Archive

Category Archives for "Networking"

Telecom Operator Network Design Training

I missed writing , missed writing a post lot on the website specifically !. Because I know you are reading right now and wonder where I have been.   I just checked and seen that my last post was on October 26. More than 2 months , I didn’t share anything on the website. I …

Continue reading "Telecom Operator Network Design Training"

The post Telecom Operator Network Design Training appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Telecom Operator Network Design Training

I missed writing , missed writing a post lot on the website specifically !. Because I know you are reading right now and wonder where I have been.   I just checked and seen that my last post was on October 26. More than 2 months , I didn’t share anything on the website. I …

Continue reading "Telecom Operator Network Design Training"

The post Telecom Operator Network Design Training appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

CCIE SP Written and Lab Content Updates v4.1

For those who may not have heard, Cisco recently updated their blueprint for the CCIE Service Provider Written and Lab Exams. According to Cisco, only about 10% of the overall blueprint has changed and topics on 4.1 will be similar to those on 4.0. Read on to learn more.

Domain Changes:

4.1 domain topics are almost exactly the same as 4.0 topics. The main difference in domains is that domains 1 and 3 (service provider architecture and evolution and service provider base services) have been merged into one domain. While other domain topics did not change, slight shifts were made to domain weights.

Weighting of Domains:

 

 

Topic changes within the Domains:

  • Domain 1 (Core Routing): No topics were added or removed within this domain, but some items were moved, rephrased, or merged into one single item.
  • Domain 2 (Service Provider Architecture and Services) now holds tasks of the original domain 1 and 3. Other items that were part of domain 1, such as software architecture, mobility node functions, and virtualization concepts, were rephrased to better define their scope.
  • Domain 3 (Access and Aggregation) had a few topics items removed.
  • Domain 4 (High Availability and Continue reading

Weekend Reads 011918: IoT, Cyberthreat Thinking, and Techlash

Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large. —Krebs on Security

The cybercrime and cyber terrorism raging today are the most visible symptoms of a more pervasive problem concerning cyber security. How to establish a fair and just governance regime in cyberspace and establish international rules spark a storm of controversy. The controversy reflects the competing interests and demands of three distinct cyberspace actors: the state, the citizen, and the international community. By focusing only on one’s own interests, each actor ignores the interests of the other two, resulting in the current situation in which each sticks to its own argument and refuses to reconcile. —Hao Yeli

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the Continue reading

Web Cache Deception Attack revisited

In April, we wrote about Web Cache Deception attacks, and how our customers can avoid them using origin configuration.

Read that blog post to learn about how to configure your website, and for those who are not able to do that, how to disable caching for certain URIs to prevent this type of attacks. Since our previous blog post, we have looked for but have not seen any large scale attacks like this in the wild.

Today, we have released a tool to help our customers make sure only assets that should be cached are being cached.

A brief re-introduction to Web Cache Deception attack

Recall that the Web Cache Deception attack happens when an attacker tricks a user into clicking a link in the format of http://www.example.com/newsfeed/foo.jpg, when http://www.example.com/newsfeed is the location of a dynamic script that returns different content for different users. For some website configurations (default in Apache but not in nginx), this would invoke /newsfeed with PATH_INFO set to /foo.jpg. If http://www.example.com/newsfeed/foo.jpg does not return the proper Cache-Control headers to tell a web cache not to cache the content, web caches may decide to cache Continue reading

Can Routing Be Oversimplified?

I don’t know if you’ve had a chance to see this Reddit thread yet, but it’s a funny one:

We eliminated routing protocols from our network!

Short non-clickbait summary: We deployed SD-WAN and turned off OSPF. We now have a /16 route for the internal network and a default route to the Internet where a lot of our workloads were moved into the cloud.

Bravo for this networking team for simplifying their network to this point. All other considerations aside, does this kind of future really bode well for SD-WAN?

Now You See Me

As pointed out in the thread above, the network team didn’t really get rid of their dynamic routing protocols. The SD-WAN boxes that they put in place are still running BGP or some other kind of setup under the hood. It’s just invisible to the user. That’s nothing new. Six years ago, Ivan Pepelnjak found out Juniper QFabric was running BGP behind the scenes too.

Hiding the networking infrastructure from the end user is nothing new. It’s a trick that has been used for years to allow infrastructures to be tuned and configured in such a way as to deliver maximum performance without letting anyone tinker Continue reading

SYN 패킷 처리 실제​

역자주: 이 글은 Marek Majkowskihttps://blog.cloudflare.com/syn-packet-handling-in-the-wild/ 를 번역한 것입니다.

우리 Cloudflare 에서는 실제 인터넷상의 서버 운영 경험이 많습니다. 하지만 이런 흑마술 마스터하기를 게을리하지도 않습니다. 이 블로그에서는 인터넷 프로토콜의 여러 어두운 부분을 다룬 적이 있습니다: understanding FIN-WAIT-2receive buffer tuning과 같은 것들입니다.


CC BY 2.0 image by Isaí Moreno

사람들이 충분히 신경쓰지 않는 주제가 하나 있는데, 바로 SYN 홍수(SYN floods) 입니다. 우리는 리눅스를 사용하고 있는데 리눅스에서 SYN 패킷 처리는 매우 복잡하다는 것을 알게 되었습니다. 이 글에서는 이에 대해 좀 더 알아 보도록 하겠습니다.

두개의 큐의 이야기

일단 만들어진 소켓에 대해 "LISTENING" TCP 상태에는 두개의 분리된 큐가 존재 합니다:

  • SYN 큐
  • Accept 큐

일반적으로 이 큐에는 여러가지 다른 이름이 붙어 있는데, "reqsk_queue", "ACK backlog", "listen backlog", "TCP backlog" 등이 있습니다만 혼란을 피하기 위해 위의 이름을 사용하도록 하겠습니다.

SYN 큐

SYN 큐는 수신 SYN 패킷[1] (구체적으로는 struct inet_request_sock)을 저장합니다. 이는 SYN+ACK 패킷을 보내고 타임아웃시에 재시도하는 역할을 합니다. 리눅스에서 재시도 값은 다음과 같이 설정됩니다:

$ sysctl net.ipv4.tcp_synack_retries
net.ipv4.tcp_synack_retries = 5

문서를 보면 다음과 같습니다:

tcp_synack_retries - 정수

    수동 TCP 연결 시도에 대해서 SYNACK를 몇번 다시 보낼지를 지정한다.
    이 값은 255 이하이어야 한다. 기본값은 5이며, 1초의 초기 RTO값을 감안하면
    마지막 재전송은 31초  Continue reading

Packet Forwarding on Linux on Software Gone Wild

Linux operating system is used as the foundation for numerous network operating systems including Arista EOS and Cumulus Linux. It provides most networking constructs we grew familiar with including interfaces, VLANs, routing tables, VRFs and contexts, but they behave slightly differently from what we’re used to.

In Software Gone Wild Episode 86 Roopa Prabhu and David Ahern explained the fundamentals of packet forwarding on Linux, and the differences between Linux and more traditional network operating systems.

Read more ...

I Became Cisco Champion for 2018

How Does Internet Work - We know what is networking

I just received an e-mail from Cisco with the notice that I was elected Cisco Champion for 2018. As Cisco says: “Cisco Champions are a group of highly influential technical experts who generously enjoy sharing their knowledge, expertise, and thoughts on the social web and with Cisco. The Cisco Champion program encompasses a diverse set of areas such as Data Center, Internet of Things, Enterprise Networks, Collaboration, and Security. Cisco Champions are located all over the world.” I must say that last 7 years of writing this blog was the primary reason why one should pick me for this flattering

I Became Cisco Champion for 2018

The ARC of Satori

Authors: Pete Arzamendi, Matt Bing, and Kirk Soluk Satori, the heir-apparent to the infamous IOT malware Mirai, was discovered by researchers in December 2017. The word “satori” means “enlightenment” or “understanding” in Japanese, but the evolution of the Satori malware has brought anything but clarity. […]
1 1,400 1,401 1,402 1,403 1,404 3,350