Russ, Author at NetworkingNexus.net - Page 95 of 162

NetworkingNexus.net

Home →

Russ

Author Archives: Russ

Worth Reading: A new YANG module catalogue

From a high level point of this YANG catalog goal is to become a reference for all YANG modules available in the industry, for both YANG developers (to search on what exists already) and for operators (to discover the more mature YANG models to automate services). This YANG catalog should not only contain pointers to the YANG modules themselves, but also contains metadata related to those YANG modules: What is the module type (service model or not?) What is the maturity level? (for the IETF: is this a RFC, a working group document or an individual draft?), Is this module implemented? Who is the contact? Is there open-source code available? And we expect much more in the future. —Benoît Claise

The post Worth Reading: A new YANG module catalogue appeared first on rule 11 reader.

Optimal Route Reflection

There are—in theory—three ways BGP can be deployed within a single AS. You can deploy a full mesh of iBGP peers; this might be practical for a small’ish deployment (say less than 10), but it quickly becomes a management problem in larger, or constantly changing, deployments. You can deploy multiple BGP confederations; creating internal autonomous systems that are invisible to the world because the internal AS numbers are stripped at the real eBGP edge.

The third solution is (probably) the only solution anyone reading this has deployed in a production network: route reflectors. A quick review might be useful to set the stage.

In this diagram, B and E are connected to eBGP peers, each of which is advertising a different destination; F is advertising the 100::64 prefix, and G is advertising the 101::/64 prefix. Assume A is the route reflector, and B,C, D, and E are route reflector clients. What happens when F advertises 100::/64 to B?

B receives the route and advertises it through iBGP to A
A adds its router ID to the cluster list, and reflect the route to C, D, and E
E receives this route and advertises it through its eBGP session towards G
Continue reading

Worth Reading: PDoS attacks

Imagine a fast moving bot attack designed to render the victim’s hardware from functioning. Called Permanent Denial of Service attacks (PDoS attacks), this form of cyber-attack is becoming increasingly popular in 2017 as more incidents involving this hardware-damaging assault occur. Also known loosely as “phlashing” in some circles, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. By exploiting security flaws or misconfigurations, this type of cyber attack can destroy the firmware and/or basic functions of system. It is a contrast to its well-known cousin, DDoS attacks, which overloads systems with requests meant to saturate resources through unintended usage. —radware

The post Worth Reading: PDoS attacks appeared first on rule 11 reader.

Worth Reading: SGXIO

Intel’s SGX provides hardware-secured enclaves for trusted execution of applications in an untrusted environment. Previously we’ve looked at Haven, which uses SGX in the context of cloud infrastructure, SCONE which shows how to run docker containers under SGX, and Panoply which looks at what happens when multiple applications services, each in their own enclave, need to communicate with each other (think kubernetes pod or a collection of local microservices). SGXIO provides support for generic, trusted I/O paths to protect user input and output between enclaves and I/O devices. (The generic qualifier is important here – currently SGX only works with proprietary trusted paths such as Intel’s Protected Audio Video Path). —the morning paper

The post Worth Reading: SGXIO appeared first on 'net work.

Worth Reading: SGXIO

Intel’s SGX provides hardware-secured enclaves for trusted execution of applications in an untrusted environment. Previously we’ve looked at Haven, which uses SGX in the context of cloud infrastructure, SCONE which shows how to run docker containers under SGX, and Panoply which looks at what happens when multiple applications services, each in their own enclave, need to communicate with each other (think kubernetes pod or a collection of local microservices). SGXIO provides support for generic, trusted I/O paths to protect user input and output between enclaves and I/O devices. (The generic qualifier is important here – currently SGX only works with proprietary trusted paths such as Intel’s Protected Audio Video Path). —the morning paper

The post Worth Reading: SGXIO appeared first on rule 11 reader.

Chimney

brick chimney in the corner of greenhouses

The post Chimney appeared first on 'net work.

Chimney

brick chimney in the corner of greenhouses

The post Chimney appeared first on rule 11 reader.

Worth Reading: Criminals getting closer to state actors

A few years ago, we saw a clear difference between state actors and criminals looking at the technologies and procedures they applied attacking an environment. Over time we have seen these two groups coming closer together. In the meantime, criminals seem to have caught up. They started to use more sophisticated and targeted malware and they do not shy away from calling their victims and helping them to run “the macro in the Word document”… —Halbheer on Security

The post Worth Reading: Criminals getting closer to state actors appeared first on 'net work.

Worth Reading: Criminals getting closer to state actors

A few years ago, we saw a clear difference between state actors and criminals looking at the technologies and procedures they applied attacking an environment. Over time we have seen these two groups coming closer together. In the meantime, criminals seem to have caught up. They started to use more sophisticated and targeted malware and they do not shy away from calling their victims and helping them to run “the macro in the Word document”… —Halbheer on Security

The post Worth Reading: Criminals getting closer to state actors appeared first on rule 11 reader.

Worth Reading: Building Venice

What we do with Venice is support incremental upgrades of the cluster. Both of these approaches use a cluster of storage nodes. Given that our database is both sharded and replicated, we can bring down one storage node, upgrade it to the new version of the code, and bring it back online without affecting the usability of the system. Doing this one node at a time with each storage node in the cluster lets us do a zero-downtime upgrade. —LinkedIn

The post Worth Reading: Building Venice appeared first on 'net work.

Worth Reading: Building Venice

What we do with Venice is support incremental upgrades of the cluster. Both of these approaches use a cluster of storage nodes. Given that our database is both sharded and replicated, we can bring down one storage node, upgrade it to the new version of the code, and bring it back online without affecting the usability of the system. Doing this one node at a time with each storage node in the cluster lets us do a zero-downtime upgrade. —LinkedIn

The post Worth Reading: Building Venice appeared first on rule 11 reader.

Worth Reading: Up!

Far from being a vibrant environment with an array of competitive offerings, the activity of providing so-called “last mile” Internet access appears to have been reduced to an environment where, in many markets, a small number of access providers appear to operate in a manner that resembles a cosy cartel, strenuously resisting the imposition of harsher strictures of true competition. Mobile access continues to operate at a distinct price premium and the choices for broadband wireline access are all too often limited to just one or two providers. Is there another option? If we looked up into the sky are there potential services that could alter this situation? —Potaroo

The post Worth Reading: Up! appeared first on 'net work.

Worth Reading: Up!

Far from being a vibrant environment with an array of competitive offerings, the activity of providing so-called “last mile” Internet access appears to have been reduced to an environment where, in many markets, a small number of access providers appear to operate in a manner that resembles a cosy cartel, strenuously resisting the imposition of harsher strictures of true competition. Mobile access continues to operate at a distinct price premium and the choices for broadband wireline access are all too often limited to just one or two providers. Is there another option? If we looked up into the sky are there potential services that could alter this situation? —Potaroo

The post Worth Reading: Up! appeared first on rule 11 reader.

Worth Reading: Google’s TPU architecture

Four years ago, Google started to see the real potential for deploying neural networks to support a large number of new services. During that time it was also clear that, given the existing hardware, if people did voice searches for three minutes per day or dictated to their phone for short periods, Google would have to double the number of datacenters just to run machine learning models. —The Next Platform

The post Worth Reading: Google’s TPU architecture appeared first on 'net work.

Worth Reading: Google’s TPU architecture

Four years ago, Google started to see the real potential for deploying neural networks to support a large number of new services. During that time it was also clear that, given the existing hardware, if people did voice searches for three minutes per day or dictated to their phone for short periods, Google would have to double the number of datacenters just to run machine learning models. —The Next Platform

The post Worth Reading: Google’s TPU architecture appeared first on rule 11 reader.

On the ‘net: Why a new routing stack?

In late 2016, several companies worked together to fork Quagga—that is, to pull the code based into a new Git repository, and hence into a separately maintained project. This new open source routing stack has been dubbed Free Range Routing (FRR). There is current participation in the project from Cumulus, 6Wind, LinkedIn, and others; the project is aligned with the Linux Foundation, and available on GitHub. —LinkedIn

The post On the ‘net: Why a new routing stack? appeared first on 'net work.

On the ‘net: Why a new routing stack?

In late 2016, several companies worked together to fork Quagga—that is, to pull the code based into a new Git repository, and hence into a separately maintained project. This new open source routing stack has been dubbed Free Range Routing (FRR). There is current participation in the project from Cumulus, 6Wind, LinkedIn, and others; the project is aligned with the Linux Foundation, and available on GitHub. —LinkedIn

The post On the ‘net: Why a new routing stack? appeared first on rule 11 reader.

Worth Reading: Too big not to fail

It’s predictability that matters, not reliability. Stuff can fail… Stuff will fail. With tens of thousands of servers, lots of stuff fails every day! You just need to predict how often. … Baroque is an architectural style with a lot of ornate detail and tremendous variety. In a largescale environment, bespoke becomes baroque. The individual details of the various types of servers become overwhelming. The aggregate system with its large number of server types is full of detail and complexity. —ACM

The post Worth Reading: Too big not to fail appeared first on 'net work.

Worth Reading: Too big not to fail

It’s predictability that matters, not reliability. Stuff can fail… Stuff will fail. With tens of thousands of servers, lots of stuff fails every day! You just need to predict how often. … Baroque is an architectural style with a lot of ornate detail and tremendous variety. In a largescale environment, bespoke becomes baroque. The individual details of the various types of servers become overwhelming. The aggregate system with its large number of server types is full of detail and complexity. —ACM

The post Worth Reading: Too big not to fail appeared first on rule 11 reader.

Worth Reading: Microsoft’s Open Approach to Networking

At Microsoft, we’re focused on enabling our customers by supporting all the technologies they depend on, and collaborating across organizational and industrial boundaries to bring the best possible experience to the cloud. Microsoft embraces open source and partner ecosystems to scale our own development efforts and accelerate innovation. Products that include Visual Studio Code, .NET, and ASP.NET are being publicly developed on GitHub with contributions from both Microsoft and non-Microsoft developers. These products are targeting Windows, Mac, and Linux. Microsoft is a contributing member of open source communities, including the Apache Software Foundation, Linux Foundation, R Consortium, and Node.js Foundation. —Microsoft Azure Blog

The post Worth Reading: Microsoft’s Open Approach to Networking appeared first on 'net work.

« Previous 1 … 93 94 95 96 97 … 162 Next »