OpenStack SDN – OpenDaylight With BGP VPN

In this post I’ll demonstrate how to build a simple OpenStack lab with OpenDaylight-managed virtual networking and integrate it with a Cisco IOS-XE data centre gateway using EVPN.

OpenStack SDN – OpenDaylight With BGP VPN

For the last 5 years OpenStack has been the training ground for a lot of emerging DC SDN solutions. OpenStack integration use case was one of the most compelling and easiest to implement thanks to the limited and suboptimal implementation of the native networking stack. Today, in 2017, features like L2 population, local ARP responder, L2 gateway integration, distributed routing and service function chaining have all become available in vanilla OpenStack and don’t require a proprietary SDN controller anymore. Admittedly, some of the features are still not (and may never be) implemented in the most optimal way (e.g. DVR). This is where new opensource SDN controllers, the likes of OVN and Dragonflow, step in to provide scalable, elegant and efficient implementation of these advanced networking features. However one major feature still remains outside of the scope of a lot of these new opensource SDN projects, and that is data centre gateway (DC-GW) integration. Let me start by explain why you would need this feature in the first place.

Optimal forwarding of North-South traffic

OpenStack Neutron and VMware NSX, both being pure software solutions, rely on a special type of node to forward traffic between VMs Continue reading

Linux PiCore on Raspberry Pi – First Steps

The blog post contains notes about the installation of piCore Linux on Raspberry Pi 3 computer. The related topic is well known, discussed by many similar posts however the article represents my own copy & paste reference for later usage.

The first generation of Raspberry Pi 1 has been with us since February 2012. Recently in version 3B, the Pi3 is equipped with 1.2 GHz 64-bit quad-core ARM Cortex-A53 processor, 1 GB of RAM and it has integrated 2.4 GHz WiFi 802.11n (150 Mbit/s), Bluetooth 4.1 (24 Mbit/s) on Broadcom BCM43438 chip. It also provides the integrated 10/100 Ethernet port. These factors along with the cheap price (~ 35 US), small size (~ 85.60mm x 56mm x 21mm), low weight (~ 45g) and low power consumption (maximum 1.34 A or 6.7 W under stress when peripherals and WiFi are connected) makes this single-board computer ideal candidate for use in the recent Internet of Things (IoT) world.

Raspberry Pi can run several OSs built for ARM architecture such as Windows 10 IoT Core, Raspbian (based on Debian), Ubuntu Mate and many others. The Linux distributions offer either full desktop environment or they are released Continue reading

Peeking into your Linux packages

Do you ever wonder how many thousands of packages are installed on your Linux system? And, yes, I said "thousands." Even a fairly modest Linux system is likely to have well over a thousand packages installed. And there are many ways to get details on what they are.First, to get a quick count of your installed packages on a Debian-based distribution such as Ubuntu, use the command apt list --installed like this:$ apt list --installed | wc -l 2067 This number is actually one too high because the output contains "Listing..." as its first line. This command would be more accurate:$ apt list --installed | grep -v "^Listing" | wc -l 2066 To get some details on what all these packages are, browse the list like this:To read this article in full, please click here

Help Make the Internet Open to All: Join SIG Women!

When we talk about women and technology, we need to talk data. In the United States, a recent report by the National Center for Women and Information Technology highlighted that only 26% of the workforce in the computer field is made up of women. In addition, a survey by Silicon Valley Bank revealed that 68% of startups do not have women on their board. In India, women make up just 30% of the workforce in the technology industry. In many European countries, the wage gap between men and women is present in technological positions. In Latin America, the proportion of women studying in computer careers is low. In addition, shortcomings in Internet access makes it difficult for women of all ages to use the technology in Africa.

Increasing access, skills, and leadership of women and girls in ICT has enormous potential for improving their health and emancipating them through access to information, education and trade opportunities, strengthening not only families and communities, but also national economies and global society as a whole.

In order to speak on a daily basis and to make the problem visible, we considered it necessary to create a Special Interest Group to help change those statistics Continue reading

Worth Reading: The Math Behind Reliabity

So last week I was looking at some things around Reliability and I realized how big the Reliability Engineering field is. Then I thought why not share it with others on what I have learned so far and at the same time with a hope that experts in this field may read this and correct me if there are any mistakes in my understanding. —Diptanshu Singh @ Packet Pushers

Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited.

This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. This research was conducted by a team of researchers from Cloudflare, Georgia Tech, Google, Akamai, the University of Illinois, the University of Michigan, and Merit Network and resulted in a paper published at USENIX Security 2017.

At its peak in September 2016, Mirai temporarily crippled several high-profile services such as OVH, Dyn, and Krebs on Security via massive distributed Denial of service attacks (DDoS). OVH reported that these attacks exceeded 1 Tbps—the largest on public record.

What’s remarkable about these record-breaking attacks is they were carried out via small, innocuous Internet-of-Things (IoT) devices like home routers, air-quality monitors, and personal surveillance cameras. At its peak, Mirai infected over 600,000 vulnerable IoT devices, according to our measurements.

This blog post follows the timeline above

• Mirai Genesis: Discusses Mirai’s early days and provides a brief technical overview of how Mirai works and Continue reading

Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited.

This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. This research was conducted by a team of researchers from Cloudflare (Jaime Cochran, Nick Sullivan), Georgia Tech, Google, Akamai, the University of Illinois, the University of Michigan, and Merit Network and resulted in a paper published at USENIX Security 2017.

At its peak in September 2016, Mirai temporarily crippled several high-profile services such as OVH, Dyn, and Krebs on Security via massive distributed Denial of service attacks (DDoS). OVH reported that these attacks exceeded 1 Tbps—the largest on public record.

What’s remarkable about these record-breaking attacks is they were carried out via small, innocuous Internet-of-Things (IoT) devices like home routers, air-quality monitors, and personal surveillance cameras. At its peak, Mirai infected over 600,000 vulnerable IoT devices, according to our measurements.

This blog post follows the timeline above

• Mirai Genesis: Discusses Mirai’s early days and provides a brief technical overview of Continue reading

IDG Contributor Network: Leveraging reconfigurable computing for smarter cybersecurity

The reality for security teams today is that they are facing challenges on multiple fronts. The number of security breaches is increasing, which means the number of security alerts to be examined each day is increasing. The attacks are becoming more sophisticated and multi-dimensional. The number of cybersecurity solutions available continues to grow, which requires time and effort to understand. The amount of data in the network is snowballing, which means the cybersecurity infrastructure needs to be constantly updated to keep up. What’s worse is that all this is happening in the midst of new networking paradigms related to cloud, virtualization and software-defined data centers.To read this article in full, please click here

IDG Contributor Network: Leveraging reconfigurable computing for smarter cybersecurity

The reality for security teams today is that they are facing challenges on multiple fronts. The number of security breaches is increasing, which means the number of security alerts to be examined each day is increasing. The attacks are becoming more sophisticated and multi-dimensional. The number of cybersecurity solutions available continues to grow, which requires time and effort to understand. The amount of data in the network is snowballing, which means the cybersecurity infrastructure needs to be constantly updated to keep up. What’s worse is that all this is happening in the midst of new networking paradigms related to cloud, virtualization and software-defined data centers.To read this article in full, please click here

IDG Contributor Network: Leveraging reconfigurable computing for smarter cybersecurity

The reality for security teams today is that they are facing challenges on multiple fronts. The number of security breaches is increasing, which means the number of security alerts to be examined each day is increasing. The attacks are becoming more sophisticated and multi-dimensional. The number of cybersecurity solutions available continues to grow, which requires time and effort to understand. The amount of data in the network is snowballing, which means the cybersecurity infrastructure needs to be constantly updated to keep up. What’s worse is that all this is happening in the midst of new networking paradigms related to cloud, virtualization and software-defined data centers.To read this article in full, please click here

Xen Project Pushes Security-Focused Update for Cloud Hypervisor

Reports indicate AWS support could be waning.

ETSI Zero-Touch Group Tackles 5G Network Automation

Service providers say 5G challenges require using NFV, SDN, and MEC.

Forecasting Death of the CLI

‘net Neutrality Collection

I’ve run across a lot of interesting perspectives on ‘net Neutrality; to make things easier, I’ve pulled them onto a single page. For anyone who’s interested in hearing every side of the issue, this is a good collection of articles to read through.

The page is here.

Stateless Garners $1.4M Seed Round, Re-Architects Network Functions

The Colorado startup graduated from Techstars accelerator program this year.

Vapor IO Builds Kinetic Edge Virtual Data Center Architecture

One site in Chicago is already operational, and a second will come online this month.

Together We Can Reduce Barriers

Accessibility is human right.

People with disabilities want and need to use the Internet just like everyone else, but what can we do to reduce barriers? Especially when one billion people globally have a disability, with 80% living in developing countries.

But accessibility doesn’t just happen. Policymakers, program managers, and technical experts need to incorporate it into their work right from the start – and we need champions for accessibility to make it happen.

Everyone in the Internet community can contribute to reducing barriers! People working with policy, programs, communications, and education can incorporate accessibility.

It doesn’t just start with websites. While this type of access is crucial, we can go even further – accessible interfaces for the Internet of Things or phone apps are just two examples.

In addition, organizations can offer a more inclusive approach with:

• Learning programs and packages (content and delivery)
• Communications programs – websites, online conferencing, discussion forums, printed material
• Policy development – has a policy position been considered in terms of its effects on people with disability?

Want to learn more about what you can do to make the Internet accessible for all? Read the W3C Introduction to Web Accessibility, and learn about the  Continue reading

Former Open-O Director Marc Cohn Joins EnterpriseWeb

Cohn has been a leader in open source SDN and NFV.

There’s Always Cache in the Banana Stand

We’re happy to announce that we now support all HTTP Cache-Control response directives. This puts powerful control in the hands of you, the people running origin servers around the world. We believe we have the strongest support for Internet standard cache-control directives of any large scale cache on the Internet.

Documentation on Cache-Control is available here.

Cloudflare runs a Content Distribution Network (CDN) across our globally distributed network edge. Our CDN works by caching our customers’ web content at over 119 data centers around the world and serving that content to the visitors nearest to each of our network locations. In turn, our customers’ websites and applications are much faster, more
available, and more secure for their end users.

A CDN’s fundamental working principle is simple: storing stuff closer to where it’s needed means it will get to its ultimate destination faster. And, serving something from more places means it’s more reliably available.

To use a simple banana analogy: say you want a banana. You go to your local fruit stand to pick up a bunch to feed your inner monkey. You expect the store to have bananas in stock, which would satisfy your request instantly. But, what if Continue reading