Ivan Pepelnjak

Author Archives: Ivan Pepelnjak

Will Network Devices Reject BGP Sessions from Unknown Sources?

TL&DR: Violating the Betteridge’s Law of Headlines, the answer is “Yes, but the devil is in the details.

It all started with the following observation by Minh Ha left as a comment to my previous BGP session security blog post:

I’d think it’d be obvious for BGP routers to only accept incoming sessions from configured BGP neighbors, right? Because BGP is the most critical infrastructure, the backbone of the Internet, why would you want your router to accept incoming session from anyone but KNOWN sources?

Following my “opinions are good, facts are better” mantra, I decided to run a few tests before opinionating1.

Will Network Devices Reject BGP Sessions from Unknown Sources?

TL&DR: Violating the Betteridge’s Law of Headlines, the answer is “Yes, but the devil is in the details.

It all started with the following observation by Minh Ha left as a comment to my previous BGP session security blog post:

I’d think it’d be obvious for BGP routers to only accept incoming sessions from configured BGP neighbors, right? Because BGP is the most critical infrastructure, the backbone of the Internet, why would you want your router to accept incoming session from anyone but KNOWN sources?

Following my “opinions are good, facts are better” mantra, I decided to run a few tests before opinionating1.

Worth Reading: AI Risks

Bruce Schneier wrote a thoughtful article on the various perceptions of AI Risks including this gem:

As the science-fiction author Ted Chiang has said, fears about the existential risks of AI are really fears about the threat of uncontrolled capitalism, and dystopias like the paper clip maximizer are just caricatures of every start-up’s business plan.

Enjoy!

Worth Reading: AI Risks

Bruce Schneier wrote a thoughtful article on the various perceptions of AI Risks including this gem:

As the science-fiction author Ted Chiang has said, fears about the existential risks of AI are really fears about the threat of uncontrolled capitalism, and dystopias like the paper clip maximizer are just caricatures of every start-up’s business plan.

Enjoy!

Worth Reading: Introduction of EVPN at DE-CIX

Numerous Internet Exchange Points (IXP) started using VXLAN years ago to replace tradition layer-2 fabrics with routed networks. Many of them tried to avoid the complexities of EVPN and used VXLAN with statically-configured (and hopefully automated) ingress replication.

A few went a step further and decided to deploy EVPN, primarily to deploy Proxy ARP functionality on EVPN switches and reduce the ARP/ND traffic. Thomas King from DE-CIX described their experience on APNIC blog – well worth reading if you’re interested in layer-2 fabrics.

Worth Reading: Introduction of EVPN at DE-CIX

Numerous Internet Exchange Points (IXP) started using VXLAN years ago to replace tradition layer-2 fabrics with routed networks. Many of them tried to avoid the complexities of EVPN and used VXLAN with statically-configured (and hopefully automated) ingress replication.

A few went a step further and decided to deploy EVPN, primarily to deploy Proxy ARP functionality on EVPN switches and reduce the ARP/ND traffic. Thomas King from DE-CIX described their experience on APNIC blog – well worth reading if you’re interested in layer-2 fabrics.

Video: What Is Software-Defined Data Center

A few years ago, I was asked to deliver a What Is SDDC presentation that later became a webinar. I forgot about that webinar until I received feedback from one of the viewers a week ago:

If you like to learn from the teachers with the “straight to the point” approach and complement the theory with many “real-life” scenarios, then ipSpace.net is the right place for you.

I haven’t realized people still find that webinar useful, so let’s make it viewable without registration, starting with What Problem Are We Trying to Solve and What Is SDDC.

You need at least free ipSpace.net subscription to watch videos in this webinar.

Video: What Is Software-Defined Data Center

A few years ago, I was asked to deliver a What Is SDDC presentation that later became a webinar. I forgot about that webinar until I received feedback from one of the viewers a week ago:

If you like to learn from the teachers with the “straight to the point” approach and complement the theory with many “real-life” scenarios, then ipSpace.net is the right place for you.

I haven’t realized people still find that webinar useful, so let’s make it viewable without registration, starting with What Problem Are We Trying to Solve and What Is SDDC.

You need at least free ipSpace.net subscription to watch videos in this webinar.

netlab 1.6.2: More Reporting Goodies

netlab release 1.6.2 improved reporting capabilities:

  • BGP reports and IP addressing reports are fully IPv6-aware
  • Some columns in BGP reports are optional to reduce the width of text reports
  • You can filter the reports you’re interested in when using netlab show reports command
  • Reports relying on ipaddr Ansible filter display warnings (instead of crashing) if you don’t have Ansible installed.

In other news:

netlab 1.6.2: More Reporting Goodies

netlab release 1.6.2 improved reporting capabilities:

  • BGP reports and IP addressing reports are fully IPv6-aware
  • Some columns in BGP reports are optional to reduce the width of text reports
  • You can filter the reports you’re interested in when using netlab show reports command
  • Reports relying on ipaddr Ansible filter display warnings (instead of crashing) if you don’t have Ansible installed.

In other news:

What Is Ultra Ethernet All About?

If you’re monitoring the industry press (or other usual hype factories), you might have heard about Ultra Ethernet, a dazzling new technology that will be developed by the Ultra Ethernet Consortium1. What is it and does it matter to you (TL&DR: probably not2)?

As always, let’s start with What Problem Are We Solving?

1 20 21 22 23 24 176