Archive

Category Archives for "Networking"

Docker for NetOps

I have been spending this week in Silicon Valley at Network Field Day 10. One of the announcements struck a chord with me, as this year has marked some significant career changes for me: specifically an uptake in involvement with containers and software development. My good friend Brent Salisbury once wrote about the idea of using Golang for Network Operations tooling. While I’ve continued (and will continue) to build my Python skillset, I’ve also been getting more and more experience with Golang and with some of the great software projects created by it, such as Docker, and Kubernetes.

Big Switch Improves Day to Day Network Operations

Big Switch recently launched major updates to their products Big Cloud Fabric (BCF) and Big Monitoring Fabric (BMF), formerly Big Tap. This post isn’t going to cover the updates or the products from an architectural standpoint, but rather two specific features that are meant to help general day to day network operations.

Command & API History

The first feature is simple – it shows command history, but also API history across the entire Big Cloud Fabric (BCF). The feature is accessed through the central UI of the BCF controller and you can simply look at the last N commands or APIs that were executed on the system. The great thing is that you don’t need a separate AAA system to capture the commands being made and should you want to see the API calls being generated from the CLI commands (because remember the CLI is just an API client), you can also view them. If the CLI isn’t being used, you can also still see each API call that has been recently made on the fabric. It’s my understanding that there is a certain amount of storage dedicated to this function so when the space does fill up, the history Continue reading

Mesophere assembles a software stack to analyze streaming data

Today, organizations need to analyze data from multiple sources and, to stay competitive, they need to do it when the data is fresh off the wire. But installing the software to take on this task can be onerous.Open source software vendor Mesosphere plans to release a stack of integrated open source software that would make it easy for enterprises to capture data in real time and analyze it on the fly.The stack, called Mesosphere Infinity,  is based on Apache Mesos open source software for managing clusters of servers. Mesosphere offers a commercial edition of this open source software called the Mesosphere Data Center Operating System, which is used in this package.To read this article in full or to leave a comment, please click here

Cisco CCDE Practical Self Study Materials

CCDE Practical Self Study Materials are available now ! This material is newly created by Orhan Ergun and will help with preparation on your certification journey. The material is applicable for the CCDE Practical but would also be of use for candidates pursuing their CCDE Written and / or CCIE exams. Advanced Technologies Workbook Design… Read More »

The post Cisco CCDE Practical Self Study Materials appeared first on Network Design and Architecture.

Hiring an information security vendor? Use these best practices.

The exponential rise in security incidents has caused many businesses to look hard at getting their own houses in order before they become the next headline. As part of those efforts, businesses are turning to security consultants to perform audits, penetration testing and other assessments of their systems. These are admirable activities, worthy of consideration by any prudent organization. But these engagements should be entered into with all the care that a business would use in any other transaction in which a third party is granted access to the company’s most sensitive systems and data. Unfortunately, this is seldom the case. All too often, in their rush to move forward with these assessments, businesses fail to adequately address the most fundamental of contract terms. Cost overruns are common. In some instances, security consultants create more risk than they resolve.To read this article in full or to leave a comment, please click here(Insider Story)

BGP in an Arista Data Center



The following is a practical analysis of the use of BGP in the DC on Arista platforms based largely on Petr Lapukhov's work with BGP in hyperscale DCs

Why Layer 3 (L3)?


There are several reasons to run a L3 routing protocol over legacy layer 2 (L2) designs in the data center. Leveraging standards-based routing protocols to avoid vendor lock-in, provide for faster convergence, minimize L2 fault domains, and provide for better traffic engineering.

Extension of L2


Naturally something that comes into question in a L3 switch fabric is, “What if I need L2 adjacency between hosts?” For Arista, the extension of L2 services across a L3 switch fabric is provided by Virtual eXtensible LAN (VXLAN). While closely related, in-depth discussion of the “network overlay” provided by VXLAN is outside the scope.

Why BGP?


Some might question the use of BGP within the data center due to it being designed for, and in the past primarily leveraged as, an EGP. However, BGP provides several benefits in a data center switch fabric, such as:
  • Less complexity in protocol design
  • Relies on TCP rather than adjacency formation/maintenance and/or flow control
  • Less “chatty”
  • Supports third-party (recursively-resolved) next-hops
  • With proper ASN usage, built-in Continue reading

Building an OpenStack Practice

In Q4 2013 at Dasher, we began our journey to create an OpenStack ecosystem that helps our clients as they transform their business and IT infrastructure. For years, Dasher has been helping clients move from physical to virtual environments. As business and IT needs evolved, more customers started evaluating moving from virtual to cloud environments and building their own private cloud. Dasher saw OpenStack becoming the de facto standard for private cloud, but proprietary black box network switches remained a misfit, giving rise to open networking — the disaggregation of network hardware from software.

A couple of our clients along with one of our senior solution architects, Ryan Day, suggested we explore Cumulus Networks® and learn about their Cumulus® Linux® offering. The results are highlighted below and we will attempt to answer: Why do we think the Cumulus Linux OS is a logical step in the evolution of network operating systems?

Cumulus Linux enables software-defined everything (SDE). SDE may be the cool new fad of 2015, but adopting SDE because it is what all the cool kids are doing is certainly not a reason to move to a new technology. Let’s explore Dasher’s reasons for recommending Cumulus Continue reading

Performing Ping Sweeps with IOS TclSh

It’s been a while since I’ve gotten a blog post up, but with my CCIE recertification out of the way I’m hoping to ramp some volume back up. We’re talking about some sexy stuff today… Ping sweeps! First off, let’s cover why you’d need to sweep up your pings. Some people use the ping sweep as a means to “find” hosts on the network. The problem with this is, devices with host-based firewalls active may not respond to an ICMP ping. If you’re pinging from off the local subnet, there are other reasons you might not get a response back as well, like a host having a mis-programmed default gateway or subnet mask, or an interface ACL on the routing device. That said, ping sweeps are still incredibly useful for helping to find vacant IP addresses on a LAN. Or, at least, IP addresses that are not currently active. Always consult your properly maintained IP documentation to find IPs you can safely use for new deployments (yes, I’m laughing at that one too…).

Anyway, how do ping sweeps help identify active IPs if we can’t trust the ping responses? Well, just because a device may not respond to the ICMP Continue reading

Big Data for Social Engineering

First, it integrates with corporate directories such as Active Directory and social media sites like LinkedIn to map the connections between employees, as well as important outside contacts. Bell calls this the “real org chart.” Hackers can use such information to choose people they ought to impersonate while trying to scam employees. From there, AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. via wired

This is a white hat tool, of course, a form of social engineering penetration testing. Two points of interest, though.

First, you can be pretty certain hackers are already using this sort of tool today to find the right person to contact, how to contact them, and to discover the things they know people will respond to. The rule of thumb you should keep in mind is — at least 80% of the time, hackers are already using the tools researchers come up with to do penetration testing. Remember all those fake people inhabiting the world of twitter, facebok, and the like? Some of them might not be just another click farm — some of them might be clickbait for hackers to find out who you Continue reading

Vulnerability in enterprise-managed iOS devices puts business data at risk

A vulnerability in the iOS sandbox for third party applications, like those installed by companies on their employees' devices, can expose sensitive configuration settings and credentials. The flaw was discovered by researchers from mobile security firm Appthority and impacts apps deployed on iOS devices through mobile device management (MDM) or enterprise mobility management (EEM) products. These products allow administrators to automatically push applications, configuration settings and data access rules to enterprise mobile devices. Before a new iOS device is brought inside the network of a company that uses a mobile management system, an MDM account is created for it and a client application is installed. The MDM client is used to install corporate apps and to enforce access policies for corporate data and email.To read this article in full or to leave a comment, please click here

Intel’s five (not very) big announcements from IDF this week

If you’ve paid any attention to Intel’s developer event in San Francisco this week, you’ve probably gathered already that there’s almost no chip news at the show. Intel has moved up the food chain, so to speak, and is showing developers what they can build with its technologies rather than focusing on new components.It makes sense, since with PCs on the wane Intel needs developers to get creative with its products. It can no longer flash a faster Core i7 chip and expect them to go do something interesting with it, because PCs nowadays just aren’t that interesting. Instead, it needs to show them what else they can do with its latest chips.+ ALSO FROM THE SHOW: IDF 2015's coolest demos | Intel’s big plan to seed the private cloud market +To read this article in full or to leave a comment, please click here

1 3,008 3,009 3,010 3,011 3,012 3,476