Measuring ATR
One of the more pressing and persistent problems today is the treatment of fragmented packets. We are seeing a very large number of end-to-end paths that no longer support the transmission of fragmented IP datagrams. What can the DNS do to mitigate this issue?New Research: Organizations Overhauling IT Will Leapfrog Competition
Dell EMC announced the results of a new IT Transformation maturity study surveying 4,000 IT decision makers worldwide Survey data shows transformed companies are 22x more likely to get new products and services to market ahead of the competition 81% of firms agree if they do not embrace IT Transformation, their companies will no longer... Read more →
Mythology about security…
Ed Felton tweeted a few days ago: “Often hear that the reason today’s Internet is not more secure is that the early designers failed to imagine that security could ever matter. That is a myth.”
This is indeed a myth. Much of the current morass can be laid at the feet of the United States government, due to its export regulations around cryptography.
I will testify against the myth. Bob Scheifler and I started the X Window System in 1984 at MIT, which is a network transparent window system: that is, applications can reside on computers anywhere in the network and use the X display server. As keyboard events may be transmitted over the network, it was clear to us from the get-go that it was a security issue. It is in use to this day on Linux systems all over the world (remote X11 access is no longer allowed: the ssh protocol is used to tunnel the X protocol securely for remote use). By sometime in 1985 or 1986 we were distributing X under the MIT License, which was developed originally for use of the MIT X Window System distribution (I’d have to go dig Continue reading
Privacy-Protecting Portable Router: Adding DNS-Over-TLS support to OpenWRT (LEDE) with Unbound
If you want to skip ahead to instructions, scroll to the next section. But I, like a TLS handshake, am very verbose so please enjoy this opener.
Imagine this scenario - I'm at a restaurant and need to have a private phone conversation but unfortunately my phone's battery is drained. To get around this problem, I borrow my friend's phone and dial the number - to protect my privacy I walk outside. When I'm done with the call, I come back inside and return the phone.
Whilst the phone itself doesn't store the coversation I've had, it does have a log of the recently dialed number, if the friend from whom I borrowed the phone wanted to, they could easily see who I actually called - even if they don't specifically know the topic of conversation.
Sometimes, the data about who you've spoken to can tell an aweful lot about the conversation - if someone was to call an emotional support hotline or a debt collector, you could probably infer a lot about the conversation from the caller ID.
When we browse the internet, we use encryption to try and protect the conversations we have. When you connect to a Continue reading
China Mobile Selects Nokia for IP/Optical Transport Network
Nokia wins a 50-percent share of the multi-vendor deal with China Mobile. The two companies are also working together on software-defined networking for China Mobile to expand its cloud offering.
National Science Foundation Pledges $100M to Trial 5G Technology
The trials will begin in New York City and Salt Lake City using mmWave spectrum, software-defined radios, edge cloud, and advanced optical networking.
Industrial IoT Group Releases Security Maturity Model
The white paper helps companies meet industrial Internet of Things security goals and prioritize spending.
SK Telecom Will Incorporate AI Into Its 5G Network
The South Korean operator plans to talk about 5G trials at the 5G New Horizon Symposium in Austin, Texas, next month.
The EIGRP SIA Incident: Positive Feedback Failure in the Wild
Reading a paper to build a research post from (yes, I’ll write about the paper in question in a later post!) jogged my memory about an old case that perfectly illustrated the concept of a positive feedback loop leading to a failure. We describe positive feedback loops in Computer Networking Problems and Solutions, and in Navigating Network Complexity, but clear cut examples are hard to find in the wild. Feedback loops almost always contribute to, rather than independently cause, failures.
Many years ago, in a network far away, I was called into a case because EIGRP was failing to converge. The immediate cause was neighbor flaps, in turn caused by Stuck-In-Active (SIA) events. To resolve the situation, someone in the past had set the SIA timers really high, as in around 30 minutes or so. This is a really bad idea. The SIA timer, in EIGRP, is essentially the amount of time you are willing to allow your network to go unconverged in some specific corner cases before the protocol “does something about it.” An SIA event always represents a situation where “someone didn’t answer my query, which means I cannot stay within the state machine, so I Continue reading
Pivotal Software Expects IPO to Raise up to $592M
The cloud-native software company said it will price 37 million Class A shares between $14 and $16 per share.
SDKLT
Building the Demo App describes how to get started using a simulated Tomahawk device. Included, is a CLI that can be used to explore tables. For example, the following CLI output shows the attributes of the sFlow packet sampling table:
BCMLT.0> lt list -d MIRROR_PORT_ENCAP_SFLOW
MIRROR_PORT_ENCAP_SFLOW
Description: The MIRROR_PORT_ENCAP_SFLOW logical table is used to specify
per-port sFlow encapsulation sample configuration.
11 fields (1 key-type field):
SAMPLE_ING_FLEX_RATE
Description: Sample ingress flex sFlow packet if the generated sFlow random
number is greater than the threshold. A lower threshold leads to
higher sampling frequency.
SAMPLE_EGR_RATE
Description: Sample egress sFlow packet if the generated sFlow random number is
greater than the threshold. A lower threshold leads to
higher sampling frequency.
SAMPLE_ING_RATE
Description: Sample ingress sFlow packet if the generated sFlow random number is
greater than the threshold. A lower threshold leads to
higher sampling frequency.
SAMPLE_ING_FLEX_MIRROR_INSTANCE
Description: Enable to copy ingress flex sFlow packet samples to the ingress
mirror member using the sFlow mirror instance configuration.
SAMPLE_ING_FLEX_CPU
Description: Enable to copy ingress flex Continue reading
Network Break 179: Microsoft Targets Edge Computing; HCI Revenues Boom
Take a Network Break! Edge computing is the new hotness for traditional IT vendors as Microsoft and HPE, via its Aruba business unit, target edge computing infrastructure and software for new growth.
Meanwhile, Intel sells embedded software developer Wind River to a private equity firm, and we review the potential financial impact to legacy networking vendors as AT&T plans a massive whitebox rollout.
HCI revenues skyrocket in 2017; Delta, Sears, and Sacks Fifth Avenue get hacked; and Panera Bread picks a security fight with the wrong person.
We’ve got links to all the stories we cover just after our sponsor messages.
Sponsor: InterOptic
InterOptic offers high-performance, high-quality optics at a fraction of the cost. Find out more at InterOptic.com, and if you re attending Interop 2018 in Vegas, stop by the InterOptic booth to learn how they can help you spec the right optics for your network.
Coffee Talk: Kentik
Stay tuned after the news for a Coffee Talk conversation with sponsor Kentik. Kentik makes a big data platform to provide actionable insight from network data. Our guest is co-founder and CEO Avi Freedman, and we talk about how to use network data for fun and packets!