-dominating behavior of four of the biggest tech companies now appear to be in the crosshairs of the U.S. government, but the big question for consumers and investors is, will anything actually change this time around? —Therese Poletti

On the one hand, testing is all too often the roadblock that stands between highly accelerated Dev processes and highly automated ops-driven delivery processes. But on the other hand, testing is essential for ensuring that the release doesn’t place the business at risk — undermining the very “customer experience” Continue reading

When should you use IPv6 PA space?

I was reading RFC8475 this week, which describes some IPv6 multihoming ‘net connection solutions. This set me to thinking about when you should uses IPv6 PA space. To begin, it’s useful to review the concept of IPv6 PI and PA space.

PI, or provider independent, space, is assigned by a regional routing registry to network operators who can show they need an address space that is not tied to a service provider. These requirements generally involve having a specific number of hosts, showing growth in the number of IPv6 addresses used over time, and other factors which depend on the regional registry providing the address space. PA, or provider assigned, IPv6 addresses can be assigned by a provider from their PI pool to an operator to which they are providing connectivity service.

There are two main differences between these two kinds of addresses. PI space is portable, which means the operator can take the address space when them when they change providers. PI space is also fixed; it is (generally) safe to use PI space as you might private or other IP address spaces; you can assign them to individual subnets, hosts, etc., and count on them remaining the Continue reading

Weekend Reads 053119

There were over 90 protests nationwide recently against the coming 5G technology, mostly related to health concerns. The protesters have some of the facts wrong about 5G and that makes it easier for policymakers to ignore them. —Doug Dawson

The public cloud is dampening demand for data center capacity and leading to closures, consolidation and a big rethink on data center ownership. Right? Not quite, according to the latest Uptime Intelligence research. —Rhonda Ascierto

After some years of accelerating IPv6 deployment, we are now into a period of slower growth and it’s not clear where we are heading. It is therefore interesting to try to predict the future of IPv6 over the coming years. —Christofer Flinta

Information security must be about far more than simple prevention. Preventing cyberattacks is a critical component of modern information security, however, on its own prevention is inadequate. Understanding dwell time is useful in understanding why. —Trevor Pott

Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, you’ve morphed the threat into something else that you’d rather deal with, or which is easier to Continue reading

Upcoming Course: How Routers Really Work

My newest course on Safari through Pearson is coming up in just a few weeks:

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

History of the Internet: An Asian Perspective

Fun fact from this episode of the History of Networking: because of export rules, students in South Korea had to rebuild the TCP/IP stack for the PDP11 and other hosts in order to bring the first IP link up in southeastern Asia. In this recording, Donald and I are joined by Kilnam Chon.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The BGP Monitoring Protocol (BMP)

If you run connections to the ‘net at any scale, even if you are an “enterprise” (still a jinxed term, IMHO), you will quickly find it would be very useful to have a time series record of the changes in BGP at your edge. Even if you are an “enterprise,” knowing what changes have taken place in the routes your providers have advertised to you can make a big difference in tracking down an application performance issue, or knowing just when a particular service went off line. Getting this kind of information, however, can be difficult.

BGP is often overloaded for use in data center fabrics, as well (though I look forward to the day when the link state alternatives to this are available, so we can stop using BGP this way). Getting a time series view of BGP updates in a fabric is often crucial to understanding how the fabric converges, and how routing convergence events correlate to application issues.

One solution is to set up the BGP Monitoring Protocol (BMP—an abbreviation within an abbreviation, in the finest engineering tradition).

BMP is described in RFC7854 as a protocol intended to “provide a convenient interface for obtaining route views.” Continue reading

Weekend Reads 052419

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. —Geoff Huston

According to our researchers, the attackers either had access to the source code of the victims’ projects or they injected malware at the time of project compilation, meaning they were in the networks of those companies. And this reminds us of an attack that we reported on a year ago… —Kapersky

Endpoint security is a common concern among organizations, but security teams should be thinking more broadly about protecting data wherever it resides. —Kelly Sheridan

Two open source projects that have been instrumental in providing metrics for cloud native operations have merged into a single project. The fusion of Google’s OpenCensus and the Cloud Native Computing Foundation’s OpenTracing will be known as OpenTelemetry, and will be managed by the CNCF. —Joab Jackson

In a blog post published Tuesday, Google revealed that its G Suite platform mistakenly stored unhashed passwords of some of its enterprise users on internal servers in plaintext for 14 years because of a bug in the password recovery Continue reading

meeting madness, ONUG, and software defined

Jordan, Eyvonne, and I sit down for a conversation that begins with meetings, and ends with talking about software defined everything (including meetings??).

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Out and about this week

A reminder to my readers that I will be speaking at Interop19 this week in Las Vegas on Wednesday. Denise Donohue and I are speaking about finding smart people:

Every hiring manager wants someone who will “hit the ground running.” But there are many ways to achieve that result. In this session, you’ll learn the most effective ways to find and grow talent for your organization. We’ll address key decision points around talent acquisition…

I will also be speaking at CHINOG Chicago Illinois on Thursday:

Disaggregation began with the hyperscalers, and is quickly moving through the rest of the network engineering world. What is disaggregation, really? Does it always mean open source and white boxes, or is there some broader meaning that can be applied across many different products to build and add value to many different kinds of networks?

And interacting with some other folks on a panel about getting started in the IETF.

Weekend Reads 051919

Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad. —Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad.

Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have “Rogue In-Flight Data Load.” —Peter Bright

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. —Swati Khandelwal

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. —Mohit Kumar

Intel’s struggles to get its 10 nanometer processors out the door has forced the company to do some serious soul-searching. And while Continue reading

History of Networking: Pseudowires

In this episode of the History of Networking, Donald Sharp and I talk to Luca Martini about the origins of pseudowires—one of the more interesting innovations in the use of MPLS.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

1 2 3 128