Network Break 160: VMware Buys VeloCloud; Qualcomm Sues Apple
On today's Network Break we dig into VMware's acquisition of VeloCloud, analyze the latest round in the Qualcomm/Apple spat, drill into Juniper's new photonics & more. The post Network Break 160: VMware Buys VeloCloud; Qualcomm Sues Apple appeared first on Packet Pushers.
7 Enterprise Networking Trends for 2018
Interop ITX research reveals how companies plan to bolster their networks.
The Value of NAT Support
Network address translation: Sometimes you need more than a simple domain name.
Tier 1 carrier performance report: October, 2017
The post Tier 1 carrier performance report: October, 2017 appeared first on Noction.
The Three Paths of Enterprise IT
Everyone knows that Service Providers and Enterprise networks diverged decades ago. More precisely, organizations that offer network connectivity as their core business usually (but not always) behave differently from organizations that use networking to support their core business.
Obviously, there are grey areas: from people claiming to be service providers who can’t get their act together, to departments (or whole organizations) who run enterprise networks that look a lot like traditional service provider networks because they’re effectively an internal service provider.
Read more ...Introduction to RADIUS- Remote Authentication Dial-In User Service
Today I am going to talk about the major component of the network which provide you the authentication services whenever called from the user. The major component is called as RADIUS. This major component hosted on the server which is capable of giving the right reports of the users authentication. Let's talk about the RADIUS server or so called Remote Authentication Dial-In User Service
What is RADIUS- Remote Authentication Dial-In User Service?
What is RADIUS- Remote Authentication Dial-In User Service?
RADIUS( Remote Authentication Dial-In User Service) is a server systems with which we can secures our networks against unauthorised access. So RADIUS clients run on supported routers and switches. Clients send authentication requests to a central RADIUS server, which contains all user authentication and network service access information.
If i talk about RADIUS in other simpler words you can say that the system is a network protocol by which we are defining rules and conventions for communication between network devices - for remote user authentication and accounting.
What is the main purpose of RADIUS servers ?
Well the major purpose of the RADIUS server in the network is described as below.
- Authenticates users or devices before allowing them access to a network
- Authorises those users or devices Continue reading
November 2017 IETF Journal Now Available Online
The November 2017 issue of the IETF Journal is now online at https://www.ietfjournal.org/journal-issues/november-2017/. With IETF 100 in Singapore starting this coming weekend, this is the perfect time to get caught up on what’s been happening in the world of Internet standards lately. (Starting next week, you can also learn more about the Internet Society’s work at IETF 100 via our series of Rough Guide blog posts.)
In this issue, you’ll learn about implementation work taking place in the Human Rights Protocol Considerations Research Group, the latest security updates to Network Time Protocol, new email-related Working Groups JMAP and EXTRA, as well as the important coding work that took place as part of the IETF Hackathon.
Our regular columns from the IETF, IAB, and IRTF chairs and coverage of the Birds-of-a-Feather meetings and presentations from the Applied Networking Research Prize winners wrap up the issue.
There will be print copies available at IETF in Singapore, the email version will hit subscribers’ inboxes in the coming days, and print subscribers will receive their issues shortly thereafter.
This issue marks the final hardcopy version of the IETF Journal. As we explain in “We’re Continue reading
LavaRand in Production: The Nitty-Gritty Technical Details
Introduction
Courtesy of @mahtin
As some of you may know, there's a wall of lava lamps in the lobby of our San Francisco office that we use for cryptography. In this post, we’re going to explore how that works in technical detail. This post assumes a technical background. For a higher-level discussion that requires no technical background, see Randomness 101: LavaRand in Production.
Background
As we’ve discussed in the past, cryptography relies on the ability to generate random numbers that are both unpredictable and kept secret from any adversary. In this post, we’re going to go into fairly deep technical detail, so there is some background that we’ll need to ensure that everybody is on the same page.
True Randomness vs Pseudorandomness
In cryptography, the term random means unpredictable. That is, a process for generating random bits is secure if an attacker is unable to predict the next bit with greater than 50% accuracy (in other words, no better than random chance).
We can obtain randomness that is unpredictable using one of two approaches. The first produces true randomness, while the second produces pseudorandomness.
True randomness is any information learned through the Continue reading
Randomness 101: LavaRand in Production
Introduction
Courtesy of @mahtin
As some of you may know, there's a wall of lava lamps in the lobby of our San Francisco office that we use for cryptography. In this post, we’re going to explore how that works. This post assumes no technical background. For a more in-depth look at the technical details, see LavaRand in Production: The Nitty-Gritty Technical Details.
Background
Randomness in Cryptography
As we’ve discussed in the past, cryptography relies on the ability to generate random numbers that are both unpredictable and kept secret from any adversary.
But “random” is a pretty tricky term; it’s used in many different fields to mean slightly different things. And like all of those fields, its use in cryptography is very precise. In some fields, a process is random simply if it has the right statistical properties. For example, the digits of pi are said to be random because all sequences of numbers appear with equal frequency (“15” appears as frequently as “38”, “426” appears as frequently as “297”, etc). But for cryptography, this isn’t enough - random numbers must be unpredictable.
To understand what unpredictable means, it helps to consider that all Continue reading
Rough Guide to IETF 100 – Slinging Standards in Singapore
It’s time for the third and final IETF meeting of 2017. Starting on Sunday, 12 November, the Internet Engineering Task Force will be in Singapore for IETF 100, where about 1000 engineers will discuss the latest issues in open internet standards and protocols. All this week, we’re providing our usual Internet Society Rough Guide to the IETF via a series of blog posts on topics of mutual interest:
- Internet of Things (IoT)
- Routing Infrastructure Security Resilience
- IPv6
- DNSSEC, DANE and DNS Security
- Identity, Privacy, and Encryption
All these posts can be found on our blog and will be archived through our Rough Guide to IETF 100 overview page.
Here are some of the activities that the Internet Society is involved in and some of my personal highlights.
IETF Journal
Catch up on highlights from IETF 99 in Prague by reading the IETF Journal. You can read all the articles online at https://www.ietfjournal.org, or pick up a hardcopy in Singapore.
This issue marks the final hardcopy version; starting in 2018, we’ll be shifting our focus to longer-form articles online and via our Twitter and Facebook channels. In the meantime, this issue has articles on the Human Rights Continue reading
Perfect locality and three epic SystemTap scripts
In a recent blog post we discussed epoll behavior causing uneven load among NGINX worker processes. We suggested a work around - the REUSEPORT socket option. It changes the queuing from "combined queue model" aka Waitrose (formally: M/M/s), to a dedicated accept queue per worker aka "the Tesco superstore model" (formally: M/M/1). With this setup the load is spread more evenly, but in certain conditions the latency distribution might suffer.
After reading that piece, a colleague of mine, John, said: "Hey Marek, don't forget that REUSEPORT has an additional advantage: it can improve packet locality! Packets can avoid being passed around CPUs!"
John had a point. Let's dig into this step by step.
In this blog post we'll explain the REUSEPORT socket option, how it can help with packet locality and its performance implications. We'll show three advanced SystemTap scripts which we used to help us understand and measure the packet locality.
A shared queue
The standard BSD socket API model is rather simple. In order to receive new TCP connections a program calls bind() and then listen() on a fresh socket. This will create a single accept queue. Programs can share the file descriptor - pointing Continue reading
OpenStack now featured in Cumulus in the Cloud
First of all, we’re thrilled to announce that today we launched OpenStack with Cumulus in the Cloud. That means that you can now test out Cumulus Networks technology with an OpenStack environment easily and at zero cost to you.
I’ve written previously about Cumulus In The Cloud (CitC) when we first released it a month ago with Mesos as the initial release flavor. Since then, JR Rivers and his team have been diligently working on adding additional flavors to the CitC offering. I could not have been happier to hear the good news that they had integrated an OpenStack solution with the cloud testing framework.
I immediately launched my own free instance of Cumulus in the Cloud using the standard steps. I was greeted with a new option where I could pick the flavor of CitC I wanted to initiate:
Since I had already experimented with Mesos, I was eager to tinker with OpenStack to better learn this technology.
To be upfront, I am not an OpenStack expert. I have been diligently learning it over the past six months ever since a majority of my customer engagements have involved private cloud deployments leading with OpenStack. As a network engineer first, Continue reading
Introduction to Point to Point Authentication : PAP and CHAP protocols
Today I am going to talk about the PAP- Password Authentication Protocol and CHAP- challenge handshake authentication protocol. So let's talk about PAP and CHAP one by one.
PAP and CHAP is one of the basic and most important topic for CCNA candidates or the freshers who are going to work on the Point to point networks.
Before we are starting with the PAP and CHAP protocols, I would like to tell you that PAP and CHAP is the authentication procedure in Point to point network. So if you are using Point to point networks in your architecture you should opt for PAP or CHAP protocols as per the design required.
Below is the example showing the pictorial representation where we are defining the acceptance and the refusal of the connection in both the cases.
PAP- Password Authentication Protocol
So PAP is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. PAP generally consider as a very basic two-way process. There is no encryption. The username and password are sent in plain text. If it is accepted, the connection is allowed.
PAP and CHAP is one of the basic and most important topic for CCNA candidates or the freshers who are going to work on the Point to point networks.
Before we are starting with the PAP and CHAP protocols, I would like to tell you that PAP and CHAP is the authentication procedure in Point to point network. So if you are using Point to point networks in your architecture you should opt for PAP or CHAP protocols as per the design required.
Below is the example showing the pictorial representation where we are defining the acceptance and the refusal of the connection in both the cases.
PAP- Password Authentication Protocol
So PAP is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. PAP generally consider as a very basic two-way process. There is no encryption. The username and password are sent in plain text. If it is accepted, the connection is allowed.
The authentication phase of a PPP session is optional. If used, you can authenticate the Continue reading
Introduction to ACI Multi-Site Fabric Design Network
In my earlier post I talk about the ACI stretched Fabric and ACI multi-pod fabric designs with single and multiple APIC clusters. Now I am going to talk about the basics of the Cisco ACI Multi-site fabric design network in my article. If you want to have a look for my earlier article, please go through the below mentioned link and review before we will start with the Cisco ACI multi-site fabric network design.
Introduction to Cisco ACI stretched fabric and ACI Multi-pod Fabric Designs
So in short, you now understand the Cisco single-pod, Cisco ACI stretched fabric and Cisco ACI multi-pod fabric design. Now we are going to talk about the next level of Cisco ACI deployment model and this model is called as Cisco ACI Multi-site fabric design.
Cisco ACI Multi-site Fabric Network Design
Introduction to Cisco ACI stretched fabric and ACI Multi-pod Fabric Designs
So in short, you now understand the Cisco single-pod, Cisco ACI stretched fabric and Cisco ACI multi-pod fabric design. Now we are going to talk about the next level of Cisco ACI deployment model and this model is called as Cisco ACI Multi-site fabric design.
Cisco ACI Multi-site Fabric Network Design
Making more innovation in the Cisco ACI with the APIC 2.0 release, Cisco said that a Multi-Site design is the architecture interconnecting multiple APIC cluster domains with their associated pods.
A Multi-Site design could also be called a Multi-Fabric design, because it interconnects separate availability zones (fabrics), each deployed either as a single pod or multiple pods (a Multi-Pod design). Below is Continue reading
Introduction to Cisco ACI stretched fabric and ACI Multi-pod Fabric Designs
Today I am going to talk about Cisco ACI where Cisco is providing two different solutions on Cisco ACI. One solution is Cisco ACI Multi-pod and other solution is named as Cisco ACI Multi-Site design or architecture.
Earlier Cisco ACI multi-pod environment we were doing the ACI stretched Fabric design but then Cisco come up with the solution called as Cisco ACI multi-pod.
What is Cisco ACI Multi-pod ?
Well ACI multi-pod is a kind of ACI stretched Fabric design with more benefits and features. In simple words we can say that ACI multi-pod is a multiple ACI fabrics that is under control of single management or administration.
What is the key difference of ACI stretched fabric design and ACI multi-pod ?
Let's talk about the ACI stretched fabric design, Let us suppose we have two ACI fabric design where we have Spine-Leaf architecture. One is ACI-I and other is ACI-II, if you are going to connect the leaf switches of ACI-I with the spine switches of ACI-II and leaf switches of ACI-II with spine switches of ACI-I makes ACI Stretched fabric design. Below diagram shows the best way of Cisco ACI stretched fabric design between three ACI fabric networks.
Earlier Cisco ACI multi-pod environment we were doing the ACI stretched Fabric design but then Cisco come up with the solution called as Cisco ACI multi-pod.
What is Cisco ACI Multi-pod ?
Well ACI multi-pod is a kind of ACI stretched Fabric design with more benefits and features. In simple words we can say that ACI multi-pod is a multiple ACI fabrics that is under control of single management or administration.
What is the key difference of ACI stretched fabric design and ACI multi-pod ?
Let's talk about the ACI stretched fabric design, Let us suppose we have two ACI fabric design where we have Spine-Leaf architecture. One is ACI-I and other is ACI-II, if you are going to connect the leaf switches of ACI-I with the spine switches of ACI-II and leaf switches of ACI-II with spine switches of ACI-I makes ACI Stretched fabric design. Below diagram shows the best way of Cisco ACI stretched fabric design between three ACI fabric networks.
 |
| Continue reading |
General – Advice on Numbering Policies in Networking
There are several situations where we need to write some form of policy such as QoS, routing policies used in for example redistribution, filtering and policy-based routing, dot1x and so on. Lately I had to update a policy used by the master controller (MC) in an IWAN design. What are some important things to consider when writing the policy?
The number to start with – If you start with the number one then it won’t be possible to insert anything above this line at a later time. How certain are you that you will never have to put anything before the starting line? My recommendation is to start with a higher number such as 100.
Space between each line – Don’t number your lines 100, 101, 102, 103 and so on. Leave some more space between each line in case you have to insert something later between two lines. A spacing of 10 should be fine for most situations.
Go from most granular to least granular – The policy should go from as granular as possible to the least granular at the end. If you have a statement that is too broad you may catch more than you expected even Continue reading