New RFC 8360 – RPKI Validation Reconsidered – Offers Alternative Validation Procedures to Improve Routing Security
RFC 8360, Resource Public Key Infrastructure (RPKI) Validation Reconsidered, is now published in the RFC libraries.
What is RPKI?
Resource Public Key Infrastructure (RPKI) aims to improve the security of the Internet routing system, specifically the Border Gateway Protocol (BGP), by establishing a hierarchy of trust for BGP routes. Today, most organizations simply trust that routing updates they get are sent by authorized senders. This is how bad actors and misconfigurations can cause massive routing issues. With RPKI, the receiving organization can verify that the sending organization is authorized to send the routing update.
RPKI works by issuing X.509-based resource certificates to holders of IP addresses and AS numbers to prove assignment of these resources. These certificates are issued to Local Internet Registries (LIRs) by one of the five Regional Internet Registries (RIRs) who allocate and assign these resources in their service regions.
What Does This RFC Do?
In the IETF, participants have been discussing issues that may arise when resources move across registries. The problem happens when a subordinate certificate “over-claims” resources compared to its parent. According to the standard validation procedure specified in RFC 6487, the whole branch beneath would be invalidated. The closer to Continue reading
Short Take – In Defense of Sales Engineers
In this Network Collective short take, Eyvonne discusses the role of a sales engineer. She highlights the value sales engineers can bring to enterprises and outlines some ways you can get the most out of your relationship with your vendor or VAR sales engineer.
Eyvonne Sharp
Host
The post Short Take – In Defense of Sales Engineers appeared first on Network Collective.
Cloudflare Argo Tunnel with Rust+Raspberry Pi
Yesterday Cloudflare launched Argo Tunnel. In the words of the product team:
Argo Tunnel exposes applications running on your local web server, on any network with an Internet connection, without adding DNS records or configuring a firewall or router. It just works.
Once I grokked this, the first thing that came to mind was that I could actually use one of my Raspberry Pi's sitting around to serve a website, without:
- A flaky DDNS running on my router
- Exposing my home network to the world
- A cloud VM
Ooooh... so exciting.
The Rig
I'll assume you already have a Raspberry Pi with Raspbian on it.
Plug the Pi into your router. It should now have an IP address. Look that up in your router’s admin UI:
OK, that's promising. Let's connect to that IP using the default pi/raspberry credentials:
$ ssh 192.168.8.26 -l pi
[email protected]'s password:
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Mar 18 23:24:11 2018 from Continue reading5 Ways WiGig Differs from Today’s WiFi
A look at how the new 802.11ad WiFi standard compares with its predecessors, 802.11ac and 802.11ax.
5 Ways WiGig Differs from Today’s WiFi
A look at how the new 802.11ad WiFi standard compares with its predecessors, 802.11ac and 802.11ax.
Video: Tools and Knobs to Use when Tweaking TCP Performance
In the second half of his Networks, Buffers and Drops webinar JR Rivers focused on end systems: what tools could you use to measure end-to-end TCP throughput, or monitor performance of an individual socket or the whole TCP stack?
You’ll need at least free ipSpace.net subscription to watch the video.
Measuring the Root Zone KSK Trust
An analysis of DNS resolver data to attempt to estimate the impact of a roll of the Root Zone Key Signing Key (KSK).Stuffing the Camel into the Bikeshed
I’m sure that there are folk who believe that bodies like the IETF can exercise just the right level of restraint and process management to keep excessive levels of both camelling and bikeshedding out of the IETF and its Working Groups activities. Speaking personally, I just can’t see that happening.Infoblox Updates Cloud-Based DNS Security Offering To Block Malicious Sites
Infoblox updates its cloud-based DNS security service to run without agent software and improves its ability to filter unwanted and malicious sites.Juniper JET & Golang
Network programmability and network automation go hand-in-hand (pun intended) and I’ve been waiting for an opportunity to play with the Juniper IDL (.proto) files to build a JET (Juniper Extension Toolkit) application. Thanks to Marcel Wiget’s efforts, the opening I’ve been waiting for came along!
So what is JET?
JET is a couple of things:
- Ability to run Python, C and C++ applications onboard both veriexec and non-veriexec enabled Junos
- Ability to create an off-box application using GRPC and MQTT
JET allows you to program Junos out of the normal NETCONF, CLI, SNMP and ephemeral DB methods that we’re all fairly used to. The other thing is, it’s quick. Like really quick. With GRPC and MQTT, we can program a network element using mechanisms the software world is used to. I’ve been saying for a long time our data is no longer our own and JET allows us to bridge organisational worlds in multiple ways. Pretty cool.
So what did you do?
Not having a huge amount of time for this, I opted for off-box and took Marcel’s code as the base for how to use the APIs exposed via GRPC.
The application uses the “bgp_route_service” JET API Continue reading
Etisalat Hires NEC/Netcracker as Prime Integrator for NFV Telco Cloud
NEC/Netcracker will wrangle myriad vendors of hardware and software along with some open source code.
GitLab Integrates With Google to Smooth Kubernetes Deployments
The integration allows for running DevOps on top of Kubernetes to automate the creation of clusters that are managed by Google and run on Google Cloud Platform.
SDxCentral’s Top 10 Articles — March 2018
AT&T plans 60K white boxes; Dell EMC challenges Cisco in SD-WAN; Investors call a Dell-VMware merger a 'terrible deal.'
Related Stories
Microsoft Pledges $5 Billion IoT, Edge Push
The $5 billion IoT and edge investment comes a week after a companywide reorganization that prioritizes Microsoft’s cloud and edge products over Windows.
The Modern Telco is Open, Part 3 Q&A – Intelligent Virtualized Operations and Automation for Telco
Thanks to all who joined us for The Modern Telco is Open, Part 3 – Intelligent Virtualized Operations and Automation for Telco sponsored by Red Hat and Intel.