Practical BGP

“I would recommend this book to network engineers, Internet service providers, network software developers, and IT staff who need to deal with network planning and routing.”

The post Practical BGP appeared first on 'net work.

Art of Network Architecture

The Art of Network Architecture is the first book that places business needs and capabilities at the center of the process of architecting and evolving networks. Two leading enterprise network architects help you craft solutions that are fully aligned with business strategy, smoothly accommodate change, and maximize future flexibility

The post Art of Network Architecture appeared first on 'net work.

Navigating Network Complexity

Navigating Network Complexity is the first comprehensive guide to managing this complexity in both deployment and day-to-day operations.

The post Navigating Network Complexity appeared first on 'net work.

Worth Reading: Making IPv6 Work

Wouldn’t it be nice if turning on IPv6 really was ‘press one button and the rest is magic’ easy? For some things, it is. If you’re talking about client-side, enabling an IPv4-only home service on DSL or fibre really can be this simple, because all the heavy lifting is being done inside your ISP: you’re not enabling IPv6 in the network, you’re turning on the last mile. It was knocking at your door and you just had to let it in. -via circleid

The post Worth Reading: Making IPv6 Work appeared first on 'net work.

Beach Bird

The post Beach Bird appeared first on 'net work.

Worth Reading: Net Ring Buffers

The problem with things like netmap is that it means the network hardware no longer is a shareable resource, but instead must be reserved for a single application. This violates many principles of a “general purpose operating system”. In addition, it ultimately means that the application is going to have to implement it’s own TCP/IP stack. That means it’s going to repeat all the same mistakes of the past, such as “ping of death” when a packet reassembles to more then 65536 bytes. This introduces a security problem. But these criticisms are nonsense. -via errata security

The post Worth Reading: Net Ring Buffers appeared first on 'net work.

Research ‘net 0x1339ED3: Traffic engineering versus network complexity

Since spending quality time with complexity theory when writing Navigating Network Complexity, I’ve started seeing the three sided complexity problem crop up all over the place. Remember this? Fast, high quality, cheap: choose two. We face this problem in a number of ways in network design. A recent (last year) paper by researchers from University of Louvain, ETH Zürich and Princeton have figured out how to engineer traffic in a straight IP network (no MPLS) by injecting false nodes into the shortest path tree. You can read the paper here, and listen to Ivan’s podcast with one of the authors here.

What’s interesting to me is the direct tradeoff this paper represents between the amount of state in the control plane and optimal traffic flow through the network. Adding state does, in fact, allow you to optimize traffic flow—at the cost of calculating the state and injecting it into your control plane (in this case OSPF). This state must be carried through the network, increasing the amount of state in the network, and it must change as traffic flows change, increasing the speed at which the state changes in the network. Finally, this idea opens up a new interaction surface Continue reading

Worth Reading: WAN Technology is Changing

For many of us, the price of WAN connectivity is the price. Rotary shopping the few providers available for a given location isn’t going to net much difference. We have been trained for decades to simply hold our noses, eat what’s put on the plate in front of us and pretend we like it. Hybrid WAN technologies are changing this.

The post Worth Reading: WAN Technology is Changing appeared first on 'net work.

Security ‘net 0x1339ED2: Security begins with you

I’m a couple of days late with this post for Data Privacy Day,, but not too late for Data Privacy Month (February). I wanted to highlight it anyway (and maybe I’ll put it on my calendar so I don’t forget next year). The point, of course (“you don’t need to have a point to have a point”) is that each and every one of us—that’s you and I, in case you’ve not gotten it yet—need to take security seriously. Security begins with you. To this end, the Cloud Security Alliance has a good post up on what you can do to improve data privacy.

Why are end users so mistake-prone? Because, frankly, most don’t care. They think data security is IT’s problem—that if IT does its “job” and filters out the threats, they have nothing to worry about. Moreover, when they do something stupid, they think it’s IT’s job to come to the rescue. They don’t understand the risks they create for the company or the fact that once rung they can’t unring the bell. So, they go on ignoring security policies and finding creative workarounds for security measures that inconvenience them—such as utilizing “shadow IT.”

Continue reading

Worth Reading: How to Defend Your Backlog

So there you are, once again in the center of what you expect will quickly become a whirlwind of escalations. Your backlog has been carefully crafted over the past months into a well balanced and well groomed condition and it has taken an enormous amount of effort to get it like that.

The post Worth Reading: How to Defend Your Backlog appeared first on 'net work.

Technology ‘net 0x1339ED1: Cloudy Business Cycles

The cloud is definitely having an impact on business cycles, but how much? There are at least two sides to this story; let’s take a look at both. First there is the continued growth of Amazon Web Services (AWS). According to the Next Platform, this chart represents the various options for the growth of AWS over the next decade or so:

It looks like, based on this projection, that AWS can keep growing at a fairly strong pace for a while yet longer. Of course, there are many factors that might impact this growth. For instance, one thing the original post points out is that recessions slow down spending in fixed IT and drive up spending in flexible IT. A recession, then, might improve the bottom line for AWS. The opposite of this, however, is that when companies can afford to build infrastructure, they tend to. There are, believe it or not, still justifications for building your own data center, especially if you can afford it.

There are other points to consider, however, as well, in the relationship between the network and business cycles. For instance, if open source and white box start bleeding out of the largest networks into Continue reading

Worth Reading: Should Firewalls Track Sequence Numbers?

Firewalls that include application level gateways (example: FTP command session inspection), web application firewalls (including stuff marketed as next-generation whatever) or any other devices that performs deep packet inspection have to include full-blown TCP stack including retransmissions, packet reordering and IP fragment reassembly. A device that doesn’t do all of the above will eventually be spoofed (aka Fernando Gont will eventually get you with the right sequence of extension headers).

The post Worth Reading: Should Firewalls Track Sequence Numbers? appeared first on 'net work.

Worth Reading: Beyond Open Standards

Traditionally, open standards organizations (particularly the IETF) have been populated by vendors selling software embedded in hardware. What happens to open standards when the software is separated from the software through a trend like NFV? Does this mean the end of open standards? As we are currently moving towards disaggregation at LinkedIn, the relationship between open standards and the disaggregation process has become for me a matter that requires some serious thought. -via network computing

The post Worth Reading: Beyond Open Standards appeared first on 'net work.

Cultivate questions

Imagine that you’re sitting in a room interviewing a potential candidate for a position on your team. It’s not too hard to imagine, right, because it happens all the time. You know the next question I’m going to ask: what questions will you ask this candidate? I know a lot of people who have “set questions” they use to evaluate a candidate, such as “what is the OSPF type four for,” or “why do some states in the BGP peering session not have corresponding packets?” Since I’ve worked on certifications in the past (like the CCDE), I understand the value of these sorts of questions. They pinpoint the set and scope of the candidate’s knowledge, and they’re easy to grade. But is easy to grade what we should really be after?

Let me expand the scope a little: isn’t this the way we see our own careers? The engineer with the most bits of knowledge stuffed away when they die wins? I probably need to make a sign that says that, actually, just to highlight the humor of such a thought.

The problem is it simply isn’t a good way to measure an engineer, including the engineer reading this Continue reading

Beyond Open Standards

Worth Reading: Don’t Do Anything Twice

Automation is also a great labor multiplier, just like IT as a broader spectrum. Automation takes the time you would have spent doing the tasks and frees you up to do other things. Like more automation, which gives you more time, which lets you do more automation, etc, etc. Eventually, you’ll free up enough time in your day to spend your focus on enhancing your environment. Maybe you’ll finally get the time to tinker with Puppet or Docker. If you’re really lucky, you may even get the time to try out NSX in that lab you built a year ago and never got to use! -va packet pushers

The post Worth Reading: Don’t Do Anything Twice appeared first on 'net work.

Buenas Aires Penguins

The post Buenas Aires Penguins appeared first on 'net work.

Worth Reading: Cisco/Arista Lawsuit

The dispute between Arista Networks and Cisco heated up this week. Arista, the target of a lawsuit by Cisco for the past year over claims of copyright and patent infringement, leveled its own countersuit. This countersuit claims that Cisco violated the Sherman Antitrust Act by encouraging the industry to use Cisco’s CLI commands as a standard, then turning around and suing companies that embraced that CLI standard. -va network computing

The post Worth Reading: Cisco/Arista Lawsuit appeared first on 'net work.

Research ‘net 0x1339ECC: The cloud begins with coal

So is reading a book on your e-reader really cheaper than reading it in hardback? I know I do most of my reading electronically now, but that’s mostly because I fly a lot and I don’t want to carry a lot of books, and because I find it faster to take notes (and find them later) in electronic formats. But cheaper? I doubt it, really. Consider this:

The information economy is a blue-whale economy with its energy uses mostly out of sight. Based on a mid-range estimate, the world’s Information-Communications-Technologies (ICT) ecosystem uses about 1,500 TWh of electricity annually, equal to all the electric generation of Japan and Germany combined — as much electricity as was used for global illumination in 1985. The ICT ecosystem now approaches 10% of world electricity generation. Or in other energy terms – the zettabyte era already uses about 50% more energy than global aviation. Reduced to personal terms, although charging up a single tablet or smart phone requires a negligible amount of electricity, using either to watch an hour of video weekly consumes annually more electricity in the remote networks than two new refrigerators use in a year. And as the world continues to Continue reading

Worth Reading: The Challenges of IPv6 and DNSSEC

The purpose of this post is to share feedback, in the form of an analogical exercise, on the respective careers of IPv6 and DNSSEC and the challenges facing both technologies. I have decided to focus on the similitudes between IPv6 and DNSSEC rather than dwell on what separates them, especially as both technologies are derived from functional / protocol layers that are fundamentally different. -via circleid

The post Worth Reading: The Challenges of IPv6 and DNSSEC appeared first on 'net work.