Archive

Category Archives for "Networking"

Securing Your Connection Anywhere You Go

We all know that there are a lot of incomplete security models. Firesheep made this fact painfully obvious to those who regularly work from public hotspots. Although this issue extends beyond insecure wireless deployments, unencrypted hotspots are an easy target. When network traffic isn’t secured in the application layers AND that same traffic is not secured in the network or datalink layers, bad things can and do happen.

TLDR–This article solves this problem by utilizing a Meraki MX60 and the VPN client Native on OSX. To skip to the good stuff, click here.

One approach that some people decide to employ is utilizing a VPN connection for their Internet traffic when connected to untrusted networks. For years, enterprises have utilized these controls to allow secure access to corporate resources. A common trend to day includes utilizing “the cloud” for sensitive enterprise and personal data. While these systems *should* be appropriate resilient, we know that is not always the case. In addition to that, federated authentication schemes and password reuse can also pose additional risk to broken systems and less security conscious users.

Having easy access to some gear, I have been using a Meraki MX60 for a few months. This device makes the configuration Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 1/30/2015

Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Nouman Khan, CCIE #19730  (Data Center)
  • Madhav Bhardwaj, CCIE #44772 (Collaboration)
  • Theogene Nishimwe, CCIE #44776 (Collaboration)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Dell celebrates disaggregation’s first anniversary

Dell is celebrating the first anniversary of its Open Networking initiative, an effort to offer customers a choice of operating systems and applications on standard, merchant silicon-based hardware.Dell was one of, if not the first major vendor to disaggregate switching – separating the interdependencies of hardware and software so customers, in this case, can run a variety of operating systems on Dell switches. Juniper followed suit with an Open Compute Platform-based switch that can run its Junos operating system, or another that’s ported to the OCP-based hardware.To read this article in full or to leave a comment, please click here

PlexxiPulse—Partnering with Cloudera

This week, we announced that we’ve partnered with Big Data platform provider Cloudera. Cloudera’s data management platform enables enterprises to use Apache’s open source Hadoop software to better manage their data. The Plexxi Switch, now certified with Cloudera’s Enterprise 5 platform, is the first SDN-based Ethernet switch and the only truly single-tier, scale-out networking solution. We’re excited to have Cloudera on board to provide network operators a solution to address their Big Data needs.

Below you will find our top picks for stories in the networking space this week. Have a great weekend!

In this week’s PlexxiTube of the week, our own Dan Backman identifies how Plexxi’s Big Data fabric solution applicable beyond Big Data.

TechTarget: SDN to support Internet of Things devices
By David Geer
Software-defined networking will meet the Internet of Things (IoT) at the crossroads of VPN exhaustion, uptime challenges and limited network resources. The expected result is that SDN will help drive the expansion of IoT-enabled devices, enable more efficient network resource sharing and improve IoT service-level agreements (SLAs). In return, many vendors expect IoT will support SDN decisions and feed hungry policy engines. It’s still early days in terms of looking for use cases Continue reading

IDG Contributor Network: It’s my network and I’ll binge watch if I want to

In my first blog post I discussed the gap that exists between what consumers want and what the network can feasibly provide – what I referred to as the "agility gap." In just the four months since that post, we have seen a variety of new examples of the acceleration in technology advances for the consumer and end user, while the network chugs along trying to keep up.The most intriguing of these was Sony's unveiling of PlayStation Now at CES 2015, a cloud-based gaming subscription service that gives players unlimited streaming access to more than 100 games.To read this article in full or to leave a comment, please click here

Network Break 26

We are back after the Christmas Break with the Networking News.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Network Break 26 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

SDN: What Small and Mid-Sized Businesses Need to Know in 2015

Guest blogger Alex Hoff is the VP of Product Management at Auvik Networks, a cloud-based SaaS that makes it dramatically easier for small and mid-sized businesses to manage their networks. Our thanks to Auvik for sponsoring the Packet Pushers community blog today. It’s January and the network industry pundits are calling for 2015 to be the […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post SDN: What Small and Mid-Sized Businesses Need to Know in 2015 appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

Contention Delay Killed the WLAN Star

The Wi-Fi industry seems dominated by discussions on the ever-increasing bandwidth capabilities and peak speeds brought with the latest product offerings based on 802.11ac. But while industry marketing touts Gigabit capable peak speeds, the underlying factors affecting WLAN performance have changed little.

Medium contention is the true driver in the success or failure of a WLAN and we must effectively understand its effect on WLAN performance in order to design and optimize our networks.

Read the full blog article over on the Aruba Airheads Technology Blog...

Open Networking: From Concept to Reality

When I first heard about Cumulus Networks in August 2013, I thought, “what’s the catch?” Now, after a year of working with companies deploying Cumulus Linux based switches in their production environments, it turns out there is really no catch. Open networking is for real.

The way you buy a server is now the way you can buy a switch

An open ecosystem has supported the server business for many years. One can build servers with components from various suppliers and run their choice of operating system. This same concept for the networking world, now called “open networking” for the disaggregated model of switch hardware and software, has long been on many wish lists.

The good news: this concept is a reality now, thanks to companies like Cumulus Networks whose OS, Cumulus Linux, is a Debian based distribution that is the OS for open networking on bare metal switches.

No License Gotchas

With Cumulus Linux, there are no additional or “enhanced” license fees akin to what traditional vendors have charged for years. The yearly renewal license fees cost the same each year – not a penny more. The yearly or multi-year license (option) can be ported from one switch Continue reading

IPv6 availability in New Zealand

IPv6 has been around a fair while, and we’re constantly encouraged to learn it and use it. I agree with the sentiment, but it’s been hard for most users, when few ISPs offer IPv6 for residential users. Hurricane Electric offers a great free IPv6 tunnel broker service, but that’s impractical for most people. What they need is for their ISP to offer native IPv6, by default.

The ISPs in New Zealand with the largest market share don’t offer IPv6, but some of the smaller ones do. The design of the ISP market here means that users can easily switch between a large range of suppliers, and choose the mix of price/service they want. When I last changed ISP a couple of years ago, I specifically chose an ISP that offers IPv6.

Last year that ISP disabled IPv6 for a few weeks due to some technical issues, and I was disappointed with the support they offered. I wanted to evaluate my other options, but couldn’t find any good source of data that showed which ISPs were offering IPv6. There’s plenty of talk out there about trials, and the like, but most of that hasn’t been updated in years.

So I pulled Continue reading

Multi-Gigabit AP Backhaul – Do you need it?

I was recently asked by a Wi-Fi engineer about the potential need for multi-gigabit backhaul needs from an AP with the pending release of 802.11ac Wave 2. This seems to be a point of confusion for many in the wireless industry. Here's what I told them:

Industry claims of throughput capabilities exceed 1 Gbps are correct from a theoretical standpoint. However, real world client mixes on almost every WLAN will mean that backhaul never approaches even close to 1 Gbps of throughput.

First, when you combine clients of varying capabilities there is no chance of exceeding 1 Gbps backhaul. The only time you will need more than 1 Gbps of backhaul is in POC bakeoffs between vendors, lab tests, and very low-density locations where you have only a few users on an AP radio but they are using top of the line high-end wireless laptops and applications that can push large amounts of data (I'm thinking CAD users here for instance who collaborate and push files of several GBs across the network and want it done fast). This is somewhat counter-intuitive because most people would think off-hand that high-density areas is where you'll need the greater backhaul. But in high-density areas Continue reading

Addressing 2014

Time for another annual roundup from the world of IP addresses. What happened in 2014 and what is likely to happen in 2015? This is an update to the reports prepared at the same time in previous years, so lets see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself.

CCIE Lab or dual CCIE written preferred

I got this sent from a friend of mine who is looking for a job. The job description asked for "CCIE Lab or dual CCIE written".

I wonder who wrote this stuff?

CCIE written is easy. It is not a certification exam.

The exam is not intendant to mean anything other than a ticket for the lab or to recert and existing CCIE certification, so Cisco is not putting too much effort into it. For example there are no simulations, everything is a multi-choice, so it is easy to eliminate absurd answers.

Most if not all CCIE candidates, who are already CCNPs, are surprised how easy it is. Many are fooled to believe that the lab is anywhere close to being at the same level of difficulty and depth.

If I was a CCNP, I would have preferred to take CCIE written to recert over the CCNP exams.

If I was hiring, I would prefer a dual CCNP over dual CCIE written anytime. In fact, I would prefer a humble CCNP than someone who passed the written and brags about it.

DNSSEC Done Right

alt This blog post is probably more personal than the usual posts here. It’s about why I joined CloudFlare.

I’ve been working on DNSSEC evolution for a long time as implementor, IETF working group chair, protocol experimenter, DNS operator, consultant, and evangelist. These different perspectives allow me to look at the protocol in a holistic way.

First and foremost, it’s important to realize the exact role of DNSSEC. DNSSEC is actually a misnomer: it’s from an era when the understanding of different security technologies, and what role each plays, was not as good as today. Today, this protocol would be called DNSAUTH. This is because all it does is to provide integrity protection to the answers from authoritative servers.

Over the years, the design of DNSSEC has changed. A number of people working on early versions of DNSSEC (myself included) didn’t know DNS all that well. Similarly, many DNS people at the time didn’t understand security, and in particular, cryptography all that well. To make things even more complex, general understanding of the DNS protocol was lacking in certain areas and needed to be clarified in order to do DNSSEC properly. This has led to three major versions of the Continue reading

Understanding WAN Quality of Service

The time has come, CCIE Collaboration hopefuls, to focus my blog on Quality of Service (QoS). I know, it’s everyone’s favorite subject, right? Well, you don’t have to like it; you just have to know it!

I would specifically like to focus on WAN QoS policies as they are going to be an essential piece of the lab blueprint to understand. Typically, the goal on a WAN interface is to queue traffic in such a way as to prioritize certain types of traffic over other types of traffic. Voice traffic will usually be placed in some type of expedited or prioritized queue while other types of traffic (video, signaling, web, etc.) will use other queues to provide minimum bandwidth guarantees. Policies such as this will utilize the Modular QoS Command Line Interface (MQC) for implementation.

To begin, let’s use our three-site topology (HQ, SB, and SC) to provide a backdrop for this example. The HQ site (R1) has a Frame Relay connection to both the SB (R2) and SC (R3) sites through the same physical Serial interface, which has a total of 1.544 Mbps of bandwidth available. Assume that both R2 and R3 have connections to R1 using Continue reading

Help us test our DNSSEC implementation

For an introduction to DNSSEC, see our previous post

Today is a big day for CloudFlare! We are publishing our first two DNSSEC signed zones for the community to analyze and give feedback on:

We've been testing our implementation internally for some time with great results, so we now want to know from outside users how it’s working!

Here’s an example of what you should see if you pull the records of, for example, www.cloudflare-dnssec-auth.com.

$ dig www.cloudflare-dnssec-auth.com A +dnssec

; <<>> DiG 9.10.1-P1 <<>> www.cloudflare-dnssec-auth.com A +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29654
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.cloudflare-dnssec-auth.com.    IN  A

;; ANSWER SECTION:
www.cloudflare-dnssec-auth.com.    300 IN  A   104.28.29.67  
www.cloudflare-dnssec-auth.com.    300 IN  A   104.28.28.67  
www.cloudflare-dnssec-auth.com.    300 IN  RRSIG   A  Continue reading

The Vast World of Fraudulent Routing

188.253.79.0_24_1418169600_1419885767

As network security engineers have attempted to categorize blocks of IP addresses associated with spam or malware for subsequent filtering at their firewalls, the bad guys have had to evolve to continue to target their victims.  Since routing on the global Internet is based entirely on trust, it’s relatively easy to commandeer IP address space that belongs to someone else.  In other words, if the bad guys’ IP space is blocked, well then they can just steal someone else’s and continue on as before.

In an attempt to cover their tracks, these criminals will sometimes originate routes using autonomous system numbers (ASNs) that they don’t own either.  In one of the cases described below, perpetrators hijacked the victim’s ASN to originate IP address space that could have plausibly been originated by the victim.  However, in this case, the traffic was misdirected to the bad guy and an unsophisticated routing analysis would have probably shown nothing amiss.

The weakness of all spoofing techniques is that, at some point, the routes cross over from the fabricated to the legitimate Internet — and, when they do, they appear quite anomalous when compared against historical data and derived business Continue reading

1 3,162 3,163 3,164 3,165 3,166 3,352