Introducing a New MANRS IXP Programme for Routing Security
Today, we are pleased to announce that the Mutually Agreed Norms for Routing Security (MANRS) is getting a new category of members – IXPs. The MANRS IXP Programme introduces a separate membership category for IXPs with a set of security actions to address the unique needs and concerns of IXPs.
The ten founding participants are Asteroid (International), CABASE (Argentina), CRIX (Costa Rica), DE-CIX (Germany), INEX (Ireland), MSK-IX (Russia), Netnod (Sweden), RINEX (Rwanda), TorIX (Canada), and YYCIX (Canada).
Programme participation provides an opportunity for an IXP to demonstrate its attention to the security and sustainability of the Internet ecosystem and, therefore, its dedication to providing high-quality services.
The IXP Action set was developed by a group of IXPs from all around the world and was presented at multiple IXP fora for discussion and feedback. We hope that with IXPs as partners, their ISP members will also join the Network Operator category of MANRS.
Participation in the MANRS IXP Programme requires an IXP to implement and document a majority of the IXP Programme Actions (at least three out of five). Actions 1 and 2 are mandatory, and the IXP must implement at least one additional Action. Here are the five Actions:
- Facilitate Continue reading
Flash Storage Adoption in the Enterprise
Evaluator Group study provides insight into how companies are deploying solid-state storage systems.
Cisco Switch Attacks Represent New Wave of Network Exploits
The widespread attacks exploiting a Cisco flaw illustrate how tools to streamline management of large networks can be targeted by hackers to launch large-scale assaults.
A more privacy-friendy blog
When I started this blog, I embraced some free services, like Disqus or Google Analytics. These services are quite invasive for users’ privacy. Over the years, I have tried to correct this to reach a point where I do not rely on any “privacy-hostile” services.
Analytics?
- Before: Google Analytics
- After: nothing
Google Analytics is an ubiquitous solution to get a powerful analytics solution for free. It’s also a great way to provide data about your visitors to Google—also for free. There are self-hosted solutions like Matomo—previously Piwik.
I opted for a simpler solution: no analytics. It also enables me to think that my blog attracts thousands of visitors every day.
Fonts?
- Before: Google Fonts
- After: self-hosted
Google Fonts is a very popular font library and hosting service,
which relies on the generic Google Privacy Policy. The
google-webfonts-helper service makes it easy to self-host any font
from Google Fonts. Moreover, with help from
pyftsubset, I include only the characters used in this
blog. The font files are lighter and more complete: no problem
spelling “Antonín Dvořák”.
Videos?
- Before: YouTube
- Continue reading
Upcoming Webinars: May and June 2018
Another month has swooshed by and it’s time for a refreshed list of upcoming webinars:
- Mitja Robas will explain the basics of NSX and ACI planning and design on April 24th. He has tons of material on this topic – expect to see him quite often in the autumn/winter timeframe;
- Dinesh Dutt will continue the EVPN Technical Deep Dive saga on May 3rd;
- Christoph Jaggi will run a free webinar on the basics of transport (layer-1/2) and network (layer-3) security on May 10th;
- We’ll run another SDDC webinar on May 22nd. More details later…
- On June 5th Christoph will be back with Ethernet Encryptors Deep Dive;
- The last webinar before the summer break will be Data Center Fabric Troubleshooting with Dinesh Dutt on June 19th.
All you need to have to attend all these live sessions is a current ipSpace.net webinar subscription.
WISP Design – Building Highly Available VPLS for Public Subnets
What is VPLS?
Virtual Private LAN Service or VPLS is a Layer 2 overlay or tunnel that allows for the encapsulation of ethernet frames (with or without VLAN tags) over an MPLS network.
https://tools.ietf.org/html/rfc4762
VPLS is often found in Telco networks that rely on PPPoE to create centralized BRAS deployments by bringing all of the end users to a common point via L2.
MikroTik VPLS example (https://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks_using_MPLS)
Background
The idea for this post came out of a working session (at the bar of course) at WISPAmerica 2018 in Birmingham, Alabama.
There was a discussion about how to create redundancy for VPLS tunnels on multiple routers. I started working on this in EVE-NG as we were talking about it.
The goal is creating highly available endpoints for VPLS when using them to deploy a public subnet that can be delivered to any tower in the WISP. The same idea works for wireline networks as well.
Use Case
As IPv4 becomes harder to get, ISPs like WISPs, without large blocks of public space find it difficult to deploy them in smaller subnets. The idea behind breaking up a /23 or /24 for example, is that every Continue reading
WISP Design – Building Highly Available VPLS for Public Subnets
What is VPLS?
Virtual Private LAN Service or VPLS is a Layer 2 overlay or tunnel that allows for the encapsulation of ethernet frames (with or without VLAN tags) over an MPLS network.
https://tools.ietf.org/html/rfc4762
VPLS is often found in Telco networks that rely on PPPoE to create centralized BRAS deployments by bringing all of the end users to a common point via L2.
MikroTik VPLS example (https://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks_using_MPLS)
Background
The idea for this post came out of a working session (at the bar of course) at WISPAmerica 2018 in Birmingham, Alabama.
There was a discussion about how to create redundancy for VPLS tunnels on multiple routers. I started working on this in EVE-NG as we were talking about it.
The goal is creating highly available endpoints for VPLS when using them to deploy a public subnet that can be delivered to any tower in the WISP. The same idea works for wireline networks as well.
Use Case
As IPv4 becomes harder to get, ISPs like WISPs, without large blocks of public space find it difficult to deploy them in smaller subnets. The idea behind breaking up a /23 or /24 for example, is that every Continue reading
Get Started with Junos Quickly (and free!)
When I got started in networking, my education (like so many network engineers) was all about Cisco. All my networking courses in college, as well as my early networking jobs all used Cisco curricula and equipment, and valued Cisco certifications like the CCNA/CCNP/CCIE above all.
It wasn’t until I had already been in the industry for about three years or so before I even got my hands on a Juniper device, and by that time, my IOS habits had taken root in my muscles, which made the new set/delete style of Junos configurations even more strange. While my Junos experience never came close to exceeding my IOS/NXOS experience, I grew to appreciate some of the subtle advantages that Juniper bakes into its software. However, getting this experience meant I had to work that much harder to get my hands on lab gear to make it more a part of my day-to-day experience.
These days, it’s way easier to get started with Junos. You don’t have to wait for someone to get you some lab gear - you can set up a virtual lab right on your laptop. While there are a few places you can do this, one of the Continue reading
Get Started with Junos Quickly (and free!)
When I got started in networking, my education (like so many network engineers) was all about Cisco. All my networking courses in college, as well as my early networking jobs all used Cisco curricula and equipment, and valued Cisco certifications like the CCNA/CCNP/CCIE above all. It wasn’t until I had already been in the industry for about three years or so before I even got my hands on a Juniper device, and by that time, my IOS habits had taken root in my muscles, which made the new set/delete style of Junos configurations even more strange.Get Started with Junos Quickly (and free!)
When I got started in networking, my education (like so many network engineers) was all about Cisco. All my networking courses in college, as well as my early networking jobs all used Cisco curricula and equipment, and valued Cisco certifications like the CCNA/CCNP/CCIE above all. It wasn’t until I had already been in the industry for about three years or so before I even got my hands on a Juniper device, and by that time, my IOS habits had taken root in my muscles, which made the new set/delete style of Junos configurations even more strange.Describing Network Automation: Automate the Coffee
How to Describe Automation
Cisco Live, Milan, 2014, the place where everyone drinks a caffé! It was this year that Cisco’s DevNet began to grow and my passion for software, automation and networking was in for a roller-coaster ride. I watched various refreshment stands delivering coffee to the endless queues of guests and began to see something special in the thing that I originally called an espresso!
For so long we’ve used pipes and water to describe networking itself and for a long time I was hunting for a good way to talk about network automation. Turns out a caffé is a great way to describe automation and especially network automation. We also feel emotionally about it and understand the process used to have one placed in ones hand.
Annoyingly so, when automation is the topic up for conversation, we start with "Let’s automate the network" and not with what it is we want to automate. If you’ve raised your eyebrow, point in case. Even worse is when you’re asked for a use-case. The answer is nothing more than a reflection: "Tell me what your humans do". This isn’t a product, it’s the deep integration of human process and digitised Continue reading
What Came First: VLANs or VRFs?
One of my friends sent me this question:
Do you remember if VLANs came first or was it VRFs?
I remember VLANs using ISL (pre-802.1q encapsulation) on early Cisco Ethernet switches (mid 90s), the earliest reference I could track down on Wikipedia is from 1988.
Read more ...Cisco Express Forwarding (CEF)
I am currently studying to rectify my CCIE and it is at these times that I realise there is so much I have studied and learnt but forgotten. There are many cool things I come across that I think at the time are useful features that I need to remember, but unfortunately if you don’t have a real world use for them they are soon put to the back of the brain and over time forgotten. The same applies with taking for granted the way things work, be that ARP, DHCP or the process a switch or router goes through when moving traffic. I came across some of my old notes on CEF which I thought worth sharing.
Analyzing data with Pandas Package – An Intro to Pandas
Hi,
Title may sound extremely Hitech for someone who never heard about pandas ;), but what I have written is a simple hello world equivalent program, which I guess should start to help my day to day analysis, as always the aim is to let anyone know the advantage of something than hammering with some theory !
I was going through various python packages available to analyze data and came across pandas package along with numpy package. These are not there by default in Python installation and if you like them to be on your system, you should install them via PIP, I have them installed already hence you can see that it complains in the below image.
Note :
Understand why you need to have something like Pandas / Numpy even if you have never heard of them, that’s the point of this tiny program
Imagine, how you would solve this if you never knew Pandas/Numpy and you will see the power of these
packages, again you don’t have to know these to realize their full power.
Now coming to the requirement, here is a sample spreadsheet that I have below, its a CSV Sheet which contains certain Continue reading
OPL2 Audio Board: an AdLib sound card for Arduino
In a previous article, I presented the OPL2LPT, a sound card for the parallel port featuring a Yamaha YM3812 chip, also known as OPL2—the chip of the AdLib sound card. The OPL2 Audio Board for Arduino is another indie sound card using this chip. However, instead of relying on a parallel port, it uses a serial interface, which can be drived from an Arduino board or a Raspberry Pi. While the OPL2LPT targets retrogamers with real hardware, the OPL2 Audio Board cannot be used in the same way. Nonetheless, it can also be operated from ScummVM and DOSBox!
Unboxing?
The OPL2 Audio Board can be purchased on Tindie, either as a kit or fully assembled. I have paired it with a cheap clone of the Arduino Nano. A library to drive the board is available on GitHub, along with some examples.
One of them is DemoTune.ino. It plays a short tune
on three channels. It can be compiled and uploaded to the Arduino with
PlatformIO—installable with pip install platformio—using the
following command:1
$ platformio ci \ --board nanoatmega328 \ --lib ../.. Continue reading
Found on the Web: Your CLI Should Be a Server
Guess what I found: a software developer trying to persuade his peers that they need an API version of their CLI tool. Yes, I checked and it’s still 2018, and the year CLI dies seems to be a bit further out than some people thought.
I’d guess this proves that the rest of the world is not so far ahead of us lowly network engineers as blabbering pundits and vendor marketers would have us believe.
Needless to say, the engineers architecting Junos knew this almost 20 years ago.
Here’s how NetQ injects S.O.U.L into your network
Our passion at Cumulus is all around networking with S.O.U.L. Simple. Open. Untethered. Linux. These tenants come together to help organizations build a web-scale, modern, automated network that is necessary for the digital age. So it’s no surprise that Cumulus NetQ and networking with S.O.U.L go hand-in-hand. Let’s take a closer look at how Cumulus NetQ builds on these tenants of S.O.U.L.
Simple
NetQ is all about simplifying network operations. The deep visibility achieved through Cumulus NetQ is extremely powerful from a network validation, management and troubleshooting standpoint.
- Simplifying rollout validation: Cumulus NetQ helps reassure networking teams that what they are rolling into production will actually work. Its validation system lets users check their configuration during production rollout. And with NetQ’s powerful tracing capability, you can validate that you have the true end-to-end connectivity you expected. Tracing saves a huge amount of time as you work to ensure that the path of the packet is working as expected. Without Tracing, you have to go box-by-box and validate all the way up and down the stack. Instead, with NetQ, you can see the pathways the packets flow. This network validation works down Continue reading
Ericsson Hired 500 Engineers for 5G
CEO Borje Ekholm’s cost-cutting measures seem to be working. In the first quarter, the company reined in its losses and improved its gross margin.
Micro-segmentation Starter Kit
Micro-segmentation Starter Kit Traditional security solutions are designed to protect the perimeter. As applications and data are becoming increasingly distributed, they are often spanning not only multiple sites, but also multiple clouds. This is making it harder to identify where the perimeter actually is in order to secure it. But even if the perimeter can... Read more →