DNS in the cloud: Why and why not

As enterprises consider outsourcing their IT infrastructure, they should consider moving their public authoritative DNS services to a cloud provider’s managed DNS service, but first they should understand the advantages and disadvantages.To read this article in full, please click here(Insider Story)

Response: Vendors Pushing Stretched Layer-2

Got this response to my Stretched Layer-2 Revisited blog post. It’s too good not to turn it into a blog post ;)

Recently I feel like it's really vendors pushing layer 2 solutions, rather than us (enterprise customer) demanding it.

I had that feeling for years. Yes, there are environment with legacy challenges (running COBOL applications on OS/370 with emulated TN3270 terminals comes to mind), but in most cases it’s the vendors trying to peddle unique high-priced non-interoperable warez.

Read more ...

Semantics and complexity of GraphQL

Semantics and complexity of GraphQL Hartig & Pérez, WWW’18

(If you don’t have ACM Digital Library access, the paper can be accessed either by following the link above directly from The Morning Paper blog site, or from the WWW 2018 proceedings page).

GraphQL has been gathering good momentum since Facebook open sourced it in 2015, so I was very interested to see this paper from Hartig and Pérez exploring its properties.

One of the main advantages (of GraphQL) is its ability to define precisely the data you want, replacing multiple REST requests with a single call…

One of the most interesting questions here is what if you make a public-facing GraphQL-based API (as e.g. GitHub have done), and then the data that people ask for happens to be very expensive to compute in space and time?

Here’s a simple GraphQL query to GitHub asking for the login names of the owners of the first two repositories where ‘danbri’ is an owner.

From here there are two directions we can go in to expand the set of results returned : we can increase the breadth by asking for more repositories to be considered (i.e., changing first:2 Continue reading

masscan, macOS, and firewall

One of the more useful features of masscan is the "--banners" check, which connects to the TCP port, sends some request, and gets a basic response back. However, since masscan has it's own TCP stack, it'll interfere with the operating system's TCP stack if they are sharing the same IPv4 address. The operating system will reply with a RST packet before the TCP connection can be established.

The way to fix this is to use the built-in packet-filtering firewall to block those packets in the operating-system TCP/IP stack. The masscan program still sees everything before the packet-filter, but the operating system can't see anything after the packet-filter.

Note that we are talking about the "packet-filter" firewall feature here. Remember that macOS, like most operating systems these days, has two separate firewalls: an application firewall and a packet-filter firewall. The application firewall is the one you see in System Settings labeled "Firewall", and it controls things based upon the application's identity rather than by which ports it uses. This is normally "on" by default. The packet-filter is normally "off" by default and is of little use to normal users.

Also note that macOS changed packet-filters around version 10.10. Continue reading

What Drives IPv6 Deployment?

It's been six years since World IPv6 Launch day on the 6th June 2012. In those six years we've managed to place ever increasing pressure on the dwindling pools of available IPv4 addresses, but we have still been unable to complete the transition to an all-IPv6 Internet.

A Hard Rain’s A-Gonna Fall In Public Cloud

Way back in the early days of the commercial Internet, when we all logged into what seemed to be new but what was actually a quite old service used by academic institutions and government agencies that rode on the backbones of the telecommunications network, there were many, many thousands of Internet service providers who provided the interface between our computers and the network capacity that was the onramp of the information superhighway.

Most of these ISPs are gone today, and have been replaced by a few major telco, cable, and wireless network operators who provide us with our Internet service.

A Hard Rain’s A-Gonna Fall In Public Cloud was written by Timothy Prickett Morgan at The Next Platform.

NSX Workshop: Secure App Infrastructure and Multi-Site Cloud Networking

NSX Workshops

[Summer 2018] Free NSX Training Workshop near you!

Secure Application Infrastructure and Multi-Site Cloud Networking


What: Attend a half-day lecture and lab designed to get you started with Micro-segmentation and Multi-Site Cloud Networking (Disaster Recovery).

Why: Not only will you get a business and technical overview of NSX Data Center, you’ll also receive hands-on experience with the products. We’ll make sure you leave knowing how NSX can help secure and extend your network across multiple sites, and into the cloud.


Sneak peek (full agenda in registration links):

  • Security: Understand your network traffic flows and intelligently create security groups and policies, leveraging vRNI, Service Composer, and Application Rule Manager to secure your network.
  • Disaster Recovery: Deep dive into multi-site NSX Data Center topologies, learn how to architect your network overlays, and gain visibility across your virtual and physical networks – all so you can build a resilient and flexible network.

RSVP your spot today (click below):

Show 390: Visualizing Complex SD-WAN With LiveAction (Sponsored)

Today on the Packet Pushers Weekly show, we investigate how to monitor hybrid and SD-WAN.

If your WAN looks like a mix of legacy MPLS, SD-WAN, and uplinks to cloud, this is your show. Our sponsor today is LiveAction, who is going to shine a light on the hybrid and SD-WAN through monitoring and automation.

Our guest is John Smith, Founder, CTO and EVP of LiveAction.

We talk about LiveAction’s software and how it works, why it’s essential to have visibility into your hybrid WAN and SD-WAN, and how LiveAction can provide highly visual and intuitive insights and actionable intelligence for day-to-day operations, troubleshooting, and long-term planning.

Show Links:

LiveAction’s Packet Pushers Resources – LiveAction

LiveAction on Facebook

LiveAction on Twitter

LiveAction on LinkedIn

LiveAction on YouTube

LiveAction on Google+

The post Show 390: Visualizing Complex SD-WAN With LiveAction (Sponsored) appeared first on Packet Pushers.

Dustin’s Internet Community Roadtrip: In the Bay Area, What Redwoods Can Teach Us About the Internet

Dustin Phillips, Co-Executive Director of ICANNWiki, is traveling across the United States in his red Toyota Corolla, making connections with the people who are making their communities – and the Internet – a better place. While making his way to the Bay Area from Portland, Oregon, he took a slight detour.

On my way down to the Bay Area from Portland, I made a trip through the Redwood National and State Parks of Northern California. These Coastal Redwoods have existed for over 20 million years and individual trees can live over 2,000 years. What makes these ancient giants so resilient?

They find strength in community.

Redwoods grow in groves, or “communities,” where the roots only go down 10-13 feet (3-4 m) before spreading outward 60-80 feet (20-27 m). In this phenomenon, survival is dependent on interconnection, meaning the roots intertwine and fuse with each other to provide resiliency against the threats of nature and share the resources necessary to thrive.

This lesson from the redwoods is directly applicable to the Internet. The “network of networks” would be nothing without interconnection or the shared resources of open standards and protocols. Expanding wider, not deeper, is essential to the resilience Continue reading

Is Training The Enemy of Progress?

Peyton Maynard-Koran was the keynote speaker at InteropITX this year. If you want to catch the video, check this out:

Readers of my blog my remember that Peyton and I don’t see eye-to-eye on a few things. Last year I even wrote up some thoughts about vendors and VARs that were a direct counterpoint to many of the things that have been said. It has even gone further with a post from Greg Ferro (@EtherealMind) about the intelligence level of the average enterprise IT customer. I want to take a few moments and explore one piece of this puzzle that keeps being brought up: You.

Protein Robots

You are a critical piece of the IT puzzle. Why? You’re a thinking person. You can intuit facts and extrapolate cause from nothing. You are NI – natural intelligence. There’s an entire industry of programmers chasing what you have. They are trying to build it into everything that blinks or runs code. The first time that any company has a real breakthrough in true artificial intelligence (AI) beyond complicated regression models will be a watershed day for us all.

However, you are also the problem. You have requirements. You need a Continue reading

What to Expect: CCIE Security Written Exam Bootcamp

Whether you’ve just started your CCIE training journey, or are already several months along, an INE bootcamp can help get you to where you need to be before taking the CCIE Written or lab exam. This blogpost is for anyone who may be interested in attending a CCIE Security bootcamp but is hesitant to dive in. Keep reading to find out what a bootcamp is and what you should expect when attending a CCIE Security Bootcamp with INE.

What is a Bootcamp?
Bootcamps are intensive, live classes that typically last from 5-7 days. Bootcamps allow you to dive further into your study path in a small classroom environment with an in-person, expert INE instructor leading the way. Each bootcamp class will cover a specific list of topics tailored to the Cisco track and certification level you are studying. Our instructors will customize the training to focus on certain topics and technologies that best meet the individual requests of the students in your bootcamp.

What to expect: Instructor’s Point of View
In this short video, our CCIE Security instructor, Rohit Pardasani, explains what topics he typically covers in a bootcamp and what the environment is like.



What to Continue reading