Archive

Category Archives for "Networking"

Episode 17 – BGP: Peering and Reachability

In this Community Roundtable episode, returning guests Russ White and Nick Russo start our three part deep dive into the Border Gateway Protocol, or BGP, with a look at terminology, how peer relationships form, the differences between internal and external BGP, and scaling techniques.

 

Show Links

https://tools.ietf.org/html/rfc4271

https://www.ietf.org/rfc/rfc1771.txt

http://bgp.us/

 

Show Notes

Overview

  • BGP is an external gateway protocol used widely in both the public internet and with enterprise organizations
  • BGP is the only external gateway protocol and is traditionally used primarily to connect networks to other networks
  • BGP was built primarily for policy propagation to provide reliability, scalability, and control
  • BGP v4 is created which is the base version we still use today though updated over the year

 

Terminology

  • Devices running BGP are called speakers
    • A connection between two speakers is called a peering session
    • The two speakers are often called peers or neighbors
  • Network Layer Reachability Information is a key term to remember — NLRI
    • Address Families (AFs) carry NLRIs for different topologies and different kinds of reachability information (v4, v6, ethernet, mpls, etc.
  • Autonomous System–a set of bgp speakers contained within a single administrative domain (with some rather loose Continue reading

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

New Amazon Echo Discounted $20 Right Now – Deal Alert

Amazon has a discount of $20 active right now on their all new Echo smart speaker, which features a new speaker, new design, and is available in a range of styles including fabrics and wood veneers. Echo connects to Alexa to play music, make calls, set alarms and timers, ask questions, control smart home devices, and more -- instantly. Echo averages 4 out of 5 stars on Amazon from over 2,200 reviewers, and with the current discount you can grab it for yourself (or someone else) now for just $79.99. See the discounted Echo deal now on Amazon.To read this article in full, please click here

Reflections from the Global Commission on the Stability of Cyberspace

Two weeks ago, a small delegation from the Internet Society was in Delhi for a series of meetings. (See yesterday’s post about GCCS and GFCE.) In this post, I’ll pick up with the Global Commission on the Stability of Cyberspace (GCSC).

The international community has been trying to develop cybernorms for international behaviour for over a decade. This has been happening through UN processes, through the GCCS, through international law discourse, and other fora. And, some progress has been made. For instance, the Tallin manuals provide some insights on how international law applies to cyber war and cyber operations, while the UN GGE, among others, recognized the applicability of international law on the digital space and has provided some protection to cybersecurity incident response teams (CIRTs) and critical infrastructure.

However, these processes are slow, and certainly not without roadblocks. The 5th UN Group of Governmental Experts on Information Security (GGE), for example, failed to reach consensus on whether certain aspects of international law, in particular the right to self-defence, apply to cyberspace as well as issues related to attribution. During a panel at GCCS, five participants in the 5th UN GGE shared their perspectives. To me Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

Popular Destinations rerouted to Russia

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

Looking at timeline we can see two event windows of about three minutes each. The first one started at 04:43 UTC and ended at around 04:46 UTC. The second event started 07:07 UTC and finished at 07:10 UTC.

Even though these events were relatively short lived, they were significant because it was picked up by a large number of peers and because of several new more specific prefixes that are not normally seen on the Internet. So let’s dig a little deeper.

One of the interesting things about this incident is the prefixes that were affected are all network prefixes for well known and high traffic internet organizations. The other odd thing is that the Origin AS 39523 (DV-LINK-AS) hasn’t been seen announcing any prefixes for many years (with one exception below), so why Continue reading

VMware Closes Acquisition of VeloCloud Networks

As applications and data continue to be distributed more broadly from the data center to the edge, customers are increasingly relying on software-defined wide-area networks (SD-WANs) versus traditional networking for flexible, secure connectivity.  It’s for this reason that I am pleased to share that we officially closed our acquisition of VeloCloud Networks today, bringing their industry-leading, cloud-delivered SD-WAN solution to our growing software-based networking portfolio. The acquisition of VeloCloud significantly advances our strategy of enabling customers to run, manage, connect and secure any application on any cloud to any device.

VMware NSX was a game changer in the industry, and it has become the industry-leading implementation of network virtualization. Customers choose NSX because it delivers network and security services closest to the application. By adding VeloCloud’s SD-WAN solutions to our portfolio, we are extending our value in the enterprise and increasing our relevance with service providers by offering end-to-end automation, application continuity and security from data center to cloud edge. VeloCloud will bring the same properties to the wide-area network with an SD-WAN solution that provides full visibility, metrics, control and automation of all endpoints, resulting in better performance and availability for enterprise and cloud applications.

If you are a Continue reading

One Little Thing Can Break All Your Automation

I’ve been doing some work automating A10 Networks load balancers recently, and while testing I discovered a bug which broke my scripts. As hard as I try to code my scripts to cope with both success and failure, I realized that the one thing I can’t do much with is a failure of a key protocol.

A10 Networks Logo

Breaking Badly

So what matters when I’m automating device configurations? Three things come to mind immediately:

The Network / Transport

I need reliable network connectivity, or my automation requests will constantly be timing out or failing. While a script should be able to cope with an occasional network failure, unreliable networks are not fun to work with.

Data Transfer Format

Pick a format (XML, JSON) and use it consistently. I’m happy so long as I can send a request and read a response in a given format. If I send a request using JSON, send a response using JSON. Funnily enough I was troubleshooting WordPress xmlrpc recently and noticed that when there was an error, the XML command being issued received a 404 error followed by, well, you’d hope an XML error response, right? No, because it was an HTTP 404 error, the site Continue reading