Packet Walk Through-Part 1
The objective of this blog is to discuss end to end packet (client to server) traversing through a service provider network with special consideration on performance effecting factors.
We will suppose client needs to access any of the service hosted in server connected with CE-2, all the network links and NICs on end system are Ethernet based. Almost all the vendors compute machines (PC/ servers) are generating IP data gram with 1500 bytes size (20 bytes header +1480 data bytes) in normal circumstances.
Fragmentation:- If any of link is unable to handle 1500 size IP data-gram then packet will be fragmented and forwarded to its destination where it will be re-assembled. The fragmentation and re-assembly will introduce overhead and defiantly over all performance will be degraded. In IP header following fields are important to detect fragmentation and to re-assemble the packets.
- Identification:- Is unique for all segments if packet is fragmented at all
- Flags – 3 bits . Bit 0 always 0, bit 1 -DF (Fermentation allowed or not 0 and 1 respectively), Bit 2-MF (More fragments expected or Last , 1 and 0 respectively)
- Fragments Offset :- Determine where data will start after removal of IP header in 1st and subsequent segments once packet is re-assembled.
With below Continue reading
IPv6 Transition Mechanisms | Dual-Stack -Tunnelling – Translation
IPv6 Transition Mechanisms The only available public IP addresses are IPv6 addresses. But vast majority of the content is still working on IPv4. How IPv6 users can connect to the IPv4 world and How IPv4 users can reach to the IPv6 content ? This is accomplished with the IPv6 transition mechanisms. In this post, I […]
The post IPv6 Transition Mechanisms | Dual-Stack -Tunnelling – Translation appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
Survey on IXP Routing and Privacy
Marco Canini from UC Louvain is working on an IXP research project focused on bringing privacy guarantees into Internet routing context. They’re trying to understand the privacy considerations of network operators and have created a short survey to gather the initial data.
Researchers from UC Louvain have been involved in tons of really useful projects including BGP PIC, LFA, MP-TCP, Fibbing, Software-defined IXP and flow-based load balancing, so if you’re connected to an IXP, please take your time and fill in the survey.
Vault – Use cases
This blog is a continuation of my previous blog on Vault. In the first blog, I have covered overview of Vault. In this blog, I will cover some Vault use cases that I tried out. Pre-requisites: Install and start Vault I have used Vault 0.6 version for the examples here. Vault can be used either in development … Continue reading Vault – Use cases
Vault Overview
I have always loved Hashicorp’s Devops and cloud tools. I have used Vagrant, Consul, Terraform, Packer and Atlas before and I have written about few of them in my previous blogs. Vault is Hashicorp’s tool to manage secrets securely in a central location. Secret could be database credentials, AWS access keys, Consul api key, ssh … Continue reading Vault Overview
Cloudflare Certifies Under the New EU-U.S. Privacy Shield
Cloudflare has certified with the U.S. Department of Commerce for the new EU-U.S. Privacy Shield framework.
Beginning this summer, the U.S. Department of Commerce began accepting submissions to certify under the EU-U.S. Privacy Shield framework, a new mechanism by which European companies can transfer personal data to their counterparts in the United States. By certifying under Privacy Shield, Cloudflare is taking a strong and pro-active stance towards further protecting the security and privacy of our customers.
Since 1998, following the European Union’s implementation of EU Data Protection Directive 95/46/EC, companies in Europe wishing to transfer the personal data of Europeans overseas have had to ensure that the recipient of such data practices an adequate level of protection when handling this information. Until last October, American companies were able to certify under the U.S.-EU Safe Harbor Accord, which provided a legal means to accept European personal data, in exchange for assurances of privacy commitments and the enactment of specific internal controls.
However, after having been in effect for roughly fifteen years, in October 2015 the European Court of Justice overturned the Safe Harbor and declared that a new mechanism for transatlantic data transfers would need Continue reading
BGP Peering – Private, Public, Bilateral and Multilateral Peering
BGP Peering BGP Peering is an agreement between different Service Providers. It is an EBGP neighborship between different Service Providers to send BGP traffic between them without paying upstream Service Provider. To understand BGP peering, first we must understand how networks are connected to each other on the Internet. The Internet is a collection […]
The post BGP Peering – Private, Public, Bilateral and Multilateral Peering appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
How to wrangle meaning from Internet of Things data
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
The Internet of Things (IoT) promises to produce troves of valuable, fast moving, real-time data, offering insights that can change the way we engage with everyday objects and technologies, amplify our business acumen, and improve the efficiencies of the machines, large and small, wearable and walkable, that run our world.
But without careful, holistic forethought about how to manage a variety of data sources and types, businesses will not only miss out on critical insights, but fall behind the status quo. Here’s how to get prepared to wrangle and extract meaning from all of the data that’s headed your way:
To read this article in full or to leave a comment, please click here
We don’t need more InfoSec analysts: We need analysts to train AI infrastructures to detect attacks
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Everyone says there is an information security talent gap. In fact, some sources say the demand for security professionals exceeds the supply by a million jobs. Their argument is basically this: attacks are not being detected quickly or often enough, and the tools are generating more alerts than can be investigated, so we need more people to investigate those alarms.
Makes sense, right?
Wrong.
We believe that, even if companies aroaund the world miraculously hired a million qualified InfoSec professionals tomorrow there would be no change in detection effectiveness and we would still have a “talent gap.” The problem isn’t a people issue so much as it is an InfoSec infrastructure issue.
To read this article in full or to leave a comment, please click here
Traffic Control: Live Demo
CC BY 2.0 image by Brian Hefele
Cloudflare helps customers control their own traffic at the edge. One of two products that we introduced to empower customers to do so is Cloudflare Traffic Control.
Traffic Control allows a customer to rate limit, shape or block traffic based on the rate of requests per client IP address, cookie, authentication token, or other attributes of the request. Traffic can be controlled on a per-URI (with wildcards for greater flexibility) basis giving pinpoint control over a website, application, or API.
Cloudflare has been dogfooding Traffic Control to add more granular controls against Layer 7 DOS and brute-force attacks. For example, we've experienced attacks on cloudflare.com from more than 4,000 IP addresses sending 600,000+ requests in 5 minutes to the same URL but with random parameters. These types of attacks send large volumes of HTTP requests intended to bring down our site or to crack login passwords.
Traffic Control protects websites and APIs from similar types of bad traffic. By leveraging our massive network, we are able to process and enforce rate limiting near the client, shielding the customer's application from unnecessary load.
To make this more concrete, let's look at a Continue reading
Worth Reading: What is segment routing?
The post Worth Reading: What is segment routing? appeared first on 'net work.