“Future proofing” was once synonymous with long-range planning—essentially, life-cycle management that enables data center facilities and hardware investments to deliver full value before redevelopment or replacement. The definition has steadily evolved to connote a flexible, resilient architecture capable of supporting accelerated business-driven digital transformation. —Paul Mercina @The Data Center Journal
Route leaks and Distributed Denial of Service (DDoS) attacks have been in the news a good deal over the last several years; but the average non-transit network operator might generally feel pretty helpless in the face of the onslaught. Perhaps you can buy a DDoS mitigation service or appliance, and deploy the ubiquitous firewall at the edge of your network, but there is not much else to be done, right? Or maybe wait on the Internet at large to “do something” about these problems by deploying some sort of BGP security. But will adopting a “secure edge,” and waiting for someone else to solve the problem, really help? @ECI
The National Science Foundation awarded a small contract to the IEEE to host a small two-day meeting on 30 Sept 1994 of selected invitees at the IEEE’s Washington DC 18th Street offices on “Name Registration For The ‘.COM’ Domain.” —Anthony Rutkowski @ CircleID
Flow state as a forwarding optimization remained exclusively in choke-points where flow-state-tracking was an actual necessity by design such as firewalls and Network Address Translation/Port Address Translation. Modern routers are bounded in performance by the worst-case scenario for forwarding costs, namely that the next-hop for all packets forwarded must be looked up on a per-packet basis. —APNIC
In simple terms Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month’s worth of payroll.
There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either one. What is the solution? Station robbers along both sides of the branch, and wait to see which one the driver chooses. When you know, pull the resources from one branch to the other, so you can effectively rob the stage. This is much the same as a modern processor handling a branch—the user could have put anything into some field, or retreived anything from a database, that might cause the software to run one of two sets of instructions. There is no way for the processor to know, so it runs both of them.
To run both sets of instructions, the processor will pull in the contents of specific memory locations, and begin exexuting code across these memory locations. Some of these memory locations might not be pieces of memory the currently running software is supposed to be able to access, but this is not Continue reading
I have spent many years architecting and developing enterprise software. I cut my teeth with an internship at HP and survived a harrowing stint at an imploding start-up before moving on to a more stable career track. I spent several years working at Stanford University and have since become the Assistant Director of Architecture at UCLA Research Information Systems. —Jonathan Solórzano-Hamilton @ Free Code Camp
Traveling is stressful. The last thing you want to worry about is getting scammed by crooks on the street. Your best tool? Knowledge. Know how they work. Know what they’ll do. Prevent it from happening in the first place. —Relatively Interesting
The European Union’s competition chief is zeroing in on how companies stockpile and use so-called big data, or enormous computer files of customer records, industry statistics and other information. The move diverges starkly from a hands-off approach in the U.S., where regulators emphasize the benefits big data brings to innovation. —Natalia Drozdiak @ MarketWatch
The cybersecurity industry has mushroomed in recent years, but the data breaches just keep coming. Almost every day brings news of a new data breach, with millions of records compromised — including payment details, passwords, and other information that makes those customers vulnerable to theft and identity fraud. —Alistair Johnston @ MarketWatch
To break the dominance of Google on Android, Gael Duval, a former Linux developer and creator of now defunct but once hugely popular Mandrake Linux (later known as Mandriva Linux), has developed an open-source version of Android that is not connected to Google. —Kavita Iyer @ TechWorm
Every IT organization wants a more scalable, programmable, and adaptable platform with real-time applications that can chew on ever-increasing amounts and types of data. And it would be nice if it could run in the cloud, too. —Jeffrey Burt @ The Next Platform
Today, none of Google’s employee-facing applications are on a virtual private network. They all have public IP addresses. The company feels this approach, which it has dubbed BeyondCorp, is the “new cloud model,” for doing cloud security, asserted Neal Mueller, head of infrastructure product marketing at Google, who gave a presentation on this approach at the O’Reilly Security conference, held recently in New York. —Joab Jackson @ The New Stack
Is networking becoming a commodity? Do we all need to worry about losing our jobs as network engineers because no-one cares about how a commodity is created or provided? Maybe it is time to take a second look at the commodity craze.
Measurements of the size of the routing table have been taken on a regular basis since the start of 1988, although detailed snapshots of the routing system only date back to early 1994. Figure 1 shows a rather unique picture of the size of the routing table, as seen by all the peers of the Route Views route collector on an hourly basis. Several events are visible in the plot, such as the busting of the Internet bubble in 2001, and if one looks closely, the effects of the global financial crisis in 2009. —Geoff Huston @ potaroo
Many enterprises are beginning to implement IPv6, often starting with enabling IPv6 on their email and web servers. This, at least, makes it possible to communicate with the outside world via both protocols. Some are also enabling IPv6 in their internal networks, including corporate WANs and data centres. In these instances, enterprises are using dual stack designs. But what about the client networks consisting of mostly Windows PCs? —Wilhelm Boeddinghaus @ APNIC
Copyright law, at least in the United States, tends to be very strict. You can copy some portion of a work under “fair use” rules, but, for most works, you must ask permission before sharing content created by someone else. But what about content providers? If a content provider user uploads a “song cover,” for instance—essentially a remake of a popular song, not intended to create commercial value for the individual user—should the provider be required to take the content down as a violation of copyright? Content providers argue they should not be required to remove such content. For instance, in a recent article published by the EFF—
Platform safe harbors have been in the crosshairs of copyright industry lobbyists throughout 2017. All year EFF has observed them advancing their plans around the world to weaken or eliminate the legal protections that have enabled the operation of platforms as diverse as YouTube, the Internet Archive, Reddit, Medium, and many thousands more. Copyright safe harbor rules empower these platforms by ensuring that they are free to host user-uploaded content, without manually vetting it (or, worse, automatically filtering it) for possible copyright infringements. Without that legal protection, it would be impossible for Continue reading
It’s interesting how the same pundits who loudly complain about the complexities of BGP (and how it will be dead any time soon and replaced by an SDN miracle) also praise the beauties of intent-based networking… without realizing that the hated BGP route selection process represents one of the first failures of intent-based approach to networking. —Ivan Pepelnjak @ ipSpace
The new “rules” of the workplace are being defined as computers are frantically being programmed to take the lead in the workplace, when it comes to judgment and intuition. We humans need to be the idea generators, the motivators, the negotiators, and the trouble-shooters to fix computer errors, if we want to govern our emerging digital environments. In short, we need to get closer to our firms, be more tightly integrated and intimate with work performance than ever before… which means the role and tenure of the much-derided middle-manager in the Dilbert Cartoons could be taking on a whole new potential twist – and a whole new (potential) level of relevance. —Phil Fersht @ The Enterprise Irregulars
A (long) time ago, a reader asked me about RFC4456, section 10, which says:
Care should be taken to make sure that none of the BGP path attributes defined above can be modified through configuration when exchanging internal routing information between RRs and Clients and Non-Clients. Their modification could potentially result in routing loops. In addition, when a RR reflects a route, it SHOULD NOT modify the following path attributes: NEXT_HOP, AS_PATH, LOCAL_PREF, and MED. Their modification could potentially result in routing loops.
On first reading, this seems a little strange—how could modifying the next hop, Local Preference, or MED at a route reflector cause a routing loop? While contrived, the following network illustrates the principle.
Note the best path, from an IGP perspective, from C to E is through B, and the best path, from an IGP perspective, from B to D is through C. In this case, a route is advertised over eBGP from F towards E and D. These two eBGP speakers, in turn, advertise the route to their iBGP neighbors, B and C. Both B and C are route reflectors, so they both reflect the route on to A, which advertises the route to some other Continue reading
I’ve reorganized the menu on the left just a little, combining some items under “reading,” and adding a new item called “topics.” Under this new item, you’ll find collections of articles on specific topics from other sources, starting with the ‘net neutrality page and the meltdown and spectre post reformatted as a page, with some new additions. I’m always trying to find new ways to organize the information here, making it easier to find things; hopefully this is a useful change.
At the outset, it should be noted that the Reversal Order exudes its own political blather — kissing the internet vibrancy ring, extolling the virtues of the free market, and reciting the “internet freedom” incantation. Never mind that the present internet was nothing more than a U.S. version of Pouzin’s datagram invention that was funded with many billions of taxpayer dollars, controlled, hyped, and marketed for decades by the U.S. government to gain various perceived global strategic advantages that have largely proven illusory if not national security liabilities. —Anthony Rutkowski @ CircleID
EVPN gives us the ability to deploy VXLAN tunnels without controllers. Plus, it offers a range of other benefits such as reduction of data center traffic through ARP suppression, quick convergence during mobility, one routing protocol for both underlay and overlay and the inherent ability to support multi-tenancy (just to name a few). So EVPN for VXLAN for all of your layer 2 needs, right? Well it’s a little more complicated than that. —Diane Patton @ Cumulus