Dispersing a DDoS: Initial thoughts on DDoS protection

Distributed Denial of Service is a big deal—huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, “tonight my network will not be impacted by a DDoS attack.” There are tools and services that deploy various mechanisms that will do the engineering and work for you, but there is no solution for DDoS attacks.

One such reaction tool is spreading the attack. In the network below, the network under attack has six entry points.

Assume the attacker has IoT devices scattered throughout AS65002 which they are using to launch an attack. Due to policies within AS65002, the DDoS attack streams are being forwarded into AS65001, and thence to A and B. It would be easy to shut these two links down, forcing the traffic to disperse across five entries rather than two (B, C, D, E, and F). By splitting the Continue reading

Worth Reading: Constructing your CCDE Practical Exam Strategy

This blog is the second of a two-part series focused on preparing candidates for success in achieving the CCDE. Mastering the tools available to you can be a “force multiplier” on exam day. There are three primary tools available to you during the practical exam: on-screen highlighting, built-in notepad, and a physical dry-erase board. I will discuss each of these in detail. All candidates have access to each tool for all four scenarios. —Cisco Learning Network

The post Worth Reading: Constructing your CCDE Practical Exam Strategy appeared first on 'net work.

Worth Reading: Content delivery networks move data closer to the edge

Content delivery networks (CDNs) are the new “middleware” that connect the users who work and live at the network’s endpoints with the bulk of data resources that are increasingly centralized in the cloud. Many industry watchers admit being caught by surprise as the expected decline in “hyperscale” data centers failed to materialize. Data centers continue to grow in size, but the total number of data centers hasn’t declined as expected, according to an article in Data Center Knowledge. —The New Stack

The post Worth Reading: Content delivery networks move data closer to the edge appeared first on 'net work.

Bird on a Fence

The post Bird on a Fence appeared first on 'net work.

Worth Reading: A new propaganda agency is born

The newly created Global Engagement Center is tasked with coordinating the Federal Government’s efforts to “understand, expose, and counter foreign state and non-state propaganda and disinformation… aimed at undermining United States national security interests.” This appears to be the government’s response to the as-yet unsubstantiated claims of “Russian hacking” that allegedly stole the election. No definition of what constitutes “propaganda and disinformation” or “national security interests” is given. In practice, these words can mean anything the Center would like them to mean. —Intellectual Takeout

The post Worth Reading: A new propaganda agency is born appeared first on 'net work.

Worth Reading: Inside the mind of cyber criminals

Information sharing amongst security specialists is crucial; in the eyes of a criminal, no company is unique. As a rule of thumb, perpetrators will initially cast a wide net and move downstream toward the easiest prey. It’s more likely to become a victim via common attack vector, rather than to experience a highly sophisticated and tailored attack. On the other hand, security specialists should never underestimate the determination of an attacker. Highly valuable and quickly sold on underground information such as payment, healthcare, and personally identifiable records, as well as sensitive M&A information, must be identified as a targeted asset, quarantined, and stored encrypted. —Recorded Future

The post Worth Reading: Inside the mind of cyber criminals appeared first on 'net work.

Large Scale Network Design LiveLesson

Alvaro and I finished recording a new LiveLesson back in December; it should be available for pre-purchase at the end of January. For those folks interested in network design, this is going to be a great video series. We originally started out with the idea of updating Optimal Routing Design, but the project quickly morphed into its “own thing,” which means this video series is actually more of a compliment to ORD, rather than a replacement. Some pieces will be more up-to-date than the book, but there are a number of things covered in the book that are not covered in the video.

Large Scale Network Design LiveLessons takes you through the concepts behind stable, scalable, elegant network design, including modularity, resilience, layering, and security principles. This livelesson will focus on traditional distributed link state, distance vector, and path vector routing protocols, as well as the basic principles of centralized control planes (such as OpenFlow). A special point will be made of sorting out the relationship between policy and reachability, and where they can best be managed in a large scale network.

The post Large Scale Network Design LiveLesson appeared first on 'net work.

Worth Reading: Studying the IPv4 transfer market

The Internet community anticipated this almost two decades ago and standardized IPv6 as a long-term solution. IPv6 uptake is, however, still lagging. Hence, affected businesses have actively started seeking stop-gap measures to prolong the lifetime of IPv4 addresses. These measures include address space redistribution, deploying large scale NATs, and trading IPv4 blocks on the IPv4 transfer market. The emergence of this market has radically changed the nature of IPv4 addresses from a free resource to a commodity, which has raised many questions about market regulations. This blog post explores the evolution of the IPv4 transfer market. —APNIC

The post Worth Reading: Studying the IPv4 transfer market appeared first on 'net work.

Worth Reading: Could zombie toasters DDoS my serverless?

With serverless, there is essentially no limit on the number of requests you could be handling — the service scales up automatically and almost instantaneously for every concurrent request. This is great if your product suddenly becomes successful, as you don’t really need to plan for additional scale; it is all handled for you automatically without even the need to think about an autoscaling set-up. But what if your service isn’t suddenly rising up the popularity charts, and is simply the victim of a coordinated attack by a botnet? You’re being charged by the function call. Could the unlimited cost of all those function calls take you out of business? —The New Stack

The post Worth Reading: Could zombie toasters DDoS my serverless? appeared first on 'net work.

On the ‘net: Rockstar SE with Terry Kim

I was recently interviewed on Rockstar SEby Terry Kim—it’s a worthwhile listen!

Russ White has over 30 years of experience in network engineering; A Distinguished Architect during his time at Cisco, holds the highest certification Cisco has to offer as a CCAr and holds CCDE #1. He’s also a Published author, worldwide speaker at many tech conferences, and has over 40+ patents. This guy is a legend in the field of networking folks. In this episode we discuss SDN, Fog Computing, Disaggregation, and what network engineers should focus on for the future and more! You don’t want to miss this one!

The post On the ‘net: Rockstar SE with Terry Kim appeared first on 'net work.

Worth Reading: Automatically identifying bottlenecks

One common question we need to answer when trying to decrease page load time is: where is the performance bottleneck? In other words, where should the engineers focus their efforts? Usually, to answer this question, a performance engineer will look into performance metrics and check some samples captured by Resource Timing API and Call Graph and locate the hotspots. This approach can be very useful, but had the drawback of “trial and error.” Also, many sample waterfalls have to be clicked and analyzed manually to find bottlenecks. We wanted a systematic way that a tool could automatically provide bottleneck details quickly based on existing, large amounts of data. —LinkedIn Engineering Blog

The post Worth Reading: Automatically identifying bottlenecks appeared first on 'net work.

Worth Reading: We’re all responsible for fake news

In an era of public opinion polls, we rarely turn our criticisms back on the public. Maybe that should change. Many people are angry with the press right now, and that’s very understandable, but we also need to acknowledge this truth: media outlets today are subject to ruthless competitive pressure. … Ask yourself: What kinds of pieces do I look for, and which do I share with my friends? … So, what does the public want? Are they interested in solid reporting and honest, careful reasoning? Or do they just want people to massage their sensitivities and confirm all their pre-existing views? If it’s mainly the latter, righting the ship will be very difficult indeed. —The Federalist

The post Worth Reading: We’re all responsible for fake news appeared first on 'net work.

The Great Domain Debacle

For those who are interested—this weekend I got into a “discussion” with my old/current DNS provider, Network Solutions. I’ve been using them for years, but there have apparently been recent changes at the company. Part of their “new” terms of service say—

We may, at any time, activate the auto-renew service for eligible services in your account. Further, we may provide you with an opportunity to “opt in” to our automatic renewal process in accordance with the instructions (and subject to your agreement to the terms and conditions pertaining to that process) on our Website. You agree that if you are enrolled in or otherwise utilizing our auto-renew service, we will attempt to renew your service at some point less than ninety (90) days prior to its expiration. Such automatic renewal for your service(s), if successful, may be for a shorter term than the term for which you originally purchased your service(s), but in no event shall such term be longer than the term then-currently in place for the service(s). Such automatic renewal for your service(s), if successful, shall be at the then-current price for the service(s). You further agree that, to turn off the auto-renew service for any of Continue reading

SDxE: Engineer Focused

As an engineer, you’ve probably asked yourself a thousand times—what does all this software defined stuff mean for me? Answers are out there, of course; it seems like everyone is writing about it. Some of the answers out there are even useful, of course, but some of them are not. Most folks writing about the software defined craze are either unrealistic, or they’re focused on the large scale network you probably aren’t working on. Which leaves the question lingering: how does software defined apply to me?

SDxE—Software Defined Enterprise—is a new show designed to answer those questions for the engineer. I’ll be there; the full schedule isn’t in place, but I am currently pulling together a panel about the end of the (appliance) router. I plan to have folks from Cumulus, 6Wind, and at least one independent expert (Jeff Tantsura), sitting down to chat with me about disaggregation and the future of the router market. Specifically, are the tools in place that will allow you, the average engineer, running the “average” “enterprise” network, to take advantage of disaggregation?

Shawn Zandi will be there discussing the LinkedIn data center, and Pete Lumbis will be there talking about network automation. Continue reading

Worth Reading: Python 3.6 released

The coding community got a nice bonus gift under our collective Christmas tree on December 23, 2016, when the Python Software Foundation released the latest version of the language, Python 3.6. While the rest of us were busy snagging cocktail snacks at the office holiday party, Continuum Analytics maker of Anaconda, the leading open source data science platform for the Python programming language — was busy issuing their own matching release. —New Stack

The post Worth Reading: Python 3.6 released appeared first on 'net work.

Worth Reading: Constructing your CCDE practical exam strategy

I passed the CCDE practical in November 2016 along with some of the finest engineers I know, from whom which I’ve learned a few things that I wanted to share with you. This two-part blog series is meant to be a descriptive (not prescriptive) enumeration of the different study strategies and tools you’ll have at your disposal. These strategies are not often discussed but are important in achieving the CCDE. Specifically, this first blog discusses the study strategy component. —Cisco Learning Network

The post Worth Reading: Constructing your CCDE practical exam strategy appeared first on 'net work.

Blogging Workflow

A lot of folks start out to blog, and then quit soon after. Since I started blogging mainly as a way to build some discipline in my writing, I was determined not to let my blog become a cob web, a page that was not updated on a regular basis, I started blogging determined to build a process, or a blogging workflow. I should emphasize at this point that blogging, as all writing, is a habit and a discipline. It’s not just “something that happens on its own.” If you are going to blog, start with the same mindset—focus on the habits and discipline first, the blog second.

I (mostly) build all the content for ‘net Work on Saturday mornings. Sometimes it slips to Sunday or Monday, depending on what is going on, but I normally spend no more than about 2 to 3 hours a week on keeping this blog up and running, including normal maintenance. There are times when I spend much more—for instance, if I’m switching platforms, or switching themes. There are other times when I need to spend time in code, or researching something specific, for a blog post (or a set of posts), but Continue reading

Worth Reading: how to wade through 100’s of articles

Know why you read. Ignore content that doesn’t align with your personal consumption goals. Ignore content with clickbait titles. These articles are purposely designed to drive traffic, generating salable ad impressions. Most of the time, they are content-free and safely ignored. Have no fear of declaring amnesty. Missing out doesn’t matter. Read it now; you probably won’t read it later. Don’t let articles pile up for when you have a better time. Use tools effectively. You can get through content more quickly and share or save the best stuff easily. —Ethan Banks

The post Worth Reading: how to wade through 100’s of articles appeared first on 'net work.

Moving to a Single Domain

For various reasons, I’m changing my DNS provider; the new provider will not support the .guru TLD, so I’m going to drop it, and just stick with rule11.us. I think most folks are pointing to rule11.us anyway, but I thought I’d post this here so you’d see if it not.

The post Moving to a Single Domain appeared first on 'net work.

Moving to a Single Domain

For various reasons, I’m changing my DNS provider; the new provider will not support the .guru TLD, so I’m going to drop it, and just stick with rule11.us. I think most folks are pointing to rule11.us anyway, but I thought I’d post this here so you’d see if it not.

The post Moving to a Single Domain appeared first on 'net work.