Russ

Author Archives: Russ

Updated Generic Icon Set

I’ve updated the generic icons linked from this page to include a virtual router/switch. I’ve also added two different spine and leaf topologies to the presentation. I may add other “generic” topologies over time, as I run across ones that seem worth including. These are completely public domain; I would encourage you to use them instead of the normal sets of vendor icons in drawing, books, blogs, etc.

Updated: Thanks to Greg Ferro, there is now a version of these in Omnigraffle! They’re linked on the same page.

The post Updated Generic Icon Set appeared first on 'net work.

On the ‘net: The background of I2RS

Through this (probably far too long) series on SDNs, we have looked at BGP, Fibbing, and Openflow. BGP and Fibbing would be described as augmented control planes; the distributed control plane is not replaced, but rather augmented with a controller that modifies the best path decisions of the control plane by interacting with the control itself in a somewhat “native” way. Openflow, on the other hand, replaces the distributed control plane; it would actually be difficult to build a system that talks directly to the FIB that does not entirely replace the control plane. But in the original classification, there was a third type of SDN highlighted, a hybrid model. Are there any instances of this sort of model being developed? —ECI Blog

The post On the ‘net: The background of I2RS appeared first on 'net work.

Worth Reading: Study highlights lack of IoT security

Despite widespread concern about the security of mobile and Internet of Things (IoT) applications, organizations are ill-prepared for the risks they pose, according to a research report issued today from Ponemon Institute, IBM Security, and Arxan Technologies. “Mobile and IoT applications continue to be released at a rapid pace to meet user demand. If security isn’t designed into these apps there could be significant negative impacts,” says Diana Kelley, Global Executive Security Advisor, IBM Security. —Circle ID

The post Worth Reading: Study highlights lack of IoT security appeared first on 'net work.

Worth Reading: Videos from ION Bucharest

We held ION Bucharest last year alongside the Romanian Network Operators’ Group (RONOG). It took a little longer than usual, but now all the presentations and video archives are available online. As we gear up for ION Islamabad next week on 25 January, this is a chance to get a sneak peak at the type of content we’ll be presenting! Bucharest was filled with IPv6, DNSSEC, DANE, TLS, IETF, and Routing Security information, and now you can watch it all from the comfort of your own device. —The Internet Society

The post Worth Reading: Videos from ION Bucharest appeared first on 'net work.

Dispersing a DDoS: Initial thoughts on DDoS protection

Distributed Denial of Service is a big deal—huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, “tonight my network will not be impacted by a DDoS attack.” There are tools and services that deploy various mechanisms that will do the engineering and work for you, but there is no solution for DDoS attacks.

One such reaction tool is spreading the attack. In the network below, the network under attack has six entry points.

Assume the attacker has IoT devices scattered throughout AS65002 which they are using to launch an attack. Due to policies within AS65002, the DDoS attack streams are being forwarded into AS65001, and thence to A and B. It would be easy to shut these two links down, forcing the traffic to disperse across five entries rather than two (B, C, D, E, and F). By splitting the Continue reading

Worth Reading: Constructing your CCDE Practical Exam Strategy

This blog is the second of a two-part series focused on preparing candidates for success in achieving the CCDE. Mastering the tools available to you can be a “force multiplier” on exam day. There are three primary tools available to you during the practical exam: on-screen highlighting, built-in notepad, and a physical dry-erase board. I will discuss each of these in detail. All candidates have access to each tool for all four scenarios. —Cisco Learning Network

The post Worth Reading: Constructing your CCDE Practical Exam Strategy appeared first on 'net work.

Worth Reading: Content delivery networks move data closer to the edge

Content delivery networks (CDNs) are the new “middleware” that connect the users who work and live at the network’s endpoints with the bulk of data resources that are increasingly centralized in the cloud. Many industry watchers admit being caught by surprise as the expected decline in “hyperscale” data centers failed to materialize. Data centers continue to grow in size, but the total number of data centers hasn’t declined as expected, according to an article in Data Center Knowledge. —The New Stack

The post Worth Reading: Content delivery networks move data closer to the edge appeared first on 'net work.

Worth Reading: A new propaganda agency is born

The newly created Global Engagement Center is tasked with coordinating the Federal Government’s efforts to “understand, expose, and counter foreign state and non-state propaganda and disinformation… aimed at undermining United States national security interests.” This appears to be the government’s response to the as-yet unsubstantiated claims of “Russian hacking” that allegedly stole the election. No definition of what constitutes “propaganda and disinformation” or “national security interests” is given. In practice, these words can mean anything the Center would like them to mean. —Intellectual Takeout

The post Worth Reading: A new propaganda agency is born appeared first on 'net work.

Worth Reading: Inside the mind of cyber criminals

Information sharing amongst security specialists is crucial; in the eyes of a criminal, no company is unique. As a rule of thumb, perpetrators will initially cast a wide net and move downstream toward the easiest prey. It’s more likely to become a victim via common attack vector, rather than to experience a highly sophisticated and tailored attack. On the other hand, security specialists should never underestimate the determination of an attacker. Highly valuable and quickly sold on underground information such as payment, healthcare, and personally identifiable records, as well as sensitive M&A information, must be identified as a targeted asset, quarantined, and stored encrypted. —Recorded Future

The post Worth Reading: Inside the mind of cyber criminals appeared first on 'net work.

Large Scale Network Design LiveLesson

Alvaro and I finished recording a new LiveLesson back in December; it should be available for pre-purchase at the end of January. For those folks interested in network design, this is going to be a great video series. We originally started out with the idea of updating Optimal Routing Design, but the project quickly morphed into its “own thing,” which means this video series is actually more of a compliment to ORD, rather than a replacement. Some pieces will be more up-to-date than the book, but there are a number of things covered in the book that are not covered in the video.

Large Scale Network Design LiveLessons takes you through the concepts behind stable, scalable, elegant network design, including modularity, resilience, layering, and security principles. This livelesson will focus on traditional distributed link state, distance vector, and path vector routing protocols, as well as the basic principles of centralized control planes (such as OpenFlow). A special point will be made of sorting out the relationship between policy and reachability, and where they can best be managed in a large scale network.

The post Large Scale Network Design LiveLesson appeared first on 'net work.

Worth Reading: Studying the IPv4 transfer market

The Internet community anticipated this almost two decades ago and standardized IPv6 as a long-term solution. IPv6 uptake is, however, still lagging. Hence, affected businesses have actively started seeking stop-gap measures to prolong the lifetime of IPv4 addresses. These measures include address space redistribution, deploying large scale NATs, and trading IPv4 blocks on the IPv4 transfer market. The emergence of this market has radically changed the nature of IPv4 addresses from a free resource to a commodity, which has raised many questions about market regulations. This blog post explores the evolution of the IPv4 transfer market. —APNIC

The post Worth Reading: Studying the IPv4 transfer market appeared first on 'net work.

Worth Reading: Could zombie toasters DDoS my serverless?

With serverless, there is essentially no limit on the number of requests you could be handling — the service scales up automatically and almost instantaneously for every concurrent request. This is great if your product suddenly becomes successful, as you don’t really need to plan for additional scale; it is all handled for you automatically without even the need to think about an autoscaling set-up. But what if your service isn’t suddenly rising up the popularity charts, and is simply the victim of a coordinated attack by a botnet? You’re being charged by the function call. Could the unlimited cost of all those function calls take you out of business? —The New Stack

The post Worth Reading: Could zombie toasters DDoS my serverless? appeared first on 'net work.

On the ‘net: Rockstar SE with Terry Kim

I was recently interviewed on Rockstar SEby Terry Kim—it’s a worthwhile listen!

Russ White has over 30 years of experience in network engineering; A Distinguished Architect during his time at Cisco, holds the highest certification Cisco has to offer as a CCAr and holds CCDE #1. He’s also a Published author, worldwide speaker at many tech conferences, and has over 40+ patents. This guy is a legend in the field of networking folks. In this episode we discuss SDN, Fog Computing, Disaggregation, and what network engineers should focus on for the future and more! You don’t want to miss this one!

The post On the ‘net: Rockstar SE with Terry Kim appeared first on 'net work.

Worth Reading: Automatically identifying bottlenecks

One common question we need to answer when trying to decrease page load time is: where is the performance bottleneck? In other words, where should the engineers focus their efforts? Usually, to answer this question, a performance engineer will look into performance metrics and check some samples captured by Resource Timing API and Call Graph and locate the hotspots. This approach can be very useful, but had the drawback of “trial and error.” Also, many sample waterfalls have to be clicked and analyzed manually to find bottlenecks. We wanted a systematic way that a tool could automatically provide bottleneck details quickly based on existing, large amounts of data. —LinkedIn Engineering Blog

The post Worth Reading: Automatically identifying bottlenecks appeared first on 'net work.

Worth Reading: We’re all responsible for fake news

In an era of public opinion polls, we rarely turn our criticisms back on the public. Maybe that should change. Many people are angry with the press right now, and that’s very understandable, but we also need to acknowledge this truth: media outlets today are subject to ruthless competitive pressure. … Ask yourself: What kinds of pieces do I look for, and which do I share with my friends? … So, what does the public want? Are they interested in solid reporting and honest, careful reasoning? Or do they just want people to massage their sensitivities and confirm all their pre-existing views? If it’s mainly the latter, righting the ship will be very difficult indeed. —The Federalist

The post Worth Reading: We’re all responsible for fake news appeared first on 'net work.

The Great Domain Debacle

For those who are interested—this weekend I got into a “discussion” with my old/current DNS provider, Network Solutions. I’ve been using them for years, but there have apparently been recent changes at the company. Part of their “new” terms of service say—

We may, at any time, activate the auto-renew service for eligible services in your account. Further, we may provide you with an opportunity to “opt in” to our automatic renewal process in accordance with the instructions (and subject to your agreement to the terms and conditions pertaining to that process) on our Website. You agree that if you are enrolled in or otherwise utilizing our auto-renew service, we will attempt to renew your service at some point less than ninety (90) days prior to its expiration. Such automatic renewal for your service(s), if successful, may be for a shorter term than the term for which you originally purchased your service(s), but in no event shall such term be longer than the term then-currently in place for the service(s). Such automatic renewal for your service(s), if successful, shall be at the then-current price for the service(s). You further agree that, to turn off the auto-renew service for any of Continue reading

SDxE: Engineer Focused

As an engineer, you’ve probably asked yourself a thousand times—what does all this software defined stuff mean for me? Answers are out there, of course; it seems like everyone is writing about it. Some of the answers out there are even useful, of course, but some of them are not. Most folks writing about the software defined craze are either unrealistic, or they’re focused on the large scale network you probably aren’t working on. Which leaves the question lingering: how does software defined apply to me?

SDxE—Software Defined Enterprise—is a new show designed to answer those questions for the engineer. I’ll be there; the full schedule isn’t in place, but I am currently pulling together a panel about the end of the (appliance) router. I plan to have folks from Cumulus, 6Wind, and at least one independent expert (Jeff Tantsura), sitting down to chat with me about disaggregation and the future of the router market. Specifically, are the tools in place that will allow you, the average engineer, running the “average” “enterprise” network, to take advantage of disaggregation?

Shawn Zandi will be there discussing the LinkedIn data center, and Pete Lumbis will be there talking about network automation. Continue reading

Worth Reading: Python 3.6 released

The coding community got a nice bonus gift under our collective Christmas tree on December 23, 2016, when the Python Software Foundation released the latest version of the language, Python 3.6. While the rest of us were busy snagging cocktail snacks at the office holiday party, Continuum Analytics maker of Anaconda, the leading open source data science platform for the Python programming language — was busy issuing their own matching release. —New Stack

The post Worth Reading: Python 3.6 released appeared first on 'net work.

Worth Reading: Constructing your CCDE practical exam strategy

I passed the CCDE practical in November 2016 along with some of the finest engineers I know, from whom which I’ve learned a few things that I wanted to share with you. This two-part blog series is meant to be a descriptive (not prescriptive) enumeration of the different study strategies and tools you’ll have at your disposal. These strategies are not often discussed but are important in achieving the CCDE. Specifically, this first blog discusses the study strategy component. —Cisco Learning Network

The post Worth Reading: Constructing your CCDE practical exam strategy appeared first on 'net work.

1 102 103 104 105 106 162