My pinboard bookmarks for 17 May 2014
Things of note that were discovered on the web this week.
CriticMarkup
Can't do editing in Markdown eh? Obviously you haven't seen CriticMarkup. Looks very cool indeed!
markdown
java - Excluding tests from being run in IntellIJ - Stack Overflow
This is how to exclude integration tests being run in IntelliJ I've been using this for unit testing the OpenDaylight OVSDB library with the regex
^(?!(^.*(IT).*?$)).*$and it works well!
intellij, java, testing, junit
Maven Troubleshooting FAQs
A presentation with troubleshooting Maven issues which is a necessary skill if you plan to do any development in Java.
java, maven
My pinboard bookmarks for 17 May 2014
Things of note that were discovered on the web this week.
Elephant Detection in the vSwitch With Performance Handling in the Underlay
As we’ve discussed previously, the vSwitch is a great position to detect elephant, or heavy-hitter flows because it has proximity to the guest OS and can use that position to gather additional context. This context may include the TSO send buffer, or even the guest TCP send buffer. Once an elephant is detected, it can be signaled to the underlay using standard interfaces such as DSCP. The following slide deck provides and overview of a working version of this, showing how such a setup can be used to both dynamically detect elephants and isolate mice from queuing delays they cause. We’ll write about this in more detail in a later post, but for now check out the slides (and in particular the graphs showing the latency of mice with and without detection and handling).
Lying Headline From Business Insider: Cisco Is Going To Crush VMware
Received an email about this article Chambers: Cisco Is Going To Crush VMware – Business Insider. The title strongly suggests that John Chambers said “Cisco is going to crush VMware” but it’s a lie. The closest that the article content gets is: A cheerful John Chambers told Wall Street analysts on Wednesday that his plan to crush […]
The post Lying Headline From Business Insider: Cisco Is Going To Crush VMware appeared first on EtherealMind.
Could Cisco ACI Kill APM?
Note – This is ALL 100% speculation on my part. I may be WAY off base with what you are about to read, and if you know something I don’t, feel free to correct me in the comments below.
I attended the Cisco Live Local Edition event here in Nashville,TN last month. It was an all day event that gave a variety of presentations in different focus areas. While I spent the bulk of my time in the routing/switching/wireless/security presentations, I made a point to sit in on one in the data center track. It was entitled Data Center Fabric Futures. This session spent a lot of time talking about Cisco’s Application Centric Infrastructure(ACI) technology, so I was curious to learn a bit more about it since the company I work for sells a fair amount of Cisco Nexus switching.
If you want a little more information about Cisco’s ACI technology, here’s some really good writing on that subject:
Insieme and Cisco ACI [Part 1] – by Matt Oswalt
Insieme and Cisco ACI [Part 2] – by Matt Oswalt
Cisco’s ACI (Insieme) Launch – by John Herbert
While the presentation was moving along, one particular aspect of ACI caught my Continue reading
Pseudowire FAT Interoperability
I usually don’t think much about Pseudowires Sub-TLV until I encountered two IOS-XR boxes that didn’t use the same value and didn’t forward any packets. There is a special corner case of pseudowires using Flow Labels Transport (FAT) that can cause unexpected behavior and if you don’t watch out you might drop traffic. In this post I’ll go over the details of using FAT with different IOS-XR versions and what can go wrong.
Flow Aware Transport pseudowire (RFC6391) is a type of L2VPN that operates over MPLS. The main benefit of it is that it implements a mechanism which allows you to load-balance one pseudowire over multiple equal cost paths (i.e. ECMP). ECMP of a pseudowire becomes an advantage when transporting large amount of traffic such as 10Gbps or more. FAT is a special interface sub-TLV that’s negotiated between two PE.
The problem relates to Flow Aware Transport (FAT) pseudowires where one side terminating router operates the IOS-XR version 4.3.2 and the other any version up to 4.3.1. The symptom is lack to forwarding of tunneled packets. Both sides show PW as up and operational but no traffic is being forwarded over it. Continue reading
The SDN Ecosystem
As a follow on to my blog about building a business case for an SDN deployment, there are now dozens of companies offering SDN-related products – so many that you might find it difficult to separate the hype from the meat. Let’s look at some categories of SDN products and how each of them fits into an overall SDN solution.
The key components of an SDN solution are ASICs, switches, a controller, and the applications or services that run over the network.
ASICs
ASICs have a long history in networking by driving scale and performance. In a clock cycle, very complex tasks can be accomplished. Without the ASIC, the central CPU would be overwhelmed performing those same tasks (remember those so called “one arm routers”). The need for ASICs created a new set of suppliers such as Broadcom, Marvell and Mellanox, and most recently Intel through its acquisition of Fulcrum. We can expect more and more specialization in ASICs as the industry pivots on the SDN theme. Over the last decade, the merchant silicon vendors have diversified and specialized products for vertical markets. For example, an ASIC optimized for the data center might have VxLAN support, while another tuned Continue reading
How SDN Has Changed In 12 Months
Early last year I drew a strategy map of all the elements in a Software Defined Ecosystem for a client. I drew another one a couple of weeks back to explain how the current vendor focus on controllers, and specifically, OpenDaylight is changing the nature of the market. The comparison is striking.
The post How SDN Has Changed In 12 Months appeared first on EtherealMind.
IPv6 at Home – Prefix Delegation
As many of you may know, I used to move packets around for a living. I’m not doing that any more, but I’m still administering my own little home network and keeping my hand in. After my old consumer-grade ADSL modem packed it in, I decided that I’d like to do something a bit more […]
Author information
The post IPv6 at Home – Prefix Delegation appeared first on Packet Pushers Podcast and was written by Matthew Mengel.
Response: Math and Monitoring
Monitorama has posted the videos from their conference PDX 2014 and I’ve been watching them during concentration breaks. Most of them are very good story telling from real practitioners who have real world experiences. I wanted to call out just two that impressed me deeply. Noah Kantrowitz’s session from Monitorama PDX 2014 talks about using […]
The post Response: Math and Monitoring appeared first on EtherealMind.
Cisco Live – The Minimalist Packing List
Cisco Live 2014 is right around the corner! It’s almost time to start packing. The other day, Keith Miller (@packetologist), a first-time Cisco Live attendee, asked me on Twitter:
@BobMcCouch Since you are the king of being prepared, what is your travel pack consisting of to CLUS?
— Keith Miller (@packetologist) May 11, 2014
I have a bit of a reputation among some of my consulting clients as being ready for just about anything. Normally, that means my laptop bag weighs about 50 lbs. But for Cisco Live, I choose to travel light. I’ve seen people in the airport on the way to, and from, the event with a LOT of stuff. Sure, some folks are presenters or carrying company stuff but for the rest, you probably just have too much stuff.
Why choose to travel as light as possible? Here are just a few reasons:
- Airline bag check fees
- Airlines are great at losing/abusing your stuff once its out of your hands
- Due to #1, everyone is always fighting for room in the overhead bins and you end up checking your “carry on” anyway
- If you land early, you have to check your 3 tons of bags, or else Continue reading
Poster: Network Visibility Dual State Diagram
Network visibility is difficult design problem. After years of research and customer engagements, Ive been able to prove that network visibility can be reduced to two states. I present the results in this chart.
The post Poster: Network Visibility Dual State Diagram appeared first on EtherealMind.
Load balancing large flows on multi-path networks
 |
| Figure 1: Active control of large flows in a multi-path topology |
 |
| Figure 2: Two path topology |
To ensure that packets in a flow arrive in order at their destination, switch s3 computes a hash function over selected fields in the packets (e.g. source and destination IP addresses Continue reading
Integrating Route Explorer with the OpenDaylight Controller for SDN Provisioning
Integrating Route Explorer with the OpenDaylight Controller for SDN Provisioning
by Steve Harriman, VP of Marketing - May 13, 2014
Despite the hype surrounding SDN, no one can afford to leap frog to the new technology. They must have a strategy to integrate the new with the old to reap the biggest benefits. Packet Design has taken its first step in helping customers do so. We’ve integrated Route Explorer with the OpenDaylight controller to automate SDN provisioning of RSVP-TE tunnels. For network engineers, this means eliminating the manual process of creating tunnels. They can simply plan it in Route Explorer and have the OpenDaylight controller automatically provision it. Some of our early adopter customers – especially service providers – are very happy about this.
OpenDaylight only supports TE tunnels today, but our integration is an example of how we can support SDN in hybrid environments. Our analytics technology is unique because it allows us to build SDN conforming applications in the presence of non-conforming applications. You don’t have to do a forklift hardware upgrade in the network or build a brand new network architecture where the controller provisions everything. We are able to demonstrate provisioning of RSVP-TE tunnels in hybrid environments Continue reading
Routing-Bits SP Update
The next installment of the SP handbook is now available. It includes two new chapters and an extra appendix. Please check your email for instructions. Contact me if your email address has changed.Filed under: CCIE SP
Recap of ONUG Conference 2014
Last week I attended the Open Networking User Group conference. My main reason for attending was to participate in three roundtable discussions put on by Tech Field Day. These sessions were recorded, and I’ll be following up with specific thoughts on each session in later blog posts.
These round-tables only occupied a portion of the two-day conference, so I spent the remainder of the time speaking with some of the vendors and sitting in a few of the sessions.
Sessions
I wasn’t permitted to attend a large chunk of ONUG sessions, and I’ll get to that in the next paragraph. I did manage to see a good friend Kyle Mestery present on two of my favorite topics – OpenDaylight and OpenStack. The sessions at ONUG were not recorded, but I’ll again direct you to this video for a reasonably close approximation:
Kyle is the embodiment of the passion and energy found in great communities like OpenStack and OpenDaylight, and if you ever have the opportunity to hear him present, I encourage you to take it.
I also finally got to meet Brad Hedlund in meatspace:
@mestery and @bradhedlund at #ONUG workshop. pic.twitter.com/t775QPavTw
— Gideon Tam (@mfmahler) May Continue reading
Cisco Live 2014 – Final Countdown!
Ok, that video probably dates me a bit, and that is OK. This will be my 9th consecutive time attending Cisco Live (aka Networkers). Just a few final things to share before the event kicks off. The other day I received an e-mail from Cisco Live with a special announcement. It reads: This is a […]Into the Light of Day: Uncovering Ongoing and Historical Point of Sale Malware and Attack Campaigns
Point of Sale systems that process debit and credit cards are still being attacked with an increasing variety of malware. Over the last several years PoS attack campaigns have evolved from opportunistic attacks involving crude theft of card data with no centralized Command & Control, through memory scraping PoS botnets with centralized C&C and most recently to highly targeted attacks that require a substantial amount of lateral movement and custom malware created to blend in with the target organization.
While contemporary PoS attackers are still successful in using older tools and methodologies that continue to bring results due to poor security, the more ambitious threat actors have moved rapidly, penetrating organizational defenses with targeted attack campaigns. Considering the substantial compromise lifespans within organizations that have active security teams and managed infrastructure, indicators shared herein will be useful to detect active as well as historical compromise.
Organizations of all sizes are encouraged to seriously consider a significant security review of any PoS deployment infrastructure to detect existing compromises as well as to strengthen defenses against an adversary that continues to proliferate and expand attack capabilities.
In addition to recent publications discussing Dexter and Project Hook malware activity, Arbor ASERT is currently Continue reading