Archive

Category Archives for "Networking"

New Coder: Stop What You’re Doing!

Let’s get coding! We’ve selected a language, we’ve done some online training, and we’re ready to get coding and automate the first thing we stumble across. How exciting! Aaaaannnnnd STOP.

On the Solarwinds Thwack Geek Speak blog I looked at the “80:20” rule and how to use it to guide where to get the biggest return on investment when spending time coding, then I gave some advice on how to select a task to automate. Please do take a trip to Thwack and check out my post, “New Coder: Stop What You’re Doing.

New Coder: Stop What You're Doing!

 

Please see my Disclosures page for more information about my role as a Solarwinds Ambassador.

If you liked this post, please do click through to the source at New Coder: Stop What You’re Doing! and give me a share/like. Thank you!

BGP Route Reflector in Plain English

BGP Route Reflector in Plain English, in this post, I will explain you the BGP Route Reflector basics, after you read this post, you will be able to answer many questions regarding BGP Route Reflectors.     Outline of this post is as below.   What is BGP Route Reflector ? Why BGP Route Reflector […]

The post BGP Route Reflector in Plain English appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

VNIX-NOG 2017 held in Ho Chi Minh City

VNNIC, the National Internet Registry (NIR) of Vietnam, organized 2 major events in Ho Chi Minh City. VNNIC IP Member meeting on 24th August at VNNIC HCMC Office and second VNIX-NOG event on 25th August at Saigon Prince Hotel and was attended by our Deploy360 colleague Aftab Siddiqui. NetNam, a local ISP, provided Internet connectivity for the NOG event and did a great job by providing a dual stack IPv4 and IPv6 network.

The first event was for VNNIC IP members where reports were presented and NIR policies discussed, but the NOG event the following day was attended by around 70 people from various organizations including all the major telcos and ISPs in the country, the Internet Society, APNIC, Google and BBIX.

The opening speech was provided by Nguyen Hong Thang – Deputy Director of VNNIC, and a welcome note was added by Vu The Binh – General Secretary of Vietnam Internet Association (VIA) . Presentations from the event are available here, but the emphasis was on local participants to share their experience and local community engagement.

Nguyen Tran Hieu (VNIX) shared some network statistics of the Hanoi and Ho Chi Minh City nodes, which unfortunately showed that most members Continue reading

StackStorm Architecture Part I – StackStorm Core Services

A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together.

In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time. I’ll be doing this in a series of posts, so we can explore a particular topic in detail without getting overwhelmed.

Also, it’s worth noting that this isn’t intended to be an exhaustive reference for StackStorm’s architecture. The best place for that is still the StackStorm documentation. My goal in this series is merely to give a little bit of additional insight into StackStorm’s inner workings, and hopefully get those curiosity juices flowing. There will be some code references, some systems-level insight, probably both.

Also note that this is a living document. This is an open source project under active development, and while I will try to keep specific Continue reading

StackStorm Architecture Part I – StackStorm Core Services

A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together.

In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time. I’ll be doing this in a series of posts, so we can explore a particular topic in detail without getting overwhelmed.

Also, it’s worth noting that this isn’t intended to be an exhaustive reference for StackStorm’s architecture. The best place for that is still the StackStorm documentation. My goal in this series is merely to give a little bit of additional insight into StackStorm’s inner workings, and hopefully get those curiosity juices flowing. There will be some code references, some systems-level insight, probably both.

Also note that this is a living document. This is an open source project under active development, and while I will try to keep specific Continue reading

StackStorm Architecture Part I – StackStorm Core Services

A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together. In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time.

StackStorm Architecture Part I – StackStorm Core Services

A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together. In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time.

StackStorm Architecture Part I – StackStorm Core Services

A while ago, I wrote about basic concepts in StackStorm. Since then I’ve been knee-deep in the code, fixing bugs and creating new features, and I’ve learned a lot about how StackStorm is put together. In this series, I’d like to spend some time exploring the StackStorm architecture. What subcomponents make up StackStorm? How do they interact? How can we scale StackStorm? These are all questions that come up from time to time in the StackStorm community, and there are a lot of little details that I even forget from time-to-time.

Cumulus Linux 3.4 REST API

The latest Cumulus Linux 3.4 release include a REST API. This article will demonstrate how the REST API can be used to automatically deploy traffic controls based on real-time sFlow telemetry. DDoS mitigation with Cumulus Linux describes how sFlow-RT can detect Distributed Denial of Service (DDoS) attacks in real-time and deploy automated controls.

The following ddos.js script is modified to use the REST API to send Network Command Line Utility - NCLU commands to add and remove ACLs, see Installing and Managing ACL Rules with NCLU:
var user = "cumulus";
var password = "CumulusLinux!";
var thresh = 10000;
var block_minutes = 1;

setFlow('udp_target',{keys:'ipdestination,udpsourceport',value:'frames'});

setThreshold('attack',{metric:'udp_target', value:thresh, byFlow:true, timeout:10});

function restCmds(agent,cmds) {
for(var i = 0; i < cmds.length; i++) {
let msg = {cmd:cmds[i]};
http("https://"+agent+":8080/nclu/v1/rpc",
"post","application/json",JSON.stringify(msg),user,password);
}
}

var controls = {};
var id = 0;
setEventHandler(function(evt) {
var key = evt.agent + ',' + evt.flowKey;
if(controls[key]) return;

var ifname = metric(evt.agent,evt.dataSource+".ifname")[0].metricValue;
if(!ifname) return;

var now = (new Date()).getTime();
var name = 'ddos'+id++;
var [ip,port] = evt.flowKey.split(',');
var cmds = [
'add acl ipv4 '+name+' drop udp source-ip any source-port '+port+' dest-ip '+ip+' dest-port any',
Continue reading

BGP leak causing Internet outages in Japan and beyond.

Yesterday some Internet users would have seen issues with their Internet connectivity, experiencing slowness or parts of the Internet as unreachable. This incident hit users in Japan particularly hard and it caused the Internal Affairs and Communications Ministry of Japan to start an investigation into what caused the large-scale internet disruption that slowed or blocked access to websites and online services for dozens of Japanese companies.

In this blog post we will take a look at the root cause of these outages, who was affected and what networks were involved.

Starting at 03:22 UTC yesterday (aug 25) followers of @BGPstream would have seen an increase in alerts involving Google. The BGPstream alerts were informing us that Google was announcing the peering lan prefixes of a few well known Internet exchanges. This in itself is actually a fairly common type of incident and typically indicates something isn’t quite right within the networks hijacking those prefixes and so these alerts were the first clues that something wasn’t quite right with Google’s BGP advertisements.

  A closer look at our data shows not only BGP hijack incidents but also a high number of BGP leak events. A random example is this one: 171. Continue reading

NSX Going Wild at This Year’s VMworld

Get ready! NSX is hosting a major swag giveaway at VMworld as part of a celebration for everything our customers have accomplished in 2017! At various times throughout the conference, we’ll be on the prowl, looking for folks sporting NSX gear. If you’re spotted “in the wild” adorned with anything “NSX”, you could win some awesome swag and prizes. 

Join the hunt: show off your NSX pride (and your photography skills), and post photos of anything #NSX with the hashtag #NSXintheWild.  Winners will be chosen at random on the VMworld floor and online, so you never know when we might have you in our sights. But make no mistake – if you’re representing NSX in the wild, you’ll be a prime target for swag.

 

Pay it forward: If you happen to spot some cool NSX gear in the wild, snap a photo and tweet it out using the hashtag #NSXintheWild.  We hope you’ll join the fun and show off your NSX treasure. Your odds of winning some prizes will be much higher at VMworld if you do, as opposed to hitting the slots!

The post NSX Going Wild at This Year’s VMworld appeared first on Network Virtualization.

VMware NSX Day 1 Guide Library

Our VMware NSX Guides are authored and technically reviewed by VMware subject-matter experts and cover networking and security essentials.

Below you will find a description of the current books in our library along with a downloadable PDF link.

If you are interested in purchasing a hardcopy, you can do so at our online store.

 

Check out our Four New Releases!

 

New Release: VMware NSX Automation Fundamentals Guide

VMware NSX Automation Fundamentals delivers the roadmap to understanding networking and security automation challenges in today’s data centers.  It explains the fundamental nature of VMware NSX Data Center architecture while detailing integrated solutions for both VMware and third party offerings (such as VMware vRealize Automation, OpenStack, Puppet, Chef, PowerNSX) that assist in creating networking and security components on-demand.

Follow Caio on Twitter! And follow Thiago on Twitter too!

 

 

 

 

 

New Release: VMware NSX Network Virtualization Fundamentals

During their digital transformation process, many IT organizations still struggle with traditional networking methods and security approaches. By successfully addressing these challenges in thousands of real-world implementations, VMware NSX Data Center has established itself as the leading network virtualization platform, revolutionizing the way data center networks are designed and operated. In Continue reading

Evidence at the cost of trust: The trouble with the Department of Justice – DreamHost case

The social and economic benefits of the Internet cannot be realized without users’ ability to communicate and organize privately, and, where appropriate, anonymously. Data collection warrants must strike a balance to protect these benefits without impeding law enforcement’s ability to enforce the law. In recent weeks, the United States Department of Justice’s (DoJ) conflict with DreamHost, a website hosting service, has underscored the importance of this balance.

A week after the 2017 U.S. presidential inauguration, the DoJ issued a warrant to DreamHost to gather evidence for almost 200 cases related to violence that occurred during Inauguration Day protests. DreamHost had provided services to a website used to coordinate protests during the presidential inauguration.

The initial warrant was broad in scope; DreamHost stated that compliance would mean handing over records relating to 1.3 million IP addresses. This July, the DoJ went even further, issuing a new warrant asking for “Files, databases, and database records” regarding the website in question. DreamHost’s filing with the court specifies that the DoJ sought: the IP addresses of visitors to the website; which website pages were viewed by visitors; and a description of the software running on visitors’ computers.

The DoJ itself appears to Continue reading