Guest Blog: REST API for Cumulus Linux ACLs
RESTful control of Cumulus Linux ACLs included a proof of concept script that demonstrated how to remotely control iptables entries in Cumulus Linux. Cumulus Linux in turn converts the standard Linux iptables rules into the hardware ACLs implemented by merchant silicon switch ASICs to deliver line rate filtering.
Previous blog posts demonstrated how remote control of Cumulus Linux ACLs can be used for DDoS mitigationand Large “Elephant” flow marking.
A more advanced version of the script is now available on GitHub
The new script adds the following features:
- It now runs as a daemon.
- Exceptions generated by cl-acltool are caught and handled
- Rules are compiled asynchronously, reducing response time of REST calls
- Updates are batched, supporting hundreds of operations per second
The script doesn’t provide any security, which may be acceptable if access to the REST API is limited to the management port, but is generally unacceptable for production deployments.
Fortunately, Cumulus Linux is a open Linux distribution that allows additional software components to be installed. Rather than being forced to add authentication and encryption to the script, it is possible to install additional software and leverage the capabilities of a mature web server such as Apache. The Continue reading
Running Nexus 7000 emulation under GNS3: NX-OS Titanium
We're running the Nexus-7k-Emulator in GNS3 and vmWare, under Windows. Been doing a lot more of this lately: NX-OS,Seamless MPLS Architecture
Seamless MPLS architecture can be used to create very large scale MPLS network, reduces operational touch points for service creation, reduces overall complexity and enable flexible service creation points in the Service Provider networks. Seamless mpls architecture best suited for the very large scale service provider networks which has 10s or 100s of thousands access nodes, very… Read More »
The post Seamless MPLS Architecture appeared first on Network Design and Architecture.
Orientation
Quick — can you OODA? Last week we talked about the general idea behind the OODA loop; this week we’ll cover the last three steps and wrap up.
Orient is the second step: once you’ve made a set of observations, you need to decide what it is you’re actually observing. To help this make sense, let’s take a look at a simple optical illusion — you might have seen it before.
Do the blue squares look square, or… ?? If you’re like most people, the squares don’t look square at all — but they are. Remember the blue or gold dress? In both of these situations, we face the same sort of problem: our ability to perceive is often influenced by the context.
This doesn’t, as some people try to say, mean that our senses are all just a jumbled up mess, and the entire world is disconnected from our brains — you must be careful in life not to make the hard or odd case the rule by which all other cases are measured. Every measurement system has its limits; that doesn’t mean the measurement is useless or generally untrustworthy.
So what we must do, as network engineers, is to Continue reading