Greg Ferro

Author Archives: Greg Ferro

Thought: Latest Apple Mac Customers Are Switching from Windows

Tim Cook in the latest earnings calls.

The Mac not only returned to growth but generated its highest quarterly revenue ever. Our latest data shows that most Mac customers are buying their first Mac, with the vast majority of them coming from a Windows PC.

(My emphasis).

Thinking

  1. The latest Mac is a technical lemon – CPU is old, memory capacity is limited, touch bar not relevant to prosumers
  2. Normal people are still switching away from Windows. And who could blame them ?
  3. Mac OS X is the platform for choice for those wanting an alternative to Microsoft Windows.

I forget these things.

Link: Apple (AAPL) Q1 2017 Results – Earnings Call Transcript | Seeking Alpha – http://seekingalpha.com/article/4041266-apple-aapl-q1-2017-results-earnings-call-transcript?part=single

The post Thought: Latest Apple Mac Customers Are Switching from Windows appeared first on EtherealMind.

Musing: Open Network Linux Expansion | Big Switch Networks, Inc.

Progress towards standardised switching hardware is moving along nicely. Big Switch is support 14 MORE platforms with its OpenNetworkLinux NOS and applications.

Support for 12 New Platforms

In addition to the Facebook boxes above, we’ve added support for the following new 1G, 10G, and 100G switch platforms:

  1. Celestica Redstone XP, Redstone XL, and Seastone
  2. Agema AGC7648
  3. Alpha Networks SNX-60×0-486F
  4. Dell S6100-ON, S6010-ON, S4048t-ON, Z9100-ON
  5. Accton AS4610 (ARM), AS5512 (Nephos), AS7512 (Cavium), AS7716 (Xeon)

Open Network Linux Expansion | Big Switch Networks, Inc. : http://www.bigswitch.com/blog/2016/11/21/open-network-linux-expansion

The post Musing: Open Network Linux Expansion | Big Switch Networks, Inc. appeared first on EtherealMind.

ENISA online training material updated and extended — ENISA

Free Training materials on IT Security incident and breach response. Looks quite good.

The new training material provides a step-by-step guide on how to address and respond to incidents, as an incident handler and investigator, teaching best practices and covering both sides of the breach. The material is technical and aims to provide a guided training both to incident handlers and investigators, while providing lifelike conditions. The training material mainly uses open source and free tools.

ENISA online training material updated and extended — ENISA : https://www.enisa.europa.eu/news/enisa-news/enisa-online-training-material-updated-and-extended

The post ENISA online training material updated and extended — ENISA appeared first on EtherealMind.

Help Wanted: Stitching a Federated SDN on OpenStack with EVPN

I am working with a client that has a rather unique problem and I’m looking for help on the possible solution.

For unusual, but practical, reasons there is a need to deploy three SDN solutions.

  1. VMware Integrated OpenStack with NSX
  2. Mirantis OpenStack with OpenContrail
  3. BGP-EVPN for existing and future

What I need help with is the stitching these different overlays together so that high bandwidth (>500Gbps), low latency (<5ms) data can flow in between virtual and physical networks.

There is no alignment to a hardware vendor and will buy whatever hardware can meet the requirements based on its software features.

SDN Federation in 3 parts (24-01-2017, 11-15-21).png

Questions

  1. I know that each of these solution supports VXLAN overlay and can be terminated (VTEP) in hardware. But which hardware ? What operating systems ? What protocols are used for any given hardware/software platform  ?
  2.  What is the configuration of the VTEP devices and can they be integrated into an orchestration (self-developed) ? What APIs are used to configure the VTEP instances ?
  3. What are the performance considerations around VTEP ?
  4. Is is practical to stitch a BGP-EVPN physical underlay to an SDN overlay such as NSX or OpenContrail ?

Discussion

I would be interested in talking to anyone who could offer advice and input Continue reading

Response: Oracle effectively doubles licence fees to run its stuff in AWS • The Register

Oracle doubles pricing on cloud use in AWS which will ‘coincidentally’ make the high pricing of its own cloud look relatively cheap. Will customers lie down and take this ? Almost certainly, its hard to imagine a bigger commercial sucker than an Oracle customer – its hard to get rid of it once you have it and they love price increases (probably thinking it validates why they bought the product in the first place).

Oracle has changed the way it charges users to run its software in Amazon Web Services, effectively doubling the cost along the way.

Oracle effectively doubles licence fees to run its stuff in AWS • The Register : https://www.theregister.co.uk/2017/01/30/oracle_effectively_doubles_licence_fees_to_run_in_aws/

The post Response: Oracle effectively doubles licence fees to run its stuff in AWS • The Register appeared first on EtherealMind.

Response: BGP in 2016 – Geoff Huston

Geoff Huston taking a withering look at the crapness of BGP in the Internet. As always, its quite crap excluding the fact that it actually works (more or less).

It has become either a tradition, or a habit, each January for me to report on the experience with the inter-domain routing system over the past year, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet.

The long predicted apocalypse in the Internet routing table hasn’t come to pass so the those 15-year old Catayst 6500 switches will still be used in the Internet backbone for many years to come. Oh, yay.

None of the metrics indicate that we are seeing such an explosive level of growth in the routing system that it will fundamentally alter the viability of carrying a full BGP routing table anytime soon. In terms of the projections of table size in the IPv4 and IPv6 networks, the BGP sky is firmly well above us, and it’s not about to fall on our heads just yet!

ISP Column – January 2017

The post Response: BGP in 2016 – Geoff Continue reading

Musing: Conferences and Travel Bans

The IETF posted that travel bans may impact its decisions on where to hold conferences. This has got me thinking.

  1. A substantial number of people travel internationally to conferences that are hosted in the USA, in part because these conferences have the best content
  2. Large vendor conferences that I have attend HPE Discover, Cisco Live, VMworld have been well attended by numbers of overseas attendees. I don’t have exact numbers, can’t find any ?
  3. Big deals are often done at these conferences where executives from customer and vendor will fly in to finalise a deal.
  4. Confereneces are critical to sales cycles of big US companies who will 1) reward customers with free trips 2) accompany customers to see what interests them 3) forge/strengthen relationships with customers who may be moving away from them.

From a personal perspective, I’m in the final stages of content planning for the Packet Pushers two day workshop at the Interop ITX conference on May 15-16. Last year, we had a large contingent of overseas folks attend Interop in large part to hear us and for some this was their first trip to the USA.

Many conferences3 are already struggling to maintain attendees, vendors and revenue. The Continue reading

Response:New Office 365 subscriptions for consumers plunged 62% in 2016 | ITworld

Another “public cloud isn’t for everyone” story:

By charting Office 365’s new subscribers using a trailing 12 months — the latest quarter plus the three previous — to eliminate seasonal spikes, the suite’s waxing and waning over the past four years becomes apparent. From its Q1 2013 debut until Q4 2015, Office 365 subscriber growth was always steady, sometimes spectacular.

Solid approach to charting and yes, Office 365 did well but:

After Q4 2015, however, the trailing 12-month numbers fell, a decline fueled by the plateau of 0.9 million each quarter from the second onward. That resulted in a gain of just 4.3 million subscribers throughout 2016, a reduction of 62% from the year before.

Office365 new subs 100706400 large

Oh, the path to public cloud isn’t always a growth market? That’s not the story from the clouderati. Oh dear.

New Office 365 subscriptions for consumers plunged 62% in 2016 | ITworld : http://www.itworld.com/article/3162708/enterprise-applications/new-office-365-subscriptions-for-consumers-plunged-62-in-2016.html

The post Response:New Office 365 subscriptions for consumers plunged 62% in 2016 | ITworld appeared first on EtherealMind.

Musing: Google Establishes CA Root Authority.

Google continues to build out its ownership of key Internet infrastructure. Email/Spam filtering, Chrome Browser, DNS

As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology. This is why we have made the decision to expand our current Certificate Authority efforts to include the operation of our own Root Certificate Authority. To this end, we have established Google Trust Services (https://pki.goog/), the entity we will rely on to operate these Certificate Authorities on behalf of Google and Alphabet.

Thoughts, in no particular order:

  1. Bought company with root certificates to shorten lead time to control
  2. Ownership of and widespread use of Chrome web browser, DNS and trusted root certificates means that Google has unprecedented amount of control over user data regardless encryption.
  3. Can silently MITM any traffic in browser by combining web browser and certificate configuration
  4. Data gathering from DNS servers for destinations, source addresses/geolocation, usage profiling
  5. Chrome already prevents many privacy and usability features available in other browsers e.g. Reading mode,
  6. Adds to data-gathering possibilities from web services that predict searches, URLs and spelling errors built into browser

One of the base Continue reading

Your Business Won’t Use a Server in 5 Years ? What Bull….

What a load of bull.

The journey to cloud is a matter of when, not if. The first step in that journey is well underway with organizations replacing on-premise servers with cloud-based systems that are better in every dimension — faster, cheaper, more secure. In 5 years, every modern business will have a substantial portion of their systems running the cloud. But that’s only the first step.

  1. There are people using laptops older than 5 years. Mass migration to public cloud, much less server less, is not practical within 5 years. Reaching 30% would highly optimistic. (also, 30% of what, exactly)
  2. Also, its arrogant to assume that serverless technology can only be provided in the public cloud. Expect to see private cloud serverless solutions arrive in a few years and undermine the assertion further.
  3. Serverless will enable quite a few new things but also requires companies to completely change the way they operate. The focus on Internet-first, and high investments in technology is not a trend.

Your Business Won’t Use a Server in 5 Years : https://serverless.zone/your-business-wont-use-a-server-in-5-years-79c8fd25b239

The post Your Business Won’t Use a Server in 5 Years ? What Bull…. appeared first on EtherealMind.

And Then They Join You… – Open Source @VMware

This seems significant. VMware has hired a key Linux kernel contributor, specifically Real Time.

We have seen a substantial reversal of open source commitments by many incumbent vendors eg. Cisco in ODL, HPE Openswitch. VMware might be increasing its commitment.

This company that I am now at, VMware, is taking open source seriously. By hiring myself and others, VMware is not just talking about open source, but wants to actively take part in the community. Actions speak much louder than words. Linux and open source has won and is here to stay. Linux is now a key part of enterprise software and companies like VMware acknowledge this, and they are making an effort to join, and become a productive member of the open source community.

And Then They Join You… – Open Source @VMware – VMware Blogs : https://blogs.vmware.com/opensource/2017/01/26/and-then-they-join-you/

The post And Then They Join You… – Open Source @VMware appeared first on EtherealMind.

Why Containers Are Crap

I appreciated this rant by @alicegoldfuss on a impractical parts of running containers. Not many people talk about the downsides.

(shame its not on a blog somewhere where it would be readable)

Dictionary: Shallow Packet Inspection 

Vendors marketing is getting overexcited with hyperbole and suddenly basic filtering such as access-lists are Deep Packet Inspection.

Packet munging for layer 2-4 is shallow packet inspection. Specifically, its when you match Ethernet MAC, IP Addresses and TCP/UDP port numbers but nothing else. At time of writing, shallow packet inspection is simple, cheap and part of the forwarding ASIC.

Devices that perform inspection at Layer 5-7 of the OSI model is deep packet inspection (DPI). This requires exponentially more complex handling of the data in the ASICs, awareness of data formats and flow operations. In addition, the applications that configure are complex and sophisticated (the CLI just doesn’t cut it).

Use the OSI Model

The post Dictionary: Shallow Packet Inspection  appeared first on EtherealMind.

vSphere 6.5 Security Encrypted vMotion

Interesting

Encrypted vMotion has been asked about for YEARS. It’s here now in vSphere 6.5! And, like VM Encryption, we’ve taken a different approach than you might think. We don’t actually encrypt the vMotion network. What we DO encrypt is the data going over the vMotion network. At the time of migration, a 256-bit key and 64-bit Nonce are created by vCenter. This is a one-time-use key and is not persisted!

Some thoughts:

  1. what is the impact of the encryption on vMotion performance, especially at load ? Since its symmetric encryption (OTP Key would suggest that) it should light on CPU but still.
  2. Joined up thinking between network and vm admins is key here. If the network already encrypts this would be silly to implement so “The best part is you don’t have to ask your network team to do anything!” would be doubling down on stupid.
  3. Network encryption should lower latency (hardware acceleration) and perform better (remember, don’t ask your network team anything)
  4. Security is a top down thing. If you are bothering to encrypt at all, everything should be encrypted not just the vMotion. Thats kind of pointless if all other data is in the clear.

No Continue reading

Research: Wired Ethernet: Intel® Ethernet X520 to XL710 -… |Intel Communities

This balance is also important when looking at the interaction within a server between the network cards (which have some on-board buffering) and the DPDK managed buffer resources on the host. A better tuning of the buffer sizes can eliminate potential packet losses. This paper is summarizing what to do when going from one type of network card to another one that has different on-board buffer behavior. It also has the potential to explain and fix certain packet loss issues going from one generation of a NIC card to another (e.g. when moving from Intel® Ethernet Server Adapter X520 to Intel® Ethernet Controller XL710)

Basically it comes down to configuring the RX descriptors.

So, to avoid packet losses due to CPU core being interrupted when using Fortville (or when using Niantic and SRIOV), the number of RX descriptors should be configured high enough, for instance to 2048.

Wired Ethernet: Intel® Ethernet X520 to XL710 -… |Intel Communities : https://communities.intel.com/community/wired/blog/2017/01/09/intel-ethernet-x520-to-xl710-tuning-the-buffers-a-practical-guide-to-reduce-or-avoid-packet-loss-in-dpdk-applications

Link to local version PDF File for my future self (hi there!)

X520_to_XL710_Tuning_The_Buffers.pdf

The post Research: Wired Ethernet: Intel® Ethernet X520 to XL710 -… |Intel Communities appeared first on EtherealMind.

BT Openreach to trial Dark Fibre Access in August 2017

When the government owns the fibre and copper cabling but leaves the operation and revenue extraction to commercial companies you get competitive telecoms

Openreach’s DFA product will allow rival internet service providers (ISPs) access to the company’s fibre-optic cables, which technically means that they can install their own equipment at either end of the optical fibre, within Openreach’s cable ducts.

BT Openreach to trial Dark Fibre Access in August 2017 : https://www.telegeography.com/products/commsupdate/articles/2017/01/24/bt-openreach-to-trial-dark-fibre-access-in-august-2017/

The post BT Openreach to trial Dark Fibre Access in August 2017 appeared first on EtherealMind.

Avaya Inc. Files for Chapter 11 Protection

Not much of a surprise, the Avaya business has been doing OK but the company has a large about of debt that is dragging it down. Chapter 11 likely to allow restructuring of debt and plan a path forward.

Its possible that the business could be broken up or pieces sold off to pay down debt but the lack of buyers for Brocade (either whole or in part) suggests that is unlikely for networking. Other parts of Avaya might be sold off

Link: Avaya Inc. Files for Chapter 11 Protection – http://www.avaya.com/en/about-avaya/newsroom/news-releases/2017/pr-us-170119a/

Customer FAQ: http://www.avaya.com/en/documents/filing-faqs.pdf has more info:

As a result of the terms of Avaya’s debt obligations and the upcoming debt maturities, we need to recapitalize the Company and believe the restructuring process is the best path forward at this time. Our businesses are healthy and performing well, and we are executing at a high level.

Seems likely.

The post Avaya Inc. Files for Chapter 11 Protection appeared first on EtherealMind.

1 48 49 50 51 52 75