Label Switched Multicast – Packet Walk

This post is going to follow a multicast packet as it moves through a sample MPLS network using Label Switched Multicast (LSM). I’ll show how the packet moves through the network by looking at the forwarding tables on different routers and also by doing some packet captures.

This post is part of a series I’m writing on LSM and if you’re not already familiar with LSM, I recommend you go back and read the previous posts.

After reading this post you will be able to precisely describe how LSM forwarding works in the data plane and will be able to do some basic troubleshooting.

Let’s get into the lab!

The Topology

I’m using the same sample network as the previous posts with three CEs all in the same VRF, three PEs and just a single P router. Each of the CEs and PEs is multicast enabled.

The scenario I’m going to be running here is CE1 sending an ICMP echo to the group 239.23.23.23. The receivers in this group are CE2 and CE3.

Between CE1 and PE1

I’m going to just gloss over the traffic exchanged between CE1 and PE1 since nothing changes here Continue reading

Cisco’s new campaign: ‘There’s never been a better time’ to be digital

Over the past 30-plus years, Cisco has almost single-handedly carried the flag for network-centric innovation. Its many brand campaigns along the way have told us that Cisco can “Empower the Internet Generation” and connect the “Human Network” and that “Tomorrow Starts Here.” Each of those branding initiatives was tied to a different era in networking. For example, “Tomorrow Starts Here” was targeted at the Internet of Things (IoT). Now that IoT is well underway, Cisco is changing its brand to be more reflective of the next wave in business: the “digital” era. This morning, Cisco’s Chief Marketing Officer, Karen Walker, outlined the thoughts behind Cisco’s new brand campaign of “There’s Never Been A Better Time.” Cisco’s tagline is supported by a number of use cases that explain what it is that there’s never been a better time to do. Below are a couple of examples that illustrate how “there’s never been a better time to make cities smarter” or “… to save the rhinos.” Along with the headline, Cisco provides stories and data points, quantifying the value of digitization.To read this article in full or to leave a comment, please click here

Cisco’s new campaign: ‘There’s never been a better time’ to be digital

Over the past 30-plus years, Cisco has almost single-handedly carried the flag for network-centric innovation. Its many brand campaigns along the way have told us that Cisco can “Empower the Internet Generation” and connect the “Human Network” and that “Tomorrow Starts Here.” Each of those branding initiatives was tied to a different era in networking. For example, “Tomorrow Starts Here” was targeted at the Internet of Things (IoT). Now that IoT is well underway, Cisco is changing its brand to be more reflective of the next wave in business: the “digital” era. This morning, Cisco’s Chief Marketing Officer, Karen Walker, outlined the thoughts behind Cisco’s new brand campaign of “There’s Never Been A Better Time.” Cisco’s tagline is supported by a number of use cases that explain what it is that there’s never been a better time to do. Below are a couple of examples that illustrate how “there’s never been a better time to make cities smarter” or “… to save the rhinos.” Along with the headline, Cisco provides stories and data points, quantifying the value of digitization.To read this article in full or to leave a comment, please click here

Geek-Themed Meme: Password shenanigans

Truth be told, I am not a model citizen when it comes to password management, so the sentiment behind this latest installment of “Geek-themed Meme of the Week” resonated with me. And the discussion on Reddit that followed was interesting, too. Reddit [DON'T MISS: Geek-Themed Meme of the Week Archive]To read this article in full or to leave a comment, please click here

Geek-Themed Meme: Password shenanigans

Truth be told, I am not a model citizen when it comes to password management, so the sentiment behind this latest installment of “Geek-themed Meme of the Week” resonated with me. And the discussion on Reddit that followed was interesting, too. Reddit A suggestion from the comments:To read this article in full or to leave a comment, please click here

U.S. uncovers $20M H-1B fraud scheme

The U.S. government has indicted a Virginia couple for running an H-1B visa-for-sale scheme the government said generated about $20 million.Raju Kosuri and Smriti Jharia of Ashburn, Va., along with four co-conspirators, were indicted last week by a federal grand jury in Alexandria, Va., according to the Department of Justice (DOJ).The scheme involved, in part, setting up a network of shell companies and the filing of H-1B visas applications for non-existent job vacancies.Workers were required to pay their own visa processing fees and were treated as hourly contractors, the DOJ alleged. Treating H-1B workers as hourly contractors is in violation of the program rules, the government said.To read this article in full or to leave a comment, please click here

Why your iPhone-unlocking fingerprint is susceptible to FBI search warrants

Should you be able to plead the Fifth when a judge forces you to use your fingerprints to unlock an iPhone?That’s the latest ongoing debate in a Los Angeles courtroom after a judge compelled a woman in custody to use Touch ID to unlock an iPhone. Legal experts are arguing that this goes against the Fifth Amendment’s protection against self-incrimination because the authorities would then have access to potentially-incriminating personal data stored on the device.+ MORE IPHONE: Best Apple iPhone 7 design concepts of 2016  +To read this article in full or to leave a comment, please click here

Why your iPhone-unlocking fingerprint is susceptible to FBI search warrants

Should you be able to plead the Fifth when a judge forces you to use your fingerprints to unlock an iPhone?That’s the latest ongoing debate in a Los Angeles courtroom after a judge compelled a woman in custody to use Touch ID to unlock an iPhone. Legal experts are arguing that this goes against the Fifth Amendment’s protection against self-incrimination because the authorities would then have access to potentially-incriminating personal data stored on the device.+ MORE IPHONE: Best Apple iPhone 7 design concepts of 2016  +To read this article in full or to leave a comment, please click here

Intel’s Atom architecture to live on despite smartphone chip cancellations

Intel's Atom processor architecture will live on despite the recent cancellation of next-generation smartphone chips.The chip maker will continue the development and use of the processor architecture, which stresses power efficiency, though the chips may not necessarily carry the Atom label. Last week Intel canceled upcoming Atom smartphone chips code-named Broxton and Sofia.The next-generation Atom architecture, code-named Goldmont, will first appear in future Pentium and Celeron processors, code-named Apollo Lake, an Intel spokeswoman said. Current top-line Atom chips are based on an architecture named Airmont.To read this article in full or to leave a comment, please click here

Why Windows 10 wants your feedback and diagnostics, and how to control them

We now know the tradeoff for free Windows 10: Microsoft wants data about what you do with your device. But you don't have to send everything you do back to Redmond.You can control the data you send back, and how often, by delving into Windows 10's privacy settings (we've taken you here before) and looking specifically at Feedback frequency and Diagnostic and usage data. The former is typically just an automated survey, but the diagnostic component actually peers into your machine.INSIDER Review: Enterprise guide to Windows 10 These features comprised the Customer Experience Improvement Program, or CEIP, in previous versions of Windows—and they were voluntary. In Windows 10 they've become mandatory, but you can control some aspects.To read this article in full or to leave a comment, please click here

Why you need DRM for your documents

If you pay $1.99 to download an ebook for your Kindle, it’s protected by DRM that stops you sharing the contents, and if Amazon wants to, it can revoke the document so you can’t read it any more. Is your company’s current price list protected nearly as well?With information rights management (often known as enterprise DRM, short for digital rights management), you could make sure that price list was only shared with your customers, blocking them from sending it on to your competitors and automatically blocking it at the end of the quarter when you come out with new prices. Or you could share specifications with several vendors in your supply chain during a bidding process and then block everyone but the winning vendor from opening the document after the contract is finalized. You can make sure that contractors aren’t working from out of date plans by making the old plan expire when there’s an update. Tracking and visibility is useful for compliance as well as security; you could track how many people had opened the latest version of the employee handbook, or see that a document you’d shared with a small team was being actually read by Continue reading

Why you need DRM for your documents

If you pay $1.99 to download an ebook for your Kindle, it’s protected by DRM that stops you sharing the contents, and if Amazon wants to, it can revoke the document so you can’t read it any more. Is your company’s current price list protected nearly as well?With information rights management (often known as enterprise DRM, short for digital rights management), you could make sure that price list was only shared with your customers, blocking them from sending it on to your competitors and automatically blocking it at the end of the quarter when you come out with new prices. Or you could share specifications with several vendors in your supply chain during a bidding process and then block everyone but the winning vendor from opening the document after the contract is finalized. You can make sure that contractors aren’t working from out of date plans by making the old plan expire when there’s an update. Tracking and visibility is useful for compliance as well as security; you could track how many people had opened the latest version of the employee handbook, or see that a document you’d shared with a small team was being actually read by Continue reading

That printer in the corner is still a threat

They sit off in the corner, some of them collecting dust. Yet, a printer is a legitimate attack surface. Many companies don’t bother to update the firmware on older models, or don’t include every model in a security audit (such as the one in the CEO’s office everyone forgot about), or the organization assumes a hacker won’t bother with an Epson or HP that is barely even connected to Wi-Fi.Interestingly enough, because a printer is so innocuous and seemingly harmless, that’s the exact reason it poses a threat, according to the security analysts who talked to CSO about this issue. Sometimes, the best attack vector for an attacker is the one no one bothers to think about. However, a recent IDC survey found that 35 percent of all security breaches in offices were traced back to an unsecured printer or multi-function device, costing companies $133,800 each year.To read this article in full or to leave a comment, please click here

That printer in the corner is still a threat

They sit off in the corner, some of them collecting dust. Yet, a printer is a legitimate attack surface. Many companies don’t bother to update the firmware on older models, or don’t include every model in a security audit (such as the one in the CEO’s office everyone forgot about), or the organization assumes a hacker won’t bother with an Epson or HP that is barely even connected to Wi-Fi.Interestingly enough, because a printer is so innocuous and seemingly harmless, that’s the exact reason it poses a threat, according to the security analysts who talked to CSO about this issue. Sometimes, the best attack vector for an attacker is the one no one bothers to think about. However, a recent IDC survey found that 35 percent of all security breaches in offices were traced back to an unsecured printer or multi-function device, costing companies $133,800 each year.To read this article in full or to leave a comment, please click here

Introducing CloudFlare Origin CA

Free and performant encryption to the origin for CloudFlare customers

In the fall of 2014 CloudFlare launched Universal SSL and doubled the number of sites on the Internet accessible via HTTPS. In just a few days we issued certificates protecting millions of our customers’ domains and became the easiest way to secure your website with SSL/TLS.

At the time, we "strongly recommend[ed] that site owners install a certificate on their web servers so we can encrypt traffic to the origin." This recommendation was followed by a blog post describing two readily-available options for doing so—creating a self-signed certificate and purchasing a publicly trusted certificate—and a third, still-in-beta option: using our private CA. Even though out-of-pocket costs of acquiring public CA certificates have since fallen to $0 since that post, we have continued to receive requests from our customers for an even easier (and more performant) option.

Operating a public certificate authority is difficult because you don't directly control either endpoint of the HTTPS connection (browser or web server). As a result, public CAs are limited both in their ability to issue certificates optimized for inter-server communication, as well as in their ability to revoke certificates if they are compromised. Continue reading

Cloud Orchestration: 8 Benefits

The IoT company behind the curtain

Greenwave Systems is sort of the BASF of Internet of Things: It doesn’t make the IoT products you buy, it makes them better. Greenwave (one of Network World’s recently named IoT Companies to Watch) provides software and services that help consumer-facing companies like Verizon deliver IoT features to their customers. IDG US Media Chief Content Officer John Gallant talked recently to Greenwave’s Chief Scientist, Jim Hunter, about how the company is empowering IoT applications and how new voice and social-media-driven capabilities will change the market. Hunter also explored the evolving IoT market and offered a candid assessment of how data ownership and security issues could hamper the IoT revolution.To read this article in full or to leave a comment, please click here

Response: Are Open-Source Controllers Ready for Carrier-Grade Services?

My beloved source of meaningless marketing messages led me to a blog post with a catchy headline: are open-source SDN controllers ready for carrier-grade services?

It turned out the whole thing was a simple marketing gig for Ixia testers, but supposedly “the response of the attendees of an SDN event was overwhelming”, which worries me… or makes me happy, because it’s easy to see plenty of fix-and-redesign work in the future.

Hot products at Interop 2016

Interop 2016The 30th version running this week in Las Vegas features a trade show with more than 160 vendors displaying their wares and where its interoperability mission ventures far outside the show’s signature InteropNet Demo Lab. This year it is focused on promoting interoperability among Internet of Things devices, a category of gear unheard of that first year. (See Network World's preview story of the show.)To read this article in full or to leave a comment, please click here

Hot products at Interop 2016

Interop 2016The 30th version running this week in Las Vegas features a trade show with more than 160 vendors displaying their wares and where its interoperability mission ventures far outside the show’s signature InteropNet Demo Lab. This year it is focused on promoting interoperability among Internet of Things devices, a category of gear unheard of that first year. (See Network World's preview story of the show.)To read this article in full or to leave a comment, please click here