Archive

Category Archives for "Networking"

New in IPv6: Stable Random IPv6 Addresses on OpenBSD

The idea of generating random IPv6 addresses (so you cannot be tracked across multiple networks based on your MAC address) that stay stable within each subnet (so you don’t pollute everyone’s ND cache every time you open your iPad) is pretty old: RFC 7217 was published almost exactly four years ago.

Linux was quick to pick it up, OpenBSD got RFC 7127 support a few weeks ago. However, there’s an Easter egg in the OpenBSD patches that implement it: SLAAC on OpenBSD now works with any prefix length (not just /64).

Read more ...

BrandPost: SD-WAN: A Modern Approach to Connectivity for Digital Businesses

Digital transformation has crossed the chasm from visionary aspiration to practical implementation and in the process, it is disrupting technologies across the business landscape.As enterprises and governments transform their operations, many are finding their legacy wide area networks (WANs) cannot meet today’s digital-driven bandwidth demands. Rather than giving them a competitive edge and supporting business growth, their networks are stifling innovation and impeding flexibility.To address this challenge, software-defined WANs (SD-WANs) are emerging as a smart way to streamline connections among enterprise sites.Enterprise WANs are under pressure to keep pace with the cloud revolution, which plays a critical role in digital transformation. “Companies worldwide are aggressively consolidating their data centers, implementing new data models, and shifting development to agile, mobile-first, cloud-based models,” IDC Group Vice President and IT executive advisor Joseph Pucciarelli writes in the Winter 2018 Issue of CIO's Digital Magazine.To read this article in full, please click here

Using Travis CI (Continuous Integration) with GitHub

Hi ,

Am Planning to write a in detail usage of how we can leverage
Aws cloud - ansible - github - travis-(ci/cd) with in our networking 
deployment space. As of now, I will quickly author how you can 
leverage the usage of Travis CI in our 
experimental space. 

You can find more about Travis CI - Here - .org of travis will 
help to run Opensource Projects 

https://travis-ci.org/

I am using AWS cloud desktop to do the changes to the code, 
get it pushed to git-hub and then integrate everything 
if Travis CI passes the checks 

To let you know the workflow in a very simpler way 

-> You write any code or config related to networks on AWS cloud 
desktop
-> push the code into git-hub in a branch later to be integrated 
into Master Branch
-> Setup Travis to automatically run some pre-defined tests 
-> If all successful, we will merge the code into our master branch 

-> Lets write a very basic code in a branch and push to git-hub 

 




The github page has been integrated with Travis-CI 

 




Travis CI peforms the required checks, here it just 
checks for syntax, obvious this can be exetended  Continue reading

Wireless ESSID as ROT13 Ciphertext

Recently, I have scanned nearby wireless networks with airodump. I have discovered five networks transmitting on channel 3. MAC addresses of access points (BSSIDs) transmitting on channel 3 differ only in last two hexa digits and a signal level (PWR) reported by my WiFi card is almost same for all BSSIDs.

$ sudo airodump-ng wlp3s0

Picture 1 - Wireless Networks of Caffe Geo Guru

The following three ESSIDs have caught my attention.

1) Heslo do siete caffe.geo.guru
2) zistis rozlustenim sifry
3) qnw fv qboer cvib

In fact, the ESSIDs represent a cryptography challenge created for customers of caffe.geo.guru. Once the challenge is successfully solved a customer gains a password for connection to the wireless network with ESSID caffe.geo.guru.

Note: The first two ESSID are written in Slovak. Their English version is below.

1) Password to network caffe.geo.guru
2) can be gained by decoding words
3) qnw fv qboer cvib

The third ESSID represents an encoded password. Obviously, letters are substituted in ciphertext which let us to the assumption that ROT cipher is used. Using ROT13 cipher on the encoded text 'qnw fv qboer cvib' gives us a required plain-text password Continue reading

Wireless ESSID as ROT13 Ciphertext

Recently, I have scanned nearby wireless networks with airodump. I have discovered five networks transmitting on channel 3. MAC addresses of access points (BSSIDs) transmitting on channel 3 differ only in last two hexa digits and a signal level (PWR) reported by my WiFi card is almost same for all BSSIDs.

$ sudo airodump-ng wlp3s0

Picture 1 - Wireless Networks of Caffe Geo Guru

The following three ESSIDs have caught my attention.

1) Heslo do siete caffe.geo.guru
2) zistis rozlustenim sifry
3) qnw fv qboer cvib

In fact, the ESSIDs represent a cryptography challenge created for customers of caffe.geo.guru. Once the challenge is successfully solved a customer gains a password for connection to the wireless network with ESSID caffe.geo.guru.

Note: The first two ESSID are written in Slovak. Their English version is below.

1) Password to network caffe.geo.guru
2) can be gained by decoding words
3) qnw fv qboer cvib

The third ESSID represents an encoded password. Obviously, letters are substituted in ciphertext which let us to the assumption that ROT cipher is used. Using ROT13 cipher on the encoded text 'qnw fv qboer cvib' gives us a required plain-text password Continue reading

Deconfusing the Static Route

Configuring a static route is just like installing an entry directly in the routing table (or the RIB).

I have been told this many times in my work as a network engineer by operations people, coders, designers, and many other folks. The problem is that it is, in some routing table implementations, too true. To understand, it is best to take a short tour through how a typical RIB interacts with a routing protocol. Assume BGP, or IS-IS, learns about a new route that needs to be installed in the RIB:

  • The RIB into which the route needs to be installed is somehow determined. This might be through some sort of special tagging, or perhaps each routing process has a separate RIB into which it is installing routes, etc.. In any case, the routing process must determine which RIB the route should be installed in.
  • Look the next hop up in the RIB, to determine if it is reachable. A route cannot be installed if there is no next hop through which to forward the traffic towards the described destination.
  • Call the RIB interface to install the route.

The last step results in one of two possible reactions. The first Continue reading

Digital Empowerment of Women in South Asia

The Internet Society Pakistan Islamabad Chapter (PK IBD) organised a webinar on “Digital Empowerment of Women in South Asia” on 15 March, 2018. ISOC Chapter leaders, members, and staff participated in the webinar where the regional and global women-centric initiatives were shared by the speakers.

The undersigned welcomed the audience on behalf of the Internet Society Pakistan Islamabad Chapter followed by a round of introductions. Joyce Dogniez, the Internet Society’s Senior Director, Global Community Engagement, shared the importance and relevance of the UN-EQUALS partnership which is a unique collaboration between state and non-state actors to bridge the digital gender divide. Joyce shared that the Internet Society is an important part of this partnership that primarily emphasizes improving ICT access, imparting digital skills, and promoting leadership of women. Internet and digital literacy leads to economic empowerment of women that can have a profound community impact.

The next session featured updates from the Chapter Leaders of South Asia on the various initiatives being undertaken on the country and Chapter level. Sagarika Wickramasekera from the ISOC Sri Lanka Chapter informed about the initiatives of the Chapter including WomenIGF, IT trainings for girls at school level, Internet learning programmes for women entrepreneurship, etc. Sidra Jalil from Continue reading

Lockin In Enterprise IT – Video

We all know that ‘lock in’ is inevitable. You make a choice and then you live with the consequences of what you have bought. However, I see a number of area where vendors are actively promoting lockin to capture unearned profits and control their partners. These dark patterns are not always obvious and I wanted […]

Network Break 178: Cisco Disaggregates, ATT Bets Big On Whitebox

Take a Network Break! Cisco announced that it would allow third-party OSs to run on Nexus 9200 and 9300 switches, and let customers run NX-OS on other hardware. The company is also making its IOS-XR router OS available for “curated” third-party hardware.

AT&T announces a plan to deploy 60,000 whitebox routers as part of its 5G rollout, and its dNOS open network OS moves to the Linux Foundation. Juniper’s OpenContrail also joins the Linux Foundation and gets renamed Tungsten Fabric.

The P4 network programming language becomes an official project of the Open Networking Foundation, HPE buys Cape Networks for WLAN performance monitoring, Microsoft reorganizes the company, and Arista announces new 25 and 100GbE switches.

Get links with more details to all these stories after our sponsor message.

Sponsor: Couchdrop

Send files to the cloud quickly and easily with Couchdrop, a cloud-based service that uses the Secure Copy Protocol to transfer files. Couchdrop integrates with Dropbox, GoogleDrive, Amazon S3 buckets and more. Head to Couchdrop.io to get details, and get two months free with a one-year subscription.

Show Links:

An Architectural Approach to Flexible Consumption for Service Providers with IOS XR – Cisco

Enabling IOS-XR on Third-Party Network Hardware Continue reading

BrandPost: Ciena Network Insight – Podcast Series

Stay informed with Ciena's Network Insights podcast each month and meet the innovators and thinkers who are building the infrastructure for our future. We'll be looking at system overload of our global networks due to increasing IoT traffic, emerging 4K and 8K video, and VR applications. To keep up and avoid hitting critical mass, networks have to work smarter, not harder.Tune into our Network Insights podcast each month for an in-depth discussion on the different ways these bandwidth killers force networks to push the boundaries of programmability and intelligence, and meet the innovators and thinkers who are building the infrastructure for our future.To read this article in full, please click here

Flow smoothing

The sFlow-RT real-time analytics engine includes statistical smoothing. The chart above illustrates the effect of different levels of smoothing when analyzing real-time sFlow telemetry.

The traffic generator in this example creates an alternating pattern: 1.25Mbytes/second for 30 seconds followed by a pause of 30 seconds. Smoothing time constants between 1 second and 500 seconds have been applied to generate the family of charts. The blue line is the result of 1 second smoothing and closely tracks the traffic pattern. At the other extreme, the dark red line is the result of 500 second smoothing, showing a constant 625Kbytes/second (the average of the waveform).

There is a tradeoff between responsiveness and variability (noise) when selecting the level of smoothing. Selecting a suitable smoothing level depends on the flow analytics application.

Low smoothing values are appropriate when fast response is required, for example:
Higher smoothing values are appropriate when less variability is desirable, for example:

Generating the chart

The results described in this article are easily reproduced using the testbed Continue reading

Deadline TODAY (23:59 UTC) to submit comments to ICANN on 2018 DNSSEC Root KSK Rollover Plan

Do you believe ICANN should go ahead with the plan to roll the Root Key Signing Key (KSK) on 11 October 2018? If so (or if not), the deadline for public comment is TODAY, 2 April 2018, at 23:59 UTC. That’s about 9.5 hours from the time I’m publishing this post.

My colleague Kevin Meynell provided more info about this public comment process when it began in March. At the IETF 101 meeting in London, I spoke with ICANN staff who again stated that they would like to hear from many voices about whether they should go ahead with the Root KSK Rollover on 11 October 2018. It’s very simple to send in comments:

Learn how to submit your comments to ICANN

You can see the current list of comments at: https://mm.icann.org/pipermail/comments-ksk-rollover-restart-01feb18/2018q1/thread.html (All comments are public.)

I would encourage anyone interested to submit comments (even if they are simply “I support the plan.”).

And if you have want more information about how to get started with using DNSSEC, please see our Deploy360 Start page to begin.

Image credit: Bryce Barker on Unsplash

The post Deadline TODAY (23:59 UTC) to submit comments to ICANN Continue reading

1 1,411 1,412 1,413 1,414 1,415 3,443