Archive

Category Archives for "Networking"

The Week in Internet News: Startup Cash for Spy-o-T

Investing in hacking IoT: A startup in Israel has raised $12.5 million in investments to help governments hack the Internet of Things and other technologies, Forbes reports. What could go wrong? Toka says it’ll provide spy tools for whatever device its clients require, with a special focus on the IoT.

Encryption wars, part 348: U.S. FBI Director Christopher Wray says legislation allowing law enforcement agencies access to encrypted devices may be necessary if the government and private vendors cannot come to a compromise, Cyberscoop reports. The FBI has, for several years, complained that its investigations are hampered by encrypted devices, although many security experts say encryption backdoors will make us all less safe.

AI for good: More than 2,000 Artificial Intelligence experts have signed a pledge saying they will not participate in the development of legal, autonomous weapons systems, Gizmodo reports. Autonomous weapons posed a “clear and present danger to the citizens of every country in the world,” the pledge says.

Clamping down: The government in Iraq shut down the Internet for two days in response to protests there, CircleID says. The government ordered the disconnection of the fiber backbone that carries traffic for most of the country Continue reading

Examining Linux system performance with dstat

Want to do a quick performance check on your Linux system? You might want to take a look at the dstat command. Dstat provides valuable insights into Linux system performance, pretty much replacing a collection of older tools such as vmstat, netstat, iostat, and ifstat with a flexible and powerful command that combines their features.With this one command, you can look at virtual memory, network connections and interfaces, CPU activity, input/output devices and more. In today's post, we'll examine some dstat commands and see what they can show you about your systems. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Dstat options and defaults First, let's start with a fairly simple command. With the dstat -c (CPU) option, dstat displays CPU stats. In the example below, we're asking for two-second intervals and six reports.To read this article in full, please click here

Network Break 194: Amazon Spooks Switch Vendors; Big Switch Brings VPCs On Prem

Take a Network Break! Today we’re joined by guest John Fruehe. Amazon sent shock waves through the networking industry on rumors it might sell whitebox switches to the enterprise. The cloud giant says it has no current plans, but we examine other ways AWS might get into your network.

AWS adds EC2 instances to its Snowball edge storage device, and Big Switch Networks rolls out new software to enable VPC-like networking in your private data center.

A British government agency dings Huawei on national security, Deutsche Telekom joins Linux Foundation Networking, and Cato Networks adds identity routing to its SD-WAN offering.

Last but not least, Cisco releases more than two dozen security advisories, and Microsoft rakes in the money in its fourth quarter and fiscal 2018 financial reports.

Get links to all these news stories below.

Sponsor: Packet Pushers Ignition

The Packet Pushers have launched a brand new membership site called Ignition. Ignition offers free and premium memberships and hosts exclusive content for subscribers, including videos, reports, blogs, and more. Check it out at ignition.packetpushers.net.

Show Links:

Exclusive: Amazon denies it will challenge Cisco with switch sales – MarketWatch

Video: Amazon To Sell Whitebox ? Analysis and Thinking Because Continue reading

How SD-WAN will make the cloud much, much bigger

Though I no longer actively participate in it as a pioneering player in the networking space I have always kept a watchful eye on the market and I am seeing yet another disruptive force known as SD-WAN (Software-Defined Wide-Area Networking) finally gaining momentum.For starters, SD-WAN is an extension of Software-Defined Networking (SDN). As the term implies, SDN aims to automate (virtualize) various network functions that are currently touch-heavy.[ Related: SD-WAN: What it is and why you will use it one day ] Network architects talk about separating the control plane from the data plane ad nauseum but that is just the starting point. The ability to virtualize numerous network functions from a central location and thus create an abstraction layer in a manner that is custom-tailored for each enterprise – and, by extension, perhaps for each user - has been the Holy Grail of networking for years if not decades. Tom Nolle, president of CIMI Corporation and a longtime proponent of all things SDN, is spot on when he states that: "SD-WAN is absolutely critical, because it is the vehicle most likely to bring true virtualization to networking. Without virtualization in the network, virtualization in the Continue reading

How SD-WAN will make the cloud much, much bigger

Though I no longer actively participate in it as a pioneering player in the networking space I have always kept a watchful eye on the market and I am seeing yet another disruptive force known as SD-WAN (Software-Defined Wide-Area Networking) finally gaining momentum.For starters, SD-WAN is an extension of Software-Defined Networking (SDN). As the term implies, SDN aims to automate (virtualize) various network functions that are currently touch-heavy.[ Related: SD-WAN: What it is and why you will use it one day ] Network architects talk about separating the control plane from the data plane ad nauseum but that is just the starting point. The ability to virtualize numerous network functions from a central location and thus create an abstraction layer in a manner that is custom-tailored for each enterprise – and, by extension, perhaps for each user - has been the Holy Grail of networking for years if not decades. Tom Nolle, president of CIMI Corporation and a longtime proponent of all things SDN, is spot on when he states that: "SD-WAN is absolutely critical, because it is the vehicle most likely to bring true virtualization to networking. Without virtualization in the network, virtualization in the Continue reading

Juniper QFX | VMware NSX Edge Gateway | BGP Peering

In this post, I’m going to explain how to establish a BGP peering session between Juniper QFX Series Switches and VMware NSX Edge Service Gateway. VMware NSX provides many features and services, one of which is dynamic routing via the use of an ESG. Typically, ESGs are placed at the edge of your virtual infrastructure to act as a gateway. There are two primary deployment options, stateful HA or non-stateful ECMP. In this example, we’re looking at the ECMP deployment option.

Overview

We have a pair of Juniper QFX5110 switches that we will configure to enable EBGP peering with each NSX Edge Gateway. We also have a pair of NSX Edge Gateway devices that are placed at the edge of a virtualized infrastructure. Each QFX has a /31 point-to-point network to each ESG. These networks are enabled via 802.1q subinterfaces which provide connectivity across the underlying blade chassis interconnect modules.

Topology


NSX Juniper BGP

IP | AS Deets

NSX QFX BGP AS

NSX

We’ll start by configuring BGP on our NSX Edge Gateways.

ESG1

Global Routing Configuration

Via global settings for ESG1, we need to set a Router ID. The router ID is used to identify from where a packet is received.

ESG1 > Manage > Continue reading

Overview of ipSpace.net Training Options

Describe the differences between various ipSpace.net training options has been on my to-do list for ages, but I successfully managed to ignore it till I deployed the new top-level menu that contains training category.

Our designers never considered menu items without a corresponding link, so I got an ugly mess that needed to be cleaned up either by fixing the CSS or writing the overview document.

End result: a high-level document describing how ipSpace.net webinars, courses and workshops fit into the bigger picture.

During the summer break, I’m publishing blog posts about the projects I’m working on. Regular blog posts will return in autumn.

Automating My World

I’ve told this story 984828934 time in the past year, but bear with me.  We got a new director-type last year, and he has challenged all of us to do things differently.  As in everything.  Anything that we’re doing today should be done differently by next year.  This isn’t saying that we’re doing things wrong.  This is just a challenge mix things up, integrate new tools, and get rid of the noise.  Our group has responded big-time, and we’re now doing most of our day-to-day tasks with a tool of some kind.  A couple weeks ago, I realized that I did a whole day’s work without logging directly into any gear — everything was through a tool.  It was a proud moment for me and the group.

To kick off this new adventure, we’re starting with writing all our own stuff in-house; we’re obviously not talking about a full, commercial orchestration deployment here.  We’ve talking about taking care of the menial tasks that we are way too expensive to be doing.  Simple tasks.  Common tasks.  Repeatable tasks.  All game.  What’s the MAC address of that host? Continue reading

MPLS Intro Series – Customer Connection with BGP

In the last article, we performed a packet walk of a simple VPNv4 network. This article will expand our deployment by allowing the CE_Sites to advertise their own routes via BGP. For this configuration, we will use some overlapping and some unique private AS numbers.

One thing that must be considered is whether or not the same BGP AS is used throughout a given VRF. For example, if we use 64512 at both CE_Site_1 and CE_Site_2 the BGP routes will be dropped as they are advertised toward the customer site. This is demonstrated by doing a simple configuration to advertise 1.1.1.1 from CE_Site_1.

CE_Site_1 BGP Configuration

interface Loopback0
 description Loopback
 ip address 1.1.1.1 255.255.255.255
!
router bgp 64512
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 10.1.1.1 remote-as 1

PE1 vrf RED – BGP Configuration and Verification (success)

router bgp 1
!
 no bgp default ipv4-unicast
 neighbor 20.20.20.20 remote-as 1
 neighbor 20.20.20.20 update-source Loopback0
!
 address-family vpnv4
  neighbor 20.20.20.20 activate
  neighbor 20.20.20.20 send-community both
 exit-address-family
!
 address-family ipv4 vrf RED
  redistribute connected
  neighbor 10.1. Continue reading

I Wanna Go Fast – Load Balancing Dynamic Steering

I Wanna Go Fast - Load Balancing Dynamic Steering

I Wanna Go Fast - Load Balancing Dynamic Steering

Earlier this month we released Dynamic Steering for Load Balancing which allows you to have your Cloudflare load balancer direct traffic to the fastest pool for a given Cloudflare region or colo (Enterprise only).

To build this feature, we had to solve two key problems: 1) How to decide which pool of origins was the fastest and 2) How to distribute this decision to a growing group of 151 locations around the world.

I Wanna Go Fast - Load Balancing Dynamic Steering

Distance, Approximate Latency, and a Better Way

As my math teacher taught me, the shortest distance between two points is a straight line. This is also typically true on the internet - the shorter approximate distance there is between a user going through Cloudflare location to a customer origin, the better the experience is for the user. Geography is one way to approximate speed and we included the Geo Steering function when we initially introduced the Cloudflare Load Balancer. It is powerful, but manual; it’s not the best way. A customer on Twitter said it best:

1 1,194 1,195 1,196 1,197 1,198 3,347