Worth Reading: NSX-T

VMware’s network virtualization platform, called NSX, creates network services like routing, load balancing, firewalling and more. All of it is done in software that can be implemented on any underlying infrastructure as long as it does IP transfer. @The New Stack

The DNS Negative Cache

Considering the DNS query chain—

• A host queries a local recursive server to find out about banana.example
• The server queries the root server, then recursively the authoritative server, looking for this domain name
• banana.example does not exist

There are two possible responses in this chain of queries, actually. .example might not exist at all. In this case, the root server will return a server not found error. On the other hand, .example might exist, but banana.example might not exist; in this case, the authoritative server is going to return an NXDOMAIN record indicating the subdomain does not exist.

Assume another hosts, a few moments later, also queries for banana.example. Should the recursive server request the same information all over again for this second query? It will unless it caches the failure of the first query—this is the negative cache. This negative cache reduces load on the overall system, but it can also be considered a bug.

Take, for instance, the case where you set up a new server, assign it banana.example, jump to a host and try to connect to the new server before the new DNS information has been propagated through the system. On Continue reading

Worth Reading: Containers will not fix your culture problem

According to noted thought leader Jane Austen, it is a truth universally acknowledged that a techie in possession of any production code whatsoever must be in want of a container platform. Or is it? —Bridget Kromhout @ACM Queue

Worth Reading: It’s bright, shiny, and new

Vendors and operators urgently go away in huddles to define and develop the new technology. This is closely followed by extensive promotional campaigns explaining how good the new technology will be for the industry. —David Stokes @ECI

Reaction: The Pace of Innovation

Dave Ward has an excellent article over at the Cisco blog on the three year journey since he started down the path of trying to work the standards landscape (called SDOs) to improve the many ways in which these organizations are broken. Specifically, he has been trying to connect the open source and open standards communities better—a path I heartily endorse, as I have been intentionally trying to work in both communities in parallel over the last several years, and find places where I can bring them together.

While the entire blog is worth reading, there are two lines I think need some further thought. The first of this is a bit of a scold, so be prepared to have your knuckles rapped.

My real bottom line here is that innovators can’t go faster than their customers and customers can’t go faster than their own understanding of the technology and integration, deployment and operational considerations.

Precisely. Maybe this is just an old man talking, but I sometimes want to scold the networking industry on this very point. We fuss about innovation, but innovation requires customers who understand the technology—and the networking world has largely become a broad set of meta-engineers, Continue reading

Worth Reading: Bringing DNS security to the user

All of these efforts are aimed at protecting the complete path between the user and the service. This means authentication and encryption should start at the edge of the network, with the end user. As just about any interaction on the Internet starts out with a query for a domain name, it puts the DNS at the core of achieving this ultimate goal. —Benno Overeinder @APNIC

Weekend Reads 020918: The Usual Stuff

The Linux Foundation which has been host to many leading open source networking projects, felt the need to streamline all its various ventures, informed Arpit Joshipura, general manager of networking and orchestration at The Linux Foundation. The six founding open source projects involved in the LFN are FD.io, OpenDaylight, Open Network Automation Platform (ONAP), Open Platform for NFV (OPNFV), PDNA and Streaming Network Analytics System. An additional 83-member organization is participating in LFN. This is significant because members of the Linux Foundation can choose whether they want to join LFN, and they can participate in as many or as few of the projects as they want. —Syeda Beenish @OpenSource

The plunder of more than $500 million worth of digital coins from the Japanese cryptocurrency exchange Coincheck last week has added to a growing perception that cryptocurrencies are particularly vulnerable to hackers. It’s an expensive reminder that like many things in the cryptocurrency world, security technologies—and the norms, best practices, and rules for using them—are still emerging. Not least because of its enormous size, the Coincheck hack could go down as a seminal moment in that process. —Mike Orcutt @Technology Review

The days of pointing to a file cabinet and Continue reading

Concrete Lantern

On the ‘net: Fog computing architecture posing challenges for IT

As the processing power of individual, handheld, always on devices has overtaken the computing power of most mainframes of old, and network bandwidth has ramped up, a new trend is emerging towards fog computing. In fog computing as much of the processing as possible is pushed out of large scale data centers and into individual devices at the edge. To case a case study, consider the process of tagging the images of people uploaded to a social media site. —Search Networking

Worth Reading: Containers and Spectre

Software containers can offer some respite against Spectre and Meltdown attacks — but without the help of critical security tools and practices, they remain relatively easy targets.—B. Cameron Gain @The New Stack

History of Networking: Paul Vixie on the Origins of DNS

Paul Vixie joins us on the History of Networking to talk about the spread of the DNS system—like a virus through the body network. All those radios in the background at a bit of history; Paul is an Amateur Radio Operator of many years, though, like me, he is not as active as he used to be in this realm.

Worth Reading: Tech Ethics

Do teaching and codifying ethics effectively improve Tech? Consider a new software engineer, Ardentia, thrilled with her gleaming new workspace, her new refreshments bar, and her clever new colleagues. —Robin K. Hill @ACM

Worth Reading: Which Linux Kernel is Stable?

Almost every time Linus Torvalds releases a new mainline Linux kernel, there’s inevitable confusion about which kernel is the “stable” one now. Is it the brand new X.Y one, or the previous X.Y-1.Z one? —Konstantin Ryabitsev @linux.com

Some Market Thoughts on the Broadcom SDKLT

Broadcom, to much fanfare, has announced a new open source API that can be used to program and manage their Tomahawk set of chips. As a general refresher, the Tomahawk chip series is the small buffer, moderate forwarding table size hardware network switching platform on which a wide array of 1RU (and some chassis) routers (often called switches, but this is just a bad habit of the networking world) used in large scale data centers. In fact, I cannot think of a single large scale data center operating today that does not somehow involve some version of the Tomahawk chip set.

What does this all mean? While I will probably end up running a number of posts on SDKLT over time, I want to start with just some general observations about the meaning of this move on the part of Broadcom for the overall network engineering world.

This is a strong validation of a bifurcation in the market between disaggregation and hyperconvergence in the networking world. Back when the CCDE was designed and developed, there was a strong sense among the folks working on the certification that design and operations were splitting. This trend is still ongoing, probably ultimately resulting Continue reading

Worth Reading: NAT66

Network Address Translation (NAT) and Network Address Port Translation (NAPT) are technologies many people have a strong opinion about. —Marco Cilloni @APNIC

Weekends Reads 020218: GDPR, taxes, and security

The regulatory environment for brands and retailers that do business online is getting stricter thanks to regulatory changes in Europe with the General Data Protection Regulation (GDPR), as well as existing regulations in th ompanies that adapt quickly can turn these changes into a competitive advantage. —Christopher Rence @CircleID

Europe’s General Data Protection Regulation (GDPR) will come into effect in May 2018, and with it, a new set of tough penalties for companies that fail to adequately protect the personal data of European users. Amongst those affected are domain name registries and registrars, who are required by ICANN, the global domain name authority, to list the personal information of domain name registrants in publicly-accessible WHOIS directories. ICANN and European registrars have clashed over this long-standing contractual requirement, which does not comply [PDF] with European data protection law. —Jeremy Malcom @EFF

Security is always changing and failure always exists. This toxic scenario requires a fresh perspective on how we think about operational security. We must understand that we are often the primary cause of our own security flaws. The industry typically looks at cybersecurity and failure in isolation or as separate matters. We believe that our lack of insight and operational Continue reading

Live Training at Safari Books: How the Internet Really Works

I will be teaching my first live training course at Safari Books Online on the 9th of March, starting at noon ET: How the Internet Really Works. It’s hard to describe the level and background for this training, as it will be all over the place; this is a bit of an experiment in this realm. The course description is—

This live training will provide an overview of the systems, providers, and standards bodies important to the operation of the global Internet, including the Domain Name System (DNS), the routing and transport systems, standards bodies, and registrars. For DNS, the process of a query will be considered in some detail, who pays for each server used in the resolution process, and tools engineers can use to interact DNS. For routing and transport, the role of each kind of provider will be considered, along with how they make money to cover their costs, and how engineers can interact with the global routing table (the Default Free Zone, of DFZ). Finally, registrars and standards bodies will be considered, including their organizational structure, how they generate revenue, and how to find their standards.

You can find more information here.

Parrot Tire

Worth Reading: IPv6 Adoption Challenges

With the growing number of devices connected to the Internet—such as smart cars, smart homes and even smart cities—and with the pool of available IPv4 addresses quickly running out, space has become a more important issue than ever. —Marc Spindel @The Data Center Journal

Worth Reading: Networking with Intent

As servers and then storage appliances became increasingly virtualized and disaggregated over the past 15 years or so, the network stubbornly stuck with the appliance model, closed and proprietary. — Jeffrey Burt @The Next Platform