Worth Reading: Who’s world is this?

On both sides of the Atlantic, we are witnessing the dramatic expansion of government hacking powers. In the United States, a proposed amendment to Rule 41 of the Federal Rules of Criminal Procedure would permit the government to obtain a warrant, in certain circumstances, to hack unspecified numbers of electronic devices anywhere in the world. Meanwhile, across the pond, the British Parliament is currently debating the Investigatory Powers Bill, which (among many other things) would authorize the government to hack the devices of broad classes of people without geographic limitation. The exercise of these powers will have significant implications for the privacy and security of individuals around the world and therefore commands our attention. —Just Security

The post Worth Reading: Who’s world is this? appeared first on 'net work.

Cisco Live: Midweek Impressions

I’m at Cisco Live this week in Las Vegas; forthwith, some observations, thoughts, and… a long rant.

First, if you’re here, look me up. I normally hang out around the Certification and/or Social areas when I’m not in meetings/etc. I’m pretty easy to find, so drop by and say hi. It’s been like old home week for me—reconnecting with people I’ve not seen in years, catching up and friendships, etc. I can’t tell you how much I appreciate the people I’ve worked with over the years in terms of friendships offered and skills learned. Seriously.

Second, I’m speaking on Thursday afternoon about understanding and managing network complexity. I’m pretty certain the session isn’t full yet, so come by and listen. It’s a 90 minute investment that could change the way you think about network design and operation. Seriously.

Third, The content seems to be deep and interesting this year, as always. This brings me to my first contrary point, though—this industry needs a show that compares with Live in depth of technical material, but isn’t tied to a particular vendor. Are you listening, Interop? I know, it’s hard to talk deep technology in the modern networking world—which leads me to Continue reading

Worth Reading: The five styles of workload orchestration

Workload orchestration is what distinguishes the modern way of providing digital services from how it was done even five years ago. Many have asked, what’s so new about this stack compared with all the others? The answer is the orchestration of workloads. We can now think of the functions our servers perform and the services we provide to customers as workloads, rather than applications with brands, or virtual machines with golden masters and overwrite protection. —NewStack

The post Worth Reading: The five styles of workload orchestration appeared first on 'net work.

Worth Reading: Measuring IPv6 from the Internet’s core

Measuring the state of IPv6 deployment is difficult, particularly when there are so many different measurement tools out there offering different stats. APNIC Labs shows global IPv6 deployment at 6% while Google shows it at 12%, why such disparity? The answer is because they are measuring from different vantage points on the network. —APNIC

The post Worth Reading: Measuring IPv6 from the Internet’s core appeared first on 'net work.

BGP Code Dive (3)

This week, I want to do a little more housekeeping before we get into actually asking questions of the bgp code. First there is the little matter of an editor. I use two different editors most of the time, Notepad++ and Atom.

• Notepad++ is a lightweight, general purpose text editor that I use for a lot of different things, from writing things in XML, HTML, CSS, Python Javascript, C, and just about anything else. This is an open source project hosted on the Notepad++ web site with the code hosted at github.
• Atom is a more GUI oriented “programmer’s editor.” This is a more full featured editor, going beyond basic syntax highlighting into projects, plugins that pull diffs in side by side windows, and the like. I don’t really have a build environment set up right now, so I don’t know how it would interact with compiled code, but I assume it would probably have a lot of the tricks I’m used to, like being able to trace calls through the code, etc. Atom is available here.

I haven’t actually chosen one or the other—I tend to use both pretty interchangeably, so you’re likely to see screen shots from Continue reading

Worth Reading: What makes a network architecture or design good?

The defining quality of good network architecture is elegance. Elegance as a word has an ethereal abstract quality that we liken to what makes an artwork beautiful. However the definition of elegance gives us a clue to what the real defining quality of network architecture and design is: Complexity. —route-spf.net

The post Worth Reading: What makes a network architecture or design good? appeared first on 'net work.

Worth Reading: IPJ June 2016

The post Worth Reading: IPJ June 2016 appeared first on 'net work.

DC Fabric Segment Routing Use Case (1)

A couple of weeks ago, I attended a special segment routing Networking Field Day. This set me to thinking about how I would actually use segment routing in a live data center. As always, I’m not so concerned about the configuration aspects, but rather with what bits and pieces I would (or could) put together to make something useful out of these particular 0’s and 1’s. The fabric below will be used as our example; we’ll work through this in some detail (which is why there is a “first part” marker in the title).

This is a Benes fabric, a larger variation of which which you might find in any number of large scale data center. In this network, there are many paths between A and E; three of them are marked out with red lines to give you the idea. Normally, the specific path taken by any given flow would be selected on a somewhat random basis, using a hash across various packet headers. What if I wanted to pin a particular flow, or set of flows, to the path outlined in green?

Let’s ask a different question first—why would I want to do such a thing? There are Continue reading

Worth Reading: Three questions to ask about DevOps measurement

Measurements and metrics are related ideas, but I make a distinction between the two. I use measurements when I talk about individual items that have numbers or values associated with them and metrics when I talk about measuring results or determining whether or not something is successful. For example, one measurement might be the frequency of releases, which could be used as a performance metric to determine whether you are getting new features to your customers more quickly. —NewStack

The post Worth Reading: Three questions to ask about DevOps measurement appeared first on 'net work.

Worth Reading: The lizard brain of lizardstresser

LizardStresser is a botnet originally written by the infamous Lizard Squad DDoS group. The source code was released publicly in early 2015, an act that encouraged aspiring DDoS actors to build their own botnets. Arbor Networks’ ASERT group has been tracking LizardStresser activity and observed two disturbing trends… Utilizing the cumulative bandwidth available to these IOT devices, one group of threat actors has been able to launch attacks as large as 400Gbps targeting gaming sites world-wide, Brazilian financial institutions, ISPs, and government institutions. -Arbor Networks

The post Worth Reading: The lizard brain of lizardstresser appeared first on 'net work.

Worth Reading: You don’t know as much as you think you do

We live in a world that requires people to know a lot of information. Depending on role we are required to know to varying depths. Shallow and wide or deep and narrow. No matter the combination the teams we are placed in have overlap in skills, knowledge and each person brings something of value. The simple reality is that no one knows everything. If you have an eidetic memory then kudos to you but the mere mortals amongst us do not. -Network Inferno

The post Worth Reading: You don’t know as much as you think you do appeared first on 'net work.

Worth Reading: Independence from L2 data centers

We’ve all been there. That “non-disruptive” maintenance window that should “only be a blip”. You sit down at the terminal at 10pm expecting that adding a new server to the MLAG domain or upgrading a single switch will be a simple process, only to lose the rack of dual-attached servers and spend the rest of your Thursday night frantically trying to bring the cluster back online. If I never spend another evening troubleshooting an outage caused by MLAG, I’ll die happy! -Cumulus

The post Worth Reading: Independence from L2 data centers appeared first on 'net work.

Absorbing DDoS with Communities

Distributed Denial of Service attacks can damage your business—and they can be difficult to manage or counter. While there are a number of tools available to counter DDoS attacks, particularly in the commercial space, and there are a number of widely available DDoS protection services, sometimes it’s useful to know how to counter a DDoS on your own. One option is to absorb attacks across a broader set of inbound nodes. Let’s use the network below to illustrate (though often the scale needs to be quite a bit larger for this solution to be useful in the real world).

Assume, for the moment, that the attacker is injecting a DDoS stream from the black hat, sitting just behind AS65004. There are customers located in AS65001, 2, 3, 4, and 5. For whatever reason, the majority of the attacker’s traffic is coming in to site C, through AS65003. Normally this is a result of an anycast based service (such as active-active data centers, or a web based service, or a DNS service), combined with roughly geographical traffic patterns. Even a DDoS attack from a mid sized or large’ish botnet, or reflection off a set of DNS servers, can end up being Continue reading

Worth Reading: Converged systems hype

Converged systems are a hot commodity in the IT sector these days. But it looks to us like the hype over various kinds of integrated systems that weld servers and storage together into preconfigured stacks including hyperconverged stacks that literally merge the compute and storage layers on the same servers – is just a bit bigger than the appetite for such iron in the datacenters of the world. -The Next Platform

The post Worth Reading: Converged systems hype appeared first on 'net work.

Worth Reading: What’s the deal with online journalism?

Not very long ago I started answering questions on Quora, the question-and-answer site. My answers are mainly about aviation because that’s my great hobby and one of the few things besides high tech that I really know a lot about. But there was a question last week about Internet news coverage that I felt deserved better answers than it was getting. So I contributed an answer that has been read, so far, only 388 times. I don’t like making a real effort that is so sparsely read. So here, with a little mild editing, is my answer to “What are the flaws in online journalism and media today?” And “How can they be addressed?” -I, Cringely

The post Worth Reading: What’s the deal with online journalism? appeared first on 'net work.

Short Cuts

It was going to be a long evening, anyway—the flight check bird was coming in, and both Instrument Landing Systems (ILSs) needed to be tuned up and ready for the test. So we took some downtime, split into two teams, and worked our way through each piece of equipment—Localizer, Glide Slope, each marker in turn, VOR, TACAN—to make certain each was, as far as we could measure, sending the right signals to the right places. If flight check found even the smallest variance off what the ILS systems were supposed to be providing, they could shut the airfield down “until further notice.”

The team I was on was driving across one of the many roads out on the airfield, trying to catch up with the other half of the shop to find out what they had done, and what needed to be done. Off in the distance, we noted someone standing in the middle of a field between the roads, waving vigorously. We changed direction, driving across the bumpy field, through grass as high as the top of the hood (Base Ops was planning a burn, so they’d left the grass to grow a bit higher than normal). As Continue reading

New Blog: Route-SPF

Johnny Britt has started blogging over at route-spf.net (I guess he’s just going to write about link state… ). He’s just put his first post up, linked below. This one is worth watching for good material.

After being recently promoted to a network architect position, I found myself on google attempting to understand what network architecture was really about. I was in this situation primarily because I couldn’t explain to someone outside of IT what I did. I wasn’t even clear if I could properly explain it to someone in the IT field either. Which brought up the real concern, how can I do my job if I don’t understand what my job is?

The post New Blog: Route-SPF appeared first on 'net work.

Worth Reading: The great 21st century data rush

In the digital age, data is currency and information is the energy that drives the 21st century economy. Today, 46.1 percent of the world’s population is online. These 3.4 billion Internet users collectively generate a significant amount of commercial and personal data that can be stored, collated, and analyzed. This data is the lifeline that charts users’ online identities: it can also be monetized by Internet service providers, social media platforms, and end user applications. As a necessary corollary, control over data and the flow of information has become highly politicized. One who controls this data retains the power to shape the global geopolitical order. -Lawfare

The post Worth Reading: The great 21st century data rush appeared first on 'net work.

Worth Reading: Little bits of security

Cloud environments have made some things much easier for development teams and IT organizations. Self-service portals have cut down the amount of “hands on” intervention to spin up new environments for new products. Provisioning of new infrastructure has moved from weeks or days to minutes. One thing that barely changed with this transformation is security. But new techniques and tools are starting to emerge that are moving security to the next level in the Cloud. One of these technologies is called micro-segmentation. -Cloud Security Alliance

The post Worth Reading: Little bits of security appeared first on 'net work.

BGP Code Dive (2)

Now that you have a copy of BGP in Go on your machine—it’s tempting to jump right in to asking the code questions, but it’s important to get a sense of how things are structured. In essence, you need to build a mental map of how the functionality of the protocol you already know is related to specific files and structure, so you can start in the right place when finding out how things work. Interacting with an implementation from the initial stages of process bringup, building data structures, and the like isn’t all that profitable. Rather, asking questions of the code is an iterative/interactive process.

Take what you know, form an impression of where you might look to find the answer to a particular question, and, in the process of finding the answer, learn more about the protocol, which will help you find answers more quickly in the future.

So let’s poke around the directory structure a little, think about how BGP works, and think about what might be where. To begin, what might we call the basic functions of BGP? Let me take a shot at a list (if you see things you think should be on here, Continue reading