Russ

Author Archives: Russ

The BGP Monitoring Protocol (BMP)

If you run connections to the ‘net at any scale, even if you are an “enterprise” (still a jinxed term, IMHO), you will quickly find it would be very useful to have a time series record of the changes in BGP at your edge. Even if you are an “enterprise,” knowing what changes have taken place in the routes your providers have advertised to you can make a big difference in tracking down an application performance issue, or knowing just when a particular service went off line. Getting this kind of information, however, can be difficult.

BGP is often overloaded for use in data center fabrics, as well (though I look forward to the day when the link state alternatives to this are available, so we can stop using BGP this way). Getting a time series view of BGP updates in a fabric is often crucial to understanding how the fabric converges, and how routing convergence events correlate to application issues.

One solution is to set up the BGP Monitoring Protocol (BMP—an abbreviation within an abbreviation, in the finest engineering tradition).

BMP is described in RFC7854 as a protocol intended to “provide a convenient interface for obtaining route views.” Continue reading

Weekend Reads 052419

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. —Geoff Huston

According to our researchers, the attackers either had access to the source code of the victims’ projects or they injected malware at the time of project compilation, meaning they were in the networks of those companies. And this reminds us of an attack that we reported on a year ago… —Kapersky

Endpoint security is a common concern among organizations, but security teams should be thinking more broadly about protecting data wherever it resides. —Kelly Sheridan

Two open source projects that have been instrumental in providing metrics for cloud native operations have merged into a single project. The fusion of Google’s OpenCensus and the Cloud Native Computing Foundation’s OpenTracing will be known as OpenTelemetry, and will be managed by the CNCF. —Joab Jackson

In a blog post published Tuesday, Google revealed that its G Suite platform mistakenly stored unhashed passwords of some of its enterprise users on internal servers in plaintext for 14 years because of a bug in the password recovery Continue reading

meeting madness, ONUG, and software defined

Jordan, Eyvonne, and I sit down for a conversation that begins with meetings, and ends with talking about software defined everything (including meetings??).

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Out and about this week

A reminder to my readers that I will be speaking at Interop19 this week in Las Vegas on Wednesday. Denise Donohue and I are speaking about finding smart people:

Every hiring manager wants someone who will “hit the ground running.” But there are many ways to achieve that result. In this session, you’ll learn the most effective ways to find and grow talent for your organization. We’ll address key decision points around talent acquisition…

I will also be speaking at CHINOG Chicago Illinois on Thursday:

Disaggregation began with the hyperscalers, and is quickly moving through the rest of the network engineering world. What is disaggregation, really? Does it always mean open source and white boxes, or is there some broader meaning that can be applied across many different products to build and add value to many different kinds of networks?

And interacting with some other folks on a panel about getting started in the IETF.

Weekend Reads 051919

Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad. —Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad.

Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have “Rogue In-Flight Data Load.” —Peter Bright

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. —Swati Khandelwal

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. —Mohit Kumar

Intel’s struggles to get its 10 nanometer processors out the door has forced the company to do some serious soul-searching. And while Continue reading

History of Networking: Pseudowires

In this episode of the History of Networking, Donald Sharp and I talk to Luca Martini about the origins of pseudowires—one of the more interesting innovations in the use of MPLS.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

On the ‘net: EVPN Use Cases

In the final session of this video series, we talk to industry experts and RFC authors about additional challenges for which EVPN-VXLAN is a strong answer: Connecting domains (DCI, Campus to DC connections, Multi-vendor networks), multicasting for use cases like live TV streaming, public cloud connection, and other super powers. Join us to find out why these expanded use cases make your lives easier and why your CTO will want to hear more about it to equip your business for rapid responses to new application needs.

On the ‘net: Dial Banks

In the early 1990’s, several large network equipment vendors sold equipment targeted at large scale dial banks, including Cisco, ADTRAN, and Cabletron. These servers were often tied to banks of modems on one side, and to servers of some sort on the other, creating a dial bank. Dial banks grew in scale and sophistication on the back of Bulletin Board Systems (BBSs), run by dedicated system operators (SYSOPs) for the support of individual communities. At one time, there were tens of thousands, potentially even hundreds of thousands, of these systems in the United States alone, serving large communities of users. @ECI LighTALK

Gall’s Law and the Network

In Systemantics: How Systems Really Work and How They Fail, John Gall says:

A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over with a working simple system.

In the software development world, this is called Gall’s Law (even though Gall himself never calls it a law) and is applied to organizations and software systems. How does this apply to network design and engineering? The best place to begin in answering this question is to understand what, precisely, Gall is arguing for; there is more here than what is visible on the surface.

What does a simple system mean? It is, first of all, an argument for underspecification. This runs counter to the way we instinctively want to design systems. We want to begin by discovering all the requirements (problems to be solved and constraints), and then move into an orderly discussion of all the possible solutions and sets of solutions, and then into an orderly discussion of an overall architecture, then into a nice UML chart showing all the interaction Continue reading

Weekend Reads 051019

If you can’t address your customers and the people interacting with your network face to face, at least know where they are — anywhere in the world, anytime you want to. —Jonathan Zhang

In August 2018, Opensource.com posted a poll with seven options asking readers: What was the most important moment in the history of Linux? —Alan Formy-Duval

Stanford University’s “Silicon Genesis” is a collection of over 100 oral histories and interviews with the people who created Silicon Valley’s semiconductor industry. —David Cassel

Today’s enterprises make use of applications and services that live on-premises, in public clouds and even in edge data centers. IT has entered the multicloud era and connecting the modern enterprise isn’t easy. —aganesan

I don’t have a lot of good news for you. The truth is there’s nothing we can do to protect our data from being stolen by cybercriminals and others. —Bruce Schneier

Open source code is vital to software development at most organizations, but that doesn’t mean that enterprises have figured out how to use open source without inadvertently introducing vulnerabilities into their code. —Curtis Franklin, Jr

World Password Day is a day in which companies around the world post blogs with advice, Continue reading

Network Disaggregation Live Lesson

For those of you interested in the world of network disaggregation, the LiveLesson Dinesh Dutt and I recorded back in January is up on Safari Books Online as a “rough cut.” I’m not entirely certain when the official release will be available, but the rough cut versions are usually pretty good anyway. The one humorous mistake I see on the current page is the topic is listed as “travel.” Well, I do travel a lot, but I’ve never made a video on travel.

The rough cut is here.

Throwing the baby out with the bathwater (No, you’re not Google, but why does this matter?)

It was quite difficult to prepare a tub full of bath water at many points in recent history (and it probably still is in some many parts of the world). First, there was the water itself—if you do not have plumbing, then the water must be manually transported, one bucket at a time, from a stream, well, or pump, to the tub. The result, of course, would be someone who was sweaty enough to need the forthcoming bath. Then there is the warming of the water. Shy of building a fire under the tub itself, how can you heat enough water quickly enough to make the eventual bathing experience? According to legend, this resulted in the entire household using the same tub of water to bathe. The last to bathe was always the smallest, the baby. By then, the water would be murky with dirt, which means the child could not be seen in the tub. When the tub was thrown out, then, no-one could tell if the baby was still in there.

But it doesn’t take a dirty tub of water to throw the baby out with the bath. All it really takes is an unwillingness to learn from Continue reading

Weekend Reads 050219

To say that Kubernetes provides no security features would be wrong. Kubernetes provides some functionality designed to help secure a containerized application. But it would be equally wrong to call Kubernetes a container security tool. Kubernetes’s ability to secure containers is strictly limited. —Sonya Koptyev

There is no denying the impact of the European Union General Data Protection Regulation (GDPR), which went into effect on May 25, 2018. We were all witness — or victim — to the flurry of updated privacy policy emails and cookie consent banners that descended upon us. It was such a zeitgeist moment that “we’ve updated our privacy policy” became a punchline. —Daniel Barber

One of the fascinating parts of my job is seeing how different groups in email have radically disparate points of view. A current example is how much value senders put on spamtraps compared to ISPs and filtering companies —Laura Atkins

I loosely define capability decay as things that happen when security teams go backwards, and the specific ways — the decay modes — in which this may happen (this is my inner physicist speaking). —Hinne Hettema

On April 12 the FCC issued a new Notice for Proposed Rulemaking in Docket 19-71 Continue reading

History of MIME with Nathaniel Borenstein

On this episode of the History of Networking, Donald and I are joined by Nathaniel Borenstein, who is the primary author of the original MIME specifications.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

About that Easy Button …

We love layers and abstraction. After all, building in layers and it’s corollary, abstraction, are the foundation of large-scale system design. The only way to build large-scale systems is to divide and conquer, which means building many different component parts with clear and defined interaction surfaces (most often expressed as APIs) and combining these many different parts into a complete system. But abstraction, layering, and modularization have negative aspects as well as positive ones. For instance, according to the State/Optimization/Surface triad, any time we remove state in order to control complexity, we either add an interaction surface (which adds complexity) or we reduce optimization.

Another impact of abstraction, though, is the side effect of Conway’s Law: “organizations which design systems … are constrained to produce designs which are copies of the communication structures of these organizations.” The structure of the organization that designs a system is ultimately baked into the modularization, abstraction, and API schemes of the system itself.

To take a networking instance, many networks use one kind of module for data centers and another for campuses. The style of network built in each place, where the lines are between these different topological locations in the network, the Continue reading

1 34 35 36 37 38 162