SD-WAN – Glorified DMVPN?
I had an interesting discussion with Jon Cooper in the Network Collective Slack. The discussion was around SD-WAN. We were discussing if SD-WAN is just a “glorified DMVPN” or if it’s something more than that. Note that this was a bit tongue in cheek comment from Jon but it’s interesting for the sake of discussion.
To compare the two, let’s look at some of the design and operational challenges of running a DMVPN.
Physical design – How many Hub routers do you need? In a DMVPN, the Hub router is a special type of device that is responsible for mapping the underlay IP address to the overlay IP address. If a Hub needs to be added, this Next Hop Server (NHS) needs to be added to the spokes. With Cisco SD-WAN, this is handled by the vBond which is a virtual machine running in a public cloud. Adding a device is simple as the WAN edge routers use a hostname (DNS) to ask for the IP of the vBond. This means that the physical design is less rigid.
Logical design – In a DMVPN, you need to decide on the number of DMVPN clouds. Do you do a single cloud Continue reading
Who Went Where: The Top Personnel Changes of 2018
From Hans Vestberg’s quick rise at Verizon to Google Cloud’s leadership shakeup, this year was full of personnel changes that turned heads.
The Year in Review: Governments Try to Restrict Free Speech Online and Break Encryption
In 2018, the Internet saw concerted government efforts to restrict free speech on the Internet – some in the name of fighting “fake news” – and to compromise encryption on devices and messaging apps.
Can the government decide what’s fake news? Several countries either passed or explored laws intended to combat so-called fake news and online disinformation. In some cases, the laws contained significant prison time for those who create or disseminate fake news.
The problem, of course, is that the government decides what’s fake and what’s legitimate news. Free speech advocates have warned that the anti-fake news laws amount to censorship, with government officials playing content gatekeepers.
In Malaysia, the fake news law was quickly used to investigate an opponent of the administration in power. Malaysia repealed its anti-fake news law about four months after it passed, when opposition leader Mahathir Mohamad, one of the first people invested under the law, became prime minister.
In November, France passed its own anti-fake news law, allowing judges to determine fake news and order its removal. Distributors of news determined to be fake can face one year of prison time. India also considered but abandoned a fake news law earlier this Continue reading
Improving request debugging in Cloudflare Workers
At Cloudflare, we are constantly looking into ways to improve development experience for Workers and make it the most convenient platform for writing serverless code.
As some of you might have already noticed either from our public release notes, on cloudflareworkers.com or in your Cloudflare Workers dashboard, there recently was a small but important change in the look of the inspector.
But before we go into figuring out what it is, let's take a look at our standard example on cloudflareworkers.com:
The example worker code featured here acts as a transparent proxy, while printing requests / responses to the console.
Commonly, when debugging Workers, all you could see from the client-side devtools is the interaction between your browser and the Cloudflare Worker runtime. However, like in most other server-side runtimes, the interaction between your code and the actual origin has been hidden.
This is where console.log comes in. Although not the most convenient, printing random things out is a fairly popular debugging technique.
Unfortunately, its default output doesn't help much with debugging network interactions. If you try to expand either of request or response objects, all you can see is just a bunch of lazy accessors:
Will Cisco Viptela continue to be one of the Leaders in SD-WAN ?
In 2017, Cisco completed Viptela acquisition. It is not a surprise for me that Gartner published Cisco as the Leader in WAN Edge Infrastructure in 2018. This is Gartner’s famous Magic Quadrant report. I wrote a post for Silverpeak before. Silverpeak is listed in the Leaders category. Three vendors presented their solutions and I …
Continue reading "Will Cisco Viptela continue to be one of the Leaders in SD-WAN ?"
The post Will Cisco Viptela continue to be one of the Leaders in SD-WAN ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
One Byte at a Time – Protocol Analysis
The cornerstone of effective troubleshooting is based on having clear data points. That way we can compare these values before and after the change and prove the true impact.
DNS-over-TLS in Linux (systemd)
Whilst we were putting together some content about DNS privacy recently, we learned that recent distributions of Linux ship with support or this. We therefore decided to give Ubuntu 18.10 a try on a laptop.
More recent versions of Ubuntu employ a special service for name resolution called ‘system-resolved.service(8)’. The configuration file ‘resolved.conf(5)’ specifies most of the details for name resolution, including which protocols and resolvers should be employed, whilst the ‘/etc/systemd/network/*.network’ configuration files (see ‘systemd.network(5)’ for details) of the ‘systemd-networkd.service(8)’ specify any per-link specific settings.
The default configuration of ‘systemd-resolved’ is selected at compile time, and ‘/etc/systemd/resolved.conf’ normally contains commented-out lines describing such defaults. For example, the contents of the aforementioned file on a fresh Ubuntu 18.10 installation are:
As may be inferred from the file, DNS-over-TLS (DoT) is supported, but disabled by default. At the time of writing, only opportunistic DoT is supported according to the manual, which means that the resolver will first try resolution using DoT before falling back to traditional DNS in the event of failure – thus allowing for downgrade attacks where an attacker intentionally causes a DoT failure in order to cause name resolution to downgrade Continue reading
IPv6 Buzz 016: Happy Holidays With IPv6 Haiku
Thanks to everyone that tuned in this year! We're looking forward to bringing you more IPv6 Buzz in 2019!IPv6 Buzz 016: Happy Holidays With IPv6 Haiku
Thanks to everyone that tuned in this year! We're looking forward to bringing you more IPv6 Buzz in 2019!
The post IPv6 Buzz 016: Happy Holidays With IPv6 Haiku appeared first on Packet Pushers.
لمحة عامة حول حوكمة الإنترنت (General Overview about Internet Governance)
تلقى ملايين المستخدمين عبر فيسبوك مؤخراً رسائل تفيد بأن بياناتهم الشخصية قد تسربت بسبب اختراق Cambridge Analytica لها، يأتي هذا بعد أن كشفت صحيفة Observer أن Cambridge Analytica ، التي عملت مع فريق دونالد ترامب الانتخابي استحوذت على ملايين الحسابات الشخصية لمواطنين أمريكيين واستخدمت بياناتهم لبناء برنامج حاسوبي للتنبؤ بالناخبين والتأثير عليهم.
التصدي للمشاكل والقضايا التي تخص الانترنت بما فيها قضايا الأمن والخصوصية ليس بالأمر السهل ليس فقط بسبب النمو والتطور الكبير لهذه الشبكة والأثر الكبير الذي أحدثته على شتى القطاعات ونواحي الحياة، بل أيضاً بسبب طبيعته اللامركزية أي أنه شبكة غير محكومة بسلطة مركزية واحدة تقوم بإدارة الإنترنت وحدها.
الإنترنت هو ثمرة جهود مشاريع بحثية مولتها الحكومة وجهود أفراد من الجامعات ومنظمات القطاع الخاص الذين قادوا معظم تطوره المبكر وجعلوا منه منصة قائمة على تعاون مختلف الجهات والأطراف المهتمة بالأنترنت والمتأثرة بقراراته والتي تساهم في وضع سياساته. نرى في جزء آخر من العالم التصدي لمشاكل الخصوصية وحماية البيانات الشخصية في إقرار المجلس الأوروبي لقانون حماية البيانات العامة للاتحاد الأوروبي (GDPR)، وذلك بعد سلسلة من النقاشات دامت حوالي أربع أعوام من أجل ضمان أمن بيانات الأفراد ضمن الاتحاد الأوروبي. يمكننا أن نعبر عن العمليات القائمة بين أصحاب المصالح المتعددين والتي تؤثر على كيفية إدارة الإنترنت “بحوكمة الإنترنت”.
في سياق Continue reading
In Khartoum, A DNSSEC Deployathon
At the Internet Society Sudan Chapter office, adjacent to the west bank of the Blue Nile, four men decided to set up a local server capable of DNSSEC verification. It was an unplanned deployathon: a hands on, practical session in which a solution or service is deployed in a real-world scenario. Deployathons can help build technical capacity or set up a new service, and in this case, the men hoped to increase knowledge of DNSSEC and to prepare the individuals managing Sudan’s top-level domain (.sd) for signing in the near future.
During the SdNOG5 conference, these four men – we the authors, along with Jan Zorz of the Internet Society and Sander Steffann – continued the discussion on the deep technical challenges of deploying DNSSEC, and how Jan and Sander’s presence in Sudan provided an opportunity to leverage their experience with DNSSEC. We also reflected on the importance of DNSSEC for the country code top-level domain (ccTLD) and its positive impact on the national and international levels.
Having enjoyed some delicious Sudanese coffee, the four of us started to install a new server based on Centos 7, a Linux based operating system, from scratch. On this server, a DNS service Continue reading
Multithreading – Whats in it ?
Hi,
I never took threading seriously, partly because I was barely getting started with programming let alone running and improving a Programs performance. I have all the time in the universe to wait for the program to run instead of making it run much faster 
Problem statement: Has 3 sites to ping, make 3 parallel pings (like opening 3 terminal and issuing a parallel ping statement) instead of one by one approach and has to be done with python
Threading Module comes to Rescue
https://github.com/yukthr/auts/blob/master/random_programs/threading_program.py
Basically, in the below output if you see two blocks, one block gets executed sequentially one ping after the other while the other one includes threading and everything is taken parallel and hence we see the output differences as well. I think am yet to figure on calculating time aspect of the threading but it is definitely faster.
Again not going much into GIL or (IO / CPU threading differences), all I can say is we can use this to enhance some day to day activities.
This may sound a little strange, macosx was not giving me any results for threading while any Linux / Unix (raspberry pi in this Continue reading
The Internet is the Future of the WAN, but MPLS will Persist
Every enterprise will have its own strategy for migrating to the internet. EMA believes SD-WAN will be essential to nearly all organizations that make this transition.
Infinera Corporate Restructuring Plan Hits 53 Jobs in California
The initial phase of the program will cost between $6 million and $8 million and is linked to Infinera's recently closed $430 million acquisition of Coriant.
Trump Considers New Attack on Huawei, ZTE
But Huawei may be getting the best kind of revenge. The company says its revenues in 2018 grew 21 percent over the previous year.
Meeting Your Deadlines Is Never Easy
2018 has been a busy year. There’s been a lot going on in the networking world and the pace of things keeps accelerating. I’ve been inundated with things this last month, including endless requests for my 2019 predictions and where I think the market is going. Since I’m not a prediction kind of person, I wanted to take just a couple of moments to talk more about something that I did find interesting from 2018 – deadlines.
Getting It Out The Door
Long-time readers of this blog may remember that I’ve always had a goal set for myself of trying to get one post published every week. It’s a deadline I set for myself to make sure that I didn’t let my blog start decaying into something that is barely updated. I try to hold fast to my word and get something new out every week. Sometimes it’s simple, like reflections on one of the various Tech Field Day events that I’m working on that week. But there’s always something.
That is, until Cisco Live this year. I somehow got so wrapped up in things that I missed a post for the first time in eight years! Granted, this was Continue reading
Dell Runs the Gauntlet to Achieve Its Goal of Going Public
It took Michael Dell 12 months of battling shareholders — and ultimately paying them about $14 billion — to once again take his company public.
ZTE Spent 2018 Engulfed in International Intrigue
ZTE's year included claims of espionage, direct intervention from President Donald Trump, a growing list of countries banning use of its equipment, and a $1 billion hit to its bottom line.
How to Manage Complex Infrastructures–with Thousands of Workloads–for Optimal Results
Workload placement once required best guesses, but automated workload analysis is changing the game