Russ

Author Archives: Russ

Weekend Reads 042619

EVPN-VXLAN is an open industry standard developed by leading vendors to solve these problems and more. With EVPN fabrics, all major types of networking connectivity services can be virtualized using a single protocol suite. —SDX Central

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. —Swati Khandelwal

The internet – created in the 80s, but the world wide web officially went live in 1991 and has since then grown into a beast with around 3.2 billion of the worlds population currently online. Internet guru and entrepreneur Jay Adelson has witnessed the explosion of interconnection labelling it as the hub and central point of the internet. —Jay Adelson

When the future is certain to be multivendor, how do we collectively go about making technology work? It’s a pretty basic question, but gets to the point on how technology is developed and propagated throughout the industry. It’s not enough to be innovative, developers must do so in a way that facilitates mass adoption by not only customers, but competitors, too. —Mike Bushong

I believe that there are two simple reasons why Continue reading

Mentorship and Early Career Development

In this episode of the Network Collective, John Fraizer, Denise Fishburn, and Trey Aspelund join the NC crew to talk about the importance of mentorship and practical advice on how to mentor and be mentored.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Practical Simplification

Simplification is a constant theme not only here, and in my talks, but across the network engineering world right now. But what does this mean practically? Looking at a complex network, how do you begin simplifying?

The first option is to abstract, abstract again, and abstract some more. But before diving into deep abstraction, remember that abstraction is both a good and bad thing. Abstraction can reduce the amount of state in a network, and reduce the speed at which that state changes. Abstraction can cover a multitude of sins in the legacy part of the network, but abstractions also leak!!! In fact, all nontrivial abstractions leak. Following this logic through: all non-trivial abstractions leak; the more non-trivial the abstraction, the more it will leak; the more complexity an abstraction is covering, the less trivial the abstraction will be. Hence: the more complexity you are covering with an abstraction, the more it will leak.

Abstraction, then, is only one part of the solution. You must not only abstract, but you must also simplify the underlying bits of the system you are covering with the abstraction. This is a point we often miss.

Which returns us to our original question. The Continue reading

Weekend Reads 041919

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft’s Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. —Mohit Kumar

A team of security researchers on Wednesday issued a stern warning about a DNS Hijacking campaign being carried out by an advanced, state-sponsored actor believed to be targetting sensitive networks and systems. —CircleID

Security researchers say they have found a new victim of the hacking group behind the potentially destructive malware, which targets critical infrastructure, known as Triton or Trisis. —Lorenzo Franceschi-Bicchierai

By pushing client-side DNS queries into HTTPS the Internet itself has effectively lost control of the client end of DNS, and each and every application, including the vast array of malware, can use DOH and the DNS as a command and control channel in a way that is undetectable by the client or client’s network operator. —Geoff Huston

The expectations are often high, not only for the MDM solutions ability to massively reduce the administrative workload of keeping track, updating and managing the often hundreds or thousands of devices within a company but also regarding the improvements towards the level Continue reading

Why You Should Block Notifications and Close Your Browser

Every so often, while browsing the web, you run into a web page that asks if you would like to allow the site to push notifications to your browser. Apparently, according to the paper under review, about 12% of the people who receive this notification allow notifications. What, precisely, is this doing, and what are the side effects?

Papadopoulos, Panagiotis, Panagiotis Ilia, Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis, and Giorgos Vasiliadis. “Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation.” In Proceedings 2019 Network and Distributed System Security Symposium. San Diego, CA: Internet Society, 2019. https://doi.org/10.14722/ndss.2019.23070.

Allowing notifications allows the server to kick off one of two different kinds of processes on the local computer, a service worker. There are, in fact, two kinds of worker apps that can run “behind” a web site in HTML5; the web worker and the service worker. The web worker is designed to calculate or locally render some object that will appear on the site, such as unencrypting a downloaded audio file for local rendition. This moves the processing load (including the power and cooling use!) from the server to the client, saving money Continue reading

Weekend Reads 041119

Since at least the middle of the last century, the question of how to get employees to improve has generated a good deal of opinion and research. —Marcus Buckingham and Ashley Goodall

Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? —Geoff Huston

n February, the company announced its intention to move forward with the development of the Curie cable, a new undersea line stretching from California to Chile. It will be the first private intercontinental cable ever built by a major non-telecom company. Tyler Cooper—

You have your morning coffee in hand, you’ve just finished your daily scrum, and you sit down at your computer to start your day. Up pops a Slack message. You scan your emails, then bounce back to Slack. —Sarah Wall

“Open core” evolved as one of the primary ways for companies that maintain an open source project to make money. They offer a product that at the “core” is the open source project, but with features that only paying customers have access too. MongoDB and Elastic, —Eric Anderson

EU antitrust regulators should consider forcing tech giants such as Google and Continue reading

BIER Basics

Multicast is, at best, difficult to deploy in large scale networks—PIM sparse and BIDIR are both complex, adding large amounts of state to intermediate devices. In the worst case, there is no apparent way to deploy any existing version of PIM, such as large-scale spine and leaf networks (variations on the venerable Clos fabric). BEIR, described in RFC8279, aims to solve the per-device state of traditional multicast.

In this network, assume A has some packet that needs to be delivered to T, V, and X. A could generate three packets, each one addressed to one of the destinations—but replicating the packet at A is wastes network resources on the A->B link, at least. Using PIM, these three destinations could be placed in a multicast group (a multicast address can be created that describes T, V, and X as a single destination). After this, a reverse shortest path tree can be calculated from each of the destinations in the group towards the source, A, and the correct forwarding state (the outgoing interface list) be installed at each of the routers in the network (or at least along the correct paths). This, however, adds a lot of state to the network.
Continue reading

Weekend Reads 040419

The world is private. The world has gone public. The world turns out is hybrid. There are numerous reports out there of the fast adoption and migration from private clouds to public ones as the hybrid cloud trend picks up. However, there are still risks associated with shifting applications from one to another… —Grant Kirkwood

Blockchain, or distributed ledger technology (DLT), is estimated by Gartner to create $3.1 trillion of business value by 2030, yet many organizations lack a clear understanding of its applications, the risks and benefits specific to their company and industry, or strategies for achieving optimal return from DLT projects. —Steve McNew

The construction site of the future may look very different. Data centers will be pieced together from pre-fab components built in factories, with on-site teams assembling walls, components and sometimes entire rooms. —Rich Miller

A new standard being developed by the National Fire Protection Association could have a big impact on the use of batteries in UPS systems, according to a group of data center energy experts, who are seeking to mobilize the industry to seek revisions. —Rich Miller

Gone are the days when robbers wore ski masks, carried guns and dynamite, and risked Continue reading

History of Networking: OpenConfig with Anees Shaikh and Rob Shakir

OpenConfig is an effort amongst many cooperative network operators to define vender-neutral data models for configuring and managing networks programatically. In this episode we talk with Anees Shaikh and Rob Shakir about the roots of the OpenConfig project and where it’s at currently.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Choose Simple Solutions

In my experience, simplicity is not valued enough in software development. Instead, there is a lot of emphasis placed on flexibility. —Felix

Replace “software” with “network,” and think about it. How often do network engineers select the chassis-based system that promises to “never need to be replaced?” How often do we build networks like they will be “in use” 20+ years from now? Now it does happen from time to time; I have heard of devices with many years of uptime, for instance. I have worked on AT&T Brouters in production—essentially a Cisco AGS+ rebranded and resold by AT&T—that were some ten or fifteen years old even back when I worked on them. These things certainly happen, and sometimes they even happen for good reasons.

But knowing such things happen and planning for such things to happen are two different mindsets. At least some of the complexity in networks comes from just this sort of “must make it permanent: thinking:

Many developers like to write code which handles any problem which might appear at any point in the future. In that regard, they are fortune tellers, trying to find a solution for eventual problems. This can work out very Continue reading

Weekend Reads 032919

There’s a growing focus on automating data center operations, a trend driven by staffing challenges and the need for remote management of “lights out” edge data centers. Do you expect to see more automation? What are the most promising approaches in this area? —Data center Frontier

In this article, I will describe how we introduced IPv6 inside IBM’s own network over the past few years, and look at the challenges we encountered as well as what lies on the road ahead. —Andy Mindnich

If you want to see what real competition might look like at some point in the future of the server racket, look no further than the Ethernet switch market, where switch ASICs and the companies that build switches alike have to fight for every dollar and make it up in volume every year without pause. —Timothy Prickett Morgan

Misconceptions can be dangerous. This is especially true when they lead to network insecurity. In this post I’ll seek to set the record straight for several of the most common misconceptions about IPv6 security. —David Holder

Although the SRE job role is often defined as being about automation, the reality is that 59 percent of SREs agree there is Continue reading

Instagram and Friday Photos

I’m making some changes to the Friday Photo series (which is why I’ve not posted any of these in a bit). I will be posting a small copy of each photo to Instagram, and a fuller image over on my smugmug page. I will be including a link to the smugmug version in the instagram post, but because of the way instragram sets things up you’ll have to copy the link out and paste it into a browser separately.

I will be going back through all my images and reprocessing them, so you will probably see duplicates from time to time.

Social Media, Limits, and Productivity

If there is one question I get most often, it is “how do you get so much done?” One answer to this question is: I limit my use of social media. There is, another angle to social media use which is a bit more… philosophical.

Some of you might know that I am currently working on a PhD in Philosophy—which might seem like an odd thing to do for someone who has been in the engineering world for, well, pretty much my entire life. My particular area of study, however, is what might be called media ecology and humanness. How do these two interact? What impact does, for instance, social media have on things like human freedom and dignity?

Social media (and mediated reality in general) has a bad habit of making people into objects—objectification is just part of the mediation process. If you go “all in” to the mediated world, then you become wholly mediated. This is ultimately dehumanizing, and a very bad thing.

Returning to the first question I raised above: what impact does social media have on my use of time? Does it make me more or less productive?

If we think social media does have Continue reading

Upcoming Safari Books Webinars

I have two webinars on Safari that might be of interest to folks who read here.

Network Troubleshooting Theory and Process

In this course I related by formal training in electronics into the networking world. The primary topic is the half-split method of troubleshooting, which tends to be much faster than the “hunch, hunt, and peck” method most folks seem to intuitively use. This is a course I give on a regular basis, though I suspect I am moving to giving this course twice a year in the future.

How Networks Really Work

This is a course I just started developing. Essentially, this will be split into two pieces. The first part will be walking through packets traversing a network; the second will be walking through various routing protocols converging on some common topologies. The aim here is to connect some of the theory I talk about to the “real world,” so this is not about covering the material, but also about covering the mindset.

I also have two more LiveLessons in production, one with Dinesh Dutt on disaggregation, and another on various forms of abstraction and the tradeoffs around abstraction (such as summarization and aggregation). I hope to have Continue reading

1 35 36 37 38 39 162