Archive

Category Archives for "Networking"

Using POX components to create a software defined networking application

When network engineers are learning the concepts of software defined networking and SDN controllers, they may want to experiment with SDN network scenarios before learning to write programs to be used by the SDN controllers.

POX is a simple-to-use SDN controller that is bundled with the Mininet SDN network emulator and is used in education and research as a learning and prototyping tool. POX components are Python programs that implement networking functions and can be invoked when POX is started. POX comes with a few stock components ready to use.

POX-comp-204b

In this tutorial, we will use stock POX components to implement basic switching functionality with loop prevention in a software defined network, without writing any code. Then, we will explore how the SDN controller programs the OpenFlow-enabled switched in a network created using the Mininet network emulator.

Prerequisite knowledge required

This tutorial assumes you already have the the prerequisite knowledge defined in the list below. If you need to understand more about any of the topics listed below, the list provides links to resources that offer enough information to prepare you to work through this tutorial.

How Rapid Spanning Tree Protocol (RSTP) Handles Topology Changes

For this exploration I'm using Arista's Virtual Extensible Operating System (vEOS) version 4.15.0F running in GNS3(Which is pretty awesome).  The virtual switches have been configured in rapid-pvst mode.

Here is the topology:


EtherSwitches have been added only to capture traffic off monitoring sessions set up on Switch1 and Switch2 to look at in Wireshark.  The Ubuntu server can be ignored for the purposes of this blog entry.

Only VLAN 1 is present on all switches and Switch1 is configured to be the primary root, while Switch2 is configured to be the secondary. Here's the current state of the network:


First it's important to note that only a single thing will trigger a topology change event - the transition of a non-Edge port from a non-Forwarding to a Forwarding state. Why?  Because this newly Forwarding port could possibly provide a better path to a given destination MAC address than there was before, and the CAM table will need to be updated to reflect that and prevent the same MAC being displayed on more than one port.  It sounds strange that a loss of a Forwarding port doesn't trigger a topology change event, but think about it - in a Continue reading

Volkswagen has a technology problem: It fixes things by hiding them

Volkswagen is in a lot of trouble for installing software on some of its diesel cars that figures out when they are undergoing emissions tests so it can adjust the cars to put out nitrogen oxide at acceptable levels.That’s likely to win the company billions of dollars in fines, but it’s not the first time the company has hidden problems rather than fix them.Just last month, security researchers delivered a paper that showed three ways to get around the Volkswagen lockout system that prevents its cars from being started unless the correct key with the correct chip embedded is used to crank it over.The paper was noteworthy for the ingenuity of the three attacks it outlines but also for the length of time it sat on the shelf before being delivered to the public. It was ready to go back in 2013 but Volkswagen got a court order to block it then, and that was nearly a year after the researchers had told the manufacturers of the hardware about it under the principle of responsible disclosure.To read this article in full or to leave a comment, please click here

Adding a Full API to PicOS

Pica8′s PicOS is a Linux network OS based on Debian. This makes it easy for our customers to integrate their own tools or applications within PicOS. We are compatible with all the leading DevOps tools, such as Puppet, Chef, and Salt; and of course, we support OpenFlow.

But what if you would like to have an application on the switch itself to manipulate its data path? This is beyond the standard DevOps model and is not aligned with the traditional OpenFlow model, which uses a centralized controller.

Typically the requirement for such an application would be:
- A switch using traditional L2/L3, as well as an API to override those L2/L3 forwarding decisions.
- The API could be called on the switch itself while the application is running on the switch (that requirement would forbid a centralized OpenFlow controller).

For this use case, most network equipment vendors have an SDK (Software Development Kit) to program native applications running directly on the switch. A good example would be the Arista EOSSdk.

One big issue with those SDKs is that they are “sticky.” Once you develop your application, it only runs on the SDK provided by your vendor, so you Continue reading

Michigan sues HP over $49 million project that’s still not done after 10 years

Hewlett-Packard has faced no end of financial and legal woes in recent months, and on Friday it was hit with one more: A new lawsuit filed by the state of Michigan over a $49 million project the state says is still not completed after 10 years.The contract dates back to 2005 and called for HP to replace a legacy mainframe-based system built in the 1960s that is used by more than 130 Secretary of State offices.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers HP was given a 2010 deadline to deliver a replacement, but it failed to do so, the state says, leaving the Michigan Department of Technology, Management and Budget and SOS staff dependent on the old technology for functions such as vehicle registration.To read this article in full or to leave a comment, please click here

3 times Facebook has genuinely scared me

There's no doubt Facebook is a wonder of engineering, a site that brings on vast amounts of data for a user despite it being scattered throughout data centers and external sources. No question, Mark Zuckerberg and crew have engineered a marvel.But there are times when it really spooks me. It comes with friend recommendations. Somehow, this site has the capacity to recommend people that I know in real life but have absolutely no online connections to whatsoever. It's happened so often it can't be a coincidence, either. Three recent examples come to mind: Example 1: While closing the suggestion box for recommended friends, up popped the name of my acupuncturist, whom I haven't seen in six months. She is not in my Outlook contact list, only on my cellphone. Now, I frequently share stories about holistic news and have my naturopathic doctor among my friend's list, but why of the dozens of acupuncturists in northern Orange County did she come up?To read this article in full or to leave a comment, please click here

Critical Flash Player updates patch 23 flaws

Adobe Systems released new updates for Flash Player to patch critical vulnerabilities that could allow attackers to install malware on computers.The updates fix a total of 23 flaws, of which 18 can potentially be exploited to execute malicious code on the underlying systems. Adobe is not aware of any exploits being publicly available for the fixed vulnerabilities.The other flaws could lead to information disclosure, bypassing of the same-origin policy mechanism in browsers and memory leaks. Two of the patches are adding or improving protections against vector length corruptions and malicious content from vulnerable JSONP callback APIs used by JavaScript programs running in browsers.To read this article in full or to leave a comment, please click here

Blog Migrated!

Hi!

I have decided to migrate my blog from wordpress.com to a private environment. The main reasons being that I felt that I had outgrown the normal wordpress.com site. I wanted to be able to install plugins and get more accustomed to running my own environment. These days it can’t hurt picking up some Linux skills.

The other reason is that I haven’t made a dime on the blog, in fact since I’ve had to pay hosting costs I’ve been losing money on the blog every year. By placing some ads I hope I can make enough for the hosting and anything extra would help me in getting things I need to generate more content.

The blog should now be reachable over both v4 and v6 and have SSL enabled.

Please bear with me if you find any things that are broken. I have migrated the content but I’m sure things will pop up. If they do, please notify me.

/Daniel

China ‘must stop’ cyberespionage, warns US National Security Advisor Rice

China's government must halt economic espionage in cyberspace, U.S. National Security Advisor Susan Rice warned on Monday, days before Chinese President Xi Jinping is due in Washington, D.C., on an official visit.The issue has become a major thorn in the side of U.S.-China relations in the last year, especially in the wake of the breach of personal information of tens of millions of U.S. government workers at the Office of Personnel Management. The U.S. hasn't publicly accused China of that hack but has done so privately. China denies any involvement."This isn’t a mild irritation," Rice said in a speech at George Washington University. "It’s an economic and national security concern to the United States. It puts enormous strain on our bilateral relationship and it is a critical factor in determining the future trajectory of U.S.-China ties."To read this article in full or to leave a comment, please click here

Cyber insurance rejects claim after BitPay lost $1.8 million in phishing attack

If you bought cyber insurance so you’d be covered if you were hacked, and then had $1.8 million stolen after being hacked, wouldn’t you expect your insurance claim to be paid? If so, then think again as the claim can be denied due to the wording of the risk insurance contract.BitPay, a Bitcoin payment processor, had purchased cyber insurance from Massachusetts Bay Insurance Company (MBIC), but BitPay was in for a rude awakening.In December 2014, an unknown hacker pulled off a social engineering attack; he spearphished BitPay’s Chief Financial Officer, managed to capture corporate credentials, then used the hacked email account to spoof emails to the CEO; the hacker tricked BitPay into making three separate transfer transactions over two days to the tune of 5,000 bitcoins, which were valued at $1,850,000. Well at least the company had cyber insurance, right? No; the insurance company denied the claim due to the wording in the contract; BitPay then sued the insurance company.To read this article in full or to leave a comment, please click here

Out with the old: Make removing old technology part of your culture

Friday afternoon, late, and the new system is finally up. Users are logged in, getting their work done, and you’ve just received an email from the CTO (your boss’ boss’ boss’ boss, probably), saying what a good job the team did in getting things up and running so quickly. For once, in fact, the system went in perfectly. There was no close to team breakups over which technology or vendor to use; there were very few unexpected items that crept into the budget, the delays were minimal, and you even learned a couple of new skills to top it all off.

Wonderful, right? The perfect unicorn project.

But before you break open that bottle of bubbly (or whatever cold beverage is your choice), or maybe pop up a bowl of popcorn and sit down to a long deserved break binge watching the shows you missed pulling this thing together, you need to ask one more question:

Did you strip and sand first? Or did you just paint right on top?

Or don’t you remember the time you tried to paint that old trailer that had been sitting in your back yard for ages? Sure, it was covered in rust, dirt, Continue reading

Worth Reading: A map of the Internet in the US

The complexity and enormous costs of installing new long-haul fiber-optic infrastructure has led to a significant amount of infrastructure sharing in previously installed conduits. In this paper, we study the characteristics and implications of infrastructure sharing by analyzing the long-haul fiber-optic network in the US. via university of wisconsin

The post Worth Reading: A map of the Internet in the US appeared first on 'net work.

Malware implants on Cisco routers revealed to be more widespread

Attackers have installed malicious firmware on nearly 200 Cisco routers used by businesses from over 30 countries, according to Internet scans performed by cybercrime fighters at the Shadowserver Foundation. Last Tuesday, FireEye subsidiary Mandiant warned about new attacks that replace the firmware on integrated services routers from Cisco Systems. The rogue firmware provides attackers with persistent backdoor access and the ability to install custom malware modules. At the time Mandiant said that it had found 14 routers infected with the backdoor, dubbed SYNful Knock, in four countries: Mexico, Ukraine, India and the Philippines. The affected models were Cisco 1841, 2811 and 3825, which are no longer being sold by the networking vendor.To read this article in full or to leave a comment, please click here

iOS 9 breaks VPNs and prevents server access for many

Apple's iOS 9 has several features meant to increase its strong enterprise-grade security. But it also breaks a key security method: VPN connections to some corporate servers. As a result, users won't be able to access some servers over some VPN connections -- but they'll be able to access other servers with no problem. The bug appeared in iOS 9's beta. It was not fixed in the final version of iOS 9, and it is not fixed in the current beta of iOS 9.1.[ InfoWorld's Mobile Security Deep Dive. Download it today in your choice of PDF or ePub editions! | Keep up on key mobile developments and insights with the Mobile Tech Report newsletter. ] Here's what Cisco has reported about the bug:To read this article in full or to leave a comment, please click here

1 2,945 2,946 2,947 2,948 2,949 3,445