Scaling up SDNs using TTPs (Table Type Patterns)

Software defined networking (SDN) solutions have been in the labs for a while, primarily to explore functionality and understand what possible benefit they could bring to current infrastructure and operations. Over the past couple years, SDN has emerged as a strong alternative for IT operations in the areas of WAN, data center and the overlay solutions. The primary benefit realized, besides open networking, is the ability to accelerate service deployments. SDN solutions using OpenFlow tackled complex problems including dynamic provisioning, interconnection and fault management. While the functionality of SDN evolved and matured, the scale of SDNs was still tied to ternary content-addressable memory (TCAM). OpenFlow by design was implemented in the TCAM.

A brief on Ternary Content Addressable Memory (TCAM) 

TCAMs are special memory devices that enable most of today’s intelligent networks. They enable match on a masked bit value rather than a binary match. This greatly enhances the usability of TCAM for network applications. There are many articles one can find on the Internet to get more details on TCAMs, but primarily they were responsible for the ideation of SDN. The possibilities in creating a policy-based forwarding model with a wild-card match introduced a multitude of network applications Continue reading

ISP Architechture – MPLS Overview, Design and Implementation for WISPs

Recently, I was fortunate enough to be invited by Brian Horn with WISPA.org to teach a session at WISP America 2016 in Lousiville, KY. We had the class on Tuesday, March 15th 2016 and the turnout and response were great.  Many different people have asked for the presentation, so I decided to go ahead and post it here. Hope this helps some of you who are trying to get into MPLS and although it does have a bit of a WISP focus, almost all of the concepts in the presentation apply to wireline networks as well.

About the presentation

Scope: This session was 30 minutes long with a Q&A afterwards, so the material is really a deep dive on MPLS. The goal was to introduce WISP engineers and owners to MPLS and how it improves the network as well as revenue.

When should I put MPLS in my WISP or Service Provider network?  The answer is ASAP! I was asked this question by a small WISP earlier in the week and he said i’m just too small to be thinking about MPLS. My response to him was simply – “Do you want to get MPLS in and working Continue reading

ISP Architechture – MPLS Overview, Design and Implementation for WISPs

Recently, I was fortunate enough to be invited by Brian Horn with WISPA.org to teach a session at WISP America 2016 in Lousiville, KY. We had the class on Tuesday, March 15th 2016 and the turnout and response were great.  Many different people have asked for the presentation, so I decided to go ahead and post it here. Hope this helps some of you who are trying to get into MPLS and although it does have a bit of a WISP focus, almost all of the concepts in the presentation apply to wireline networks as well.

About the presentation

Scope: This session was 30 minutes long with a Q&A afterwards, so the material is really a deep dive on MPLS. The goal was to introduce WISP engineers and owners to MPLS and how it improves the network as well as revenue.

When should I put MPLS in my WISP or Service Provider network?  The answer is ASAP! I was asked this question by a small WISP earlier in the week and he said i’m just too small to be thinking about MPLS. My response to him was simply – “Do you want to get MPLS in and working Continue reading

Safari, Chrome and Flash Player hacked during first day at Pwn2Own, some of them twice

Security researchers exploited previously unknown vulnerabilities in Apple Safari, Google Chrome and Flash Player to compromise the latest versions of OS X and Windows during the first day of the annual Pwn2Own hacking contest.On Wednesday, four teams and a researcher who competed on his own made six attempts to hack this year's targets: Safari running on OS X, Chrome running on Windows, Microsoft Edge running on Windows and Flash Player on Windows. Four attempts were successful, one was only partially successful and one failed.The 360Vulcan Team from Chinese Internet security company Qihoo 360 combined a remote code execution vulnerability in Flash Player with a vulnerability in the Windows kernel to gain system privileges. For this feat, they received a US$80,000 prize, $60,000 for the Flash Player exploit and a $20,000 bonus for the system-level escalation.To read this article in full or to leave a comment, please click here

Oak Island Pier

The post Oak Island Pier appeared first on 'net work.

With Open-O, China Tries Its Hand at Open Source

This could bring in a lot of Chinese developer talent.

Tim Cook to Time: ‘I feel like I’m in this bad dream’

Tim Cook gave a long interview to Time magazine about Apple’s fight with the FBI over its refusal to create “GovtOS,” a more crackable version of iOS to side-load onto the seized iPhone 5c used by San Bernardino shooter Syed Rizwan Farook. The edited version is here, and Time also published the full transcript.+ MORE: Apple cites iPhone, Mac security problems in rebuttal to FBI demands +To read this article in full or to leave a comment, please click here

NASA’s IG tells space agency to bolster space network security

The network NASA uses to deliver telemetry ground-based tracking, data and communications services to a wide range of current and future spacecraft needs a serious bump in security technology.That was the conclusion of the space agency’s Office of Inspector General which stated: “We found that NASA, [NASA’s Goddard Space Flight Center in Greenbelt, MD, which manages the network] failed to comply with fundamental elements of security risk management reflected in Federal and Agency policies. We believe that these deficiencies resulted from inadequate Agency oversight of the network and insufficient coordination between stakeholders. These deficiencies unnecessarily increase the network’s susceptibility to compromise.”To read this article in full or to leave a comment, please click here

NASA’s IG tells space agency to bolster space network security

The network NASA uses to deliver telemetry ground-based tracking, data and communications services to a wide range of current and future spacecraft needs a serious bump in security technology.That was the conclusion of the space agency’s Office of Inspector General which stated: “We found that NASA, [NASA’s Goddard Space Flight Center in Greenbelt, MD, which manages the network] failed to comply with fundamental elements of security risk management reflected in Federal and Agency policies. We believe that these deficiencies resulted from inadequate Agency oversight of the network and insufficient coordination between stakeholders. These deficiencies unnecessarily increase the network’s susceptibility to compromise.”To read this article in full or to leave a comment, please click here

So You Want To Start Your Own Business

Lots of people dream of starting their own business. If you want to make it a reality, be prepared to grapple with these hard facts.

The post So You Want To Start Your Own Business appeared first on Packet Pushers.

So You Want To Start Your Own Business

Lots of people dream of starting their own business. If you want to make it a reality, be prepared to grapple with these hard facts.

The post So You Want To Start Your Own Business appeared first on Packet Pushers.

Microsoft’s SONiC May Spell Disaster for Switch Makers, or Not

Analysts disagree on whether Arista should be worried.

Worth Reading: SSL, TLS, and difficult privacy

Securing encrypted Internet traffic transmissions, such as those between web browsers and web servers, is decidedly not simple. Despite the fact that well-established protocols, namely Secure Sockets Layer (SSL) and Transport Layer Security (TLS), have seen use for many years, they still have some complexities and security vulnerabilities. -via CFA

The post Worth Reading: SSL, TLS, and difficult privacy appeared first on 'net work.

Attack campaign uses keylogger to hijack key business email accounts

A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts.This type of attack is known as business email compromise (BEC) and involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations.Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers.Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employees were targeted with emails that contained a commercial keylogger program called Olympic Vision.To read this article in full or to leave a comment, please click here

Securing Access to and from your Jump Box and VDI with VMware NSX

Companies have struggled for years on how to allow third parties access to specific systems that they manage or support? These systems and access requirements range from HVAC and phones systems to full IT outsourcing or development.

The problem has always been twofold; one, how to provide secure access into the datacenter, and two, how do you secure the third party access to only the systems they require access to. Basically, how do you limit the hop to hop once they are inside your datacenter.

In the paper, I show you how leveraging VMware’s NSX and VMware Horizon products, you now have two different deployment modules that will allow you to control third party access and restrict that user’s inter-datacenter hopping abilities.

Here you will find the full paper: https://communities.vmware.com/docs/DOC-31415

Hadar

The post Securing Access to and from your Jump Box and VDI with VMware NSX appeared first on The Network Virtualization Blog.

How To Get The Boss To Pay For IT Education

VMware fixes XSS flaws in vRealize for Linux

VMware patched two cross-site scripting issues in several editions of its vRealize cloud software. These flaws could be exploited in stored XSS attacks and could result in the user's workstation being compromised.The input validation error exists in Linux versions of VMware vRealize Automation 6.x prior to 6.2.4 and vRealize Business Advanced and Enterprise 8.x prior to 8.2.5, VMware said in the advisory (VMSA-2016-0003). Linux users running affected versions should update to vRealize Automation 6.2.4 and vRealize Business Advanced and Enterprise 8.2.5 to address the problems. The issues do not affect vRealize Automation 7.x on Linux and 5.x on Windows, and vRealize Business 7.x and 6.x on Linux (vRealize Business Standard).To read this article in full or to leave a comment, please click here

Repsonse: Design in Tech Report 2016

I have been talking about the value of well designed interfaces in network monitoring tools for a few years because the current generation is badly designed. I'm wasting a lot of time getting through the pain barrier before the software becomes useful.

The post Repsonse: Design in Tech Report 2016 appeared first on EtherealMind.

Help Me Plan ipSpace.net Webinars

I had a sweet problem with ipSpace.net webinars for quite a while: there are way more ideas than available time. However, a few days ago I stumbled upon a great tip on Trello blog and immediately decided to use it.

Result: list of future ipSpace.net webinars as a Trello board.

More Cloud-Managed WiFi Choices For SMBs