EVPN’s 4 critical benefits for digital transformation
Digital transformation demands more of everything: speed, throughput, agility and scalability. That’s why organizations are rethinking traditional layer 2 switched data center architectures and moving towards intelligent layer 3 routed network designs. With a layer 3 architecture, your data center can use proven routing protocols to simplify troubleshooting, facilitate upgrades, scale efficiently and converge traffic.
But what about the applications, storage appliances and multi-tenant environments that still require traditional layer 2 connectivity? Legacy protocols that enable layer 2 traffic to run over a layer 3 routed infrastructure have significant limitations that become serious obstacles when the data center must scale, accommodate multiple vendors’ systems or support multi-tenancy. Fortunately, there’s a scalable, simple, non-proprietary solution. Enter EVPN.
Cumulus’ unique Virtual eXtensible Local Area Network (VXLAN) Ethernet Virtual Private Network (EVPN) solution offers unmatched interoperability and efficiency. By adding VXLAN distributed routing, Cumulus EVPN undoes all of the complications of layer 2 connectivity and frees you from reliance on proprietary controllers. Looking for proof that EVPN delivers on that promise? We’ve got plenty of evidence, so here’s four major advantages of utilizing EVPN to meet the demands of digital transformation.
1) Accommodate growth without disruption
With Cumulus EVPN, you can quickly and Continue reading
Network Collective: Securing BGP
Yet another protocol episode over at the Network Collective. This time, Nick, Jordan, Eyvonne and I talk about BGP security.
memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations
ASERT Threat Summary: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations Date/Time: 27022018 1645UTC Title/Number: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations – February 2018 – v1.3. Severity: Critical Distribution: TLP WHITE (see <https://www.us-cert.gov/tlp>) Categories: Availability Authors: Roland Dobbins & Steinthor Bjarnason Contributors: Luan Nguyen, […]memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations
ASERT Threat Summary: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations Date/Time: 27022018 2325UTC Title/Number: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations – February 2018 – v1.4. Severity: Critical Distribution: TLP WHITE (see <https://www.us-cert.gov/tlp>) Categories: Availability Authors: Roland Dobbins & Steinthor Bjarnason Contributors: Keshav […]CEO Succession at the Internet Society – Status update (Feb 2018)
This is a status update on where we are in the CEO search process. In my last note to the community, I explained that we were finishing the selection of a search firm to support us during the process and that we were planning to launch an open call for candidates in February.
After issuing an RFP and conducting a set of interviews with several firms, the CEO Search Committee selected a search firm. The selected firm is Perrett Laver.
Based on, among other things, all the community feedback we have received on the following email address (you can still send your input to that address), the CEO Search Committee has developed a draft job description:
In order to refine the job description and to make sure we gather all the input we need, the search firm is going to conduct informational interviews with the leadership of our communities. Accordingly, they are going to interview the chairs of the OMAC (Organization Advisory Council), the ChAC (Chapters Advisory Council), and the IETF (the chairs of the IAB and the IAOC will also be interviewed). ISOC’s executive team (staff) will also be interviewed. You can also talk with Continue reading
How Many vRAN Initiatives Does it Take to Open the Radio Network?
From shrinking booths to crowd control workers, here’s the latest from MWC.
International Cooperation Needed to Create an “Increasingly Beneficial Internet”
New norms of behavior are needed for Internet users, and it’s time for governments, companies, other organizations, and individuals to work together to define those standards, Internet advocates say.
Even as the Internet gives more and more people new ways to express themselves and improve their standard of living, it also creates problems that demand international and multistakeholder cooperation, speakers at the Global Internet and Jurisdiction Conference 2018 in Ottawa, Canada, said Monday.
The Internet has driven forward the ideas of globalization and equal opportunity for everyone, but technological advances have also created complexity that many people weren’t prepared for, said Kathy Brown, president and CEO of Internet Society.
“We now face enormous challenges as the pace of change has accelerated faster than did our human institutions, societal and existing global agreements,” she said during the first day of the conference.
Many governments have looked toward heavy regulation and censorship as a way to deal with this complex environment, Brown added.
Governments in some countries “are doubling down on what they know how to do — shut it down, shut it off, censor users, regulate creators,” she added. “The global Internet community, itself, is in danger of splintering into predictable commercial, Continue reading
Memcrashed – Major amplification attacks from UDP port 11211
CC BY-SA 2.0 image by David Trawin
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211.
In the past, we have talked a lot about amplification attacks happening on the internet. Our most recent two blog posts on this subject were:
- SSDP amplifications crossing 100Gbps. Funnily enough, since then we were a target of an 196Gbps SSDP attack.
- General statistics about various amplification attacks we see.
The general idea behind all amplification attacks is the same. An IP-spoofing capable attacker sends forged requests to a vulnerable UDP server. The UDP server, not knowing the request is forged, politely prepares the response. The problem happens when thousands of responses are delivered to an unsuspecting target host, overwhelming its resources - most typically the network itself.
Amplification attacks are effective, because often the response packets are much larger than the request packets. A carefully prepared technique allows an attacker with limited IP spoofing capacity (such as 1Gbps) to launch very large attacks (reaching 100s Gbps) "amplifying" the attacker's bandwidth.
Memcrashed
Obscure amplification attacks happen all the time. We often see "chargen" or "call Continue reading
Enea Buys Openwave Mobility for $90M, Boosts NFV Play
Openwave claims seven of the top 20 mobile operators deploy its NFV platform.
McAfee CEO: Make Cybersecurity the New Quality Standard
The company is working with service providers to embed security in their products.
Containers Vs. PaaS: A Tough Choice
What abstraction layer should IT infrastructure teams provide developers? Containers or Platform-as-a-Service solutions like Cloud Foundry? The question is a difficult one to answer, as Keith Townsend, principal at The CTO Advisor and Interop ITX infrastructure chair, explains in this video.
Telia Sees ‘Fast-Fail’ Model as a Financial Risk
The need to support legacy systems adds costs.