Let’s Focus on Realistic Design Scenarios

An engineer working for a large system integrator sent me this question:

Since you are running a detailed series on leaf-and-spine fabrics these days, could you please suggest if following design scenarios of Facebook and Linkedin Data centers are also covered?

Short answer: No.

Google aims to block Flash by default for Chrome users, except for 10 white-listed sites

Google aims to make HTML5 the primary experience in Chrome by the fourth quarter of this year, except for a white-list of 10 sites that will run Adobe’s Flash Player.Under the plan revealed by Google, called “HTML5 by Default,” the Chrome browser will continue to ship with Adobe’s Flash Player, but its presence will not be advertised by default.If a website offers HTML5, that will be the default experience. For those sites that need Flash, a prompt will show up at the top of the page when the user first visits the site.The prompt will give users the option of running or declining to run Flash on the site. “If the user accepts, Chrome will advertise the presence of Flash Player and refresh the page,” Google said. On subsequent visits to the domain, the user's initial choice is likely to hold good, though Google is still working on the options for future prompts.To read this article in full or to leave a comment, please click here

Google aims to block Flash by default for Chrome users, except for 10 white-listed sites

Google aims to make HTML5 the primary experience in Chrome by the fourth quarter of this year, except for a white-list of 10 sites that will run Adobe’s Flash Player.Under the plan revealed by Google, called “HTML5 by Default,” the Chrome browser will continue to ship with Adobe’s Flash Player, but its presence will not be advertised by default.If a website offers HTML5, that will be the default experience. For those sites that need Flash, a prompt will show up at the top of the page when the user first visits the site.The prompt will give users the option of running or declining to run Flash on the site. “If the user accepts, Chrome will advertise the presence of Flash Player and refresh the page,” Google said. On subsequent visits to the domain, the user's initial choice is likely to hold good, though Google is still working on the options for future prompts.To read this article in full or to leave a comment, please click here

iPhone 7 Rumor Rollup: Smart Connector no-show; what the latest leaked images suggest

Perhaps we should have taken a week off from the iPhone 7 Rumor Rollup and given Google its chance to shine during the week of its Google I/O conference in Mountain View, where the latest Android this and that will be touted. But the Apple rumor mill does not rest, so neither will we.Connector rejector? The iPhone 7 rumor mill for months has been buzzing with talk of Apple ditching the standard 3.5mm headset jack, but earlier this month the rumors reversed and everyone now thinks the jack will stay. The other sure thing was that Apple would be adding a smart connector, like it has on its iPad Pro for communicating with keyboard accessories, to the iPhone 7. But now that rumor is getting squelched as well.To read this article in full or to leave a comment, please click here

Apple named world’s most valuable brand

Share of Apple may be taking a beating right now, but don't let the negative sentiment surrounding Apple fool you: the company is still incredibly profitable having delivered $50 billion in revenue and $10.5 billion in profits last quarter.Suffice it to say, the Apple brand is as strong as ever. Speaking to this fact, the latest Forbes rankings peg Apple as the most valuable brand on the planet, easily edging out Google, Amazon, Samsung and Facebook. According to Forbes' valuation, the Apple brand today is worth $154 billion, with Google and Microsoft worth $82.5 billion and $75.2 billion, respectively.To read this article in full or to leave a comment, please click here

Apple named world’s most valuable brand

FBI hid microphones for secret warrantless surveillance near California courthouses

What the – ! Well the FBI is back to the same old shady surveillance tricks, shady if you believe the Fourth Amendment still means something. The next time you are near a courthouse, heck even out on a sidewalk or waiting at a bus stop, you might want to pay a little more attention to any trees or rocks that are nearby. Look closely; see any microphones or cameras? Why stop there? The FBI certainly didn’t when it secretly planted microphones in public near courthouses to record conversations and cameras to conduct clandestine video surveillance. And apparently the FBI decided it didn’t need no stickin’ warrant.But hey, the FBI didn’t just bug bus stops, light boxes, hedges, backpacks and vehicles near Alameda County’s Rene C. Davidson Courthouse for 10 months between March 2010 and January 2011. According to Jeff Harp, a former FBI special agent and a security analyst for KPIX 5, a CBS affiliate for the San Francisco Bay Area:To read this article in full or to leave a comment, please click here

FBI hid microphones for secret warrantless surveillance near California courthouses

What the – ! Well the FBI is back to the same old shady surveillance tricks, shady if you believe the Fourth Amendment still means something. The next time you are near a courthouse, heck even out on a sidewalk or waiting at a bus stop, you might want to pay a little more attention to any trees or rocks that are nearby. Look closely; see any microphones or cameras? Why stop there? The FBI certainly didn’t when it secretly planted microphones in public near courthouses to record conversations and cameras to conduct clandestine video surveillance. And apparently the FBI decided it didn’t need no stickin’ warrant.But hey, the FBI didn’t just bug bus stops, light boxes, hedges, backpacks and vehicles near Alameda County’s Rene C. Davidson Courthouse for 10 months between March 2010 and January 2011. According to Jeff Harp, a former FBI special agent and a security analyst for KPIX 5, a CBS affiliate for the San Francisco Bay Area:To read this article in full or to leave a comment, please click here

GETVPN Example

A couple of weeks ago I had the good fortune of attending Jeremy Filliben’s CCDE Bootcamp.
It was a great experience, which I will elaborate on in another post. But one of the technology areas I had a bit of difficult with, was GETVPN.

So in this post a I am going to setup a scenario in which a customer has 3 sites, 2 “normal” sites and a Datacenter site. The customer wants to encrypt traffic from Site 1 to Site 2.

Currently the customer has a regular L3VPN service from a provider (which is beyond the scope of this post). There is full connectivity between the 3 sites through this service.

The topology is as follows:

GETVPN consists of a few components, namely the Key Server (KS) and Group Members (GM’s), which is where it derives its name: Group Encrypted Transport. A single SA (Security Association) is used for the encryption. The Key Server distributes the information to the Group Members through a secure transport, where the Group Members then use this information (basically an ACL) to encrypt/decrypt the data packets.

The routing for the topology is fairly simple. (See Routing Diagram) Each client as well as the KeyServer Continue reading

Cisco ASA packet capture showing bidirectional traffic flow

Recently I had to troubleshoot some communication issues via a Cisco ASA device and the packet capture on the IOS comes in handy for this task.

When you have a lot of traffic over ASA and you’re interested in a particular IP address, the basic packet capture lesson says that you should configure an access-list to limit the captured packets for the interesting traffic only.

Let’s assume that I have a particular interest for the traffic to and from the IP address 10.0.0.10.

I created a standard ACL to match only the traffic related to 10.0.0.10:

access-list TS standard permit host 10.0.0.10

Afterward I attached the created ACL to a packet capture on a particular interface (let’s call it “lan”).

capture TSHOOT access-list TS interface lan

You can find the above lines in almost any how-to regarding packet capture on Cisco ASA.

Checking the capture I noticed that traffic is unidirectional captured:

FW# show capture TSHOOT

4 packets captured

   1: 20:15:32.757010       802.1Q vlan#10 P0 192.168.0.10 > 10.0.0.10: icmp: echo request
   2: 20:15:33.759283       802.1Q vlan#10 P0 192.168.0.10 > 10. Continue reading

The Micro M3D, affordable 3D printing for the masses

Back in 2013 I read a paper titled Life-Cycle Economic Analysis of Distributed Manufacturing with Open-Source 3-D Printers. The study, which focused on the legendary RepRap 3D printer, was conducted by Joshua Pearce at Michigan Technological University and concluded: The results show that even making the extremely conservative assumption that [a] household would only use the printer to make the selected twenty products a year the avoided purchase cost savings would range from about $300 to $2000/year. Assuming the 25 hours of necessary printing for the selected products is evenly distributed throughout the year these savings provide a simple payback time for the RepRap in 4 months to 2 years and provide an ROI between>200% and >40%.To read this article in full or to leave a comment, please click here

SDxCentral Weekly News Roundup — May 13, 2016

ONUG creates four new open source initiatives.

MLAG – An Implementation for Everyone!

I typically don’t to get up on a soapbox and preach the awesomeness of Linux networking, but I think I’m going to make an exception for this one topic: MLAG.

Yes, MLAG, that wonderful non-standard Multi-chassis Link Aggregation protocol that enables layer 2 multipathing from the host to gain either additional bandwidth or link resiliency. Every vendor that supports MLAG does so by using their own custom rolled implementation of it, which means Vendor A’s version of MLAG cannot interoperate with Vendor B’s version of MLAG. So I can’t have one switch be an “X” box and another be a “Y” box and expect the two to be part of the same MLAG configuration with a Dell server.

That ends today (arguably I could have said, that ended January 2015 when Cumulus Networks shipped with MLAG support in Cumulus Linux 2.5, but I’ll get to that in a bit).  Several weeks ago I was with my colleagues Shrijeet Mukherjee and Tuyen Quoc giving a talk about how “Linux Networking Is Awesome” at the 2016 OCP Summit. During our standing room only talk, we explained how Linux networking has become the de-facto networking stack in the data center (and Continue reading

From PSKs to Blockchain: Ideas for Solving the IoT Security Dilemma

The problem is vast, but a few options are emerging.

How startups can attract and retain cloud talent

Microservices Network Architecture 101

A new god is rising in the world of application development – Microservices

The new god promises if not happiness in the next life, scalability, agility and fault tolerance in this life. At the heart of all this, is a simple, age-old axiom that is a key design goal of Unix: do one thing, and do it well. In the evolution of application architectures, single monolithic applications made way for client-server applications, which in turn made the way for microservices. The upending of the old world continues in data centers.

Communication is at the heart of this new religion (one popular theory of the etymology of the word religion is the word “religio” which means “to reconnect”). Every religion and every new technology introduces its own new vocabulary.

Microservices are no different!

In the domain of communications, the new lingo involves things such as MacVlan, IPVlan, Weave, Flannel and Swarm, to just name a few. What are they ? How are they connected ? Is IPVlan a new encapsulation format ? If it’s not a new encapsulation format, what is it ? If it is a new encapsulation format, how is it related to VxLAN ? Why were they invented ? Which one should I use ? What Continue reading

Worth Reading: Consumer Watchdog Took Millions From Google

An influential tech industry watchdog group that has received millions of dollars from Google has been silent on the internet giant’s recent fight to circumvent Federal Communications Commission restrictions on data collection. The Center for Democracy and Technology, a consumer watchdog group with outsized influence in Washington, took in $2.5 million from Google between 2010 and 2014, according to tax records. The donations amounted to more than double the amount contributed by any other company during the same period. -via Free Beacon

The post Worth Reading: Consumer Watchdog Took Millions From Google appeared first on 'net work.

Replacement Verizon worker charged with running over striker, hitting officer

Yesterday we noted the light sentence given a Westborough, Mass., man who entombed a Verizon worker in an underground utility shed in 2013. Today comes news that another Verizon worker picketing in that same small town was struck by a pickup truck operated by a replacement worker who police say was driving on a suspended Florida license … allegedly while intoxicated … at just past 8 o’clock Thursday morning.From an entry on the Westborough Police Department’s Facebook page:To read this article in full or to leave a comment, please click here

VMware NSX Fundamentals Live is Coming to a City Near You

Sometimes a webcast isn’t enough – that’s why when VMware brings an NSX seminar to your hometown, you say “yes.” VMware is kicking off the NSX Fundamentals Live U.S. tour, so register now to secure your spot in one of these seminars when it gets to your town.

VMware experts will start off with a business overview of NSX use cases and IT outcomes. Want to know about the future of the software-defined data center and what role network virtualization will play in helping you face new business challenges? Here’s your chance. Want to discover how to bring the operational model of a virtual machine to your data center network, so you can transform the economics of network and security operations? Again, now’s your chance.

Following this business overview, experts will walk you through an in-depth technical overview of NSX architecture and key components. After this session, you’ll fully understand how networking functions and services are implemented within the NSX platform, and how to analyze key workflows for configuring virtual network & security services.

Digital business transformation is creating new opportunities and risks for businesses across every industry. VMware NSX helps you overcome challenges, such as increased risk Continue reading

Securing BGP: A Case Study

What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve? This series of posts walks through a wide range of technical and business problems to create a solid set of requirements against which to measure proposed solutions for securing BGP in the global Internet, and then works through several proposed solutions to see how they stack up.

Post 1: An introduction to the problem space
Post 2: What can I prove in a routing system?
Post 3: What I can prove in a routing system?
Post 4: Centralized or decentralized?
Post 5: Centralized or decentralized?
Post 6: Business issues with centralization
Post 7: Technical issues with centralization
Post 8: A full requirements list
Post 9: BGPSEC (S-BGP) compared to the requirements
Post 10: RPKI compared to the requirements

I will continue updating this post as I work through the remaining segments of this series.

The post Securing BGP: A Case Study appeared first on 'net work.