Archive

Category Archives for "Networking"

eBPF, Sockets, Hop Distance and manually writing eBPF assembly

A friend gave me an interesting task: extract IP TTL values from TCP connections established by a userspace program. This seemingly simple task quickly exploded into an epic Linux system programming hack. The result code is grossly over engineered, but boy, did we learn plenty in the process!

3845353725_7d7c624f34_z

CC BY-SA 2.0 image by Paul Miller

Context

You may wonder why she wanted to inspect the TTL packet field (formally known as "IP Time To Live (TTL)" in IPv4, or "Hop Count" in IPv6)? The reason is simple - she wanted to ensure that the connections are routed outside of our datacenter. The "Hop Distance" - the difference between the TTL value set by the originating machine and the TTL value in the packet received at its destination - shows how many routers the packet crossed. If a packet crossed two or more routers, we know it indeed came from outside of our datacenter.

Screen-Shot-2018-03-29-at-10.52.49-AM-1

It's uncommon to look at TTL values (except for their intended purpose of mitigating routing loops by checking when the TTL reaches zero). The normal way to deal with the problem we had would be to blacklist IP ranges of our servers. But it’s not that Continue reading

VXLAN Limitations of Data Center Switches

One of my readers found this Culumus Networks article that explains why you can’t have more than a few hundred VXLAN-based VLAN segments on every port of 48-port Trident-2 data center switch.

Expect to see similar limitations in most other chipsets. There’s a huge gap between millions of segments enabled by 24-bit VXLAN Network Identifier and reality of switching silicon. Most switching hardware is also limited to 4K VLANs.

Read more ...

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). In response we have just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.

Drupal Advisory: https://www.drupal.org/sa-core-2018-002

Aruba co-founder: We want to live on the edge

Tech companies of every stripe are staking their claim to the internet of things, and networking vendors like Aruba are no exception. But to hear co-founder and president Keerti Melkote tell it, his company’s pitch might have a little more heat on it than others.Aruba’s IoT credentials are based on a relatively simple premise – by definition, IoT devices have to be on the network, and they’re one of the bigger fish in that particular pool.[ Find out how 5G wireless could change networking as we know it and how to deal with networking IoT. | Get regularly scheduled insights by signing up for Network World newsletters. ] The company has a lot of experience in onboarding devices – hard-won during the era of BYOD, covering provisioning, credentials, privilege levels and monitoring – which translates well to the world of IoT, particularly given the urgent need to secure those devices.To read this article in full, please click here

BrandPost: How network automation moves AI from science fiction to reality

Artificial intelligence (AI) has become a buzzword, and what once was realized only in sci-fi movies, is now a burgeoning reality in IT processes.There are significant savings — both in terms of time and money — to be had, as well as an increase in mission delivery.However, before organizations can take advantage of advancements like AI today, they must take a few key steps. One area is in the network. Let’s explore how enterprises can begin to evolve their network technology to leverage AI capabilities in the near future.AutomationNetwork automation is a meaningful step towards AI that can provide enhanced mission delivery today. By leveraging automation capabilities within the network, immediate efficiencies can be realized.To read this article in full, please click here

BrandPost: Mobile user engagement apps: Trends & requirements

The mobile engagement app has emerged as a way to acquire, retain, and monetize loyal user bases. When designed properly, everyone gains from the app. Users are more satisfied, productive, and even safer. Businesses can enjoy larger and more predictable revenue streams. Executed poorly, mobile apps can have low download rates, and become abandoned, forgotten or deleted.To learn more about how businesses are using these apps and their plans for the future, we surveyed companies across all industries. A high percentage of organizations have already determined they need an engagement app. To date, most of the apps in use are being developed in-house; commercial off-the-shelf versions are up and coming, but not yet well-known. We learned there is still lots of room for improvement and that an important requirement of the apps is to track location.To read this article in full, please click here

BrandPost: 802.11ax enhancements: What’s all the hype about?

Devin Akin, the Principal Wi-Fi Architect for Divergent Dynamics, recently gave a great webinar presentation on the upcoming release of the new 802.11ax standard.When any new technology is introduced, there is a tendency for companies to over-rotate and get caught up with the hype. Devin is anti-hype; he balances the discussion with education, and shares the detailed realities of the new underlying technology. As with past introductions of 802.11 enhancements, it is important to pay attention to the standard ratification date, silicon production schedules, and in particular, 11ax client introductions.  What’s So Different About 802.11ax?To read this article in full, please click here

BrandPost: An efficient network: The Fabric of a complex paperless hospital system

As CTO of a large regional hospital system, I know that the network is vital to everything. I consider the network in the same critical category as electricity, oxygen, and water. It needs to be available 24x7x365 to support Concord Hospital’s half a million patients and over 5,000 network users across our 30 locations.Because we don’t do anything on paper, the network can never go down. Extreme Fabric Connect has solved that problem for us. It provides a secure, self-healing, highly-available network to serve our patients effectively in our complex paperless environment. All the Benefits of MPLS, None of the HeadachesTo read this article in full, please click here

BrandPost: The cloud payoff: Ensuring hybrid works for your enterprise

As more and more enterprises move to hybrid cloud, there are some interesting relationships among enterprises, Internet and cloud exchanges, and colocation providers to satisfy IT strategies through hybrid clouds. In its Strategic Roadmap for Data Center Infrastructure, Gartner notes that “by 2019, 80% of enterprises will have an IT strategy that includes multiple Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers.” This is up from only 10% in 2015, while “by the end of 2018, 10% of enterprises will close their on-premises data centers entirely.”To read this article in full, please click here

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character which results in remote code execution.

We have also in accordance, just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.

Drupal Advisory: https://www.drupal.org/sa-core-2018-002

1 1,403 1,404 1,405 1,406 1,407 3,431