Openfabric: A Short Video of the IETF Presentation

The most current version of the draft can be found here. There is one more comment from Uma that still needs to be addressed, and one more section that needs to be added. There will probably be more changes, as well, over time. These sorts of drafts do not happen through one person; a number of folks have worked on various bits of the draft, including Shawn, Nikos, Ivan, Les, Naiming, Uma, and others—the folks who have added ideas, etc., are included in the contributors section, which is always worth paying attention to!

The post Openfabric: A Short Video of the IETF Presentation appeared first on 'net work.

Worth Reading: A Case to Further Registrar Self Regulation

In most industries, businesses that blatantly act against the interests of their customers to favor their own internal profit centers would either not be allowed or else subject to controls and oversight by the government. It is universally regarded as an unfair and deceptive business practice. In the domain name registrar business, however, the normal practices of legitimate business dealings and customer protection seem woefully wanting. Kelly’s Case described here illustrates the point, and it provides the opportunity for ICANN to demonstrate it can be responsive to egregious registrar behavior without government agencies or juridical bodies becoming engaged. —CircleID

The post Worth Reading: A Case to Further Registrar Self Regulation appeared first on 'net work.

Worth Reading: Security Orchestration and Incident Response

Last month at the RSA Conference, I saw a lot of companies selling security incident response automation. Their promise was to replace people with computers ­– sometimes with the addition of machine learning or other artificial intelligence techniques ­– and to respond to attacks at computer speeds. While this is a laudable goal, there’s a fundamental problem with doing this in the short term. You can only automate what you’re certain about, and there is still an enormous amount of uncertainty in cybersecurity. Automation has its place in incident response, but the focus needs to be on making the people effective, not on replacing them ­ security orchestration, not automation. —Schneier on Security

The post Worth Reading: Security Orchestration and Incident Response appeared first on 'net work.

Todo List

The post Todo List appeared first on 'net work.

Worth Reading: Microservices to the Edge

There’s a hidden tension here. Once you put code at the edge you violate two of Lambda’s key assumptions: functions are composed using scalable backend services; low latency messaging. The edge will have a high latency path back to services in the datacenter, so how do you make a function based distributed application at the edge? Does edge computing argue for a more retro architecture with fewer messages back to a more monolithic core? —High Scalability

The post Worth Reading: Microservices to the Edge appeared first on 'net work.

Worth Reading: IPAM and RIRs

In terms of the strategy surrounding IPAM, most of the thinking was focused on a ‘downward’ approach, in as much as you define a pool of IP addresses and the role of IPAM is to manage its application to devices and systems in your network: configure bindings to customer accounts, billing, assign maps between device identifier and IP, size pools to reflect DHCP requirements, and configure the CGN. —APNIC

The post Worth Reading: IPAM and RIRs appeared first on 'net work.

On the ‘net: CAP and SDN

The CAP theorem essentially states that consistency, accessibility, and portioning are three sides of a tradeoff triangle. Much like quick, cheap, and quality; or state, optimization, and surface; CAP posits that you can choose “two out of three.” To illustrate, it is often helpful to consider a database in various stages of being partitioned, and consider the impact on consistency and accessibility, the other two sides of the triangle. The figure below will be used as a reference. —ECI

The post On the ‘net: CAP and SDN appeared first on 'net work.

Worth Reading: Botnets in the Cloud

The arms race between data security professionals and cybercriminals continues at a rapid pace. More than ever, attackers exploit compute resources for malicious purposes by deploying malware, known as “bots”, in virtual machines running in the cloud. Even a conservative estimate reveals that, at least, 1 in every 10,000 machines are part of some known Botnet. —Azure Blog

The post Worth Reading: Botnets in the Cloud appeared first on 'net work.

Worth Reading: QoS Marking is an Application Problem

I was so delighted to hear someone finally realized how to handle QoS properly: the responsibility lies with the applications on the host; the network should just provide what it was asked to do, not try to reverse-engineer application intent based on TCP/UDP port numbers or haruspicy. —IPSpace

The post Worth Reading: QoS Marking is an Application Problem appeared first on 'net work.

Distributed Denial of Service Open Threat Signaling (DOTS)

When the inevitable 2AM call happens—”our network is under attack”—what do you do? After running through the OODA loop (1, 2, 3, 4), used communities to distribute the attack as much as possible, mitigated the attack where possible, and now you realist there little you can do locally. What now? You need to wander out on the ‘net and try to figure out how to stop this thing. You could try to use flowspec, but many providers do not like to support flowspec, because it directly impacts the forwarding performance of their edge boxes. Further, flowspec, used in this situation, doesn’t really work to walk the attack back to its source; the provider’s network is still impact by the DDoS attack.

This is where DOTS comes in. There are four components of DOTS, as shown below (taken directly from the relevant draft)—

The best place to start is with the attack target—that’s you, at 6AM, after trying to chase this thing down for a few hours, panicked because the office is about to open, and your network is still down. Within your network there would also be a DOTS client; this would be a small piece of software running Continue reading

Worth Reading: A Guide to Private VPN Services

Many readers are understandably concerned about recent moves by the U.S. Congress that would roll back privacy rules barring broadband Internet service providers (ISPs) from sharing or selling customer browsing history, among other personal data. Some are concerned enough by this development that they’re looking at obfuscating all of their online browsing by paying for a subscription to a virtual private networking (VPN) service. This piece is intended to serve as a guidepost for those contemplating such a move. —Krebs on Security

The post Worth Reading: A Guide to Private VPN Services appeared first on 'net work.

Worth Reading: Is Enterprise Networking Lost in the Cloud?

In the end, only a combination of private, public and hybrid networking can deliver the levels of reliability, security, scalability and flexibility that today’s enterprises require. Traditional private WANs are simply too slow, inflexible and expensive for the multitude of cloud-based applications. Typically, the data center becomes the central gateway for security, Internet breakout and data exchange. —Data Center Journal

The post Worth Reading: Is Enterprise Networking Lost in the Cloud? appeared first on 'net work.

Garden Gate

The post Garden Gate appeared first on 'net work.

Worth Reading: The Story of an RFC about Alternative Networks

During IETF 89 in March 2014, the first meeting of the Global Access to the Internet for All (GAIA) Working Group drew members from academia, industry, and the breadth of nongovernmental organisations interested in providing universal Internet access for a wider community—all of whom were eager to help in bridging the digital divide. The outcomes of that first meeting can be summarized by three types of challenges: geographic, motivated by the need to connect rural and remote areas; technological, given the need for a common set of technologies that enable a better utilization of scarce resources; and socioeconomic, based on the need to study affordability models for disconnected people. —The IETF Journal

The post Worth Reading: The Story of an RFC about Alternative Networks appeared first on 'net work.

Worth Reading: It’s Personal

Meeting people we’ve talked about, directly or not, brings a poignant perspective to creating content for a wide audience. It’s personal. Somebody made a decision to create the product that way. Some group of humans worked on that standard. Real people decided on that process. Is it appropriate to cast those people in a negative light and share that opinion with an audience? Sometimes…yes, at times even crucially necessary, if unfortunate. Sometimes…maybe not. Sometimes it’s okay to shut up. To show restraint. To chain the snark monster. —Ethan Banks

The post Worth Reading: It’s Personal appeared first on 'net work.

Worth Reading: Is Adobe plotting the end of web designers?

Adobe is one of the most well-known software companies whose tools are used by numerous web designers. Many reading this article likely use or have used Adobe at some point in their careers. That’s why it’s not without irony that Adobe is now dabbling in a hush-hush project that seeks to automate many of the tasks that designers regularly do as part of their jobs. —Web Designer Depot

The post Worth Reading: Is Adobe plotting the end of web designers? appeared first on 'net work.

Worth Reading: How Many Books?

Ever wonder how many books you’ll have read by the time you die? We may never know the answer to that question, but we might be able to guess how many we have remaining. A recent article in Quartz highlights just that in two fascinating graphs. Based on the number of books the average American reads every year (12), the charts show estimates of the number of books men and women can expect to have left in their reading careers. —Intellectual Takeout

The post Worth Reading: How Many Books? appeared first on 'net work.

Worth Reading: Pervasive, Dynamic Authentication Of Things

Authentication of physical items is an age-old problem. Common approaches include the use of bar codes, QR codes, holograms, and RFID tags. Traditional RFID tags and bar codes use a public identifier as a means of authenticating. A public identifier, however, is static: it is the same each time when queried and can be easily copied by an adversary. Holograms can also be viewed as public identifiers: a knowledgable verifier knows all the attributes to inspect visually. It is difficult to make hologram-based authentication pervasive; a casual verifier does not know all the attributes to look for. Further, to achieve pervasive authentication, it is useful for the authentication modality to be easy to integrate with modern electronic devices (for example, mobile smartphones) and to be easy for non-experts to use. —ACM

The post Worth Reading: Pervasive, Dynamic Authentication Of Things appeared first on 'net work.

Worth Reading: Odds are in Favor of Quantum Encryption

No kinds of organizations have tighter security than the average casino. After all, the house always wins, and it wants to keep those winnings. A recent Wired article, however, explains how a team of Russian hackers managed to beat a lot of casinos worldwide. They did so by exploiting inherent flaws in the pseudo-random number generators (PRNG) that are integral parts of randomizing every spin of a slot machine. Even if you don’t care about wealthy casino bosses losing money, you still need to be concerned about the drawbacks to using PRNGs because slots aren’t the only things that are vulnerable. Most of the world’s encryption is also based on pseudo-random numbers. —Cloud Security Alliance

The post Worth Reading: Odds are in Favor of Quantum Encryption appeared first on 'net work.

Reaction: The Future is…

This week, I ran across two posts that follow down a path I’ve gone down before—but it is well worth bringing this point up again. Once more into the breach. Tom, over at the Networking Nerd, has this to say on the topic of the future of network engineering—

The syntaxes that power these new APIs aren’t the copyrighted CLIs that networking professionals spend their waking hours memorizing in excruciating detail. JUNOS and Cisco’s “standard” CLI are as much relics of the past as CatOS. At least, that’s the refrain that comes from both sides of the discussion. The traditional networking professionals hold tight to the access methods they have experience with and can tune like a fine instrument. More progressive networkers argue that standardizing around programming languages is the way to go. Why learn a propriety access method when Python can do it for you?

The point Tom makes is this: programming is not the future of network engineering. But, but… there is so much pressure, and so many people saying “if you do not know how to program, you are going to be out of a job in five years.” I think there are negative and positive Continue reading