TLS Session Resumption: Full-speed and Secure
At CloudFlare, making web sites faster and safer at scale is always a driving force for innovation. We introduced “Universal SSL” to dramatically increase the size of the encrypted web. In order for that to happen we knew we needed to efficiently handle large volumes of HTTPS traffic, and give end users the fastest possible performance.
CC BY 2.0 image by ecos systems
In this article, I’ll explain how we added speed to Universal SSL with session resumptions across multiple hosts, and explain the design decisions we made in this process. Currently, we use two standardized session resumption mechanisms that require two different data sharing designs: Session IDs RFC 5246, and Session Tickets RFC 5077.
Session ID Resumption
Resuming an encrypted session through a session ID means that the server keeps track of recent negotiated sessions using unique session IDs. This is done so that when a client reconnects to a server with a session ID, the server can quickly look up the session keys and resume the encrypted communication.
At each of CloudFlare’s PoPs (Point of Presence) there are multiple hosts handling HTTPS traffic. When the client attempts to resume a TLS connection with a Continue reading
Cumulus Networks Could Be The New Microsoft
When I was at HP Discover last December, I noticed a few people running around wearing Cumulus Networks shirts. That had me a bit curious, as Cumulus isn’t usually on the best of terms with traditional networking vendors unless they have a partnership. After some digging, I found out that HP would be announcing a “britebox” branded whitebox switch soon running Cumulus Linux. I wrote a post vaguely hinting about this in as much detail as I dared leak out.
No surprise that HP has formally announced their partnership with Cumulus. This is a great win for HP in the long run, as it gives customers the option to work with an up-and-coming network operating system (NOS) along side HP support and hardware. Note that the article mentions a hardware manufacturing deal with Accton, but I wouldn’t at all be surprised to learn that Accton had been making a large portion of their switching line already. Just a different sticker on this box.
Written Once, Runs Everywhere
The real winner here is Cumulus. They have partnered with Dell and HP to bring their NOS to some very popular traditional network vendor hardware. Given that they continue to push Cumulus Linux Continue reading
Let’s Get Rid of the Thick Yellow Cable
Whenever I write about the crazy things vendors are trying to sell us, and the kludges we have to live with, I keep wondering, “Is it just me, or is the whole industry really as ridiculous as it seems?” It’s so nice to see someone else coming to the same conclusions, like Mark Burgess (the author of CFEngine and the Promise Theory) did in a lengthy essay on whether SDN makes sense.
Read more ...Using custom fields in phpipam
phpipam has support for creating custom fields to be used in address, subnets, vlans, devices and users tables. This is useful when you need to add some custom data to your tables. You can set your custom fields under Administration > Custom fields.
It supports following types of data and it representations:
- varchar: normal input field
- integer: input field that must be an integer
- boolean: true/false field, that is interpreted with dropdown
- text: textarea input field, that holds bigger data than varchar
- date: adds date field, that is represented with date dropdown
- datetime: adds datetime field, that is represented with date and time dropdown
- set: set field adds dropdown options, you control options in size/length field. For example, to have dropdown with three options you set ‘site1′,’site2′,’site3′ in size/length field.
Besides setting field type there are some other variables that can be set for each:
- size / length: depends on field type this controls maximum length of input field or text, maximum size of integer, options for set field etc.
- default: adds default value if field is left blank.
- required: controls weather field is required to be filled in, if Continue reading
Docker Command One Liners
I love the code snippets, it’s how I learn any syntax by rolling up the sleeves, hacking and breaking while taking notes along the way. It’s probably not the most efficient but the muscle memory is how I learn. Here is a list of one liners from my notes in no particular order (even though I tried to in a ... The post Docker Command One Liners appeared first on NetworkStatic | Brent Salisbury's Blog....
Establishing the Big Data Connection
Establishing the Big Data Connection
Many network vendors will tell you that their network equipment is built for Big Data. However, once deployed, do you have enough Big Data context to effectively monitor, troubleshoot, triage and tune your network? In most cases the answer is no! When designing and deploying a network, administrators must consider whether this network will provide enough Big Data context?
Before we go any further let’s define BIG DATA context.
BIG DATA context is the ability to correlate Big Data events and protocols back to network events and protocols and to be able to classify BIG DATA network flows correctly. To establish the Big Data Connection, we’re going to discuss the requirements to ensure a network is in the class of networks that have Big Data context, how administrators can possibly achieve this, and the role network programmability and agility play in this discussion.
Now let us see how we can build BIG DATA context and act on it.
Building Big Data Context
Network monitoring, tracing, visibility and reporting with Big Data context is accomplished with network equipment that is able to export flow statistics, counters and flow DBs and leverage open systems to classify such Continue reading
When Worlds Collide
If there’s one thing we know, it’s a ruckus. And there’s one going on in the world of telecommunications around the use of the unlicensed spectrum for LTE services. With Mobile World Congress just a week away, there will undoubtedly...Show 225 – SolarWinds on The Cost of Monitoring + NPM 11.5 – Sponsored
SolarWinds' Head Geek Leon Adato joins Packet Pushers co-hosts Ethan Banks and Greg Ferro for a discussion about the cost of (not) doing proper network monitoring. We also get an update on the new features found in the NPM 11.5 release including wireless heat maps, web-based alerting, auto-discovery of application types for DPI, automatic dependency mapping, integrated capacity planning, and duplex mismatch detection.
Author information
The post Show 225 – SolarWinds on The Cost of Monitoring + NPM 11.5 – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.