Archive

Category Archives for "Networking"

ICANN urges adopting DNSSEC now

Powerful malicious actors continue to be a substantial risk to key parts of the Internet and its Domain Name System security infrastructure, so much so that The Internet Corporation for Assigned Names and Numbers is calling for an intensified community effort to install stronger DNS security technology. Specifically ICANN is calling for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. DNS,often called the internet’s phonebook, is part of the global internet infrastructure that translates between common language domain names and IP addresses that computers need to access websites or send emails.  DNSSEC adds a layer of security on top of DNS.To read this article in full, please click here

ICANN urges adopting DNSSEC now

Powerful malicious actors continue to be a substantial risk to key parts of the Internet and its Domain Name System security infrastructure, so much so that The Internet Corporation for Assigned Names and Numbers is calling for an intensified community effort to install stronger DNS security technology. Specifically ICANN is calling for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. DNS,often called the internet’s phonebook, is part of the global internet infrastructure that translates between common language domain names and IP addresses that computers need to access websites or send emails.  DNSSEC adds a layer of security on top of DNS.To read this article in full, please click here

ICANN urges adopting DNSSEC now

Powerful malicious actors continue to be a substantial risk to key parts of the Internet and its Domain Name System security infrastructure, so much so that The Internet Corporation for Assigned Names and Numbers is calling for an intensified community effort to install stronger DNS security technology. Specifically ICANN is calling for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. DNS,often called the internet’s phonebook, is part of the global internet infrastructure that translates between common language domain names and IP addresses that computers need to access websites or send emails.  DNSSEC adds a layer of security on top of DNS.To read this article in full, please click here

ICANN urges adopting DNSSEC now

Powerful malicious actors continue to be a substantial risk to key parts of the Internet and its Domain Name System security infrastructure, so much so that The Internet Corporation for Assigned Names and Numbers is calling for an intensified community effort to install stronger DNS security technology. Specifically ICANN is calling for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. DNS,often called the internet’s phonebook, is part of the global internet infrastructure that translates between common language domain names and IP addresses that computers need to access websites or send emails.  DNSSEC adds a layer of security on top of DNS.To read this article in full, please click here

IHS Markit Talks Pioneering Private Cloud, Containers, and VMware Cloud on AWS

Global information, analytics, and solutions company IHS Markit provides data-driven insight for its government and corporate customers. Using VMware vRealize Automation, the company has already rolled out a private cloud that helped developers cut a 6-month infrastructure provisioning process down to one week. They’ve also been using VMware NSX-T Data Center to secure their workloads at a granular level with micro-segmentation, and to fundamentally re-think network design.

At VMworld 2018 in Las Vegas, Andrew Hrycaj, Principal Network Engineer for IHS Markit, spoke about the company’s plans for software-defined networking and hybrid cloud. IHS Markit has deployed VMware NSX Data Center, including NSX-T Data Center and VMware NSX Data Center for vSphere, into five data centers. “The NSX Data Center advantage for us is the fact that it can interact with so many different environments; from containers, to the public cloud environment with AWS and Azure, to on-prem,” said Hrycaj. “We’ll be able to utilize micro-segmentation across all of them with a common security footprint. If NSX-T goes to all those different environments, we can apply the same security policy across all those different platforms. It makes operations’ life easier because the transparency is there.”

 

Innovating with Continue reading

Troubleshooting Webinar at Safari Books Online

I’m doing a live webinar on troubleshooting on Safari Books on the 19th of April—

Troubleshooting is a fundamental skill for all network engineers, from the least to most experienced. However, there is little material on correct and efficient troubleshooting techniques in a network engineering context, and no (apparent) live training in this area. Some chapters in books exist (such as the Computer Networking Problems and Solutions, published in December 2017), and some presentations in Cisco Live, but the level of coverage for this critical skill is far below what engineers working in the field to develop solid troubleshooting skills.

This course is grounded in the formal half split method of troubleshooting I learned back in electronic engineering applied to networks. It’s probably the most efficient and effective method of troubleshooting available.

You can register here.

Why not OSPF for the Internet Core?

Every now and again (not often enough, if I’m to be honest), someone will write me with what might seem like an odd question that actually turns out to be really interesting. This one is from Surya Ahuja, a student at NC State, where I occasionally drop by to do a guest lecture.

We were recently working on an example design problem in one of our courses, and like a dedicated student I was preparing the State, optimisation, surface sheet ? One of the design decisions was to explain the selection of the routing protocol. This got me thinking. When BGP was being created, were there modifications to OSPF itself considered? … it could have been made possible to just use OSPF across enterprise and the internet. Then why not use it?

A quick answer might go somethign like this: OSPF did not exist when BGP was invented. The IETF working group for OSPF was, in fact, started in 1988, while the original version of BGP, called EGP, was originally specified by Eric Rosen in 1982, some 6 years earlier. The short answer might be, then, that OSPF was not considered because OSPF had not been invented yet. ?

But this quick Continue reading

Logpush: the Easy Way to Get Your Logs to Your Cloud Storage

Logpush: the Easy Way to Get Your Logs to Your Cloud Storage

Introducing Logpush

Logpush: the Easy Way to Get Your Logs to Your Cloud Storage

Today, we’re excited to announce a new way to get your logs: Logpush, a tool for uploading your logs to your cloud storage provider, such as Amazon S3 or Google Cloud Storage. It’s now available in Early Access for Enterprise domains.

We first explained Cloudflare’s logging functionality almost six years ago. Since then, the number of domains on our network has grown by ten times. We’ve continued giving our Enterprise customers the ability to download logs using a REST API, which has gotten a large number of functional and technical updates. We’ve also been paying attention to how our customers’ needs have evolved, especially as we protect and accelerate increasingly larger domains. This led to the development of Logpush.

The Value of Logs

Cloudflare works by being an intermediary between our customers’ websites, applications, and devices, and their end-users or potential attackers. As part of providing our service, we create a record of each request that goes through our network. These records (or request logs) have detailed information regarding the connecting client, our actions—including whether the request was served by the cache or blocked by our firewall—and the response from the origin web server. For Enterprise customers Continue reading

IDG Contributor Network: Named data networking: Stateful forwarding plane for datagram delivery

The Internet was designed to connect things easily, but a lot has changed since its inception. Users now expect the internet to find the “what” (i.e., the content), but the current communication model is still focused on the “where.”The Internet has evolved to be dominated by content distribution and retrieval. As a matter of fact, networking protocols still focus on the connection between hosts that surfaces many challenges.The most obvious solution is to replace the “where” with the “what” and this is what Named Data Networking (NDN) proposes. NDN uses named content as opposed to host identifiers as its abstraction.How the traditional IP works To deliver packets from a source to a destination, IP needs to accomplish two phases of operation. The first phase is the routing plane also known as the control plane. This phase enables the routers to share routing updates and select the best path to construct the forwarding information table (FIB). The second phase is the forwarding plane also known as the data plane. This is the phase where forwarding to the next hop is executed upon FIB examination.To read this article in full, please click here

IDG Contributor Network: Named data networking: Stateful forwarding plane for datagram delivery

The Internet was designed to connect things easily, but a lot has changed since its inception. Users now expect the internet to find the “what” (i.e., the content), but the current communication model is still focused on the “where.”The Internet has evolved to be dominated by content distribution and retrieval. As a matter of fact, networking protocols still focus on the connection between hosts that surfaces many challenges.The most obvious solution is to replace the “where” with the “what” and this is what Named Data Networking (NDN) proposes. NDN uses named content as opposed to host identifiers as its abstraction.How the traditional IP works To deliver packets from a source to a destination, IP needs to accomplish two phases of operation. The first phase is the routing plane also known as the control plane. This phase enables the routers to share routing updates and select the best path to construct the forwarding information table (FIB). The second phase is the forwarding plane also known as the data plane. This is the phase where forwarding to the next hop is executed upon FIB examination.To read this article in full, please click here

IDG Contributor Network: Named data networking: Stateful forwarding plane for datagram delivery

The Internet was designed to connect things easily, but a lot has changed since its inception. Users now expect the internet to find the “what” (i.e., the content), but the current communication model is still focused on the “where.”The Internet has evolved to be dominated by content distribution and retrieval. As a matter of fact, networking protocols still focus on the connection between hosts that surfaces many challenges.The most obvious solution is to replace the “where” with the “what” and this is what Named Data Networking (NDN) proposes. NDN uses named content as opposed to host identifiers as its abstraction.How the traditional IP works To deliver packets from a source to a destination, IP needs to accomplish two phases of operation. The first phase is the routing plane also known as the control plane. This phase enables the routers to share routing updates and select the best path to construct the forwarding information table (FIB). The second phase is the forwarding plane also known as the data plane. This is the phase where forwarding to the next hop is executed upon FIB examination.To read this article in full, please click here