ONOS measurement based control
The following sFlow-RT script, ddos.js, detects DDoS attacks and programs ONOS filter rules to block the attacks:
var user = 'onos';
var password = 'rocks';
var onos = '192.168.123.1';
var controls = {};
setFlow('udp_reflection',
{keys:'ipdestination,udpsourceport',value:'frames'});
setThreshold('udp_reflection_attack',
{metric:'udp_reflection',value:100,byFlow:true,timeout:2});
setEventHandler(function(evt) {
// don't consider inter-switch links
var link = topologyInterfaceToLink(evt.agent,evt.dataSource);
if(link) return;
// get port information
var port = topologyInterfaceToPort(evt.agent,evt.dataSource);
if(!port) return;
// need OpenFlow info to create ONOS filtering rule
if(!port.dpid || !port.ofport) return;
// we already have Continue reading
What Is 5G and When Will Consumers Buy It?
At a recent 5G panel discussion the audience was asked to raise their hand if they were looking forward to buying a 5G access point this year. Not a single hand went up.
ACE Submarine Cable Cut Impacts Ten Countries
The ACE (African Coast to Europe) submarine cable runs along the west coast of Africa between France and South Africa, connecting 22 countries. It extends over 17,000 km, and has a potential capacity of 5.12 Tbps. The cable system is managed by a consortium of 19 telecommunications operators & administrations, and the first phase entered service in December 2012. While it may not have been completely problem-free over the last 5+ years, online searches do not return any published reports of significant outages caused by damage to the cable.
However, on March 30, damage to the cable disrupted Internet connectivity to a number of connected countries, with reported problems posted to social media over the next several days. These posts indicated that the ACE submarine cable was cut near Noukachott, Mauritania, but did not provide any specific information about what severed the cable.
The Sierra Leone Cable Limited (SALCAB) says the data connection to #SierraLeone is partly down due to the ACE Submarine cable cut in Nouakchott, Mauritania. #SierraLeoneDecides
— Leanne de Bassompierre (@leannedb01) April 1, 2018
Of the 22 countries listed as having landing points for the ACE Submarine Cable, 10 had significant disruptions evident in Oracle’s Continue reading
The Modern Telco is Open, Part 2 Q&A – Virtual Central Office (VCO) in an Open Telco World
Thanks to all who joined us for The Modern Telco is Open, Part 2 – Virtual Central Office (VCO) in an Open Telco World. After the webinar, we took questions from the audience but unfortunately ran out of time before we could get to all their questions. Below is the full The Modern Telco is Open, Part 2 Q&A.
Integrating the configuration build – Next steps
Hi, The last post link below, I got introduced to a CI System and basics of it. https://r2079.wordpress.com/2018/04/03/using-travis-ci-continuous- integration-with-github/ This post goes further in actually using the CI system. All the code is hosted here https://github.com/yukthr/auts.git -> Requirement is very simple This is a very basic program which introduces anyone to Jinja2 and yaml syntaxing Problem - Have two interfaces ge-0/0/0 and ge-0/0/1, we have to use Yaml / Jinja2 and Pyez to develop the configurational syntax for this and later on a CI system need to validate the build. The code hosted in Github above. intf.yml - will have all the interfaces template.j2 - will have the appropriate Jinja2 template.py - will have the python program combining these two So, we write the codeFinally build the CI file, but here we also buld the dependencies because when CI starts to validate it needs to have all the appropriate software installed. It amuses me to the point, it spins up the VM and then install the dependencies and then it validates our code. I have come a long way from manual verificaitons / lab testing / CI testing now This is how Continue reading
Indian Lending Exchange Runs Hyperledger Fabric in Production
It’s notable because the Hyperledger code is running in a production environment with three competing institutions all running on the same blockchain network.
Go Ahead, Tell Your Boss You Are Working From Home | Nicholas Bloom | TEDxStanford – YouTube
Working from Home works.
PQ 144: Engineer Roundtable: Encryption, Code Style, Tech Over 40
Today on the Priority Queue we have a roundtable show. We’ve gathered a few engineers around the microphone to talk about their experiences and what’s on their minds.
We often hear this format is an audience favorite, so we plan to record more of these in the Priority Queue and Weekly channels, so keep an eye out.
Today we welcome Alex Clipper, Eric Gullickson, Matt Elliott, and Stafford Rau to the podcast. We discuss encryption, code styles to ensure that code written by networkers is up to snuff, and what it’s like to work in technology after a certain age.
Sponsor: Paessler AG
Paessler AG is the maker of PRTG Network Monitor. PRTG monitors your entire IT infrastructure 24/7 and alerts you to problems before users notice. Find out more about the monitoring software that helps system administrators work smarter, faster, better by visiting paessler.com today.
Show Links:
Understanding Media Access Control Security (MACsec) – Technical Documentation – Support – Juniper Networks
Layer 2-Encryptors For Metro And Carrier Ethernet WANs And MANs – Inside-IT (PDF)
Thales L2 Encryption – Thales
Senetas – Senetas.com
What Is Optical Encryption? – Ciena
Google Style Guides – GitHub
Reclaiming 1.1.1.1 For The Internet
Hopefully by now you’ve seen the announcement that CloudFlare has opened a new DNS service at the address of 1.1.1.1. We covered a bit of it on this week’s episode of the Gestalt IT Rundown. Next to Gmail, it’s probably the best April Fool’s announcement I’ve seen. However, it would seem that the Internet isn’t quite ready for a DNS resolver service that’s easy to remember. And that’s thanks in part to the accumulation of bad address hygiene.
Not So Random Numbers
The address range of 1/8 is owned by APNIC. They’ve had it for many years now but have never announced it publicly. Nor have they ever made any assignments of addresses in that space to clients or customers. In a world where IPv4 space is at a premium, why would a RIR choose to lose 16 million addresses?
As it turns out, 1/8 is a pretty bad address space for two reasons. 1.1.1.1 and 1.2.3.4. These two addresses are responsible for most of the inadvertent announcements in the entire 1/8 space. 1.2.3.4 is easy to figure out. It’s the most common example IP address Continue reading
RSA Adds Security Orchestration, Automation to SIEM Platform
RSA today rolled out an orchestration and automation tool for its SIEM product. It also reached a deal to acquire Fortscale, a behavioral analytics startup.
Argo Tunnel: A Private Link to the Public Internet
Photo from Wikimedia Commons
Today we’re introducing Argo Tunnel, a private connection between your web server and Cloudflare. Tunnel makes it so that only traffic that routes through Cloudflare can reach your server.
You can think of Argo Tunnel as a virtual P.O. box. It lets someone send you packets without knowing your real address. In other words, it’s a private link. Only Cloudflare can see the server and communicate with it, and for the rest of the internet, it’s unroutable, as if the server is not even there.
How this used to be done
This type of private deployment used to be accomplished with GRE tunnels. But GRE tunnels are expensive and slow, they don’t really make sense in a 2018 internet.
GRE is a tunneling protocol for sending data between two servers by simulating a physical link. Configuring a GRE tunnel requires coordination between network administrators from both sides of the connection. It is an expensive service that is usually only available for large corporations with dedicated budgets. The GRE protocol encapsulates packets inside other packets, which means that you will have to either lower the MTU of your origin servers, or have your router do Continue reading