Worth Listening: Aligning IT and the Business

To maximize the value that IT adds to our organizations, it’s critical for us to be cognizant of business requirements and to focus our technology capabilities on meeting them. It can be hard to keep this top of mind when racing against the clock to fix a network outage or meet a big project deadline. So right now, while you are listening to The Next Level, we’re going to hone in on the business end of IT and get strategies for how technology can be better put to business use. -via packet pushers

The post Worth Listening: Aligning IT and the Business appeared first on 'net work.

Patios in Beunos Aires

The post Patios in Beunos Aires appeared first on 'net work.

Worth Reading: Entropy, vacuums, and visibility

Maybe we should stop designing networks in terms of topology and technology, and instead approach them in terms of containment and customization. By accepting and embracing entropy, and making it central to our engineering practice, we can finally accept that exceptions are the rule. -via Packet Pushers

The post Worth Reading: Entropy, vacuums, and visibility appeared first on 'net work.

Research ‘net: The TEMPEST edition

When I was in the US Air Force, as part of the 438th Communications Group, we had a Group Readiness Center that contained a large board with the airfield equipment status, a safe with various drawers with different classification levels, a couple of encrypted communication systems, and… a couple of strange looking Z200 computers. The screen on these computers were covered with a fine mesh, and the power cables ran through a special cleaning box. What was the point of all this fanciness?

TEMPEST. The ability to gather information about what’s on a computer’s screen by examining the signals transmitted (unintentionally) from the monitor screen, power cable, and other electronics. This might seem odd, but essentially any wire is an antenna that can (and will) carry information from a computer; at some range, these signals can be detected and deciphered in a way that allows you to determine what the computer is processing. Screens are more fruitful, as the older style Cathode Ray Tube (CRT) displays essentially shoot a stream of electrons onto a piece of glass, some of which must leak, and hence can be picked up and decoded to see what’s on the screen from quite a distance Continue reading

Worth Reading: Classifying data structures security

Classification is the bedrock of data security, as it allows users to identify data, adding structure to the increasing volumes of unstructured information. When data is classified, organizations can raise security awareness, prevent data loss and comply with records-management regulations. -via Data Center Journal

The post Worth Reading: Classifying data structures security appeared first on 'net work.

Slicing and Dicing Flooding Domains (2)

The first post in this series is here.

Finally, let’s consider the first issue, the SPF run time. First, if you’ve been keeping track of the SPF run time in several locations throughout your network (you have been, right? Right?!? This should be a regular part of your documentation!), then you’ll know when there’s a big jump. But a big jump without a big change in some corresponding network design parameter (size of the network, etc.), isn’t a good reason to break up a flooding domain. Rather, it’s a good reason to go find out why the SPF run time changed, which means a good session of troubleshooting what’s probably an esoteric problem someplace.

Assume, however, that we’re not talking about a big jump. Rather, the SPF run time has been increasing over time, or you’re just looking at a particular network without any past history. My rule of thumb is to start really asking questions when the SPF run time gets to around 100ms. I don’t know where that number came from—it’s a “seat of the pants thing,” I suppose. Most networks today seem to run SPF in less than 10ms, though I’ve seen a few that Continue reading

Worth Reading: Carrier Supporting Carrier

There is another technology called Carrier Supporting Carrier or Carrier of Carriers. This technology is used when a customer buys a circuit from an SP, Internet service or L3 VPN and that SP uses another SP to carry their traffic between the locations. The SP connecting the customer is then the customer carrier and the SP providing the backbone is the backbone carrier. -via Lost In Transit

The post Worth Reading: Carrier Supporting Carrier appeared first on 'net work.

Reaction: BGP convergence, divergence & the ‘net

Let’s have a little talk about BGP convergence.

We tend to make a number of assumptions about the Internet, and sometimes these assumptions don’t always stand up to critical analysis. . . . On the Internet anyone can communicate with anyone else – right? -via APNIC

Geoff Huston’s recent article on the reality of Internet connectivity—no, everyone cannot connect to everyone—prompted a range of reactions from various folks I know.

For instance, BGP is broken! After all, any routing protocol that can’t provide basic reachability to every attached destination must be broken, right? The problem with this statement is it assumes BGP is, at core, a routing protocol. To set the record straight, BGP is not, at heart, a routing protocol in the traditional sense of the term. BGP is a system used to describe bilateral peering arrangements between independent parties in a way that provides loop free reachability information. The primary focus of BGP is not loop free reachability, but policy.

After all, BGP convergence is a big deal, right? Part of the problem here is that we use BGP as a routing protocol in some situations (for instance, on data center fabrics), so we have a hard time adjusting our thinking Continue reading

Worth Reading: Mobile is not everything

The industry is now maturing, and is well past its glory days of early growth. We have 4G widely deployed, and 5G is in the wings. Both are incremental rather than revolutionary changes. The retail market for “minutes, messages and megabytes” is saturating. . . . The high revenue and profit growth has shifted to devices (notably Apple’s) and online services (Google, Amazon, Alibaba, et al). The centre of power has inexorably moved towards platforms that manage and mine the flow of information. -via CircleID

The post Worth Reading: Mobile is not everything appeared first on 'net work.

DoS’ing your mind: Controlling information inflow

Everyone wants your attention. No, seriously, they do. We’ve gone from a world where there were lots of readers and not much content, to a world where there is lots of content, and not many readers. There’s the latest game over here, the latest way to “get 20,000 readers,” over there, the way to “retire by the time you’re 32” over yonder, and “how to cure every known disease with this simple group of weird fruit from someplace you’ve never heard of (but you’ll certainly go find, and revel in the pictures of perfectly healthy inhabitants now),” naggling someplace at the back of your mind.

The insidious, distracting suck of the Internet has become seemingly inescapable. Calling us from our pockets, lurking behind work documents, it’s merely a click away. Studies have shown that each day we spend, on average, five and a half hours on digital media, and glance at our phones 221 times. -via connecting

Living this way isn’t healthy. It reduces your attention span, which in turn destroys your ability to get anything done, as well as destroying your mind. So we need to stop. “Squirrel” is funny, but you crash planes. “Shiny thing” is funny, but Continue reading

Worth Reading: IPv4 Market Outlook

During Q4, the IPv4 trading market was the only source available to obtain IPv4 numbers in North America, and by the close of the year ARIN had recorded 194 transfers conveying over 34 million IPv4 numbers. Because a non-trivial portion of IPv4 transactions occur outside of the ARIN transfer approval process, even these high-growth numbers understate the total market activity in 2015. -via CircleID

The post Worth Reading: IPv4 Market Outlook appeared first on 'net work.

Worth Reading: The Chase for Network Speed

There is a delicate balance between the cost of building (and operating) a data center and the cost of hauling traffic over a wide area to take advantage of compute and storage resources. As this balance changes, the economics of build versus the cloud will shift. Falling processor prices can reduce the cost of cloud, but it also reduces the cost of local compute at the same time. -via Netcarftsmen

The post Worth Reading: The Chase for Network Speed appeared first on 'net work.

Oak Island Light House

The post Oak Island Light House appeared first on 'net work.

Worth Reading: Router SoC 101

Do you ever wonder what goes on inside a router? In this article, we take a close look at the SoCs inside of them, which help us manage and maintain our connected lives. -via tom’s hardware

The post Worth Reading: Router SoC 101 appeared first on 'net work.

Worth Reading: Why Disaggregation?

White box networking and servers, Virtualization and cloud based computing. All of these are related to a single trend in the computer networking world: disaggregation, or rather the splitting of hardware from software. The buzz around this new trend is obvious once you connect all the pieces together, but the drivers behind the disaggregation movement might not be. Why disaggregate, and why now?

This is my first post over at LighTALK, the official blog of ECI.

The post Worth Reading: Why Disaggregation? appeared first on 'net work.

Worth Reading: Rethinking Path Validation

As it’s difficult to secure what you cannot describe, it’s best to begin looking at the problem of BGP security with an accurate description of BGP. While most engineers would describe BGP as a routing protocol, this seems to fall short of the mark, as BGP uses policy as its primary metric, only falling back to the “shortest path” when multiple available paths have the same policy weight. So perhaps a more complete definition would be: BGP is a distributed system that describes peering relationships, policy, and reachability grounded in transitive trust. -via the LinkedIn Engineering Blog

This is my first post on the LinkedIn Engineering Blog—but definitely not my last.

This post is a written version of the presentation I recently gave at NANOG, and complements the series I’ve been doing on BGP security as a case study. Part 2 should publish next week; I’ll post a link to it here when it does.

The post Worth Reading: Rethinking Path Validation appeared first on 'net work.

Worth Reading: Drowning in the Data of Things

IoT and Big Data represent a huge challenge for modern systems planning. We have the ability to unlock insight from devices that couldn’t tell us their secrets before. But we have to know how deep that pool will be before we dive in. We have to understand what these devices represent before we connect them. -via networking nerd

The post Worth Reading: Drowning in the Data of Things appeared first on 'net work.

New Address

To make this blog a little easier to find, I’ve pointed rule11.us here as well. ntwrk.guru will continue to work, as well, but people seem to have a hard time remembering the url, so I added a second one.

The post New Address appeared first on 'net work.

Slicing and Dicing Flooding Domains (1)

This week two different folks have asked me about when and where I would split up a flooding domain (IS-IS) or area (OSPF); I figured a question asked twice in one week is worth a blog post, so here we are…

Before I start on the technical reasons, I’m going to say something that might surprise long time readers: there is rarely any technical reason to split a single flooding domain into multiple flooding domains. That said, I’ll go through the technical reasons anyway.

There are really three things to think about when considering how a flooding domain is performing:

• SPF run time
• flooding frequency
• LSDB size

Let’s look at the third issue first, the database size. This is theoretically an issue, but it’s really only an issue if you have a lot of nodes and routes. I can’t ever recall bumping up against this problem, but what if I did? I’d start by taking the transit links out of the database entirely—for instance, by configuring all the interfaces that face actual host devices as passive interfaces (which you should be doing anyway!), and configuring IS-IS to advertise just the passive interfaces. You can pull similar tricks in OSPF. Continue reading

Worth Reading: Beyond ‘Neutrality’

I have some bad news: the published literature on ‘net neutrality’ fails to grasp the stochastic nature of broadband and its implications. This means that the relationship of traffic management to QoE is universally misunderstood and/or misrepresented. -via circleid

The post Worth Reading: Beyond ‘Neutrality’ appeared first on 'net work.