Russ

Author Archives: Russ

Worth Reading: Automation, Robotics, and the Future

And humility because of the poorness of our ability to peer into the future. When reviewing the mountains of books and magazine articles that have sought to predict what the future holds in automation and related fields, when reading the hyped tech headlines or when looking at the many charts and tables extrapolating from the past to help us forecast the future, it is striking to see how often our predictions go wrong. The New Atlantis

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Automation, Robotics, and the Future appeared first on 'net work.

DHCP Topology Customization Options

The Dynamic Host Configuration Protocol (DHCP) is widely used, and yet poorly understood. There are, in fact, a large number of options in DHCP—but before we get to these, let’s do a quick review of basic off-segment operation.

dhcp-relay

When the client, which has no IP address, sends out a request for configuration information, what happens? The Router, A, if it is configured to be a DHCP helper, will receive the packet and forward it to the DHCP server, which is presumably located someplace else in the network. The router generally knows what address to send the request to because of manual configuration—but how does the server know how to get the packet back to the original requester?

The helper—Router A in this case—inserts the IP address of the interface on which the request was received into the giaddr field of the DHCP packet. As boring as this might seem, this is where things actually get pretty interesting. It’s possible, of course, for a router to have an logical layer three interface that sits on a bridge group (or perhaps an IRB interface). The router obviously needs to be able to put more information in the DHCP request to handle this Continue reading

When prepend fails, what next? (1)

So you want to load share better on your inbound ‘net links. If you look around the ‘web, it won’t take long to find a site that explains how to configure AS Path Prepending. So the next time you have downtime, you configure it up, turn everything back on, and… Well, it moved some traffic, but not as much as you’d like. So you wait ’til the next scheduled maintenance window and configure a couple of extra prepends into the mix. Now you fire it all back up and… not much happens. Why not? There are a couple of reasons prepending isn’t always that effective—but it primarily has to do with the way the Internet itself tends to be built. Let’s use the figure below as an example network.

as-path-prepend

You’re sitting at AS65000, and you’re trying to get the traffic to be relatively balanced across the 65001->65000 and the 65004->65000 links. Say you’ve prepended towards AS65001, as that’s the provider sending you more traffic. Assume, for a moment, that AS65003 accepts routes from both AS65001 and AS65004 on an equal basis. When you prepend, you’re causing the route towards your destinations to appear to be longer from AS65003’s perspective. This Continue reading

Worth Reading: Plumgrid, Cumulus, and SDN

With the advent of Software Defined Networking, enterprises are able to manage their network through a series of abstracted layers, offering a flexibility that was out of reach even 10 years ago. While this may seem futuristic to some, SDN is quickly becoming the new standard when working with containers, networks, and VMs at scale. The New Stack

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Plumgrid, Cumulus, and SDN appeared first on 'net work.

Can != Should, Is != Ought

Maybe I’m getting too old for my own good. Or maybe studying philosophy is making me older. Here in the US, though, it is Memorial Day, a day where people normally grill burgers and dogs, throw a few back, and forget to ask why. It’s just another day off, and days off are good for—well, for something.

Memorial Day, in the US, stands in memorial for those who fought—and, specifically died—for our freedom. But what is freedom? In my world, there are two types of freedom: freedom from, and freedom to. Two pieces this week made me think through this difference once again, and how we are increasingly confusing the two concepts.

But the big thing that changed this week is a Google home device is no longer a theoretical possibility. It’s here. And on a sunny day at the outdoor amphitheater, just a half mile away from the Googleplex, the audience watched as a video showed the device at work in the home of a typical American family. There was laughter when the dad broadcast his playlist into every room in the home, waking up his sleeping children — and then later remotely turned on the lights to make Continue reading

Worth Reading: The privacy of telephone metadata

We investigate the privacy properties of telephone metadata to assess the impact of policies that distinguish between content and metadata. We find that telephone metadata is densely interconnected, can trivially be reidentified, enables automated location and relationship inferences, and can be used to determine highly sensitive traits. —National Academy of Sciences

LinkedInTwitterGoogle+Facebook

The post Worth Reading: The privacy of telephone metadata appeared first on 'net work.

Worth Reading: BGP as a southbound API

BGP is a very scalable protocol. It’s used the world over to exchange routes and keep the Internet running smoothly. But it has other power as well. It can be extended to operate in other ways beyond the original specification. Unlike rigid protocols like RIP or OSPF, BGP was designed in part to be extended and expanded as needs changes. IS-IS is a very similar protocol in that respect. It can be upgraded and adjusted to work with both old and new systems at the same time. —Networking Nerd

LinkedInTwitterGoogle+Facebook

The post Worth Reading: BGP as a southbound API appeared first on 'net work.

Worth Reading: Are NVMe fabrics in your future?

NVMeF promises both a huge gain in system performance and new ways to configure systems. To understand what this means, we have to separate NVMe from its current implementation that uses direct PCIe connects. The PCIe approach arose a few years back from the then top-tier persistent storage, the flash card, which had reached the limit of SCSI-based operations due to IO stack overhead and interrupt handling problems. —Network Computing

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Are NVMe fabrics in your future? appeared first on 'net work.

What is a Failure Domain?

“No, I wouldn’t do that, it will make the failure domain too large…”
“We need to divide this failure domain up…”

Okay, great—we all know we need to use failure domains, because without them our networks will be unstable, too complex, and all that stuff, right? But what, precisely, is a failure domain? It seems to have something to do with aggregation, because just about every network design book in the world says things like, “aggregating routes breaks up failure domains.” It also seems to have something to do with flooding domains in link state protocols, because we’re often informed that you need to put in flooding domain boundaries to break up large failure domains. Maybe these two things contain a clue: what is common between flooding domain boundaries and aggregating reachability information?

Hiding information.

But how does hiding information create failure domain boundaries?

failure-domain

If Router B is aggregating 2001:db8:0:1::/64 and 2001:db8:0:2::/64 to 2001:db8::/61, then changes in the more specific routes will be hidden from Router A. This hiding of information means a failure of one of these two more specific routes does not cause Router A to recalculate what it knows about reachability in the network. Hence a Continue reading

Worth Reading: Inside the million machine clickfraud botnet

Online advertising is a multi-billion dollar business mostly ran by Google, Yahoo or Bing via AdSense-like programs. The current generation of clickbots such as the Redirector.Paco Trojan have taken abuse to a whole new level, burning through companies’ advertising budget at an unprecedented pace. —Bitdefender

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Inside the million machine clickfraud botnet appeared first on 'net work.

BGP Security and SPAM

Spam might seem like an annoyance in the US and other areas where bandwidth is paid for by the access rate—and what does spam have to do with BGP security? In many areas of the world, however, spam makes email practically unusable. When you’re paying for Internet access by the byte transmitted or received, spam costs real money. The normal process for combating spam involves a multi-step process, one step of which is to assess the IP address of the mail server’s previous activity for a history of originating spam. In order to avoid classifiers that rely on the source IP address, spammers have turned to hijacking IP address space for short periods of time. Since this address space is normally used for something other than email (or it’s not used at all), there is no history on which a spam detection system can rely.

The evidence for spam related hijacking, however, is largely anecdotal, primarily based in word of mouth and the rare widely reported incidents. How common are these hijacks, really? What sort of address space is really used? To answer this question, a group of researchers from Symantec and the Qatar Computing Research Center undertook a project Continue reading

1 123 124 125 126 127 159