Russ

Author Archives: Russ

Weekend Reads 040419

The world is private. The world has gone public. The world turns out is hybrid. There are numerous reports out there of the fast adoption and migration from private clouds to public ones as the hybrid cloud trend picks up. However, there are still risks associated with shifting applications from one to another… —Grant Kirkwood

Blockchain, or distributed ledger technology (DLT), is estimated by Gartner to create $3.1 trillion of business value by 2030, yet many organizations lack a clear understanding of its applications, the risks and benefits specific to their company and industry, or strategies for achieving optimal return from DLT projects. —Steve McNew

The construction site of the future may look very different. Data centers will be pieced together from pre-fab components built in factories, with on-site teams assembling walls, components and sometimes entire rooms. —Rich Miller

A new standard being developed by the National Fire Protection Association could have a big impact on the use of batteries in UPS systems, according to a group of data center energy experts, who are seeking to mobilize the industry to seek revisions. —Rich Miller

Gone are the days when robbers wore ski masks, carried guns and dynamite, and risked Continue reading

History of Networking: OpenConfig with Anees Shaikh and Rob Shakir

OpenConfig is an effort amongst many cooperative network operators to define vender-neutral data models for configuring and managing networks programatically. In this episode we talk with Anees Shaikh and Rob Shakir about the roots of the OpenConfig project and where it’s at currently.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Choose Simple Solutions

In my experience, simplicity is not valued enough in software development. Instead, there is a lot of emphasis placed on flexibility. —Felix

Replace “software” with “network,” and think about it. How often do network engineers select the chassis-based system that promises to “never need to be replaced?” How often do we build networks like they will be “in use” 20+ years from now? Now it does happen from time to time; I have heard of devices with many years of uptime, for instance. I have worked on AT&T Brouters in production—essentially a Cisco AGS+ rebranded and resold by AT&T—that were some ten or fifteen years old even back when I worked on them. These things certainly happen, and sometimes they even happen for good reasons.

But knowing such things happen and planning for such things to happen are two different mindsets. At least some of the complexity in networks comes from just this sort of “must make it permanent: thinking:

Many developers like to write code which handles any problem which might appear at any point in the future. In that regard, they are fortune tellers, trying to find a solution for eventual problems. This can work out very Continue reading

Weekend Reads 032919

There’s a growing focus on automating data center operations, a trend driven by staffing challenges and the need for remote management of “lights out” edge data centers. Do you expect to see more automation? What are the most promising approaches in this area? —Data center Frontier

In this article, I will describe how we introduced IPv6 inside IBM’s own network over the past few years, and look at the challenges we encountered as well as what lies on the road ahead. —Andy Mindnich

If you want to see what real competition might look like at some point in the future of the server racket, look no further than the Ethernet switch market, where switch ASICs and the companies that build switches alike have to fight for every dollar and make it up in volume every year without pause. —Timothy Prickett Morgan

Misconceptions can be dangerous. This is especially true when they lead to network insecurity. In this post I’ll seek to set the record straight for several of the most common misconceptions about IPv6 security. —David Holder

Although the SRE job role is often defined as being about automation, the reality is that 59 percent of SREs agree there is Continue reading

Instagram and Friday Photos

I’m making some changes to the Friday Photo series (which is why I’ve not posted any of these in a bit). I will be posting a small copy of each photo to Instagram, and a fuller image over on my smugmug page. I will be including a link to the smugmug version in the instagram post, but because of the way instragram sets things up you’ll have to copy the link out and paste it into a browser separately.

I will be going back through all my images and reprocessing them, so you will probably see duplicates from time to time.

Social Media, Limits, and Productivity

If there is one question I get most often, it is “how do you get so much done?” One answer to this question is: I limit my use of social media. There is, another angle to social media use which is a bit more… philosophical.

Some of you might know that I am currently working on a PhD in Philosophy—which might seem like an odd thing to do for someone who has been in the engineering world for, well, pretty much my entire life. My particular area of study, however, is what might be called media ecology and humanness. How do these two interact? What impact does, for instance, social media have on things like human freedom and dignity?

Social media (and mediated reality in general) has a bad habit of making people into objects—objectification is just part of the mediation process. If you go “all in” to the mediated world, then you become wholly mediated. This is ultimately dehumanizing, and a very bad thing.

Returning to the first question I raised above: what impact does social media have on my use of time? Does it make me more or less productive?

If we think social media does have Continue reading

Upcoming Safari Books Webinars

I have two webinars on Safari that might be of interest to folks who read here.

Network Troubleshooting Theory and Process

In this course I related by formal training in electronics into the networking world. The primary topic is the half-split method of troubleshooting, which tends to be much faster than the “hunch, hunt, and peck” method most folks seem to intuitively use. This is a course I give on a regular basis, though I suspect I am moving to giving this course twice a year in the future.

How Networks Really Work

This is a course I just started developing. Essentially, this will be split into two pieces. The first part will be walking through packets traversing a network; the second will be walking through various routing protocols converging on some common topologies. The aim here is to connect some of the theory I talk about to the “real world,” so this is not about covering the material, but also about covering the mindset.

I also have two more LiveLessons in production, one with Dinesh Dutt on disaggregation, and another on various forms of abstraction and the tradeoffs around abstraction (such as summarization and aggregation). I hope to have Continue reading

Grey Failure Lessons Learne

Grey Failures in the Real World

Most “smaller scale” operators probably believe they are not impacted by grey failures, but this is probably not true. Given the law of large numbers, there must be some number of grey failures in some percentage of smaller networks simply because there are so many of them. What is interesting about grey failures is there is so little study in this area; since these errors can exist in a network for years without being discovered, they are difficult to track down and repair, and they are often “fixed” by someone randomly doing things in surrounding systems that end up performing an “unintentional repair” (for instance by resetting some software state through a reboot). It is interesting, then, to see a group of operators collating the grey failures they have seen across a number of larger scale networks.

Gunawi, Haryadi S., Riza O. Suminto, Russell Sears, Casey Golliher, Swaminathan Sundararaman, Xing Lin, Tim Emami, et al. “Fail-Slow at Scale: Evidence of Hardware Performance Faults in Large Production Systems,” 1–14, 2018. https://www.usenix.org/conference/fast18/presentation/gunawi.

Some interesting results of the compilation are covered in a table early in the document. One of these is that grey Continue reading

Weekend Reads 032219

The pursuit of monopoly has led Silicon Valley astray. —Tim O’Reilly

There is no better way to protect legacy revenues than by legally barring those entities that might decide to compete by building better broadband. —Doug Dawson

The ongoing debate around the controversial Article 13 of the EU’s Copyright Directive has exposed what looks like a sizable gap between what regulators think is covered by copyright and what is actually covered by copyright. —Stan Adams

However, under some circumstances, BGP communities can be used to drop and redirect traffic. In principle, the same effect can be achieved via BGP hijacks, but community-based attacks are way harder to spot and almost impossible to attribute. —Florian Streibelt

Phone numbers stink for security and authentication —Krebs on Security

Register an abandoned DNS server domain, and you can redirect querying clients to any destination of your choosing. —Kaan Onarlioglu

The Optical Transport Network (OTN) architecture is now almost two decades old, and some pundits are proclaiming that its role as a distinct transport layer will soon give way to an IP-over-DWDM architecture. —Jonathan Homa

Transnational data is sometimes, but not always, associated with a transaction or exchange. Much of the data, as personal data, Continue reading

The Network Sized Holes in Serverless

Until about 2017, the cloud was going to replace all on-premises data centers. As it turns out, however, the cloud has not replaced all on-premises data centers. Why not? Based on the paper under review, one potential answer is because containers in the cloud are still too much like “serverfull” computing. Developers must still create and manage what appear to be virtual machines, including:

  • Machine level redundancy, including georedundancy
  • Load balancing and request routing
  • Scaling up and down based on load
  • Monitoring and logging
  • System upgrades and security
  • Migration to new instances

Serverless solves these problems by placing applications directly onto the cloud, or rather a set of libraries within the cloud.

Jonas, Eric, Johann Schleier-Smith, Vikram Sreekanti, Chia-Che Tsai, Anurag Khandelwal, Qifan Pu, Vaishaal Shankar, et al. “Cloud Programming Simplified: A Berkeley View on Serverless Computing.” ArXiv:1902.03383 [Cs], February 9, 2019. http://arxiv.org/abs/1902.03383.

The authors define serverless by contrasting it with serverfull computing. While software is run based on an event in serverless, software runs until stopped in a cloud environment. While an application does not have a maximum run time in a serverfull environment, there is some maximum set by the provider in a serverless Continue reading

Weekend Reads 031519

Most medium to large companies now runs A/B tests and new feature experiments on segments of their user base. They are a great way to check whether a feature will have long time success, and get observable metrics on the repercussion of their changes. —JonLuca DeCaro

There are myriad theories as to why software remains insecure after we’ve spend decades trying to solve the problem. —Daniel Miessler

Ask yourself this: do you find yourself becoming outraged or saying “ho-hum” every time you hear about the latest record data breach? Society seems to be agreeing with the latter answer. —Roger A. Grimes

Why is privacy so hard? Why is it, after so much negative press about it, are we still being constantly tracked on the web and on our smartphones? —Jason Hong

As you can see in the video, a malicious website that looks like Airbnb prompts users to authenticate using Facebook login, but upon clicking, the page displays a fake tab switching animation video aimed to trick users into thinking that their browsers are behaving normally. —Mohit Kumar

The hyperscalers and cloud builders of the world build things that often look and feel like supercomputers if you squint your eyes Continue reading

On the ‘net: Directory Services

Have you ever decided you needed to contact someone in another area of the world, only to discover you do not have their email address, nor any way to find their email address? You could go to your favorite social media site, of course, but if they are not on any form of social media? Or if they do not put their contact information there? Or—perhaps—this little situation happened before the rise of social media? GASP! From some of the younger readers.

Bridging the Gap

Mike Bushong and Denise Donohue join Eyvonne, Jordan, and I to discuss the gap between network engineering and “the business,” and give us some thoughts on bridging it.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Research: Practical Challenge-Response for DNS

Because the speed of DNS is so important to the performance of any connection on the ‘net, a lot of thought goes into making DNS servers fast, including optimized software that can respond to queries in milliseconds, and connecting DNS servers to the ‘net through high bandwidth links. To set the stage for massive DDoS attacks based in the DNS system, add a third point: DNS responses tend to be much larger than DNS queries. In fact, a carefully DNS response can be many times larger than the query.

To use a DNS server as an amplifier in a DDoS attack, then, the attacker sends a query to some number of publicly accessible DNS servers. The source of this query is the address of the system to be attacked. If the DNS query is carefully crafted, the attacker can send small packets that cause a number of DNS servers to send large responses to a single IP address, causing large amounts of traffic to the system under attack.

Rami Al-Dalky, Michael Rabinovich, and Mark Allman. 2018. Practical Challenge-Response for DNS. In Proceedings of the Applied Networking Research Workshop (ANRW ’18). ACM, New York, NY, USA, 74-74. DOI: https://doi.org/10.1145/3232755. Continue reading

Weekend Reads 030719

Do you really understand Big O? If so, then this will refresh your understanding before an interview. If not, don’t worry — come and join us for some endeavors in computer science. —Shen Huang

The optical transceiver industry, by comparison, is a cottage industry built on fractured design methodologies, captive wafer manufacturing, proprietary packaging and labor-intensive production that limits economies of scale. —Roberto Marcoccia

IoT devices like these are a security and privacy risk to individual users. This can include bad people taking control of your Wi-Fi enabled webcams or internet-connected children’s toys. However, the greater concern for me is when these insecure devices are taken over for the purposes of a distributed denial-of-service attack (DDoS) whereby hundreds or thousands of devices are used to attack core internet infrastructure or services. —Jacques Latour

In a new official statement on the Directive (English translation), Kelber warns that Article 13 will inevitably lead to the use of automated filters, because there is no imaginable way for the organisations that run online services to examine everything their users post and determine whether each message, photo, video, or audio clip is a copyright violation. —Cory Doctorow

Opposing parties continue to debate whether WHOIS should stay after Continue reading

History of Networking: George Swallow on MPLS/TE

Traffic engineering (TE) is one of the most complex technologies used in large scale networks today. George Swallow joins us for a look at how and why TE was invented, and where some of the ideas came from.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

1 35 36 37 38 39 162