Russ

Author Archives: Russ

On the ‘net: EVPN Use Cases

In the final session of this video series, we talk to industry experts and RFC authors about additional challenges for which EVPN-VXLAN is a strong answer: Connecting domains (DCI, Campus to DC connections, Multi-vendor networks), multicasting for use cases like live TV streaming, public cloud connection, and other super powers. Join us to find out why these expanded use cases make your lives easier and why your CTO will want to hear more about it to equip your business for rapid responses to new application needs.

On the ‘net: Dial Banks

In the early 1990’s, several large network equipment vendors sold equipment targeted at large scale dial banks, including Cisco, ADTRAN, and Cabletron. These servers were often tied to banks of modems on one side, and to servers of some sort on the other, creating a dial bank. Dial banks grew in scale and sophistication on the back of Bulletin Board Systems (BBSs), run by dedicated system operators (SYSOPs) for the support of individual communities. At one time, there were tens of thousands, potentially even hundreds of thousands, of these systems in the United States alone, serving large communities of users. @ECI LighTALK

Gall’s Law and the Network

In Systemantics: How Systems Really Work and How They Fail, John Gall says:

A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over with a working simple system.

In the software development world, this is called Gall’s Law (even though Gall himself never calls it a law) and is applied to organizations and software systems. How does this apply to network design and engineering? The best place to begin in answering this question is to understand what, precisely, Gall is arguing for; there is more here than what is visible on the surface.

What does a simple system mean? It is, first of all, an argument for underspecification. This runs counter to the way we instinctively want to design systems. We want to begin by discovering all the requirements (problems to be solved and constraints), and then move into an orderly discussion of all the possible solutions and sets of solutions, and then into an orderly discussion of an overall architecture, then into a nice UML chart showing all the interaction Continue reading

Weekend Reads 051019

If you can’t address your customers and the people interacting with your network face to face, at least know where they are — anywhere in the world, anytime you want to. —Jonathan Zhang

In August 2018, Opensource.com posted a poll with seven options asking readers: What was the most important moment in the history of Linux? —Alan Formy-Duval

Stanford University’s “Silicon Genesis” is a collection of over 100 oral histories and interviews with the people who created Silicon Valley’s semiconductor industry. —David Cassel

Today’s enterprises make use of applications and services that live on-premises, in public clouds and even in edge data centers. IT has entered the multicloud era and connecting the modern enterprise isn’t easy. —aganesan

I don’t have a lot of good news for you. The truth is there’s nothing we can do to protect our data from being stolen by cybercriminals and others. —Bruce Schneier

Open source code is vital to software development at most organizations, but that doesn’t mean that enterprises have figured out how to use open source without inadvertently introducing vulnerabilities into their code. —Curtis Franklin, Jr

World Password Day is a day in which companies around the world post blogs with advice, Continue reading

Network Disaggregation Live Lesson

For those of you interested in the world of network disaggregation, the LiveLesson Dinesh Dutt and I recorded back in January is up on Safari Books Online as a “rough cut.” I’m not entirely certain when the official release will be available, but the rough cut versions are usually pretty good anyway. The one humorous mistake I see on the current page is the topic is listed as “travel.” Well, I do travel a lot, but I’ve never made a video on travel.

The rough cut is here.

Throwing the baby out with the bathwater (No, you’re not Google, but why does this matter?)

It was quite difficult to prepare a tub full of bath water at many points in recent history (and it probably still is in some many parts of the world). First, there was the water itself—if you do not have plumbing, then the water must be manually transported, one bucket at a time, from a stream, well, or pump, to the tub. The result, of course, would be someone who was sweaty enough to need the forthcoming bath. Then there is the warming of the water. Shy of building a fire under the tub itself, how can you heat enough water quickly enough to make the eventual bathing experience? According to legend, this resulted in the entire household using the same tub of water to bathe. The last to bathe was always the smallest, the baby. By then, the water would be murky with dirt, which means the child could not be seen in the tub. When the tub was thrown out, then, no-one could tell if the baby was still in there.

But it doesn’t take a dirty tub of water to throw the baby out with the bath. All it really takes is an unwillingness to learn from Continue reading

Weekend Reads 050219

To say that Kubernetes provides no security features would be wrong. Kubernetes provides some functionality designed to help secure a containerized application. But it would be equally wrong to call Kubernetes a container security tool. Kubernetes’s ability to secure containers is strictly limited. —Sonya Koptyev

There is no denying the impact of the European Union General Data Protection Regulation (GDPR), which went into effect on May 25, 2018. We were all witness — or victim — to the flurry of updated privacy policy emails and cookie consent banners that descended upon us. It was such a zeitgeist moment that “we’ve updated our privacy policy” became a punchline. —Daniel Barber

One of the fascinating parts of my job is seeing how different groups in email have radically disparate points of view. A current example is how much value senders put on spamtraps compared to ISPs and filtering companies —Laura Atkins

I loosely define capability decay as things that happen when security teams go backwards, and the specific ways — the decay modes — in which this may happen (this is my inner physicist speaking). —Hinne Hettema

On April 12 the FCC issued a new Notice for Proposed Rulemaking in Docket 19-71 Continue reading

History of MIME with Nathaniel Borenstein

On this episode of the History of Networking, Donald and I are joined by Nathaniel Borenstein, who is the primary author of the original MIME specifications.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

About that Easy Button …

We love layers and abstraction. After all, building in layers and it’s corollary, abstraction, are the foundation of large-scale system design. The only way to build large-scale systems is to divide and conquer, which means building many different component parts with clear and defined interaction surfaces (most often expressed as APIs) and combining these many different parts into a complete system. But abstraction, layering, and modularization have negative aspects as well as positive ones. For instance, according to the State/Optimization/Surface triad, any time we remove state in order to control complexity, we either add an interaction surface (which adds complexity) or we reduce optimization.

Another impact of abstraction, though, is the side effect of Conway’s Law: “organizations which design systems … are constrained to produce designs which are copies of the communication structures of these organizations.” The structure of the organization that designs a system is ultimately baked into the modularization, abstraction, and API schemes of the system itself.

To take a networking instance, many networks use one kind of module for data centers and another for campuses. The style of network built in each place, where the lines are between these different topological locations in the network, the Continue reading

Weekend Reads 042619

EVPN-VXLAN is an open industry standard developed by leading vendors to solve these problems and more. With EVPN fabrics, all major types of networking connectivity services can be virtualized using a single protocol suite. —SDX Central

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. —Swati Khandelwal

The internet – created in the 80s, but the world wide web officially went live in 1991 and has since then grown into a beast with around 3.2 billion of the worlds population currently online. Internet guru and entrepreneur Jay Adelson has witnessed the explosion of interconnection labelling it as the hub and central point of the internet. —Jay Adelson

When the future is certain to be multivendor, how do we collectively go about making technology work? It’s a pretty basic question, but gets to the point on how technology is developed and propagated throughout the industry. It’s not enough to be innovative, developers must do so in a way that facilitates mass adoption by not only customers, but competitors, too. —Mike Bushong

I believe that there are two simple reasons why Continue reading

Mentorship and Early Career Development

In this episode of the Network Collective, John Fraizer, Denise Fishburn, and Trey Aspelund join the NC crew to talk about the importance of mentorship and practical advice on how to mentor and be mentored.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Practical Simplification

Simplification is a constant theme not only here, and in my talks, but across the network engineering world right now. But what does this mean practically? Looking at a complex network, how do you begin simplifying?

The first option is to abstract, abstract again, and abstract some more. But before diving into deep abstraction, remember that abstraction is both a good and bad thing. Abstraction can reduce the amount of state in a network, and reduce the speed at which that state changes. Abstraction can cover a multitude of sins in the legacy part of the network, but abstractions also leak!!! In fact, all nontrivial abstractions leak. Following this logic through: all non-trivial abstractions leak; the more non-trivial the abstraction, the more it will leak; the more complexity an abstraction is covering, the less trivial the abstraction will be. Hence: the more complexity you are covering with an abstraction, the more it will leak.

Abstraction, then, is only one part of the solution. You must not only abstract, but you must also simplify the underlying bits of the system you are covering with the abstraction. This is a point we often miss.

Which returns us to our original question. The Continue reading

Weekend Reads 041919

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft’s Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. —Mohit Kumar

A team of security researchers on Wednesday issued a stern warning about a DNS Hijacking campaign being carried out by an advanced, state-sponsored actor believed to be targetting sensitive networks and systems. —CircleID

Security researchers say they have found a new victim of the hacking group behind the potentially destructive malware, which targets critical infrastructure, known as Triton or Trisis. —Lorenzo Franceschi-Bicchierai

By pushing client-side DNS queries into HTTPS the Internet itself has effectively lost control of the client end of DNS, and each and every application, including the vast array of malware, can use DOH and the DNS as a command and control channel in a way that is undetectable by the client or client’s network operator. —Geoff Huston

The expectations are often high, not only for the MDM solutions ability to massively reduce the administrative workload of keeping track, updating and managing the often hundreds or thousands of devices within a company but also regarding the improvements towards the level Continue reading

Why You Should Block Notifications and Close Your Browser

Every so often, while browsing the web, you run into a web page that asks if you would like to allow the site to push notifications to your browser. Apparently, according to the paper under review, about 12% of the people who receive this notification allow notifications. What, precisely, is this doing, and what are the side effects?

Papadopoulos, Panagiotis, Panagiotis Ilia, Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis, and Giorgos Vasiliadis. “Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation.” In Proceedings 2019 Network and Distributed System Security Symposium. San Diego, CA: Internet Society, 2019. https://doi.org/10.14722/ndss.2019.23070.

Allowing notifications allows the server to kick off one of two different kinds of processes on the local computer, a service worker. There are, in fact, two kinds of worker apps that can run “behind” a web site in HTML5; the web worker and the service worker. The web worker is designed to calculate or locally render some object that will appear on the site, such as unencrypting a downloaded audio file for local rendition. This moves the processing load (including the power and cooling use!) from the server to the client, saving money Continue reading

1 34 35 36 37 38 162