Who Controls The Internet?
The title of the paper Who controls the Internet? Analyzing global threats using property traversal graphs is enough to ensnare any Internet researcher. The control plane for a number of attacks, as the paper points out, is the DNS due to the role it plays in mapping names to resources. MX records in the DNS control the flow of mail, CNAME records are used to implement content delivery networks (CDN) services, and TXT records are used to confirm access to and control over a namespace when implementing third party services. This post will cover an interesting case where control is exercised first via the DNS and then using BGP.
Below the DNS, in the depths of internet plumbing, is the lizard brain of internet routing, which is governed by the border gateway protocol (BGP). A common term to describe BGP routing is “hot potato” routing. BGP conversations occur between autonomous systems, ASes, which are identified by their autonomous system number ASN. The ASN represents a system of networks and the policy associated with their routing. ASes are issued regionally by Regional Internet Registries (RIRs), which receive blocks of AS numbers to hand out from the Internet Assigned Numbers Authority Continue reading
Measuring Router Performance Using Netscout OptiView XG
In this video, Tony Fortunato describes testing the throughput of Ubiquiti EdgeRouterX.
IPv6 Link-Local Addresses and VLAN Interfaces
One of my readers sent me an email that’s easiest paraphrased into: “Why can’t I have a different IPv6 link-local address (LLA) on every access port connected to a VLAN interface?”
There’s probably nothing stopping someone from implementing such an approach, but it would go against the usual understanding of how bridging and routing interact in L2+L3 switches.
Read more ...Interface basics on the Juniper MX
I’ve been spending more time on the MX recently and I thought it would be worthwhile to document some of the basics around interface configuration. If you’re like me, and come from more of a Cisco background, some of configuration options when working with the MX weren’t as intuitive. In this post, I want to walk through the bare bone basic of configuring interfaces on a MX router.
Basic L3 interface
ge-0/0/0 {
unit 0 {
family inet {
address 10.20.20.16/24;
}
}
}The most basic interface configuration possible is a simple routed interface. You’ll note that the interface address is configured under a unit. To understand what a unit is you need to understand some basic terminology that Juniper uses. Juniper describes a physical interface as an IFD (Interface Device). In our example above the IFD would be the physical interface ge-0/0/0. We can then layer one or more IFL (Interface Logical) on top of the IFD. In our example the IFL would be the unit configuration, in this case ge-0/0/0.0. Depending on the configuration of the IFD you may be able to provision additional units. These additional units (Logical interfaces (IFLs)) Continue reading
Network Break 143: Broadcom Acquisition OK’d; Mellanox Announces New ASICs
Broadcom wins FTC approval for its Brocade buy, Cisco gets FTC help around Fibre Channel, Mellanox announces 400G ASICs, and other tech news on the latest Network Break podcast. The post Network Break 143: Broadcom Acquisition OK’d; Mellanox Announces New ASICs appeared first on Packet Pushers.
Cloud Providers Tap Private Brokers for IPv4 Addresses
MIT recently announced it was selling about 8 million of its unused IPv4 addresses.
Microsoft Azure Stack Systems to Ship in September
Dell EMC, HPE, Lenovo, and Cisco are hardware partners.
NFV and SDN Only Slightly Offset Costs Needed for U.S. Fiber Investment
Virtualization makes repairs easier but does not eliminate labor costs.
Worth Reading: Moving Computing to the Edge (Again)
The post Worth Reading: Moving Computing to the Edge (Again) appeared first on rule 11 reader.
Complexity and the Thin Waist
In recent years, we have become accustomed to—and often accosted by—the phrase software eats the world. It’s become a mantra in the networking world that software defined is the future. full stop This research paper by Microsoft, however, tells a different story. According to Baumann, hardware is the new software. Or, to put it differently, even as software eats the world, hardware is taking over an ever increasing amount of the functionality software is doing. In showing this point, the paper also points out the complexity problems involved in dissolving the thin waist of an architecture.
The specific example used in the paper is the Intel x86 Instruction Set Architecture (ISA). Many years ago, when I was a “youngster” in the information technology field, there were a number of different processor platforms; the processor wars waged in full. There were, primarily, the x86 platform, by Intel, beginning with the 8086, and its subsequent generations, the 8088, 80286, 80386, then the Pentium, etc. On the other side of the world, there were the RISC based processors, the kind stuffed into Apple products, Cisco routers, and Sun Sparc workstations (like the one that I used daily while in Cisco TAC). The argument Continue reading
Zscaler Security Integrates with Several SD-WAN Vendors
Zscaler's large data center footprint means it can provide security for enterprises worldwide.
ISOC Rough Guide to IETF 99: Internet Infrastructure Resilience
IETF 99 is next week in Prague, and I’d like to take a moment to discuss some of the interesting things happening there related to Internet infrastructure resilience in this installment of the Rough Guide to IETF 99.
Simple solutions sometimes have a huge impact. Like a simple requirement that “routes are neither imported nor exported unless specifically enabled by configuration”, as specified in an Internet draft “Default EBGP Route Propagation Behavior Without Policies”. The draft is submitted to IESG and expected to be published as a Standards Track RFC soon.
Andrei Robachevsky