Worth Reading: An infrastructure for on demand service profiling

LinkedIn has built hundreds of application services, with thousands of instances running in data centers. Optimizing the performance of these services can dramatically improve user experience and reduce operational costs, and profilers are commonly used to help achieve this. LinkedIn’s On-Demand Profiling infrastructure (“ODP”) is one method we use to identify these optimizations. Profiling is a useful method to improve the performance of services. However, the tooling solutions for profiling don’t have fixed standards, are often decentralized, can be costly, and for a company with a large server footprint such as LinkedIn, are inconvenient to use at best. —Linkedin Engineering Blog

The post Worth Reading: An infrastructure for on demand service profiling appeared first on 'net work.

Toxic Cultures and Reality

I have lived through multiple toxic cultures in my life. It’s easy to say, “just quit,” or “just go to HR,” but—for various reasons—these are not always a good solution. For instance, if you are in the military, “just quit” is not, precisely, an option. So how should you deal with these sorts of bad situations?

Start here: you are not going to change the culture. Just like I tell my daughters not to date guys so they can “fix” them, I have never seen anyone “fix” a culture through any sort of “mass action.” You are not going to “win” by going to the boss, or by getting someone from the outside to force everyone to change. You are not going to change the culture by griping about it. Believe me, I’ve tried all these things. They don’t (really) work.

Given these points, what can you do?

Start with a large dose of humility. First, you are probably a part of a number of toxic cultures yourself, and you probably even contribute at least some amount of the poison. Second, you are almost always limited in your power to change things; your influence, no matter how right you Continue reading

Worth Reading: The CCDE Mindset

Preparing for the CCDE from a technology standpoint is relatively easy compared to getting into the right mindset and getting enough exposure to network designs. Don’t get me wrong, it’s a technically difficult exam but the number of candidates taking the exam that have the right knowledge level of technology are far higher than the number of people actually passing the exam. I have seen this time and time again. Because we have this bias we immediately base our feeling and design based on our feelings or previous experience without taking the business requirements and technical constraints into consideration. —Daniel’s Networking Blog

The post Worth Reading: The CCDE Mindset appeared first on 'net work.

Worth Reading: IOS/XR in GNS3

Cisco IOS XRv is one of the most popular platforms among network engineers. However, this platform is only available in high-end devices, which might not be available to all engineers. For this reason, engineers prefer to virtualize the OS and GNS3 is one of the most popular network simulators to do this. GNS3 is based on Dynamips, Pemu/Qemu and Dynagen. Simulating Cisco IOS in GNS3 is pretty straightforward. Simulating the XR platform is not. But with new XRv image and a few tweaks, you can now run Cisco XR platform in GNS3. —APNIC

The post Worth Reading: IOS/XR in GNS3 appeared first on 'net work.

Tile Roof

The post Tile Roof appeared first on 'net work.

Worth Reading: Innovation at CIDR 2017

Last week was CIDR 2017, the biennial Conference on Innovative Data Systems Research. CIDR encourages authors to take a whole system perspective and especially values “innovation, experience-based insight, and vision.” That’s a very good match with the attributes of papers I like to cover on The Morning Paper. So what innovation, insight, and vision does CIDR have to offer us to see us through until the next edition in 2019? —The Morning Paper

The post Worth Reading: Innovation at CIDR 2017 appeared first on 'net work.

Worth Reading: IPv6 server addressing strategies

In this post, I’ll discuss configuration approaches for systems that usually have been configured with “static” IP parameters in the IPv4 age/context (for example, servers in data centres). When it comes to IPv6 there are more options and we’ll have a look at their implications and potential advantages/disadvantages. —APNIC

The post Worth Reading: IPv6 server addressing strategies appeared first on 'net work.

On the ‘net: Considerations in Moving to an SDDC

There are two basic models to consider when moving data centers: running the old and new in parallel during some form of transition phase, or integrating your existing equipment with the newer SDDC. The second, integrating existing equipment within a single data center fabric, is not one, but two answers: integrating at the pod level, or running the SDDC over the top of existing equipment. —Tech Target

The post On the ‘net: Considerations in Moving to an SDDC appeared first on 'net work.

Worth Reading: Every day is Monday in Operations

If Operations fails, so does your company—it is, as you might say, mission-critical. The delicate trust a company holds with its customers can be shattered by a single sustained outage. Just look at one outage from 2012 which cost millions of dollars per minute while a bug was in production. When a major incident occurs, no customer cares about who was at fault, the extenuating circumstances, or how you’re going to do better next time. They leave, wondering why they trusted your company in the first place. In Operations, failure is not an option. —LinkedIn Engineering

The post Worth Reading: Every day is Monday in Operations appeared first on 'net work.

Worth Reading: Windows 10 steps up ransomware defenses

Here’s some good news for the countless businesses getting ready for the migration to Windows 10: Microsoft recently announced that its Windows 10 Anniversary Update features security updates specifically targeted to fight ransomware. No defense is completely hack-proof, but it’s great to see the biggest names in the tech world are putting ransomware at the top of their list of concerns. —Cloud Security Alliance

The post Worth Reading: Windows 10 steps up ransomware defenses appeared first on 'net work.

OSPF TLVs: Taking advantage of improvements in computing power

OSPF was originally designed in an age when processors were much less capable, available memory was much smaller, and link bandwidths were much lower. To conserve processing power, memory, and n-the-wire bandwidth, OSPF was designed using fixed length fields (FLFs). TLVs are more difficult to process than an FLF; to process a set of FLFs, you build a structure that mimics the FLF formatting, and simple “impose” it on the memory location where you have stored the data to be decoded, as shown below.

In the FLF model, the structure can simply be imposed on the memory locations, and the values can be read directly. In the TLV model, each type code must be read to determine the kind of information and the length must be read to determine the size of the field. Only once these two items in the TLV header have been read can the actual data be related to a particular field in the resulting data structure.

In the intervening years, however, compute, storage, and network capabilities have increased dramatically; the following chart, taken from a book I’m working on, shows this growth since about the start of the “network era.”

As compute, storage, and Continue reading

Worth Reading: Fix EULAs

Traditionally, once a person has purchased a product, she has been free to use it however she sees fit without oversight or control from the copyright owner. Purchasers have also been free to use competitors’ add-on software and hardware that interoperate with the goods they buy, because innovators have been able to develop and distribute such technologies. That expectation is upended when it comes to products that come with embedded software, from tractors to refrigerators to toasters and children’s toys. That software is supposed to make our stuff smarter, but it also makes our stuff not really ours. —EFF

The post Worth Reading: Fix EULAs appeared first on 'net work.

Worth Reading: Internet routing detours

In November 2013, the Internet intelligence company Renesys (now owned by Dyn, Oracle) published an online article detailing an attack they called Targeted Internet Traffic Misdirection. Using Traceroute data, they discovered three paths that suffered a man-in-the-middle (MITM) attack. One path originated from, and was destined to, organizations in Denver, CO, after passing through Iceland, prompting concern and uncomfortable discussions with ISP customers. Are such detours only a result of an attack? —APNIC

The post Worth Reading: Internet routing detours appeared first on 'net work.

Updated Generic Icon Set

I’ve updated the generic icons linked from this page to include a virtual router/switch. I’ve also added two different spine and leaf topologies to the presentation. I may add other “generic” topologies over time, as I run across ones that seem worth including. These are completely public domain; I would encourage you to use them instead of the normal sets of vendor icons in drawing, books, blogs, etc.

Updated: Thanks to Greg Ferro, there is now a version of these in Omnigraffle! They’re linked on the same page.

The post Updated Generic Icon Set appeared first on 'net work.

On the ‘net: The background of I2RS

Through this (probably far too long) series on SDNs, we have looked at BGP, Fibbing, and Openflow. BGP and Fibbing would be described as augmented control planes; the distributed control plane is not replaced, but rather augmented with a controller that modifies the best path decisions of the control plane by interacting with the control itself in a somewhat “native” way. Openflow, on the other hand, replaces the distributed control plane; it would actually be difficult to build a system that talks directly to the FIB that does not entirely replace the control plane. But in the original classification, there was a third type of SDN highlighted, a hybrid model. Are there any instances of this sort of model being developed? —ECI Blog

The post On the ‘net: The background of I2RS appeared first on 'net work.

Worth Reading: Study highlights lack of IoT security

Despite widespread concern about the security of mobile and Internet of Things (IoT) applications, organizations are ill-prepared for the risks they pose, according to a research report issued today from Ponemon Institute, IBM Security, and Arxan Technologies. “Mobile and IoT applications continue to be released at a rapid pace to meet user demand. If security isn’t designed into these apps there could be significant negative impacts,” says Diana Kelley, Global Executive Security Advisor, IBM Security. —Circle ID

The post Worth Reading: Study highlights lack of IoT security appeared first on 'net work.

Worth Reading: Videos from ION Bucharest

We held ION Bucharest last year alongside the Romanian Network Operators’ Group (RONOG). It took a little longer than usual, but now all the presentations and video archives are available online. As we gear up for ION Islamabad next week on 25 January, this is a chance to get a sneak peak at the type of content we’ll be presenting! Bucharest was filled with IPv6, DNSSEC, DANE, TLS, IETF, and Routing Security information, and now you can watch it all from the comfort of your own device. —The Internet Society

The post Worth Reading: Videos from ION Bucharest appeared first on 'net work.

Dispersing a DDoS: Initial thoughts on DDoS protection

Distributed Denial of Service is a big deal—huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, “tonight my network will not be impacted by a DDoS attack.” There are tools and services that deploy various mechanisms that will do the engineering and work for you, but there is no solution for DDoS attacks.

One such reaction tool is spreading the attack. In the network below, the network under attack has six entry points.

Assume the attacker has IoT devices scattered throughout AS65002 which they are using to launch an attack. Due to policies within AS65002, the DDoS attack streams are being forwarded into AS65001, and thence to A and B. It would be easy to shut these two links down, forcing the traffic to disperse across five entries rather than two (B, C, D, E, and F). By splitting the Continue reading

Worth Reading: Constructing your CCDE Practical Exam Strategy

This blog is the second of a two-part series focused on preparing candidates for success in achieving the CCDE. Mastering the tools available to you can be a “force multiplier” on exam day. There are three primary tools available to you during the practical exam: on-screen highlighting, built-in notepad, and a physical dry-erase board. I will discuss each of these in detail. All candidates have access to each tool for all four scenarios. —Cisco Learning Network

The post Worth Reading: Constructing your CCDE Practical Exam Strategy appeared first on 'net work.

Worth Reading: Content delivery networks move data closer to the edge

Content delivery networks (CDNs) are the new “middleware” that connect the users who work and live at the network’s endpoints with the bulk of data resources that are increasingly centralized in the cloud. Many industry watchers admit being caught by surprise as the expected decline in “hyperscale” data centers failed to materialize. Data centers continue to grow in size, but the total number of data centers hasn’t declined as expected, according to an article in Data Center Knowledge. —The New Stack

The post Worth Reading: Content delivery networks move data closer to the edge appeared first on 'net work.