Episode 18 – Whitebox Networking

In Episode 18 of Network Collective, Pete Lumbis of Cumulus Networks and Kevin Myers of IP Architechs join us to talk about the pros and cons of running whitebox or commodity hardware in your network. There’s no denying that the price point on commodity hardware is attractive but we discuss all you should consider when you’re looking to transition away from a major network hardware vendor.

Show Notes

What is whitebox networking?

• Has a variety of definitions depending on the person answering
• Associated with ONIE and Oss like Cumulus Linux, BigSwitch, IPI
• Commodity hardware not mainstream vendor with OS that may or may not be from the same vendor
• To some, hardware has more to do with hardware
• Commodity hardware has to do with using chipset, board, or even layout that someone else created
• Component of disaggregation to consider
• Britebox is the larger vendors offering disaggregation options
• Whietbox equipment isn’t about homemade devices soldered together in our garages

Why whitebox networking?

• The original impetus for whitebox was often around cost, and sometimes it still is
• Current reasons are to have more options like customized operating systems
• Whitebox utilizes the equipment to move to an x86 model that compute Continue reading

Top 5 blogs of 2017: LinuxKit, A Toolkit for building Secure, Lean and Portable Linux Subsystems

In case you’ve missed it, this week we’re highlighting the top five most popular Docker blogs in 2017. Coming in the third place is the announcement of LinuxKit, a toolkit for building secure, lean and portable Linux Subsystems.

LinuxKit includes the tooling to allow building custom Linux subsystems that only include exactly the components the runtime platform requires. All system services are containers that can be replaced, and everything that is not required can be removed. All components can be substituted with ones that match specific needs. It is a kit, very much in the Docker philosophy of batteries included but swappable. LinuxKit is an open source project available at https://github.com/linuxkit/linuxkit.

To achieve our goals of a secure, lean and portable OS,we built it from containers, for containers.  Security is a top-level objective and aligns with NIST stating, in their draft Application Container Security Guide: “Use container-specific OSes instead of general-purpose ones to reduce attack surfaces. When using a container-specific OS, attack surfaces are typically much smaller than they would be with a general-purpose OS, so there are fewer opportunities to attack and compromise a container-specific OS.”

The leanness directly helps with security by removing parts not Continue reading

From SD-WAN to the Network Edge: Here Are the Top Sponsored Posts of 2017

Here is a list of our Top 5 sponsored posts of 2017

IDG Contributor Network: New IDC report forecasts huge growth for IoT

In case you’re still not sure about the viability of the Internet of Things (IoT) as a business concept, some new findings from research firm International Data Corp. (IDC)—predicting significant growth for the market in the coming years—should be convincing.In addition to a rise in investments in IoT products and services, the IDC research describes how software and services will play a major role in the success of IoT project.According to the IDC study, worldwide spending on the IoT is forecast to reach $772.5 billion in 2018. That represents an increase of 15% over the $674 billion that will be spent on IoT in 2017. The new update to the firm’s Worldwide Semiannual Internet of Things Spending Guide forecasts worldwide IoT spending to sustain a compound annual growth rate (CAGR) of 14% through the 2017-2021 forecast period, surpassing the $1 trillion mark in 2020 and reaching $1.1 trillion in 2021.To read this article in full, please click here

IDG Contributor Network: Mega increase in cloud adoption underway

No matter how you look at it, the cloud is growing fast.To compare the market’s growth to the rest of IT, cloud computing is expanding seven times faster than non-cloud computing, according to a report from IDC released on February 21.To gauge the business decision-maker, the State of the cloud Survey gives us a good sense of how adoption decisions are changing, along with other internal insights. The 2017 version of the poll, based on the responses of 1,002 IT executives, found that the concerns related to cloud that have held back a higher degree of adoption are taking a nosedive. While 32% listed lacking expertise and resources as a top challenge last year, that number dropped to 25% this year.To read this article in full, please click here

From Trials to Use Cases – The Top 5G Developments in 2017

 Virtualization becomes a bigger part of 5G discussion.

5 Biggest HCI Movers and Shakers in 2017

Five companies stand out for their strong hyperconverged moves.

Can IoT help make the enterprise more secure?

It’s no secret that the rise of the Internet of Things (IoT) presents massive new security challenges. Heck, I’ve written about the issue here more than once. But one company claims that enterprise IoT also shows promise for addressing key security issues.Also on Network World: Is the U.S. finally about to take IoT security seriously? and The time to deal with IoT security is now Tim Lang, CTO at BI and data analytics firm MicroStrategy, notes that 70 percent of security breaches come from the inside, and he says Enterprise Internet of Things (EIoT) can help enterprises “monitor and prevent these breaches before they happen.” To read this article in full, please click here

Can IoT help make the enterprise more secure?

It’s no secret that the rise of the Internet of Things (IoT) presents massive new security challenges. Heck, I’ve written about the issue here more than once. But one company claims that enterprise IoT also shows promise for addressing key security issues.Also on Network World: Is the U.S. finally about to take IoT security seriously? and The time to deal with IoT security is now Tim Lang, CTO at BI and data analytics firm MicroStrategy, notes that 70 percent of security breaches come from the inside, and he says Enterprise Internet of Things (EIoT) can help enterprises “monitor and prevent these breaches before they happen.” To read this article in full, please click here

IoT Security Using BLE Encryption

Microsoft: ReFS is ridiculous

I’ve blogged before about how the new integrity-checking filesystem in Windows, ReFS, doesn’t actually have integrity checking turned on by default. It’s pretty silly that for a modern filesystem meant to compete with ZFS and BtrFS, to have the main 21st century feature turned off by default. But it’s not quite ridiculous. Not yet.

Now it turns out that scrubbing is only supported on Windows Server

1. Microsoft honestly shipped an integrity-checking filesystem in Windows 10 with no way to repair or scrub it.

I used to say that Windows 10 is the best Windows ever, and that Microsoft kinda won my trust back. But what the hell?

I contacted Microsoft support over chat, who first suggested I do a system restore (sigh). But after I insisted that they please confirm that it’s supposed to work confirmed that no that only ships with Windows Server.

It’s not even clear from their pricing if I need the $882 Standard Edition or the $6,155 Datacenter Edition. Either one is way too much for such a standard feature.

What the hell, Microsoft? All I want is a checksumming file system. Either provide it, or don’t. Don’t give me a checksumming filesystem that can’t be Continue reading

Why TLS 1.3 isn’t in browsers yet

Upgrading a security protocol in an ecosystem as complex as the Internet is difficult. You need to update clients and servers and make sure everything in between continues to work correctly. The Internet is in the middle of such an upgrade right now. Transport Layer Security (TLS), the protocol that keeps web browsing confidential (and many people persist in calling SSL), is getting its first major overhaul with the introduction of TLS 1.3. Last year, Cloudflare was the first major provider to support TLS 1.3 by default on the server side. We expected the client side would follow suit and be enabled in all major browsers soon thereafter. It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default.

The reductive answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks. Some of these middleboxes implemented TLS 1.2 incorrectly and now that’s blocking browsers from releasing TLS 1.3. However, simply blaming network appliance vendors would be disingenuous. The deeper truth of the Continue reading

Why TLS 1.3 isn’t in browsers yet

Upgrading a security protocol in an ecosystem as complex as the Internet is difficult. You need to update clients and servers and make sure everything in between continues to work correctly. The Internet is in the middle of such an upgrade right now. Transport Layer Security (TLS), the protocol that keeps web browsing confidential (and many people persist in calling SSL), is getting its first major overhaul with the introduction of TLS 1.3. Last year, Cloudflare was the first major provider to support TLS 1.3 by default on the server side. We expected the client side would follow suit and be enabled in all major browsers soon thereafter. It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default.

The reductive answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks. Some of these middleboxes implemented TLS 1.2 incorrectly and now that’s blocking browsers from releasing TLS 1.3. However, simply blaming network appliance vendors would be disingenuous. The deeper truth of the Continue reading

Concise (Post-Christmas) Cryptography Challenges

It's the day after Christmas; or, depending on your geography, Boxing Day. With the festivities over, you may still find yourself stuck at home and somewhat bored.

Either way; here are three relatively short cryptography challenges, you can use to keep you momentarily occupied. Other than the hints (and some internet searching), you shouldn't require a particularly deep cryptography knowledge to start diving into these challenges. For hints and spoilers, scroll down below the challenges!

Challenges

Password Hashing

The first one is simple enough to explain; here are 5 hashes (from user passwords), crack them:

$2y$10$TYau45etgP4173/zx1usm.uO34TXAld/8e0/jKC5b0jHCqs/MZGBi
$2y$10$qQVWugep3jGmh4ZHuHqw8exczy4t8BZ/Jy6H4vnbRiXw.BGwQUrHu
$2y$10$DuZ0T/Qieif009SdR5HD5OOiFl/WJaDyCDB/ztWIM.1koiDJrN5eu
$2y$10$0ClJ1I7LQxMNva/NwRa5L.4ly3EHB8eFR5CckXpgRRKAQHXvEL5oS
$2y$10$LIWMJJgX.Ti9DYrYiaotHuqi34eZ2axl8/i1Cd68GYsYAG02Icwve

HTTP Strict Transport Security

A website works by redirecting its www. subdomain to a regional subdomain (i.e. uk.), the site uses HSTS to prevent SSLStrip attacks. You can see cURL requests of the headers from the redirects below, how would you practically go about stripping HTTPS in this example?

$ curl -i http://www.example.com
HTTP/1.1 302 Moved Temporarily  
Server: nginx  
Date: Tue, 26 Dec 2017 12:26:51 GMT  
Content-Type: text/html  
Transfer-Encoding: chunked  
Connection: keep-alive  
location: https://uk.example.com/  

$ curl -i http://uk.example.com
HTTP/1.1 200 OK  
Server: nginx  
Content-Type: text/html;  Continue reading

Concise (Post-Christmas) Cryptography Challenges

It's the day after Christmas; or, depending on your geography, Boxing Day. With the festivities over, you may still find yourself stuck at home and somewhat bored.

Either way; here are three relatively short cryptography challenges, you can use to keep you momentarily occupied. Other than the hints (and some internet searching), you shouldn't require a particularly deep cryptography knowledge to start diving into these challenges. For hints and spoilers, scroll down below the challenges!

Challenges

Password Hashing

The first one is simple enough to explain; here are 5 hashes (from user passwords), crack them:

$2y$10$TYau45etgP4173/zx1usm.uO34TXAld/8e0/jKC5b0jHCqs/MZGBi
$2y$10$qQVWugep3jGmh4ZHuHqw8exczy4t8BZ/Jy6H4vnbRiXw.BGwQUrHu
$2y$10$DuZ0T/Qieif009SdR5HD5OOiFl/WJaDyCDB/ztWIM.1koiDJrN5eu
$2y$10$0ClJ1I7LQxMNva/NwRa5L.4ly3EHB8eFR5CckXpgRRKAQHXvEL5oS
$2y$10$LIWMJJgX.Ti9DYrYiaotHuqi34eZ2axl8/i1Cd68GYsYAG02Icwve

HTTP Strict Transport Security

A website works by redirecting its www. subdomain to a regional subdomain (i.e. uk.), the site uses HSTS to prevent SSLStrip attacks. You can see cURL requests of the headers from the redirects below, how would you practically go about stripping HTTPS in this example?

$ curl -i http://www.example.com
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 26 Dec 2017 12:26:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: https://uk.example.com/

$ curl -i http://uk.example.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html;  Continue reading

Alibaba Cloud Gears Up for ‘Serious Combat’ Against AWS in 2018

Alibaba Cloud has 33 availability zones across 16 economic centers globally.

NFV Creeps into Networks in Different Ways

NFV gets into networks via SD-WAN, turnkey software stacks, and proprietary systems.

Managing Switches with REST and Thrift APIs

The History of Stock Quotes

In honor of all the fervor around Bitcoin, we thought it would be fun to revisit the role finance has had in the history of technology even before the Internet came around. This was adapted from a post which originally appeared on the Eager blog.

On 10th of April 1814, almost one hundred thousand troops fought the battle of Toulouse in Southern France. The war had ended on April 6th. Messengers delivering news of Napoleon Is abdication and the end of the war wouldn’t reach Toulouse until April 12th.

The issue was not the lack of a rapid communication system in France, it just hadn’t expanded far enough yet. France had an elaborate semaphore system. Arranged all around the French countryside were buildings with mechanical flags which could be rotated to transmit specific characters to the next station in line. When the following station showed the same flag positions as this one, you knew the letter was acknowledged, and you could show the next character. This system allowed roughly one character to be transmitted per minute, with the start of a message moving down the line at almost 900 miles per hour. It wouldn’t expand to Toulouse until 1834 however, Continue reading

The History of Stock Quotes

In honor of all the fervor around Bitcoin, we thought it would be fun to revisit the role finance has had in the history of technology even before the Internet came around. This was adapted from a post which originally appeared on the Eager blog.

On 10th of April 1814, almost one hundred thousand troops fought the battle of Toulouse in Southern France. The war had ended on April 6th. Messengers delivering news of Napoleon Is abdication and the end of the war wouldn’t reach Toulouse until April 12th.

The issue was not the lack of a rapid communication system in France, it just hadn’t expanded far enough yet. France had an elaborate semaphore system. Arranged all around the French countryside were buildings with mechanical flags which could be rotated to transmit specific characters to the next station in line. When the following station showed the same flag positions as this one, you knew the letter was acknowledged, and you could show the next character. This system allowed roughly one character to be transmitted per minute, with the start of a message moving down the line at almost 900 miles per hour. It wouldn’t expand to Toulouse until 1834 however, Continue reading