Worth Reading: A closer look at the IP Header

The IP identification field of the IP header (IP-ID) was introduced with RFC 791 in the early ’80s, to assist network-layer fragmentation and reassembly processes. —Flavia Salutari @APNIC

Worth Reading: Vulnerabilities are Guaranteed

The long years of experience have taught me through experience, hardware & software vulnerabilities are guaranteed. It is not a matter of “if” but when. —Barry Green

On the ‘web: Considerations in Network Complexity

One of my articles was published in the most recent Internet Protocol Journal:

Computer networks are complex—and getting more complex by the day. At one time, knowing the Internet Protocol (IP) was enough; today there are underlays, overlays, virtualized services, service chains, and a host of other technologies engineers need to plan around and for. With complexity on the rise, maybe it’s time to ask some fundamental questions, such as—what does complexity mean? Can complexity be solved? How can engineers manage complexity? @The Internet Protocol Journal

If you don’t subscribe to or read IPJ, you should—it’s a great source of information written by industry leaders and thinkers.

Worth Reading: Another 10 years later

The evolutionary path of any technology can often take strange and unanticipated turns and twists. At some points simplicity and minimalism can be replaced by complexity and ornamentation, while at other times a dramatic cut-through exposes the core concepts of the technology and removes layers of superfluous additions. —Geoff Huston

Worth Reading: Arista runs Barefoot

Hull says that the Broadcom chips have roughly the same level of programmability as the XPliant chips, although the manner in which it is implemented in a combination of microcode and firmware is different. —Timothy Prickett Morgan @The Next Platform

History of Networking: Email part 2

This is the second part of our chat with Dave Crocker about the fascinating history of email.

Remember to come by the Network Collective home page to find all the great video content we have been working on, and check out our membership options for even more content and to become a part of our awesome community of network engineers.

Worth Reading: SDN is dead

Feathers have been ruffled on several occasions over the last few years by someone publicly claiming that, “SDN is Dead!” This has inevitably been protested by leading communications service providers, rebutting that this cannot be true, because they are indeed deploying SDN solutions. —Jonathan Homa @ECI

Weekend Reads 062218: Bitcoin and Security Flaws

But, as with all new technology, security risks can be found beneath the hype. Indeed, threat actors are finding new targets amid the rise of blockchain as they serve up social-engineering attacks, malware, and exploits to businesses and consumers, according to a recently published report by McAfee’s Advanced Threat Research Team. —Kelly Sheridan @Dark Reading

After last Thursday’s regulatory news that bitcoin and ether were not considered securities, which was widely considered a win for crypto enthusiasts, digital currencies had failed to hold on to gains, a sign the bear market is firmly intact. However, investors were hoping Monday’s move above the post-SEC-statement high will be the start of a more fruitful period for digital currency owners. —Aaron Hankin @MarketWatch

Dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in order to fix the flaw and keep their customers protected. The company has not yet released technical details about the vulnerability, but since the vulnerability resides in the CPU, the flaw affects all devices running Intel Core-based microprocessors regardless of the installed operating systems, except some modern versions of Continue reading

Road by the Mountain

Worth Reading: The VPNFilter Bot

VPNFilter is a sophisticated piece of malware that infects mostly older home and small-office routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. It’s an impressive piece of work. —Bruce Schneier

Worth Reading: Meet Bro

In a nutshell, Bro transforms network traffic — in all its volume, variety, and downright weirdness — into exceptionally useful real-time data for security operations. Through deep packet inspection, Bro can extract hundreds of security-relevant fields from dozens of protocols and present them in a way that makes sense to security operations center engineers. —Greg Bell @Dark Reading

Worth Reading: Eight SDN platforms

The architecture of SDN is highly dynamic, manageable, cost-effective and adaptable, and hence is well suited to high-bandwidth, dynamic applications. SDN architectures decouple network control and forwarding functions, enabling the former to become directly programmable, so all IT infrastructure gets abstracted from applications and network services. —Dr. Anand Nayyar

Worth Reading: Bypassing security with IPv6

As of last year, IPv6 has become an Internet standard, meaning that technology and processes are now in place allowing organizations to make a relatively smooth transition. As someone immersed in penetration testing and the ways cybercriminals can leverage technological change to their advantage, global IPv6 implementation at a varied pace piqued my curiosity. —John Anderson @Dark Reading

Worth Reading: Spam domains

Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. @Krebs on Security

Research: Lessons from Evolve or Die

Google runs what is probably one of the largest networks in the world. Because of this, network engineers often have two sorts of reactions to anything Google publishes, or does. The first is “my network is not that big, nor that complicated, so I don’t really care what Google is doing.” This is the “you are not a hyperscaler” (YANAH) reaction. The second, and probably more common, reaction is: whatever Google is doing must be good, so I should do the same thing. A healthier reaction to both of these is to examine these papers, and the work done by other hyperscalers, to find the common techniques they are applying to large scale networks, and then see where they might be turned into, or support, common network design principles. This is the task before us today in looking at a paper published in 2016 by Google called Evolve or Die: High Availablility Design Principles Drawn from Google’s Network Infrastructure.

The first part of this paper discusses the basic Google architecture, including a rough layout of the kinds of modules they deploy, the module generations, and the interconnectivity between those modules. This is useful background information for understanding the remainder Continue reading

Worth Reading: Serverless impacts on business

Serverless technologies are gaining traction in both enterprise and startup environments, at a pace much faster than seen with containers, which was the last widespread industry adoption rollout. —Mark Boyd @The New Stack

Worth Reading: Measurement in the gigabit era

Now is an opportune time for those of us in the technical and research communities to explore the implications of the expanding deployment of gigabit per second (Gbps) end-user connection speeds (throughput capacity of an end-user’s connection) for large-scale measurement systems. —Jason Livingood @APNIC

Worth Reading: Cable management and air damming

As data centers increasingly become the heart of businesses, proper distribution and cable management have also taken on new importance. Traditional methods of preventing air damming, cooling vital components and ensuring proper containment simply fail to deliver. —Jeff Hodges @Data Center Journal

Off the Cuff: Microsoft Purchases Github

Last week, Eyvonne, Donald, Alistair, and I sat and talked about the recent purchase of Github by Microsoft. Will this be the end of git as a widely used open source repository, or will we all look back in five years and think “move along, nothing to see here?”

Worth Reading: Looking forward at session encryption

With TLSv1.3 approved and in the IETF publication queue, it’s time to think about deployment options and obstacles, and planning for changes inherent in this revision. —Kathleen Moriarty @APNIC