Archive

Category Archives for "Networking"

New technology watch ‘net

A few thoughts on new technology from around the web over the last week. Is data center software defined networks crossing the chasm? According to the Next Platform, for instance, it is —

And the answer is that it is in Gartner’s slope of enlightenment, that it is crossing Moore’s chasm, and that it is in a period where market share is being set month by month. If you follow the assumptions made in the above analysis, then 2015 will represent at most 1 percent to 3 percent of the total revenue that will occur in the datacenter SDN market over the next five years. It is an exciting time to be in datacenter networking.

This still leaves me with a question, however — what does a “software defined network” really mean? From one perspective, I’ve been working on software defined networks since the mid-1990’s. It is the software based centralized and distributed control planes that have defined the network ever since then; the last hardware defined network I worked on was based on inverse multiplexers and physical interconnects to direct and manage traffic. So what do we mean when we say “software defined network” today? It seems the biggest Continue reading

How the NSA uses behavior analytics to detect threats

The National Security Agency has significantly enhanced its capabilities for detecting cyber-threats in the two-plus years since former NSA contractor Edward Snowden pilfered and disclosed classified information. The multi-layered capabilities, which include user behavior analytics, now protect a private cloud that provides storage, computing and operational analytics to the intelligence community, CIO Greg Smithberger tells CIO.com. Greg Smithberger, CIO of the National Security Agency.To read this article in full or to leave a comment, please click here

Attackers are building big data warehouses of stolen credentials and PII

According to McAfee Labs, attackers are linking stolen personally identifiable information (PII) sets together in Big Data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen PII and usernames and passwords, according to McAfee Labs.A new type of criminal is combining warehousing and selling stolen data including access credentials and PII that are targeted to specific markets, industries, companies, and purposes, according to the McAfee Labs 2016 Threat Predictions and McAfee Labs’ Director of Threat Intelligence, Christian Beek. McAfee has seen the hacker underground and dark markets moving in this direction over the past seven months, Beek asserts.To read this article in full or to leave a comment, please click here

Top security stories of 2015

More data breachesImage by Flickr: Chris MarquardtHacking Team, Comcast, Ashley Madison… the list goes on of companies who became just another notch in the belt of cybercriminals. Like in years past, data breaches were top of the list for our year in review story. Here are some stories that made headlines in 2015.To read this article in full or to leave a comment, please click here

CIO seeks ‘disruptive opportunities’

For nearly 150 years, Schindler Group has been moving people. The Lucerne, Switzerland-based company makes, supplies and services elevators, escalators and moving walkways. As it moves toward the future, Schindler is deploying smart equipment capable of sharing information with back-end systems and, among other things, sending alerts about maintenance needs to service personnel.To read this article in full or to leave a comment, please click here(Insider Story)

Akamai: DDoS attacks up thanks to criminal misuse of stress-test services

Criminals are tapping Web-based services that are advertised as tools to stress test customers’ networks but in actuality they are using them to launch DDoS attacks against victims, according to Akamai.The paid sites can make DDoS attacks a viable option for actors looking to shut down targeted servers, the company says in its “State of the Internet/Security Q3 2015” report. “Many of the sites are simply DDoS-for-hire tools in disguise, relying on the use of reflection attacks to generate their traffic,” the report says.+More on Network World: DARPA scheme would let high-tech systems “see” as never before+To read this article in full or to leave a comment, please click here

HSRP – VRRP – GLBP

HSRP, VRRP and GLBP are the three commonly used first hop redundancy protocols in local area networks and the data center.

In this post, I will briefly describe them and highlight the major differences. I will ask you a design question so we will discuss in the comment section below.

hsrp vrrp glbp

source: Orhan Ergun CCDE Study Guide – Workbook

HSRP and GLBP are the Cisco specific protocols but VRRP is an IETF standard. So if the business requirement states that more than one vendor will be used , then VRRP is the best choice to avoid any vendor interoperability issue.

For the default gateway functionality HSRP and VRRP uses one virtual IP corresponds one Virtual Mac address.

GLBP operates in a different way. Clients still use one virtual IP address but more than one virtual mac address is used. So each default gateway switch has its own virtual Mac address but same virtual IP address.

To illustrate this, lets look at the below picture.

 

hsrp virtual mac

source: Orhan Ergun CCDE Study Guide – Workbook

In the above picture, clients use same gateway mac address since the first hop redundancy protocol is HSRP.

If GLBP was in used, on the PC we would see different gateway Continue reading

Should We Use OpenFlow for Load Balancing?

Yesterday I described the theoretical limitations of using OpenFlow for load balancing purposes. Today let’s focus on the practical part and answer another question:

I wrote about the same topic years ago here and here. I know it’s hard to dig through old blog posts, so I collected them in a book.

Read more ...

Legislation requiring tech industry to report terrorist activity may be revived

Legislation requiring tech companies to report on terrorist activity on their platforms is likely to be revived in the U.S., following concerns about the widespread use of Internet communications by terrorists.A proposed rule that would require companies to report vaguely defined "terrorist activity" on their platforms had been included as section 603 in the Intelligence Authorization Act for Fiscal Year 2016.But Senator Ron Wyden, a Democrat from Oregon, removed a hold on the bill only after the controversial provision was deleted from it.To read this article in full or to leave a comment, please click here

Former Secret Service agent sentenced for corruption in Silk Road investigation

A former Secret Service agent was sentenced Monday to 71 months in prison for stealing bitcoins from vendors on the Silk Road, the now-shuttered underground marketplace he was investigating. Shaun W. Bridges, 33, of Laurel, Maryland, must also forfeit US$650,000, the U.S. Justice Department said.Bridges pleaded guilty on Oct. 31 in the U.S. District Court for the Northern District of California to money laundering and obstruction of justice.He was one of two federal investigators charged with crimes committed during the probe of the Silk Road, which was shut down in October 2013.To read this article in full or to leave a comment, please click here

Iran-based hackers may be tracking dissidents and activists, Symantec says

Hackers based in Iran have been using malware to spy on individuals, including potentially dissidents and activists in the country, according to new research from Symantec.The attacks aren't particularly sophisticated, but the hackers have had access to their targets' computers for more than a year, Symantec said, which means they may have gained access to "an enormous amount of sensitive information."Two groups of hackers, named Cadelle and Chafer, distributed malware that steals information from PCs and servers, including from airlines and telcos in the region, Symantec said.To read this article in full or to leave a comment, please click here

Broadcom BroadView Instrumentation

The diagram above, from the BroadView™ 2.0 Instrumentation Ecosystem presentation, illustrates how instrumentation built into the network Data Plane (the Broadcom Trident/Tomahawk ASICs used in most data center switches) provides visibility to Software Defined Networking (SDN) controllers so that they can optimize network performance.
The sFlow measurement standard provides open, scaleable, multi-vendor, streaming telemetry that supports SDN applications. Broadcom has been augmenting the rich set of counter and flow measurements in the base sFlow standard with additional metrics. For example, Broadcom ASIC table utilization metrics, DevOps, and SDN describes metrics that were added to track ASIC table resource consumption.

The highlighted Buffer congestion state / statistics capability in the slide refers to the BroadView Buffer Statistics Tracking (BST) instrumentation. The Memory Management Unit (MMU) is on-chip logic that manages how the on-chip packet buffers are organized.  BST is a feature that enables tracking the usage of these buffers. It includes snapshot views of peak utilization of the on-chip buffer memory across queues, ports, priority group, service pools and the entire chip.
The above chart from the Broadcom technical brief, Building an Open Source Data Center Monitoring Tool Using Broadcom BroadView™ Instrumentation Software, shows buffer utilization trended over an Continue reading

Measuring DNS Performance with Open Recursive Name Servers

dns-provider-pairwise-grid-anonymized-large

Dyn prides itself on being fast, but how do we measure ourselves? How do we compare to everyone else? With all the vagaries of DNS measurement due to caching effects, congestion, and routing irregularity, is it even possible to devise a useful, believable metric, one that anyone could validate for themselves? Dyn Research decided to tackle this challenge and this blog explains our approach. We encourage our readers to suggest improvement and try this methodology out for themselves.

Over the years Dyn has built a high-performing authoritative DNS network using strategic placement of sites and carefully engineered anycast to provide low-latency performance to recursive name servers all over the world. We use our Internet performance monitoring network of over 200 global “vantage points” to monitor DNS performance and our comprehensive view of Internet routing from over 700 BGP peering sessions to make necessary routing adjustments. This synthetic DNS monitoring and routing analysis are important tools to understand performance. But since the ultimate goal is delivering a good user experience, it’s important to measure performance from the user’s perspective. (We have written about the importance of user-centric DNS performance testing in the past.)

User perception of DNS performance depends on Continue reading

1 2,900 2,901 2,902 2,903 2,904 3,484