snaproute Go BGP Code Dive (12): Moving to Established

In last week’s post, the new BGP peer we’re tracing through the snaproute BGP code moved from open to openconfirmed by receiving, and processing, the open message. In processing the open message, the list of AFIs this peer will support was built, the hold timer set, and the hold timer started. The next step is to move to established. RFC 4271, around page 70, describes the process as—

If the local system receives a KEEPALIVE message (KeepAliveMsg (Event 26)), the local system:
 - restarts the HoldTimer and
 - changes its state to Established.

In response to any other event (Events 9, 12-13, 20, 27-28), the local system:
 - sends a NOTIFICATION with a code of Finite State Machine Error,
 - sets the ConnectRetryTimer to zero,
 - releases all BGP resources,
 - drops the TCP connection,
 - increments the ConnectRetryCounter by 1,
 - (optionally) performs peer oscillation damping if the DampPeerOscillations attribute is set to TRUE, and
 - changes its state to Idle.

For a bit of review (because this is running so long, you might forget how the state machine works), the way the snaproute code is written is as a state machine. The way the state machine works is Continue reading

Worth Reading: Creating a PCE Prototype

So almost, a little bit over an year ago, when I wasn’t working for a Vendor and was looking for a PCE to fool around with RSVP-TE/SR-TE but I wasn’t able to find anything. At that time, Only thing I was able to found was Open daylight but its PCEP implementation didn’t have Segment Routing support, so I was out of luck. At the same time I was also working on improving my programmatic skills. So I thought why not combine both problems together and write my own PCEP prototype… —Packet Pushers

The post Worth Reading: Creating a PCE Prototype appeared first on 'net work.

Worth Reading: Three great lies of cloud computing

It’s elastic! It’s on-demand! It scales dynamically to meet your needs! It streamlines your operations, gives you persistent access to data, and it’s always, always cheaper. It’s cloud computing, and it’s here to save your enterprise. And yet, for all the promise of cloud, there are still segments of IT, such as HPC and many categories of big data analytics, that have been resistant to wholesale outsourcing to public cloud resources. At present cloud computing makes up only 2.4 percent of the HPC market by revenue, and although Intersect360 Research is forecast its growth at a robust 10.9 per year, that still keeps it well under 5 percent throughout the five-year forecast period. —The Next Platform

The post Worth Reading: Three great lies of cloud computing appeared first on 'net work.

Sand Castle

The post Sand Castle appeared first on 'net work.

Worth Reading: Modernizing business services through the CPE

In a previous blog, I discussed how equipment providers are facing a lucrative but pitfall-laden path in deciding how to invest in NFV to displace dedicated appliances. CSPs have similar NFV investment decisions to make on the user side of the equation. They need to answer the question: “Where should I start implementing an NFV strategy to deliver network functions and customer services as a means of improving my bottom line and business success?” One strong candidate for this starting point is Universal Customer Premises Equipment. —ECI

The post Worth Reading: Modernizing business services through the CPE appeared first on 'net work.

Worth Reading: The best and worst ways to look for a job

Some of the 10 traditional job hunting methods that follow have a pretty good record and will repay you for time spent pursuing them. But others have a really terrible record and are a waste of your time and energy. The success rate figures cited are a mash of studies I’ve seen, plus, where no studies have been done, my own impressions over the past 45 years of working with job hunters or career changers and writing “What Color Is Your Parachute?” —Market Watch

The post Worth Reading: The best and worst ways to look for a job appeared first on 'net work.

Worth Reading: The fall of Theranos

This year has witnessed the spectacular fall from grace for the former Silicon Valley darling Theranos, the Palo Alto-based blood-testing startup, and its high-powered millennial co-founder, Elizabeth Holmes. Once valued at over $9 billion, Theranos has now become a target for massive mockery online. Perhaps the Theranos story also holds a much larger lesson about our whole technology culture. Though the company initially promised hundreds of cheap medical tests could be performed from a single pinprick of blood, what the company was less than candid about was its tests — which were available at Walgreens! — reportedly relied on using other companies’ technologies to stay afloat. —The New Stack

The post Worth Reading: The fall of Theranos appeared first on 'net work.

Worth Reading: Government lawyers don’t understand the internet

Last year, the FBI nearly destroyed the life of an innocent physicist. In May 2015, agents arrested Xi Xiaoxing, the chairman of Temple University’s physics department, and charged that he was sneaking Chinese scientists details about a piece of restricted research equipment known as a “pocket heater.” An illustrious career seemed suddenly to implode. A few months later, though, the Justice Department dropped all the charges and made an embarrassing admission: It hadn’t actually understood Xi’s work. After defense experts examined his supposed “leaks,” they pointed out that what he’d shared with Chinese colleagues wasn’t a restricted engineering design but in fact a schematic for an altogether different type of device. —Washington Post

The post Worth Reading: Government lawyers don’t understand the internet appeared first on 'net work.

The ever expanding menu…

A short note reminding the gentle readers who wander in to this site of the riches of information available in the main menu to the left of this post…

rule 11 reader takes you to a subscription form for the mailing list. The format and frequency of the mailing list is a little messed up right now, and I always mean to do more with it, but never seem to get around to it.

sixty books takes you to a list of books I’ve found particularly helpful or useful over the years. The title isn’t the number of books, strictly speaking, but rather a challenge to read sixty books this year. Not all of these are related to network engineering.

worth visiting is something of a blog role and interesting sites, not all related to network engineering.

author page takes you to a page listing all of my works. Right now this is on Amazon, but as not all my works are available on Amazon, I need to fix this. Yes, it’s already on my list of things to do.

network icons is a set of icons I use in public presentations not tied to a company, etc. These are Continue reading

Worth Reading: a troubling new chapter for the ‘net

For the better part of a day, KrebsOnSecurity, arguably the world’s most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn’t like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. —Ars Technica

The post Worth Reading: a troubling new chapter for the ‘net appeared first on 'net work.

Worth Reading: The telco quality transformation

The telecoms industry has two fundamental issues whose resolution is a multi-decade business and technology transformation effort. This re-engineering programme turns the current “quantities with quality” model into a “quantities of quality” one. Those who prosper will have to overcome a powerfully entrenched incumbent “bandwidth” paradigm, whereby incentives are initially strongly against investing in the inevitable and irresistible future.Recently I had the pleasure of meeting the CEO of a fast-growing vendor of software-defined networking (SDN) technology. The usual ambition for SDN is merely internal automation and cost optimisation of network operation. In contrast, their offering enables telcos to develop new “bandwidth on demand” services. The potential for differentiated products that are more responsive to demand makes the investment case for SDN considerably more compelling. —CircleID

The post Worth Reading: The telco quality transformation appeared first on 'net work.

Reaction: The Power of Unintended Consequences #49687

Warning, some philosophy may have unintentionally slipped into this post…

There are few things in life that ever really change; rather, we are held captive to what appears to be a surprisingly small set of rules that have lasted at least as long as writing seems to have been around, and—if the history of humanity described in writing is any guide—as long as humans have existed (regardless of your thoughts on that particular topic). One of them, for instance, is that there’s nothing truly new; take these few lines, for instance—

A generation goes, and a generation comes,
but the earth remains forever.
The sun rises, and the sun goes down,
and hastens to the place where it rises.
The wind blows to the south
and goes around to the north;
around and around goes the wind,
and on its circuits the wind returns.
All streams run to the sea,
but the sea is not full;
to the place where the streams flow,
there they flow again.
All things are full of weariness;
a man cannot utter it;
the eye is not satisfied with seeing,
nor the ear filled with hearing.
What has been is what will be,
and what Continue reading

Worth Reading: Decryption mandates and global internet freedom

The debate over law enforcement and widespread strong encryption implicates powerful competing values. On one side, the liberty, privacy, and cybersecurity of American consumers and companies; on the other, the need to investigate serious crimes and protect the country against terrorism. Should companies be compelled to weaken their products (as most technologists see it)? Does the Fourth Amendment’s “balance” require that law enforcement retain the ability to access data covered by a search warrant? Does law enforcement really need such a mandate to investigate effectively? Does the First Amendment permit Congress to enact a ban on encoding one’s communications? Would such a ban be effective given the proliferation of new, powerful, easily accessible encryption technologies, including many created by foreign companies? —Hoover Institute

The post Worth Reading: Decryption mandates and global internet freedom appeared first on 'net work.

Worth Reading: The venerable, vulnerable firewall

There is no network security technology more ubiquitous than the firewall. With nearly three decades of deployment history and a growing myriad of corporate and industrial compliance policies mandating its use, no matter how irrelevant you may think a firewall is in preventing today’s spectrum of cyber threats, any breached corporation found without the technology can expect to be hung, drawn, and quartered by both shareholders and industry experts alike. … From a hacker’s perspective, with most targeted systems providing HTTP or HTTPS services, firewalls have rarely been a hindrance to breaching a network and siphoning data. What many people fail to realize is that the firewall is itself a target of particular interest — especially to sophisticated adversaries. Sitting at the very edge of the network and rarely configured or monitored for active compromise, the firewall represents a safe and valuable beachhead for persistent and targeted attacks. —CircleID

The post Worth Reading: The venerable, vulnerable firewall appeared first on 'net work.

Elephant Flows, Fabrics, and I2RS

The last post in this series on I2RS argues that this interface is designed to augment, rather than replace, the normal, distributed routing protocol. What sort of use case could we construct that would use I2RS in this way? What about elephant flows in data center fabrics? An earlier post considers how to solve the elephant flow using segment routing (SR); can elephant flows also be guided using I2RS? The network below will be used to consider this question.

Assume that A hashes a long lived elephant flow representing some 50% of the total bandwidth available on any single link in the fabric towards F. At the same time, A will hash other flows, represented by the red flow lines, onto each of the three links towards the core of the fabric in pretty much equal proportion. Smaller flows that are hashed onto the A->F link will likely suffer, while flows hashed onto the other two links will not.

This is a particularly bad problem in applications that have been decomposed into microservices, as the various components of the application tend to rely on fairly fixed delay and jitter budgets over the network to keep everything synchronized and running quickly. Continue reading

Worth Reading: Digital Racket

Has our enslavement to dopamine — to the instant hits of validation that come with a well-crafted tweet or Snapchat streak — made us happier? I suspect it has simply made us less unhappy, or rather less aware of our unhappiness, and that our phones are merely new and powerful antidepressants of a non-pharmaceutical variety. —NY Mag, via Ethan Banks

The post Worth Reading: Digital Racket appeared first on 'net work.

Worth Reading: What is segment routing?

Do you remember source routing, used in token ring bridging networks? If you’re relatively new to networking, you may not know about it. In source routing, the hosts determine the path to take through the network and build a frame header that specifies the forwarding nodes that the frame should pass through as it goes from source to destination. The token ring implementation typically used special frames called explorer packets to discover the set of paths from source to destination. Too many explorer packets could cause overloading problems with the network nodes (source route bridges) and with the hosts that had to process them, much like a broadcast storm in Ethernet networks. —Netcraftsmen

The post Worth Reading: What is segment routing? appeared first on 'net work.

Grand Staircase

The post Grand Staircase appeared first on 'net work.

Worth Reading: The biggest attack in internet history

For a long time, Akamai offered their DOS protection service to Krebs pro bono, both as a public service and because it’s fantastic advertising. Brian is perhaps the most high-profile target for cyber-criminals: if Akamai can defend his site, they can defend anybody’s. But it would appear Brian’s latest round of reporting—including both the Israeli arrests and outing the fact that an anti-DOS service’s former owner appeared to control a huge DOS botnet—has managed to annoy someone enough to launch a DOS attack that not only disrupted Kreb’s site but actually caused disruption to Akamai’s other services! This attack was so disruptive that Akamai had to prioritize their paying customers and stop supporting Kreb’s site. —LawFare

The post Worth Reading: The biggest attack in internet history appeared first on 'net work.

Worth Reading: A digital rumor should never lead to a police raid

If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional. Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol (IP) address information. In a whitepaper released today, EFF challenges law enforcement and courts’ reliance on IP addresses, without more, to identify the location of crimes and the individuals responsible. —EFF

The post Worth Reading: A digital rumor should never lead to a police raid appeared first on 'net work.