Much ink has been spilled on the topic of what constitutes true “line rate,” and in the past we’ve advocated offering traffic at, and only at, 100.00 percent of theoretical line rate to determine if frame loss exists. However, the distinction between 99.99 percent (which we used in these tests) and 100.00 percent load is not all that meaningful, especially at higher Ethernet speeds, for a couple of reasons. First, Ethernet is inherently an asynchronous technology, meaning each device (in this case, the device under test and the test instrument) uses one or more of its own free-running clocks, without synchronization. Thus, throughput measurements may just be artifacts of minor differences in the speeds of clock chips, not descriptions of a system’s fabric capacity.To read this article in full or to leave a comment, please click here
Much ink has been spilled on the topic of what constitutes true “line rate,” and in the past we’ve advocated offering traffic at, and only at, 100.00 percent of theoretical line rate to determine if frame loss exists. However, the distinction between 99.99 percent (which we used in these tests) and 100.00 percent load is not all that meaningful, especially at higher Ethernet speeds, for a couple of reasons. First, Ethernet is inherently an asynchronous technology, meaning each device (in this case, the device under test and the test instrument) uses one or more of its own free-running clocks, without synchronization. Thus, throughput measurements may just be artifacts of minor differences in the speeds of clock chips, not descriptions of a system’s fabric capacity.To read this article in full or to leave a comment, please click here
Much ink has been spilled on the topic of what constitutes true “line rate,” and in the past we’ve advocated offering traffic at, and only at, 100.00 percent of theoretical line rate to determine if frame loss exists. However, the distinction between 99.99 percent (which we used in these tests) and 100.00 percent load is not all that meaningful, especially at higher Ethernet speeds, for a couple of reasons. First, Ethernet is inherently an asynchronous technology, meaning each device (in this case, the device under test and the test instrument) uses one or more of its own free-running clocks, without synchronization. Thus, throughput measurements may just be artifacts of minor differences in the speeds of clock chips, not descriptions of a system’s fabric capacity.To read this article in full or to leave a comment, please click here
The device under test for this project was the Cisco Nexus 9516 data center core switch/router, a 16-slot chassis equipped with 1,024 50-gigabit Ethernet interfaces and two supervisor modules. Cisco equipped the switch with its N9K-X9732C-EX line cards, each of which offers 32, 64, or 128 ports of 100-, 50-, and 25-gigabit Ethernet capacity.The traffic generator/analyzer was Spirent TestCenter equipped with its 10/25/40/50/100G MX3 modules. The Spirent instrument has a measurement precision of +/- 2.5 nanoseconds.To read this article in full or to leave a comment, please click here
The device under test for this project was the Cisco Nexus 9516 data center core switch/router, a 16-slot chassis equipped with 1,024 50-gigabit Ethernet interfaces and two supervisor modules. Cisco equipped the switch with its N9K-X9732C-EX line cards, each of which offers 32, 64, or 128 ports of 100-, 50-, and 25-gigabit Ethernet capacity.The traffic generator/analyzer was Spirent TestCenter equipped with its 10/25/40/50/100G MX3 modules. The Spirent instrument has a measurement precision of +/- 2.5 nanoseconds.To read this article in full or to leave a comment, please click here
How many ports are enough at the core of the data center? How does 1,024 sound?That’s the configuration we used to assess Cisco Systems’ Nexus 9516 data center core switch. In this exclusive Clear Choice test, we assessed the Cisco data center core switch with more than 1,000 50G Ethernet ports. That makes this by far the largest 50G test, and for that matter the highest-density switch test, Network World has ever published.As its name suggests, the Nexus 9516 accepts up to 16 N9K-X9732C-EX line cards, built around Cisco’s leaf-and-spine engine (LSE) ASICs. These multi-speed chips can run at 100G rates, for up to 512 ports per chassis; 50G rates for up to 1,024 ports; or 25G rates for up to 2,048 ports. We picked the 50G rate, and partnered with test and measurement vendor Spirent Communications to fully load the switch’s control and data planes.To read this article in full or to leave a comment, please click here
How many ports are enough at the core of the data center? How does 1,024 sound?That’s the configuration we used to assess Cisco Systems’ Nexus 9516 data center core switch. In this exclusive Clear Choice test, we assessed the Cisco data center core switch with more than 1,000 50G Ethernet ports. That makes this by far the largest 50G test, and for that matter the highest-density switch test, Network World has ever published.As its name suggests, the Nexus 9516 accepts up to 16 N9K-X9732C-EX line cards, built around Cisco’s leaf-and-spine engine (LSE) ASICs. These multi-speed chips can run at 100G rates, for up to 512 ports per chassis; 50G rates for up to 1,024 ports; or 25G rates for up to 2,048 ports. We picked the 50G rate, and partnered with test and measurement vendor Spirent Communications to fully load the switch’s control and data planes.To read this article in full or to leave a comment, please click here
No device is 100 percent immune from vulnerabilities, but there are some simple, common-sense steps you can take to protect IP-based cameras:To read this article in full or to leave a comment, please click here(Insider Story)
How secure are IP-based “security cameras”?
Based on our review of seven home security cameras, the answer is: Not very. While these devices may get high marks for features and ease of use, security is another story.
Our tests turned up results like these:
One camera allows plaintext logins as the root user, with no password. That’s horrifying in this day and age.
The same camera uses an outdated version of SSL that allows data leakage. A firmware update fixes both issues, but the upgrade is optional and many users skip it.
Another camera leaks its private API structure in plaintext even though it uses TLS to encrypt traffic. This potentially allows attackers to change video streams and possibly other device parameters.
Yet another camera can run a hacked firmware image that disables some services and enables others.
Two more cameras present SSL certificates that not only claim to be a different host, but also come from a certificate authority with a record of issuing bogus credentials.
It’s not all bad news. One camera, the CAN100USWT from Canary Connect, stood head and shoulders over the field in baking security into its product design. The Canary camera runs no services Continue reading
No device is 100 percent immune from vulnerabilities, but there are some simple, common-sense steps you can take to protect IP-based cameras:1. Don’t put cameras on the public internet. Given the wide availability of free scanning and vulnerability detection tools, it makes sense to avoid using routable IP addresses for IP cameras if at all possible. The recent DDoS attacks on core DNS infrastructure used botnets of public cameras, and all the attackers had to do was find the cameras.Instead, put cameras behind a firewall and run network address translation (NAT). While NAT is not itself a security mechanism, and has a long and well-deserved history of derision for breaking the Internet’s core principle of end-to-end connectivity, it will at least offer some protection from probes by scanning tools.To read this article in full or to leave a comment, please click here(Insider Story)
Mention "home Wi-Fi router" and you’ll probably think of a cheap device with cruddy performance. But dramatic changes are coming, with big boosts in bandwidth, thanks to two new Wi-Fi technologies.
Both beamforming and MU-MIMO (an acronym for the mouthful that is “multi-user, multiple input, multiple output”) are transformational technologies. We tested them in the new Linksys EA-7500, the company’s first small office/home office router to support the so-called Wave 2 technologies.To read this article in full or to leave a comment, please click here
What if you could manage your data center switches and routers the same way you manage your servers, and cut capital expense costs in the bargain?To read this article in full or to leave a comment, please click here(Insider Story)
You can't see some malware until it's too late. Sophisticated attacks arrive in pieces, each seemingly benign. Once these advanced attacks reassemble, the target is already compromised.FireEye takes a new approach to malware detection with its NX appliances. As this Clear Choice test shows, the FireEye device allows advanced malware to proceed – but only onto virtual machines running inside the appliance.In our tests, the FireEye appliance performed flawlessly. It detected all the multi-stage malware samples we threw at it, including some involving recent zero-day exploits. The top-of-the-line NX 10000 ran at speeds beyond 4Gbps in inline mode, and at better than 9Gbps in tap mode, both with and without attack traffic present.To read this article in full or to leave a comment, please click here
David Newman