The occasion of my fiftieth post is a good milestone to pause and look back on the two years since I started blogging about open-source routing and network simulation. I will review the blog’s performance statistics and reflect on why I started this blog and what I want to do next.
The chart above shows the blog traffic over the past two years, starting in August 2012. In the first year I thought I would reach only a small audience but, as I posted more content, more users found my blog. In the past twelve months, 29,500 unique users visited this blog. Traffic grew steadily almost every month in the past year.
Users from almost every country on Earth have visited this blog. The map below illustrates the number of users in each country who have visited the blog during the past twelve months, with shades of blue representing the number of users.
I considered writing a technical blog after listening to the audiobook Crush It! by Gary Vaynerchuck, read by the author. The audiobook was very inspirational and made me understand that writing a blog could be a positive experience.
The next book I read was Technical Blogging Continue reading
Today was a bittersweet day for me. It was my final day working with a great group of people at a prominent community bank. I have nothing but good things to say about the people, the organization, and the interesting projects I’ve been involved in. I’ll miss everyone a lot and plan to stay in touch.
Tomorrow I begin a new role as a Systems Engineer at Cisco Systems. I will be working with the SLED (public sector) sales team in Kentucky and West Virginia. In this role I hope to broaden my knowledge of networking components and spend time helping customers better position their technology infrastructures.
I will be aggressively learning the Cisco Product lines, including areas that I previously had less exposure to. I will take advantage of the resources I have and marry my vision of the changing network industry to the components Cisco positions into higher education environments. My intentions include better understanding the roadmap and technical details as they pertain to the integration path from traditional networking to software defined approaches.
As long time PacketU readers know, I have written positive and negative articles about many vendors. All vendors have their strengths and weaknesses. We regularly see them Continue reading
Having passed the CCIE Voice 10 years ago, and having taught on the technologies surrounding both Voice and Collaboration ever since, one might think that the exam would be easy to pass. I can assure you that no matter how much you know, no CCIE exam is easy to pass. Cisco doesn’t allow them to be. Every CCIE track requires hard work and preparation, even if it may, at first glance, seem somewhat of a repeat of things you already know. You may ask since I had the CCIE Voice already, why I didn’t simply take the Collaboration Written exam and convert my cert to a CCIE Collaboration? The answer I think is pretty straightforward – it’s the challenge!! Seeing if you still have it 10 years later. Seeing if what you’ve been teaching your students for 10 years is still up to par and still relevant. To take you back to when I passed CCIE Voice ten years ago, the track was literally brand new that year, and Cisco was testing on CallManager version 3.3, SIP wasn’t anywhere to be found, and creating a hunt group meant tweaking Attendant Console to make it do things it shouldn’t ever Continue reading
Announcing the Network Break podcast - a regular look at the news in networking and cloud infrastructure in less than 30 minutes.
The post Announcing the Network Break Podcast appeared first on EtherealMind.
The Network Break isn't broken and returns for another week with a closer look at the news.
The post Network Break 14 appeared first on Packet Pushers Podcast and was written by Greg Ferro.
It is used to collect statistics, such as packet counts, error counts, CPU usage, etc from a large number of individual switches. What is especially interesting is that it can be used to collect sampled packets (usually only the first n bytes, containing the header), along with some metadata about those packets.
Bringing sFlow to Cumulus Linux was particuarly easy, because “hsflowd” was already available for implementing sFlow support on Linux servers. We were able to reuse that existing code, with extremely minimal modification, to implement sFlow on our Linux based switches.
sFlow allows a collector to get a statistical view of what is going on in a collection of switches, approaching per-flow granularity. This is extremely useful information to present to users for capacity planning and debugging purposes, but things really get interesting when the collector can make decisions based on the information.
For example, our friends at inMon implemented detection of elephant flows (high bandwidth), followed by marking those flows on the switch at network ingress for special QoS handling. This nearly Continue reading
This post is a follow up to Ethan’s post and Edward’s post. Both were very useful to me as I began to plan rolling out this feature. I wanted to verify something TimA said in the comments at the bottom of Ethan’s post, namely that a switch running DHCP Snooping will drop DHCP Discovers from […]
The post More DHCP Snooping appeared first on Packet Pushers Podcast and was written by Guy Morrell.
Welcome to a new series of articles that will be structured as lessons with the target of bringing SDN closer to everyone's understanding. Each article will present a topic plus one or more exercises that will show that topic in action. The lessons will wrap up with some questions asking the readers to exercise on their own and provide the answers.
In our last post, we talked about how to deploy what I referred to as logical networking. I classify logical networking as any type of switching or routing that occurs solely on the ESXi hosts. It should be noted that with logical networking, the physical network is still used, but only for IP transport of overlay encapsulated packets.
That being said, in this post I’d like to talk about how to connect our one of our tenants to the outside world. In order for the logical tenant network to talk to the outside world, we need to find a means to connect the logical networks out to the physical network. In VMware NSX, this is done with the edge gateway. The edge gateway is similar to the DLR (distributed local router) we deployed in the last post, however there is one significant difference. The edge gateway is in the data plane, that is, it’s actually in the forwarding path for the network traffic.
Note – I will sometimes refer to the edge services gateway as the edge gateway or simply edge. Despite both the edge services gateway and the DLR Continue reading
We have mostly all been burnt to a level of severity that we will or will not admit to by prodding and poking networks. Whether by an unexpected bug, lack of understanding of the thing we are poking, or sheer ‘bad luck’, there’s no avoiding it.
Being burnt by a network is almost like being zapped by a cattle prod. It doesn’t take many times before your brain rewires itself to avoid getting burnt, unless you’re a network masochist, in which case, you’re a special breed. This rewiring has resulted in using the CLI as an investigatory and validation tool as well as a configuration access method. What was that keyword again?
show ip bgp neighbor ?
Due to mistrust in the documentation, lack of desire or over trusting the CLI, our brains have become used to this behaviour and complacency has set in.
As we shift from configuring network elements manually to configuring them by automated template generation and structured API calls, will our well understood knowledge of a networking operating system with all of it’s caveats and nuances become redundant along with our bad habits? So do we just trust an amorphous piece of software Continue reading
As of today, there are only about 2 million websites that support HTTPS. That's a shamefully low number. Two things are about to happen that we at CloudFlare are hopeful will begin to change that and make everyone love locks (at least on the web!).
CC BY 2.0 by Gregg Tavares
First, Google just announced that they will begin taking into account whether a site supports HTTPS connections in their ranking algorithm. This means that if you care about SEO then ensuring your site supports HTTPS should be a top priority. Kudos to Google to giving webmasters a big incentive to add SSL to their sites.
Second, at CloudFlare we've cleared one of the last major technical hurdle before making SSL available for every one of our customers -- even free customers. One of the challenges we had was ensuring we still had the flexibility to move traffic to sites dynamically between the servers that make up our network. While we can do this easily when traffic is over an HTTP connection, when a connection uses HTTPS we need to ensure that the correct certificates are in place and loaded into memory Continue reading
BGP Security Vulnerabilities a Growing Concern
Border Gateway Protocol (BGP), the protocol that connects different networks together, was not designed with security in mind. It is easy to take down portions of the Internet by announcing illegitimate routes to those parts (referred to as route hijacking). A classic example of this attack is a widely popularized incident a few years ago by a Pakistani service provider. The Pakistan government wanted to block YouTube internally. The service providers there injected a BGP route for YouTube and directed YouTube traffic to nowhere. This route somehow leaked outside of Pakistan, and was carried by many service providers across the Internet. This resulted, in effect, in YouTube’s removal from the Internet.
These incidents, many not as high-profile as the YouTube incident, are routine and go back as far as I can remember. The first incident I am aware of is a dial-up Internet provider in Florida taking down the MIT network in the pre-1994, non-commercial era Internet. Early on, these incidents were results of honest configuration mistakes or fat fingering of wrong BGP configuration knobs.
As we all know, the days of Internet innocence Continue reading
I’ve written before about “Why Screen Scraping Sucks.” Well, I can report that nothing has changed. It still sucks. This time I got caught out by the changed behaviour of the “logging host” command.
At a customer site I use HP IMC to perform compliance checks across HP and Cisco networking gear. This has a set of rules that get run against the latest device backups. I have various rules that look for specific patterns – making sure they do, or don’t exist, as required.
My systems should all have two log servers defined. The configs should look something like this:
Rack1SW1#sh run | inc ^logg logging 1.1.1.1 logging 2.2.2.2
So I defined an IMC compliance rule that looked for the existence of “logging 1.1.1.1″ and “logging 2.2.2.2″. I’m using the Advanced mode, which uses regex matching, so I need to escape the “.”.
This worked well. It alerted on systems that had the incorrect (or no) destinations defined.
Turns out that “logging X.X.X.X” was the original form of this command. At 12.3(14)T, Cisco changed Continue reading
CC BY 2.0 from Brian Snelson
I'm pleased to announce that CloudFlare now supports WebSockets. The ability to protect and accelerate WebSockets has been one of our most requested features. As of today, CloudFlare is rolling out WebSocket support for any Enterprise customer, and a limited set of CloudFlare Business customers. Over the coming months, we expect to extend support to all Business and Pro customers.
We're rolling out WebSockets slowly because it presents a new set of challenges. The story below chronicles the challenges of supporting WebSockets, and what we’ve done to overcome them.
Before diving into WebSockets, it's important to understand HTTP—the traditional protocol of the web. HTTP supports a number of different methods by which a request can be sent to a server. When you click on a traditional link you are sending a GET request to a web server. The web server receives the request, then sends a response.
When you submit a web form (such as when you're giving your username and password when logging into an account) you use another HTTP method called POST, but the interaction is functionally the same. Your browser (called the ‘client’) sends data to Continue reading