Archive

Category Archives for "Networking"

Segment routing key points

Segment Routing  (SR) leverages the source paradigm. A node. steers a packet through an ordered list of instructions, called ‘ segment.State is kept in the packet header, not on the router, with Segment Routing.

Resources such as the CPU and Memory are saved.

If you have 100 Edge Routers in your network and if you enable MPLS Traffic Edge to Edge, you would have 100×99/2 = 4950 LSP states on your Midpoint LSR. This is prevalent in many MPLS TE enabled network.

If you enable Segment Routing and if you evaluate the same midpoint case (since you assign a Prefix/Node SID for every Edge router), Midpoint LSR would have 110 entries instead of 4500 entries.

As for the scalability, everything is perfect. However, there is a caveat.

Segment list can easily get big if you use explicit routing for the purpose of OAM. If you do that, you may end up with 7-8 segments. In that case, it is pertinent that you check the hardware support.

Cisco claims that they have performed the tests on a number of service provider networks and that their findings show that two or three segments would be enough for the most explicit Continue reading

Obama wants help from tech firms to fight terrorism

U.S. President Barack Obama is seeking the help of tech companies to combat terror threats, which he described as entering a new phase. Obama's remarks could put into sharp focus again the demand by law enforcement agencies for tech companies to provide ways for the government to be able to access encrypted communications. In an address late Sunday from the Oval Office, Obama said he "would urge hi-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice."To read this article in full or to leave a comment, please click here

Report: Over 80% mobile apps have crypto flaws, 4 of 5 web apps fail OWASP security

Veracode released a new report, State of Software Security: Focus on Application Development, which is a supplement to the original 2015 State of Software Security (SOSS) report that was released in June. The company’s fall 2015 SOSS edition looks at security flaws of apps written in mobile app development languages, compiled languages and traditional web app development languages.To read this article in full or to leave a comment, please click here

Internet Redundancy with ASA SLA and IPSec

I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats over to a secondary service provider in the event of a failure. I was recently challenged with how this interacted with IPSec. As a result I built out this configuration and performed some fairly extensive testing.

It is worth noting that this is not a substitute for a properly multi-homed Internet connection that utilizes BGP. It is, however, a method for overcoming the challenges often found in the SMB environments where connections are mostly outbound or can alternatively be handled without completely depending on either of the service provider owned address spaces.

In this article, we will start out with a typical ASA redundant Internet connection using IP SLA. Then we will overlay a IPSec Site to Site configuration and test the failover process.

ASA_IPSec_Redundant

The base configuration for this lab is as follows. Continue reading

What is Internet Goverance and Why Does it Matter?

Last month, CloudFlare participated the tenth annual Internet Governance Forum (IGF) in Joao Pessoa, Brazil. Since it was launched at the United Nations’ World Summit on the Information Society (WSIS) in 2005, the IGF has provided valuable opportunities for thousands of representatives of non-profit groups, businesses, governments, and others to debate decisions that will affect the future of the Internet. While the Forum does not negotiate any treaties or other agreements, what participants learn there can influence corporate strategies, standards proposals, and national government policies. Even more importantly, discussions in the hallways (or in the bar or on the beach) can lead to new projects, new thinking, and new collaborations.

The range of issues and the diversity of speakers on panels and at the podium was even greater this year than at previous IGFs. Issues ranged from the need for strong encryption to whether net neutrality regulations are needed—from countering the abuse of women online to how to foster deployment of IPv6 and Internet Exchange Points. You can watch all 167 IGF sessions, which were webcast and archived. I represent CloudFlare as a member of the Multistakeholder Advisory Group (MAG), which organizes the IGF program. Together with the other MAG Continue reading

The FTC’s next chief technologist is on a quest for better passwords

Privacy issues will likely stay at the forefront of the FTC's focus next year thanks to the commission's appointment of Lorrie Cranor as its new chief technologist.Cranor, who is currently a professor of computer science and engineering and public policy at Carnegie Mellon University, directs the CyLab Usable Privacy and Security Laboratory. She will succeed Ashkan Soltani, the privacy expert who assumed the role in November 2014, the U.S. Federal Trade Commission announced on Thursday.Cranor will join the FTC in January.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sensors designed to detect overloaded cables, prevent fires

Flickering lights, tripping breakers, and discolored outlets are among the ways one can guess that wiring is overloaded. Add visual access, and you can tell if the sheathing may appear discolored.But some of us who've been around electricity for a while have also developed an acute sense of smell for wiring trouble. There's a distinctive acrid odor that can be caused by melting components on a PCB, the plastic around a part, or the polyvinyl chloride (PVC) covering on the wire emitting vapor.That odor on its own, even without visible smoke, is a heads-up to troubleshoot the wiring.Nasal range? There are, however, flaws in the sniffing method of overloading detection. What happens if the overloading occurs in an overhead crawl space, for example? Or at a remote, non-staffed installation?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sensors designed to detect overloaded cables, prevent fires

Flickering lights, tripping breakers, and discolored outlets are among the ways one can guess that wiring is overloaded. Add visual access, and you can tell if the sheathing may appear discolored.But some of us who've been around electricity for a while have also developed an acute sense of smell for wiring trouble. There's a distinctive acrid odor that can be caused by melting components on a PCB, the plastic around a part, or the polyvinyl chloride (PVC) covering on the wire emitting vapor.That odor on its own, even without visible smoke, is a heads-up to troubleshoot the wiring.Nasal range? There are, however, flaws in the sniffing method of overloading detection. What happens if the overloading occurs in an overhead crawl space, for example? Or at a remote, non-staffed installation?To read this article in full or to leave a comment, please click here

Russian spy group adopts new tools to hack defense contractor networks

A Russian cyberespionage group known as Pawn Storm has adopted new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.Pawn Storm, also known as Sofacy, after its primary malware tool, has been active since at least 2007 and has targeted governmental, security and military organizations from NATO member countries, as well as media organizations, Ukrainian political activists and Kremlin critics.Since August, the group has been engaged in an ongoing attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.To read this article in full or to leave a comment, please click here

PlexxiPulse—Networking in Boston

Our CEO, Rich Napolitano, has been hitting the road to share the Plexxi message! Just before Thanksgiving, he sat down with Paul Gillin and Dave Vellante of SiliconANGLE to discuss our most recent product launch and modernizing network infrastructure. Take a look at the video below!

Earlier this week, Rich participated in the Enterprise Tech Strikes Back event in Boston hosted by Xconomy. Rich was a member of the “Building the Next Great Infrastructure Company” panel with Andy Ory of 128 Technology, Ellen Rubin of ClearSky Data and moderator Jody Rose of the New England Venture Capital Association. The group discussed networking, storage and cloud, and what it will take to create Boston’s next big enterprise IT infrastructure company. We enjoyed meeting and networking with likeminded startups that are taking on the challenges associated with the Third Era of IT. It is always fun to have a group of brilliant minds in one room!

Captureticnplexxi1(Photo credit: Bob Brown, Network World)

Below please find a few of our top picks for our favorite news articles of the week. Enjoy.

BetaNews.com: Is your network ready for IoT devices?
By Manish Sablok
The stats are here: investment bank Goldman Sachs cites Continue reading

One Million Views

It’s hard to believe that my blog has just surpassed 1000000 views! I started this blog out just on the side to go over things I was learning. I’ve learned a lot in the process, and managed to bag myself two CCIEs, a JNCIE-SP, a job at Google, and the opportunity to write a book … Continue reading One Million Views

Widespread exploit kit, password stealer and ransomware program mixed into dangerous cocktail

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.To read this article in full or to leave a comment, please click here

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

1 2,874 2,875 2,876 2,877 2,878 3,456