Complexity Isn’t Always Bad
I was reading a great post this week from Gian Paolo Boarina (@GP_Ifconfig) about complexity in networking. He raises some great points about the overall complexity of systems and how we can never really reduce it, just move or hide it. And it made me think about complexity in general. Why are we against complex systems?
Confusion and Delay
Complexity is difficult. The more complicated we make something the more likely we are to have issues with it. Reducing complexity makes everything easier, or at least appears to do so. My favorite non-tech example of this is the carburetor of an internal combustion engine.
Carburetors are wonderful devices that are necessary for the operation of the engine. And they are very complicated indeed. A minor mistake in configuring the spray pattern of the jets or the alignment of them can cause your engine to fail to work at all. However, when you spend the time to learn how to work with one properly, you can make the engine perform even above the normal specifications.
Carburetors have been largely replaced in modern engines by computerized fuel injectors. These systems accomplish the same goal of injecting the fuel-air mixture into Continue reading
Show 367: Silver Peak & The Maturing Of SD-WAN (Sponsored)
In today s sponsored show with Silver Peak, we talk about lessons they've learned from more than 500 customer deployments, the role of routing, the necessity of Internet breakouts, and more. Our guest is David Hughes, founder and CEO. The post Show 367: Silver Peak & The Maturing Of SD-WAN (Sponsored) appeared first on Packet Pushers.
When It Comes to Smart Toys, It Pays to Shop Smart
When your in-laws give your child a loud toy for the holidays, you know you are going to have to hear it for the next few months. But when that toy connects to the Internet, how can you be sure that you’re the only ones listening?
This holiday season, “smart toys” (Internet or Bluetooth-enabled toys) are some of the most popular toys on the market. A lot of these toys look awesome, including:
- remote control cars that connect with an app and allow you to race against AI controlled cars;
- stuffed animals that play back messages sent from loved one’s smartphones; and
- soccer balls that track your form when you kick them.
Smart toys come with fantastic features, but if left unsecured, smart toys can present a serious privacy risk to those who use them. For instance:
- Hackers could gather the personal messages recorded to play through a grandchild’s teddy bear;
- Strangers could send messages to nearby children by using a toy robot’s Bluetooth feature – putting their safety at risk; and
- Toy companies could use a toy’s microphones not only for voice commands, but to also collect personal information to sell to third parties.
Unsecured smart toys present Continue reading
Introduction to OSPF NSSA Area
Today I am going to talk about the OSPF NSSA area as this is one of the most important topic and always been asked by the interviewers. I knew many of you are already aware if the OSPF NSSA area but it is important for the network engineers who started studying OSPF in details specially area types. OSPF is one of the widely used protocol in the enterprise network and there are so many enhancements done like to integrate with the IPv6 and OSPFv3.
Before we talk about OSPF NSSA area, I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
OSPF NSSA Area
NSSA stands for not-so-stubby area and is used in OSPF protocol. NSSA is to allow OSPF Stub areas to carry External routes which is the routes learned from other protocols like RIP, EIGRP or BGP and then redistribution into an NSSA area creates a special type of link-state advertisement (LSA) Continue reading
Promoting the African Internet Economy, an opportunity that cannot be missed
Some time ago, a European who visited my country and saw all the potential it possesses asked me “why is your country poor?”. It was a compelling question that made me think for years. It is true that there are external reasons such as the acts of colonial and other powers who have done everything to block economic progress. But, I have to admit, there is at least one major internal reason: we missed many opportunities for development.
We missed the industrial revolution of the 19th century that propelled Japan and many European countries to development. We missed the development opportunity that many South East Asian countries grabbed since the 1960s. We missed many other opportunities, simply because we didn’t realize they were there or we just could not agree on how to make the best out of them.
The African Union has a very clear vision to transform the socio-economic condition of the continent by 2063; by this year, the Union will be celebrating its hundredth anniversary (see Agenda 2063). This is a great vision. But, is Africa ready to use the opportunities that exist today and can enable it to arrive to its aspirations enshrined in Continue reading
Worth Reading: Designing Container Networking
Diane Patton (Cumulus Networks) published a short overview of container networking design options, from traditional MLAG to running Quagga on Docker host.
If you want to learn more about individual designs described in that blog post, watch the Leaf-and-Spine Fabric Architectures and Docker Networking webinars, or join one of the data center online courses.
Basic Configuration for Cisco ASA 5505 Interfaces- Trunk Port
Today I am going to talk about the basic Cisco ASA configuration of trunk ports and also to make that Cisco asa with the failover link. We are putting two ASA where one is the primary one and another is the failover ASA in the DMZ zone. I already discuss on the Cisco ASA access port configurations. If you want to have a look on the configurations, please go through the below link as a reference
Basic Configuration for Cisco ASA 5505 Interfaces- Access Ports
Basic Configuration for Cisco ASA 5505 Interfaces- Access Ports
Before we talk about these protocols, I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
Now let's talk about the basic Cisco ASA configuration for the trunk port. Below is the basic topology showing the Cisco ASA placed in the enterprise network. The configurations, IP addresses and topology shown here is only for the demo purposes and has no relevance with any of the enterprise networks.
 |
| Fig 1.1- Continue reading |
Basic Configuration for Cisco ASA 5505 Interfaces- Access Ports
Today I am going to talk about the basic Cisco ASA configuration on the access ports and also to make that Cisco asa with the failover link. Later on i will come up with the configuration part of the Cisco asa with the trunk port configurations. We are putting two ASA where one is the primary one and another is the failover ASA in the DMZ zone.
Before we talk about these protocols, I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos
Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go
Lets talk about the Cisco ASA configurations where we configures five VLAN interfaces, including the failover interface which is configured using the failover lan command.
 |
| Fig 1.1- Cisco ASA 5505 |
Configuration Examples for ASA 5505 Interfaces
Here in the below example, we are taking VLAN 2, VLAN 3, VLAN 4 and VLAN 5 where VLAN 6 will be the failover link and after that all VLANs will be assigned to the Continue reading
The New DDoS Landscape
News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? The greater the volume of traffic a victim receives, the harder to mitigate an attack - right?
At least, this is how things used to work. An attacker would gain capacity and then use that capacity to launch an attack. With enough capacity, an attack would overwhelm the victim's network hardware with junk traffic such that they can no longer serve legitimate requests. If your web traffic is served by a server with a 100 Gbps port and someone sends you 200 Gbps, your network will be saturated and the website will be unavailable.
Recently, this dynamic has shifted as attackers have gotten far more sophisticated. The practical realities of the modern Internet have increased the amount of effort required to clog up the network capacity of a DDoS victim - attackers have noticed this and are now choosing to perform attacks higher up the network stack.
In recent months, Cloudflare has seen a dramatic reduction in simple attempts to flood our network with junk traffic. Whilst we continue to see large network level attacks, in Continue reading
Want to try Warp? We just enabled the beta for you
Tomorrow is Thanksgiving in the United States. It’s a holiday for getting together with family characterized by turkey dinner and whatever it is that happens in American football. While celebrating with family is great, if you use a computer for your main line of work, sometimes the conversation turns to how to setup the home wifi or can Russia really use Facebook to hack the US election. Just in case you’re a geek who finds yourself in that position this week, we wanted to give you something to play with. To that end, we’re opening the Warp beta to all Cloudflare users. Feel free to tell your family there’s been an important technical development you need to attend to immediately and enjoy!
Hello Warp! Getting Started
Warp allows you to expose a locally running web server to the internet without having to open up ports in the firewall or even needing a public IP address. Warp connects a web server directly to the Cloudflare network where Cloudflare acts as your web server’s network gateway. Every request reaching your origin must travel to the Cloudflare network where you can apply rate limits, access policies and authentication before the request hits your Continue reading
Openstack SDN – NFV Management and Orchestration
In this post I’ll have a brief look at the NFV MANO framework developed by ETSI and create a simple vIDS network service using Tacker.
Continue readingOpenStack SDN – NFV Management and Orchestration
In the ongoing hysteria surrounding all things SDN, one important thing gets often overlooked. You don’t build SDN for its own sake. SDN is just a little cog in a big machine called “cloud”. To take it even further, I would argue that the best SDN solution is the one that you don’t know even exists. Despite what the big vendors tell you, operators are not supposed to interact with SDN interface, be it GUI or CLI. If you dig up some of the earliest presentation about Cisco ACI, when the people talking about it were the actual people who designed the product, you’ll notice one common motif being repeated over and over again. That is that ACI was never designed for direct human interaction, but rather was supposed to be configured by a higher level orchestrating system. In data center environments such orchestrating system may glue together services of virtualization layer and SDN layer to provide a seamless “cloud” experience to the end users. The focus of this post will be one incarnation of such orchestration system, specific to SP/Telco world, commonly known as NFV MANO.
NFV MANO for Telco SDN
At the early dawn of SDN/NFV era a Continue reading
Pseudo-wires With Vagrant and Libvirt
Build P2P links between Vagrant guests with UDP tunnels.Pseudo-wires With Vagrant and Libvirt
Libvirt has the ability to create a pseudo-wire between virtual guest interfaces using either TCP or UDP. The advantage of using pseud-wires is that you do not need to create virtual switches to attach your guest VM interfaces to. Virtualbox has an annoying trait of stripping vlan tags on...The Internet Society and NetBlocks Team up to Keep it on!
By Constance Bommelaer de Leusse and Alp Toker
How much do government shutdowns cost? How do they impact growth and prosperity?
In 2016 Internet shutdowns cost globally about $2.4 billion USD, and across 10 African countries they led to loss of $237 million USD over 236 days.
If we don’t act now, shutdowns and restrictions of access will continue to rise and the economic cost will increase over the next few years. At a time where developing countries can benefit the most from Internet access for economic growth, education and health, we cannot let this situation become the new normal.
The economic rationale of keeping it on
The impact of shutdowns on freedom of expression and human rights is already well understood. Unfortunately, this has little effect in reversing the trend. This is why we need the ear of economic and trade Ministers, investors, development banks, and others who can ensure the Internet isn’t shut down. Because they care about the growth and prosperity the Internet can bring.
Today we are excited to announce that the Internet Society and NetBlocks are teaming up to develop a tool to better measure the cost of shutdowns, and convince governments to keep the Continue reading
Holiday Weekend Reads (22nov17)
The coming holiday is cutting my publishing schedule short, but I didn’t want to leave too many interesting stories on the cutting room floor. Hence the weekend read comes early this week, and contains a lot more stuff to keep you busy for those couple of extra days. For the long weekend, I have five on security and one on culture. Enjoy!
This first read is about the US government’s collection and maintenance of security vulnerabilities. This is always a tricky topic; if a government knows about security vulnerabilities, there is at least some chance some “bad actor” will, as well. While the government might want to hoard such knowledge, in order to be more effective at breaking into systems, there is at least some possibility that refusing to release information about the vulnerabilities could lead to them not being fixed, and therefore to various systems being comrpomised, resulting in damage to real lives. The US government appears to be rethinking their use and disclosure of vulnerabilities
There can be no doubt that America faces significant risk to our national security and public safety from cyber threats. During the past 25 years, we have moved much of what we value Continue reading
Resin.io Says Containers Are a Perfect Management Platform for IoT
The company says its platform can manage a container running AWS' Greengrass.
On the ‘net: Three for the week
Because this is a short week, I’m going to combine three places I showed up on other sites recently.
I was also featured on the IT Origins series over at Gestalt IT.
Letter from Ethiopia: Can We Use Technology to Help Privacy Evolve?
I’m writing from Addis Ababa, where the African Union’s Specialist Technical Committee on ICT is having its biannual conference. I won’t report on that, as it’s still happening, but I can report that some of the hallway conversations have been both interesting and reassuring.
The topic of privacy came up over coffee, of course – and I was glad to hear that it is not only seen as a key issue for technology and governance, but it’s also seen as being closely interconnected with issues of cybersecurity. As readers of the Internet Society’s blogs will know, we think so too. You can’t have good privacy if you don’t have good security tools, and you can’t have good security in the absence of privacy.
As you would expect in a continent with all of Africa’s rich diversity, the cultural and social approaches to privacy can also vary widely, and people face exactly the same challenges as elsewhere, about how to translate them into workable technical and governance solutions. Today I will have a few minutes to set out some thoughts on that, in one of the afternoon sessions. I plan to suggest that we keep asking the “why?” question. Why Continue reading