Archive

Category Archives for "Networking"

IDG Contributor Network: How network verification differs from monitoring, and what it’s good for

In a previous post I discussed network verification, a new area of technology that applies what is known as formal verification – mathematical analysis of a complex system to determine rigorously if it meets the end-to-end goal – to network infrastructure.But what is such verification good for and how is it different from today’s common practice, whereby nearly every organization monitors its network, typically by sampling ongoing flows, events or logs. Isn’t that enough to catch problems as the organization deploys changes?To read this article in full, please click here

IDG Contributor Network: How network verification differs from monitoring, and what it’s good for

In a previous post I discussed network verification, a new area of technology that applies what is known as formal verification – mathematical analysis of a complex system to determine rigorously if it meets the end-to-end goal – to network infrastructure.But what is such verification good for and how is it different from today’s common practice, whereby nearly every organization monitors its network, typically by sampling ongoing flows, events or logs. Isn’t that enough to catch problems as the organization deploys changes?To read this article in full, please click here

Section 10 Routing Loops

A (long) time ago, a reader asked me about RFC4456, section 10, which says:

Care should be taken to make sure that none of the BGP path attributes defined above can be modified through configuration when exchanging internal routing information between RRs and Clients and Non-Clients. Their modification could potentially result in routing loops. In addition, when a RR reflects a route, it SHOULD NOT modify the following path attributes: NEXT_HOP, AS_PATH, LOCAL_PREF, and MED. Their modification could potentially result in routing loops.

On first reading, this seems a little strange—how could modifying the next hop, Local Preference, or MED at a route reflector cause a routing loop? While contrived, the following network illustrates the principle.

Note the best path, from an IGP perspective, from C to E is through B, and the best path, from an IGP perspective, from B to D is through C. In this case, a route is advertised over eBGP from F towards E and D. These two eBGP speakers, in turn, advertise the route to their iBGP neighbors, B and C. Both B and C are route reflectors, so they both reflect the route on to A, which advertises the route to some other Continue reading

14,000 Incidents: a 2017 Routing Security Year in Review

How was the state of the Internet’s routing system in 2017? Let’s take a look back using data from BGPStream. Some highlights:

  • 13,935 total incidents (either outages or attacks like route leaks and hijacks)
  • Over 10% of all Autonomous Systems on the Internet were affected
  • 3,106 Autonomous Systems were a victim of at least one routing incident
  • 1,546 networks caused at least one incident

An ‘incident’ is a suspicious change in the state of the routing system that can be attributed to an outage or a routing attack, like a route leak or hijack (either intentional or due to a configuration mistake).[i] Let’s look at just a few examples of incidents picked up by the media.

March 2017. SECW Telecom in Brazil hijacked prefixes of Cloudflare, Google, and BancoBrazil causing some outage for these services in the region.

April 2017. Large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian telecom. For several minutes, Rostelecom was originating 50 prefixes for numerous other Autonomous Systems, hijacking their traffic.

August 2017. Google accidentally leaked BGP prefixes it learned from peering relationships, essentially becoming a transit provider instead Continue reading

Adminstravia 010918

I’ve reorganized the menu on the left just a little, combining some items under “reading,” and adding a new item called “topics.” Under this new item, you’ll find collections of articles on specific topics from other sources, starting with the ‘net neutrality page and the meltdown and spectre post reformatted as a page, with some new additions. I’m always trying to find new ways to organize the information here, making it easier to find things; hopefully this is a useful change.

Worth Reading: Why the FCC will prevail

At the outset, it should be noted that the Reversal Order exudes its own political blather — kissing the internet vibrancy ring, extolling the virtues of the free market, and reciting the “internet freedom” incantation. Never mind that the present internet was nothing more than a U.S. version of Pouzin’s datagram invention that was funded with many billions of taxpayer dollars, controlled, hyped, and marketed for decades by the U.S. government to gain various perceived global strategic advantages that have largely proven illusory if not national security liabilities. —Anthony Rutkowski @ CircleID

Say Hello to Zpark, my Cisco Spark Bot

For a long while now I’ve been brainstorming how I could leverage the API that’s present in the Cisco Spark collaboration platform to create a bot. There are lots of goofy and fun examples of bots (ie, Gifbot) that I might be able to draw inspiration from, but I wanted to create something that would provide high value to myself and anyone else that choose to download and use it. The idea finally hit me after I started using Zabbix for system monitoring. Since Zabbix also has a feature-rich API, all the pieces were in place to create a bot that would act as a bit of middle-ware between Zabbix and Spark. I call the bot: Zpark.

Instead of relying on Zabbix to initiate an email or SMS to alert me of a new issue, I now route all notifications through Zpark and get notified right within my Cisco Spark client. And since I have the Spark client on all of my devices, I can receive alerts no matter where I am or what I’m doing.

Zpark alerts:

Example of Zpark Alert & Clear Messages
Features
  • Relays new Zabbix alerts (which are generated from Zabbix events) to Spark Continue reading

Sonos Play:1 Is Discounted $62 Right Now On Amazon

Sonos has designed the Play:1 wireless speaker to look and sound great in any space, whether it's a kitchen counter or the bookshelf in your bedroom. It contains two Class D amplifiers, one 3.5" mid–woofer for mid–range frequencies and deep bass, and one tweeter for crisp and accurate high–frequency response. Pair multiple speakers together in the same room for a more immersive experience, or add speakers in different rooms. When connected to an Amazon Alexa-enabled device, you can control the Sonos experience hands-free using Alexa voice commands. To read this article in full, please click here

Improved telepresence — in your face with the new BeamPro 2

For those of us intrigued by telepresence technology, the new BeamPro 2 might be just what Santa should have left under our trees – except, well, that it wouldn’t have fit. But on other scales, the release of this new and improved device promises more realistic visits with colleagues, customers, patients, and others with respect to video, audio and maneuverability.Available this summer, The BeamPro 2 provides better face-to-face interactions with its enlarged multi-touch display and vertical screen height adjustment. It has been engineered to move more easily around crowded spaces with its wide angle cameras and additional sensors for detecting obstacles. It also provides improved audio and video.To read this article in full, please click here

Improved telepresence: In your face with the new BeamPro 2

For those of us intrigued by telepresence technology, the new BeamPro 2 might be what Santa should have left under our trees — except, well, that it wouldn’t have fit. But on other scales, the release of this new and improved device promises more realistic visits with colleagues, customers, patients, and others with respect to video, audio and maneuverability.Available this summer, the BeamPro 2 provides better face-to-face interactions with its enlarged multi-touch display and vertical screen height adjustment. It has been engineered to move more easily around crowded spaces with its wide-angle cameras and additional sensors for detecting obstacles. It also provides improved audio and video.To read this article in full, please click here

Future Thinking: Harlem Désir on Freedom of Expression Online

In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. We interviewed two people – the new OSCE Representative on Freedom of the Media and a an emerging leader from Brazil, an Internet Society 25 Under 25 awardee – to hear their different perspectives on the forces shaping the Internet’s future: Harlem Désir and Paula Côrte Real.

Harlem Désir is the Operation for Security and Cooperation in Europe (OSCE) Representative on Freedom of the Media. Prior to his current position, Désir was French Minister of State for European Affairs, attached to the French Minister of Foreign Affairs and International Development, and a member of the European Parliament for three consecutive terms from 1999 to 2014.

(You can read Paula Côrte Real’s interview here.)

The Internet Society: What could impact the future of freedom of expression online?

Harlem Désir: There is an ongoing shift under our feet which could result in a less open, global, and free Internet. A combination of factors, including legitimate security concerns in the fight against terrorism or the fight Continue reading

Future Thinking: Paula Côrte Real on Freedom of Expression Online

In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. We interviewed two people – the new OSCE Representative on Freedom of the Media and a an emerging leader from Brazil, an Internet Society 25 Under 25 awardee – to hear their different perspectives on the forces shaping the Internet’s future: Harlem Désir and Paula Côrte Real.

Paula Côrte Real is a 24-year-old Brazilian who hopes to help create a safe and secure Internet experience for Brazil’s youth through her involvement in several youth engagement programs. One of those, led by the Commission of Information Technology Law from the Brazilian Bar Association in Pernambuco, helps students learn how to protect themselves while using the Internet. It also tackles current issues such as cyberbullying and cyberstalking. To date, the project has reached approximately 2,000 public school students between the ages of 15 and 18. In 2017, she was awarded the Internet Society’s 25 under 25 award for making an impact on her community and beyond.

(You can read Harlem Désir’s interview here.)

The Continue reading

BrandPost: Silver Peak 2018 CEO Predictions

Enterprises adopt cloud-first WAN architecturesToday, most WAN traffic, to and from branch and remote sites, is destined for the cloud, either to SaaS services or applications hosted in an IaaS environment. The traditional WAN was architected for branch-to-data-center traffic flows, not to efficiently support new cloud-driven traffic patterns. Starting in 2018, most enterprises will adopt a “cloud-first” SD-WAN architecture designed to efficiently and effectively support the ongoing evolution in their application mix.The new WAN edge replaces the traditional branch routerTraditional routers are no longer the default choice for branch deployments. Routers are burdened by three decades of complexity and a cumbersome “CLI-first” device-by-device configuration paradigm. With SD-WAN as a foundation, a new class of centrally-orchestrated, application-driven WAN edge devices will replace traditional routers in the branch.To read this article in full, please click here

Meltdown and Spectre: How much are ARM and AMD exposed?

As the chip vendors wrestle to get their arms around the Meltdown and Spectre vulnerabilities, we’re slowly determining the exposure of AMD and ARM to the exploit. Intel, unfortunately, is totally vulnerable. With AMD and ARM, though, it gets complicated.First, let’s go over the Spectre exploit, which is a second class of attacks similar to Meltdown, the one we all know. Like Meltdown, Spectre exploits speculative execution in order to root out information from a CPU’s cache. Spectre is different because of how it runs.Also read: Meltdown and Spectre exploits: Cutting through the FUD While Meltdown is based on a specific implementation of speculative execution, Spectre exploits a risk to speculative execution that requires more work to exploit but is also considered harder to mitigate. Because it’s more obscure and arcane, it’s not as well understood. That’s why Meltdown is considered the bigger risk.To read this article in full, please click here

1 1,411 1,412 1,413 1,414 1,415 3,350