Worth Reading: Big buffers and reality

This whole big buffer nonsense has gotten out of hand (kinda like Trump and his H-yuge Border Wall or Clinton and her lack of ethics) and it’s time for this issue to be put to rest. For the last few years, the main messaging from Arista has been that you need big buffers for everything, especially for big data applications. I’m not saying it doesn’t make for a good marketing soundbite… —Packet Pushers

The post Worth Reading: Big buffers and reality appeared first on 'net work.

Worth Reading: Binding to an IPv6 subnet

In the original framework of the IP architecture, hosts had network interfaces, and network interfaces had single IP addresses. The list of active network interfaces, and the manner in which they acquire IP addresses, either by a static configuration or by some dynamic mechanism via a query to the local network, is specified in a boot time configuration file. —Potaroo

The post Worth Reading: Binding to an IPv6 subnet appeared first on 'net work.

Enough with “firewalls”

A mythical conversation on firewalls, and some observations

“Let’s put the firewall here, so it can protect the servers in this part of the network.”
“How would you define a firewall?”
“You know, the appliance that, well, protects servers and other machines from outside threats…”
“And how does it do this?”
“By filtering the traffic using some sort of stateful mechanism, and network address translation, and deep packet inspection, and blocking certain ports, and…”
“In other words, it’s a bunch of services on a single device?”
“Yes…”
“Then maybe we should think in terms of services instead of appliances.”

I’ve never actually had this conversation, but I’ve had many similar ones across my times as a network engineer. I’ll admit, in fact, that it took a lot of conversations like this (with me on the receiving end) to grock the difference between a service and an appliance, and to see that my constant thinking in terms of appliances (or even devices) was actually hindering my ability to design networks. Let me give you two specific reasons you should think of security services, instead of security appliances.

First, When you disaggregate the “things a firewall Continue reading

Worth Reading: HPE trims back

The trouble that Dell and HPE found themselves in is that they did not build platforms fast enough as the market shifted away from selling or reselling licensed software and putting platforms together piecemeal for customers and towards companies using a public cloud as a platform or companies using a set of open source components figuring it out on their own. Frankly, companies like IBM, HPE, and Dell charge too much for such integration services, they take too long, and companies are always dependent on others to make changes to that platform because they lack expertise. —The NExt Platform

The post Worth Reading: HPE trims back appeared first on 'net work.

Worth Reading: Ditch the pitfalls of layer 2 in the data center

If you’re operating on the IT side, you’re likely all too familiar with troubleshooting an unexpected outage caused by what should be a simple upgrade to a switch, or bringing a new server onto the network. While modern data center design for private and public clouds has been rapidly evolving from traditional Layer 2 networks to Layer 3 centric leaf-spine architecture, too many of us are still dealing with the headaches that come from L2 technologies such as Multichassis Link Aggregation (MLAG), First Hop Redundancy Protocol (FHRP), and Spanning Tree Protocol (STP). —The New Stack

The post Worth Reading: Ditch the pitfalls of layer 2 in the data center appeared first on 'net work.

Grow Up

The post Grow Up appeared first on 'net work.

Worth Reading: Ransomware and backups

Read through the recent Wall Street Journal ransomware article and you’ll find some great stats on the growing threat and cost. One thing you won’t find: the word “backup.” We’re happy to see ransomware finally getting the attention it deserves, but why discuss the problem and leave out the obvious, simple antidote? It’s like an article on a bike theft epidemic that fails to mention that none of the bikes were locked up. —Cloud Security Alliance

The post Worth Reading: Ransomware and backups appeared first on 'net work.

Worth Reading: Hardware slaves to the master algorithm

Over the long course of IT history, the burden has been on the software side to keep pace with rapid hardware advances—to exploit new capabilities and boldly go where no benchmarks have gone before. However, as we swiftly ride into a new age where machine learning and deep learning take the place of more static applications and software advances are far faster than chipmakers can tick and tock to, hardware device makers are scrambling. —The Next Platform

The post Worth Reading: Hardware slaves to the master algorithm appeared first on 'net work.

snaproute Go BGP Code Dive (10): Moving to Established

In the last post on this topic, we traced how snaproute’s BGP code moved to the open state. At the end of that post, the speaker encodes an open message using packet, _ := bgpOpenMsg.Encode(), and then sends it. What we should be expecting next is for an open message from the new peer to be received and processed. Receiving this open message will be an event, so what we’re going to need to look for is someplace in the code that processes the receipt of an open message. All the way back in the fifth post of this series, we actually unraveled this chain, and found this is the call chain we’re looking for—

• func (st *OpenSentState) processEvent()
• st.fsm.StopConnectRetryTimer()
• bgpMsg := data.(*packet.BGPMessage)
• if st.fsm.ProcessOpenMessage(bgpMsg) {
  • st.fsm.sendKeepAliveMessage()
  • st.fsm.StartHoldTimer()
  • st.fsm.ChangeState(NewOpenConfirmState(st.fsm)) }

I don’t want to retrace all those steps here, but the call to func (st *OpenSentState) processEvent() (around line 444 in fsm.go) looks correct. The call in question must be a call to a function that processes an event while the peer is in the open state. This call seems to satisfy both Continue reading

Worth Reading: gRPC

HTTP’s convenience comes with a huge performance trade-off, which takes us back to the issue of finding the most optimal communication framework for microservices. Enter gRPC, the modern, lightweight communication protocol from Google. It’s a high-performance, open-source universal remote procedure call (RPC) framework that works across a dozen languages running in any OS. Within the first year of its launch, gRPC was adopted by CoreOS, Netflix, Square, and Cockroach Labs among others. —New Stack

The post Worth Reading: gRPC appeared first on 'net work.

Worth Reading: On decomposing systems

Flexibility (we tend to call it agility) and faster development times remain top of mind today. Comprehensibility less so, but perhaps we should be paying more attention there? Say you’re all bought into cloud native microservices based architectures, is splitting your system up into multiple independent services going to help you achieve your goals? —The Morning Paper

The post Worth Reading: On decomposing systems appeared first on 'net work.

Bridge to the Ocean

The post Bridge to the Ocean appeared first on 'net work.

Worth Reading: Do we still need OSPF areas?

When OSPF was created it used areas to minimize the size of the topology graph (and the time it took to run Dijkstra algorithm). In the meantime, the CPU speeds increased by orders of magnitude, and graph computation algorithms got a few optimization boosts (incremental SPF for example). —IPspace

The post Worth Reading: Do we still need OSPF areas? appeared first on 'net work.

Worth Reading: The Verisign DDoS Report (Q2 2016)

This report contains the observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services from April 1, 2016 through June 30, 2016 (‘‘Q2 2016”) and the security research of Verisign iDefense® Security Intelligence Services conducted during that time. It represents a unique view into the attack trends unfolding online, including attack statistics and behavioral trends for Q2 2016. —Verisign

The post Worth Reading: The Verisign DDoS Report (Q2 2016) appeared first on 'net work.

Worth Reading: Why you shouldn’t be bummed if you were laid off

A former boss of mine said it best: “Working for the same company for too long is like living in your parent’s basement. You can’t really say you’ve experienced real life.” Over 12 years, Cisco gave me the foundation and relationships for which I will always be grateful. But over time, like a bad relationship that feels good for the wrong reasons- the comfort of familiarity and easiness, I felt myself getting career stagnant and letting it ride. I knew deep down I could be a better version of my professional self. —Camille Gatenby

The post Worth Reading: Why you shouldn’t be bummed if you were laid off appeared first on 'net work.

Worth Reading: An internet for identity

Every online identity you have was given to you by someone else. This simple fact makes every online identity completely different from identity in the physical world where you exist first, independently, as a sovereign human being. As a result, online relationships are skewed. There’s an imbalance of power between people and organizations online. Here’s why. —CircleID

The post Worth Reading: An internet for identity appeared first on 'net work.

DC Fabric Segment Routing Use Case (5)

In this, the last post on DC fabrics as a Segment Routing use case, I mostly want to tie up some final loose ends. I will probably return to SR in the future to discuss other ideas and technical details.

Anycast

Anyone who keeps up with LinkedIn knows anycast plays a major role in many parts of the infrastructure. This isn’t unique to LinkedIn, though; most DNS implementations and/or providers, as well as just about every large scale public facing web application, also uses anycast. Which leads to an obvious question—how would SR work with anycast? The answer turns out to be much simpler than it might appear. The small diagram below might be helpful—

Assume A and B have two copies of a single service running on them, and we want hosts behind F to use one service or the other, just depending on which the routing system happens to route towards first. This isn’t quite the classical case for anycast, as anycast normally involves choosing the closest service, and both of the services in this example are equal distance from the hosts—but this is going to be the case more often than not in a data center. In Continue reading

Worth Reading: What Facebook learns by shutting down entire facilities

As we have reported before, Facebook has one of the boldest approaches to testing its infrastructure resiliency. The Facebook data center team regularly shuts down entire sites to see how its application will behave and to learn what improvements can be made. During his keynote this morning at the Facebook @Scale conference in San Jose, California, Jay Parikh, the company’s head of engineering and infrastructure, shared some of the big lessons his team has learned so far from these fire drills. —Data Center Knowledge

The post Worth Reading: What Facebook learns by shutting down entire facilities appeared first on 'net work.

Worth Reading: More huge tech acquisitions

The market for tech acquisitions is booming in 2016 as legacy technology companies shed old assets and consolidate, and companies in other industries scoop up tech assets at a historic pace. This comes despite 2015’s boom in overall M&A waning, the market for initial public offerings declining, and as data shows some tech “unicorns” may wait until at least 2017 to make their market debut. The tech industry appears to be an anomaly, with analysts expecting deal making to remain strong for the foreseeable future, despite near-term macro uncertainties such as the U.S. election. —Market Watch

The post Worth Reading: More huge tech acquisitions appeared first on 'net work.

Technology

The post Technology appeared first on 'net work.