Archive

Category Archives for "Networking"

Episode 17 – BGP: Peering and Reachability

In this Community Roundtable episode, returning guests Russ White and Nick Russo start our three part deep dive into the Border Gateway Protocol, or BGP, with a look at terminology, how peer relationships form, the differences between internal and external BGP, and scaling techniques.

 

Show Links

https://tools.ietf.org/html/rfc4271

https://www.ietf.org/rfc/rfc1771.txt

http://bgp.us/

 

Show Notes

Overview

  • BGP is an external gateway protocol used widely in both the public internet and with enterprise organizations
  • BGP is the only external gateway protocol and is traditionally used primarily to connect networks to other networks
  • BGP was built primarily for policy propagation to provide reliability, scalability, and control
  • BGP v4 is created which is the base version we still use today though updated over the year

 

Terminology

  • Devices running BGP are called speakers
    • A connection between two speakers is called a peering session
    • The two speakers are often called peers or neighbors
  • Network Layer Reachability Information is a key term to remember — NLRI
    • Address Families (AFs) carry NLRIs for different topologies and different kinds of reachability information (v4, v6, ethernet, mpls, etc.
  • Autonomous System–a set of bgp speakers contained within a single administrative domain (with some rather loose Continue reading

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

New Amazon Echo Discounted $20 Right Now – Deal Alert

Amazon has a discount of $20 active right now on their all new Echo smart speaker, which features a new speaker, new design, and is available in a range of styles including fabrics and wood veneers. Echo connects to Alexa to play music, make calls, set alarms and timers, ask questions, control smart home devices, and more -- instantly. Echo averages 4 out of 5 stars on Amazon from over 2,200 reviewers, and with the current discount you can grab it for yourself (or someone else) now for just $79.99. See the discounted Echo deal now on Amazon.To read this article in full, please click here

Reflections from the Global Commission on the Stability of Cyberspace

Two weeks ago, a small delegation from the Internet Society was in Delhi for a series of meetings. (See yesterday’s post about GCCS and GFCE.) In this post, I’ll pick up with the Global Commission on the Stability of Cyberspace (GCSC).

The international community has been trying to develop cybernorms for international behaviour for over a decade. This has been happening through UN processes, through the GCCS, through international law discourse, and other fora. And, some progress has been made. For instance, the Tallin manuals provide some insights on how international law applies to cyber war and cyber operations, while the UN GGE, among others, recognized the applicability of international law on the digital space and has provided some protection to cybersecurity incident response teams (CIRTs) and critical infrastructure.

However, these processes are slow, and certainly not without roadblocks. The 5th UN Group of Governmental Experts on Information Security (GGE), for example, failed to reach consensus on whether certain aspects of international law, in particular the right to self-defence, apply to cyberspace as well as issues related to attribution. During a panel at GCCS, five participants in the 5th UN GGE shared their perspectives. To me Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

1 1,560 1,561 1,562 1,563 1,564 3,478