Worth Reading: Classifying data structures security

Classification is the bedrock of data security, as it allows users to identify data, adding structure to the increasing volumes of unstructured information. When data is classified, organizations can raise security awareness, prevent data loss and comply with records-management regulations. -via Data Center Journal

The post Worth Reading: Classifying data structures security appeared first on 'net work.

Slicing and Dicing Flooding Domains (2)

The first post in this series is here.

Finally, let’s consider the first issue, the SPF run time. First, if you’ve been keeping track of the SPF run time in several locations throughout your network (you have been, right? Right?!? This should be a regular part of your documentation!), then you’ll know when there’s a big jump. But a big jump without a big change in some corresponding network design parameter (size of the network, etc.), isn’t a good reason to break up a flooding domain. Rather, it’s a good reason to go find out why the SPF run time changed, which means a good session of troubleshooting what’s probably an esoteric problem someplace.

Assume, however, that we’re not talking about a big jump. Rather, the SPF run time has been increasing over time, or you’re just looking at a particular network without any past history. My rule of thumb is to start really asking questions when the SPF run time gets to around 100ms. I don’t know where that number came from—it’s a “seat of the pants thing,” I suppose. Most networks today seem to run SPF in less than 10ms, though I’ve seen a few that Continue reading

Worth Reading: Carrier Supporting Carrier

There is another technology called Carrier Supporting Carrier or Carrier of Carriers. This technology is used when a customer buys a circuit from an SP, Internet service or L3 VPN and that SP uses another SP to carry their traffic between the locations. The SP connecting the customer is then the customer carrier and the SP providing the backbone is the backbone carrier. -via Lost In Transit

The post Worth Reading: Carrier Supporting Carrier appeared first on 'net work.

Reaction: BGP convergence, divergence & the ‘net

Let’s have a little talk about BGP convergence.

We tend to make a number of assumptions about the Internet, and sometimes these assumptions don’t always stand up to critical analysis. . . . On the Internet anyone can communicate with anyone else – right? -via APNIC

Geoff Huston’s recent article on the reality of Internet connectivity—no, everyone cannot connect to everyone—prompted a range of reactions from various folks I know.

For instance, BGP is broken! After all, any routing protocol that can’t provide basic reachability to every attached destination must be broken, right? The problem with this statement is it assumes BGP is, at core, a routing protocol. To set the record straight, BGP is not, at heart, a routing protocol in the traditional sense of the term. BGP is a system used to describe bilateral peering arrangements between independent parties in a way that provides loop free reachability information. The primary focus of BGP is not loop free reachability, but policy.

After all, BGP convergence is a big deal, right? Part of the problem here is that we use BGP as a routing protocol in some situations (for instance, on data center fabrics), so we have a hard time adjusting our thinking Continue reading

Worth Reading: Mobile is not everything

The industry is now maturing, and is well past its glory days of early growth. We have 4G widely deployed, and 5G is in the wings. Both are incremental rather than revolutionary changes. The retail market for “minutes, messages and megabytes” is saturating. . . . The high revenue and profit growth has shifted to devices (notably Apple’s) and online services (Google, Amazon, Alibaba, et al). The centre of power has inexorably moved towards platforms that manage and mine the flow of information. -via CircleID

The post Worth Reading: Mobile is not everything appeared first on 'net work.

DoS’ing your mind: Controlling information inflow

Everyone wants your attention. No, seriously, they do. We’ve gone from a world where there were lots of readers and not much content, to a world where there is lots of content, and not many readers. There’s the latest game over here, the latest way to “get 20,000 readers,” over there, the way to “retire by the time you’re 32” over yonder, and “how to cure every known disease with this simple group of weird fruit from someplace you’ve never heard of (but you’ll certainly go find, and revel in the pictures of perfectly healthy inhabitants now),” naggling someplace at the back of your mind.

The insidious, distracting suck of the Internet has become seemingly inescapable. Calling us from our pockets, lurking behind work documents, it’s merely a click away. Studies have shown that each day we spend, on average, five and a half hours on digital media, and glance at our phones 221 times. -via connecting

Living this way isn’t healthy. It reduces your attention span, which in turn destroys your ability to get anything done, as well as destroying your mind. So we need to stop. “Squirrel” is funny, but you crash planes. “Shiny thing” is funny, but Continue reading

Worth Reading: IPv4 Market Outlook

During Q4, the IPv4 trading market was the only source available to obtain IPv4 numbers in North America, and by the close of the year ARIN had recorded 194 transfers conveying over 34 million IPv4 numbers. Because a non-trivial portion of IPv4 transactions occur outside of the ARIN transfer approval process, even these high-growth numbers understate the total market activity in 2015. -via CircleID

The post Worth Reading: IPv4 Market Outlook appeared first on 'net work.

Worth Reading: The Chase for Network Speed

There is a delicate balance between the cost of building (and operating) a data center and the cost of hauling traffic over a wide area to take advantage of compute and storage resources. As this balance changes, the economics of build versus the cloud will shift. Falling processor prices can reduce the cost of cloud, but it also reduces the cost of local compute at the same time. -via Netcarftsmen

The post Worth Reading: The Chase for Network Speed appeared first on 'net work.

Oak Island Light House

The post Oak Island Light House appeared first on 'net work.

Worth Reading: Router SoC 101

Do you ever wonder what goes on inside a router? In this article, we take a close look at the SoCs inside of them, which help us manage and maintain our connected lives. -via tom’s hardware

The post Worth Reading: Router SoC 101 appeared first on 'net work.

Worth Reading: Why Disaggregation?

White box networking and servers, Virtualization and cloud based computing. All of these are related to a single trend in the computer networking world: disaggregation, or rather the splitting of hardware from software. The buzz around this new trend is obvious once you connect all the pieces together, but the drivers behind the disaggregation movement might not be. Why disaggregate, and why now?

This is my first post over at LighTALK, the official blog of ECI.

The post Worth Reading: Why Disaggregation? appeared first on 'net work.

Worth Reading: Rethinking Path Validation

As it’s difficult to secure what you cannot describe, it’s best to begin looking at the problem of BGP security with an accurate description of BGP. While most engineers would describe BGP as a routing protocol, this seems to fall short of the mark, as BGP uses policy as its primary metric, only falling back to the “shortest path” when multiple available paths have the same policy weight. So perhaps a more complete definition would be: BGP is a distributed system that describes peering relationships, policy, and reachability grounded in transitive trust. -via the LinkedIn Engineering Blog

This is my first post on the LinkedIn Engineering Blog—but definitely not my last.

This post is a written version of the presentation I recently gave at NANOG, and complements the series I’ve been doing on BGP security as a case study. Part 2 should publish next week; I’ll post a link to it here when it does.

The post Worth Reading: Rethinking Path Validation appeared first on 'net work.

Worth Reading: Drowning in the Data of Things

IoT and Big Data represent a huge challenge for modern systems planning. We have the ability to unlock insight from devices that couldn’t tell us their secrets before. But we have to know how deep that pool will be before we dive in. We have to understand what these devices represent before we connect them. -via networking nerd

The post Worth Reading: Drowning in the Data of Things appeared first on 'net work.

New Address

To make this blog a little easier to find, I’ve pointed rule11.us here as well. ntwrk.guru will continue to work, as well, but people seem to have a hard time remembering the url, so I added a second one.

The post New Address appeared first on 'net work.

Slicing and Dicing Flooding Domains (1)

This week two different folks have asked me about when and where I would split up a flooding domain (IS-IS) or area (OSPF); I figured a question asked twice in one week is worth a blog post, so here we are…

Before I start on the technical reasons, I’m going to say something that might surprise long time readers: there is rarely any technical reason to split a single flooding domain into multiple flooding domains. That said, I’ll go through the technical reasons anyway.

There are really three things to think about when considering how a flooding domain is performing:

• SPF run time
• flooding frequency
• LSDB size

Let’s look at the third issue first, the database size. This is theoretically an issue, but it’s really only an issue if you have a lot of nodes and routes. I can’t ever recall bumping up against this problem, but what if I did? I’d start by taking the transit links out of the database entirely—for instance, by configuring all the interfaces that face actual host devices as passive interfaces (which you should be doing anyway!), and configuring IS-IS to advertise just the passive interfaces. You can pull similar tricks in OSPF. Continue reading

Worth Reading: Beyond ‘Neutrality’

I have some bad news: the published literature on ‘net neutrality’ fails to grasp the stochastic nature of broadband and its implications. This means that the relationship of traffic management to QoE is universally misunderstood and/or misrepresented. -via circleid

The post Worth Reading: Beyond ‘Neutrality’ appeared first on 'net work.

Security ‘net: Internet of Things and iPhones edition

One of my college professors has suggested that the question of whether or not Apple should help the FBI break the encryption on the iPhone used by a terrorist is an ideal diagnostic question for your view of all things privacy. There are, of course, gray area answers, like “Apple should help the FBI break the encryption in this case, but not others.” The problem is, of course, that this isn’t the simple answer it might seem. First, there are motives behind the apparent motives. Many people see Apple as just “doing what’s right to save the world.” I don’t see it that way at all. Given I’m a bit cynical (who would have guessed), I see two motives from Apple’s point of view.

First, Apple is trying to protect a marketing stance. They’ve as much as admitted this in court documents and the implied threat of suing the U.S. Government for loss of revenue if they’re forced to build a version of their O/S that will allow the FBI to break the encryption. Just Security notes—

There are other interests at stake here too. Apple has a liberty interest in not being dragooned into writing forensic Continue reading

Worth Watching: The Basics of ASIC Design

Dave Zacks, Principal Engineer, discusses how Application Specific Integrated Circuits (ASICs) are designed and built and how Cisco is approaching new trends in software programmability and extensibility to provider better value and capabilities to their customers. -via tech field day

The post Worth Watching: The Basics of ASIC Design appeared first on 'net work.

Worth Reading: 5G Smoke and Mirrors

But besides some more detail about millimeter waves, some focus on emerging 5G use cases, and a lot of talk about network slicing, there wasn’t much 5G news to be found. One reason cited for the slow progress was network standards. The 3GPP won’t issue its first-phase 5G standards until 2018. -via sdx central

The post Worth Reading: 5G Smoke and Mirrors appeared first on 'net work.

Why you should care about complexity

If you look across a wide array of networking problems, you will see what is an apparently wide array of dissimilar and unrelated problems engineers deal with on a daily basis. For instance—

• Should I split this flooding domain into multiple parts? If so, where should I divide it?
• Which routing protocol should I use on this network topology, and to solve this set of problems?
• How should I configure the Quality of Service parameters on this network?
• Should I use MPLS on my data center fabric, or straight IP?

Over my years as a network engineer, I’ve always treated these as separate sorts of problems, each with their own tradeoffs, concepts, and models. In fact, I’ve been a kindof “collector of models” over the years, trying to find different models to address each situation. In the Art of Network Architecture, there’s an entire chapter on the models Denise and I have run in to over the years, where they seem to be useful, and where they seem to be limited.

But keeping all of these models in my head didn’t help me generalize the problems I faced in building and troubleshooting networks. For instance, in the flooding domain instance Continue reading