What is a data center operating system (DCOS)?

Improving PicoHTTPParser further with AVX2

Vlad Krasnov recently joined CloudFlare to work on low level optimization of CloudFlare's servers. This is the first of a number of blog posts that will include code he's optimized and open sourced.

In a recent post, Kazuho's Weblog describes an improvement to PicoHTTPParser. This improvement utilizes the SSE4.2 instruction PCMPESTRI in order to find the delimiters in a HTTP request/response and parse them accordingly. This update, compared to the previous version of the code, is impressive.

CC BY-SA 2.0 image by Intel Free Press

PCMPESTRI is a versatile instruction that allows scanning of up to 16 bytes at once for occurrences of up to 16 distinct characters (bytes), or up to 8 ranges of characters (bytes). It can also be used for string and substring comparison. However, there are a few drawbacks: the instruction has a high latency of 11 cycles, and is limited to 16 bytes per instruction. It's also under utilized for range comparison in PicoHTTPParser, because it only tests two or three ranges per invocation (out of eight it is capable of). Furthermore, some simple math (16 bytes / 11 cycles) shows that using this instruction limits the parser to 1.45 bytes/cycle throughput.

Continue reading

GNS3 1.2.1 installation on Ubuntu 14.04

As mentioned in an earlier post GNS3 is moving ahead fast. Currently at version 1.2.1 the GNS3 is looking great. Compared with the version 1.0 Beta 1 which I had installed, the 1.2.1 is not only more stable, but it has the Menu more clean and compact. For example now there is only one Preferences menu where you can adjust all your settings.

Read more on GNS3 1.2.1 installation on Ubuntu 14.04…

Thinkers

Big thinkers think about giving, doing, and ideas. Small thinkers think about getting and having. If you’re comparing to or gossiping about others — you’re not thinking at all.

How to prevent theft, loss and snooping on the road

When you travel, a whole fleet of electronics come with you. Smartphone and laptop are a given, but there’s a good chance you’re also toting a tablet, and maybe a cellular hotspot or dedicated GPS.All of them are juicy targets for bad guys. Here’s how to make sure your devices’ travels are just as safe as your own.Protect yourself on public Wi-Fi Public Wi-Fi hotspots are essential. They’re like an oasis in the disconnected desert when you run into their blessed signal in coffee shops, airports, or even public parks. But wide-open Wi-Fi hotspots can also be dangerous.To read this article in full or to leave a comment, please click here

What’s Next for Cuba?

Nearly two years ago, we broke the story about the activation of the first submarine cable connecting Cuba to the global Internet – a cable that, prior to its activation in January 2013, mysteriously lay dormant on the ocean floor for nearly two years. When the Cuban government issued a confirmation in the days following our report, it contained the following statement:    When the testing process concludes, the submarine cable being put into operation will not mean that possibilities for access will automatically multiply.

In other words, Cubans should not expect greater access to the Internet just because the ALBA-1 submarine cable was now in operation. Yesterday’s historic agreement to begin normalizing relations between Cuba and the United States contains a pledge by the Cuban government to “greatly expand its citizens’ access to the Internet.” What exactly this pledge entails will determine how the Internet evolves in Cuba in the near term. Decision makers in Cuba should look at another country that recently opened up its telecom sector and is presently experiencing an explosion in Internet growth: Myanmar.

Cuban Isolation

The isolation of Cuba is plainly evident when looking at a map of the submarine cables in the Continue reading

Cisco BGP soft-reconfiguration and received-routes relation

A while ago I received the following question:

“Why I’m not seeing the prefixes received from the BGP peer when using the show ip bgp neighbors x.x.x.x received-routes while the soft-reconfiguration inbound is not enabled?”

Read more on Cisco BGP soft-reconfiguration and received-routes relation…

Alcatel-Lucent Virtualized Simulator on GNS3

MPLS Tech Talks: RSVP-TE 101

After discussing the basics of MPLS, MPLS-TE and LDP, and the relationship between FECs, LDP and BGP, Seamus and myself focused on another interesting topic: how MPLS protocol stack uses RSVP to implement traffic engineering.

Alcatel-Lucent Virtualized Simulator on GNS3

The Alcatel-Lucent virtualized Simulator (vSim) is a virtualization-ready version of SR OS called SR OS-VM. This new operating system is designed to run in a virtual machine (VM) on a generic Intel x86 server. In control and management plane aspects, the vSim is functionally and operationally equivalent to an Alcatel-Lucent hardware-based SR OS router.The vSim is intended to be used as a laboratory tool to fully simulate the control and management plane of an SR OS node. The vSim is not intended to be used in a production network environment and the forwarding plane is limited to 250 pps per interface. Furthermore, without a license file it will run for 1 hour before reloading.

Host Software and Hardware Requirements

• Linux x86-64
• Qemu emulator version 2.1.2 (qemu-system-x86_64 or i386)
• GNS3 version 1.2 or later
• RAM - at least 4 GB
• CPU with hardware virtualization support (VT-x or AMD-V)

Virtual Machines Software and Hardware Requirements

• TiMOS-B-12.0.R6 ALCATEL SR 7750, TiMOS-SR-12.0.R6-vm.zip
• RAM 2048 MB, CPU x86-32
• Qemu additional parameters: -nographic -enable-kvm

1. Installation Steps

Extract image from the zip file.

$ unzip TiMOS-SR-12.0.R6-vm.zip
$ cd vm/7xxx-i386/

Now a virtual disk sros-vm.qcow2 is extracted. To start Qemu virtual Continue reading

HTIRW: Standards Bodies

(yes, I know, it’s been a while… But it’s time to get back to this series) Up to this point in this series, we’ve been discussing the more technical aspects of how the Internet really works. Now I want to shift gears a little, and talk about some of the more political aspects — standards […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.

TwitterGoogle+LinkedIn

The post HTIRW: Standards Bodies appeared first on Packet Pushers Podcast and was written by Russ White.

What does “scale out” vs. “scale up” mean?

Show 217 – IETF, YANG Proliferation and the Lack of Cooperation and Co-ordination

This week are talking about the IETF and it's inability to cope with massive change in networking around SDN and NFV. For example, there are more than 70 drafts on NETCONF models for common networking tasks that often overlap or repeat the same work. What does this means for standards development ?

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Show 217 – IETF, YANG Proliferation and the Lack of Cooperation and Co-ordination appeared first on Packet Pushers Podcast and was written by Greg Ferro.

How Many Hosts In An VLAN or IP Subnet and Why ?

It is common to allocate /24 or /22 subnets to a single VLAN but William writes to ask why and whether is related to broadcasts. What is the best subnet size for VLAN allocation and why ? The answer isn't what you think.

The post How Many Hosts In An VLAN or IP Subnet and Why ? appeared first on EtherealMind.

5 Great Reasons to Store and Analyze Centralized Logs

I (don’t) like Big Buffers.

Recently Arista released a white paper surrounding the idea that having deeper buffers running within the network can help to alleviate the incast congestion patterns that can present when a large number of many-to-one connections are happening within a network. Also known as the TCP incast problem. They pointedly targeted Hadoop clusters, as the incast problem can rear its ugly head when utilizing the Hadoop Cluster for  MapReduce functions. The study used an example of 20 servers hanging off of a single ToR switch that has 40Gbps of uplink capacity within a Leaf/Spine network, presenting a 5:1 oversubscription ratio. This type of oversubscription was just seen in the recent release of the Facebook network that is used within their data centers. So its safe to assume that these types of oversubscription ratios are seen in the wild. I know I’ve run my fair share of oversubscribed networks in the past.

Treating the Symptom

This particular study actually prods at what is the achilles heel of the traditional leaf/spine network design. All nodes being within 3 switch hops, (ToR <-> Spine <-> ToR), does provide a predictable pathing within the minds of the network operators of today, but I posit that Continue reading

The four Mac security options everyone should know

As our lives increasingly go digital, security is a major concern not only for the various online services we use, but also for the devices on which we save our data. Chances are that if you’re reading this article, you own a Mac. And on your Mac, you’d like much of the work you do on it to be kept private.MORE ON NETWORK WORLD: Free security tools you should try While OS X is relatively secure by default, there are some additional steps you can take to ensure the data on your Mac is only accessible by you, even if your Mac is stolen. Take the following tips to heart to better protect your Mac and its data.To read this article in full or to leave a comment, please click here

IKEv2 VPN – ASA/IOS

In our next blog post, we will focus on configuring an IKEv2 VPN between the ASA and IOS.

Is there anything special about that configuration? Yes and no. It is still “just” IKEv2 that will take care of negotiating our tunnels, but there will definitely be a difference in how we configure one platform versus another. Remember – tunnel interfaces are not supported on the ASA, at least as of 8.6, and this generally means that we will not be able to use tunnels (FlexVPNs) on IOS, too (there is actually one small exception to this rule, but it will not be discussed in this article).

Let’s take a look at our simple network:

We’ll try to build a VPN tunnel between R10 and ASA3 that we will then use to protect traffic flowing between VLANs 10 and 8. I am going to start with the ASA configuration.

First and foremost – the Policy. Note that PRF must generally be the same as what you have selected for Integrity/Hashing:

crypto ikev2 policy 10
encryption aes-256
integrity sha384
prf sha384
group 14

We will authenticate the tunnel using pre-shared-keys, and since authentication method is no longer negotiated in IKEv2 we Continue reading

Beach

Python paths and Cron logging