Shellshock: One Month On
Shellshock was released a little over a month ago, to wide predictions of doom & gloom. But somehow the Internet survived, and we lurch on towards the next crisis. I recently gave a talk about Shellshock, the fallout, and some thoughts on wider implications and the future. The talk wasn’t recorded, so here’s a summary of what was discussed.
Background: NZ ISIG: Keeping it Local
The New Zealand Information Security Interest Group (ISIG) runs monthly meetings in Auckland and Wellington. They’re open to all, and are fairly informal affairs. There’s usually a presentation, with a wide-ranging discussion about security topics of the day. No, we don’t normally discuss “picking padlocks, debating whose beard or ponytail is better or which martial art/fitness program is cooler.”
Attend enough meetings, and sooner or later you’ll be called upon to present. I was ‘volunteered’ to speak on Shellshock, about a month after the exploit was made public. I didn’t talk about the technical aspects of the exploit itself – instead I explored some of the wider implications, and industry trends. I felt the talk went well, mainly because it wasn’t just me talking: everyone got involved and contributed to the discussion. It would be a bit Continue reading
The Etymology of Elephant and Mice Flows
Over the past 3-4 years, the term elephant flows has been used to refer to east-west (machine-to-machine) traffic, such as vMotion, Migration, Backup, and Replication. The term mice flows is used to refer to north-south (user-to-machine) traffic. Why are we using these terms all of a sudden and did they come from? Wikipedia states “It is not clear who … Continue reading The Etymology of Elephant and Mice Flows
White Box switch readiness for prime time
Matthew Stone runs Cumulus Networks switches in his production network. He came on the Software Gone Wild podcast recently to talk about his experiences. Cumulus, Pica8, and Big Switch are the three biggest proponents of white box switching. While Pica8 focuses on the Linux abstractions for L2/L3, Pica8 focuses more on the OpenFlow implementation, and Big … Continue reading White Box switch readiness for prime time
JNCIE-ENT Prep Guide has been published!
Just a quick note on a Friday afternoon about The Unofficial JNCIE-ENT Pre Guide to let you know that it has now been published. You may order a copy at LeanPub, and to kick it off here is a 25% off coupon – http://fryguy.me/JNCIEENTWB The guide is is over 500 pages of JNCIE study goodness for […]Welcome to the source
package main
import ("fmt")
func HelloWorld() {
fmt.Println("Welcome to my blogn")
}
The Network Iceberg
The impact of compute virtualization on the data center network has been profound. There are more virtual ports then physical ports. That simple measurement overshadows any other disruption in networking. We arrived at this transformation as a result of significant adoption of OS virtualization. The next revision of compute virtualization is the application. The last significant bastion of efficiency is to ... The post The Network Iceberg appeared first on NetworkStatic | Brent......
Plexxi Pulse—Don’t Be Spooked by Big Data
We are getting into the Halloween spirit here at Plexxi—check out this Plexxi pumpkin carved by our talented marketing manager, Khoa Ma!
Jack-o-lanterns aside, we know the thought of navigating trends like the Internet of Things and Big Data can be frightening, especially if you are unsure of how to approach them. As these trends gain popularity and deployments increase, IT architects often worry about increased activity on already taxed infrastructures. Our own Mike Bushong is our resident expert on this topic and he penned an interesting blog post this week on networking’s atomic unit and “going small to scale up.” Creating smaller units of capacity makes the network easier to manage, and most importantly, scale. It’s definitely worth a read before heading out to trick-or-treat.
In this week’s PlexxiTube of the week, Dan Backman explains failure scenarios in case of hardware or software outages in a Plexxi pod design.
Network architect Brian Heder contributed an article to Network World this week on the importance and challenges of simplicity in computer network design. While I think Heder’s list is solid, I would add an additional obstacle to network simplicity: customization. Avoid making your network environment Continue reading
Musing: Subscription License Economics
The rise of software licensing in networking changes some of my assumptions about the 5 year cost of ownership of products. Roughly, lets assume that you are buying virtual appliances like firewalls, DNS/DHCP, IDS/IPS, proxy servers and load balancers and that you pay some type of yearly license to use the product. Capital Upfront The legacy […]
The post Musing: Subscription License Economics appeared first on EtherealMind.
Calculating burst size for class-of-service
Burst sizes need to be calculated if you are implementing policers or shapers on Junos devices so that the policer or shaper can control the flow of traffic appropriately. Too small a burst size and TCP applications will have terrible throughput. Too large a burst size and the policer won’t be very effective – the bursts are so large they cancel out the effect of the policing because as one burst ends another one is just about to begin.
The situation is described reasonably well on the Juniper site here, and also in O’Reilly’s excellent MX book. But in both places the mathematics of the calculation is hidden in a paragraph of text – not written out properly and showing the workings. That makes for confusion in my mind.
It’s actually a fairly easy calculation, but isn’t presented well. I finally sat down to work out what it meant.
The easy way to calculate burst size for low bandwidth (i.e. T1/E1 etc) interfaces is 10 times the MTU of the interface. The problem with this is (as you see in figure 3 in the Juniper link above) that on 1500-byte Ethernet this Continue reading
Junos Apply-Path – A Step Closer To Heaven
I have a list of things I mean to blog about, and the Junos Apply-Path feature has been on there for way too long without being actions. As I said when I kicked off the “30 Blogs in 30 Days” … Continue reading
If you liked this post, please do click through to the source at Junos Apply-Path – A Step Closer To Heaven and give me a share/like. Thank you!
Halloween Career Advice from the Damned
“Now, as you look through this document you’ll see that I’ve underlined all the major decisions I ever made to make them stand out. They’re all indexed and cross-referenced. See? All I can suggest is that if you take decisions that are exactly opposite to the sort of decisions that I’ve taken, then maybe you […]
Author information
The post Halloween Career Advice from the Damned appeared first on Packet Pushers Podcast and was written by Glen Kemp.
Response: I’m Terrified of My New TV
Smart Televisions are tracking everything you do and sending that data to unknown services: The amount of data this thing collects is staggering. It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email […]
The post Response: I’m Terrified of My New TV appeared first on EtherealMind.
Make Rip-and-Replace a bit less Creepy
It was a dark and stormy Halloween night and a networking engineer was stuck in a data center facing a Mission Impossible project: replace a failing Cat6500 with a brand-new Nexus 7000. Shouldn’t have been a problem, if only the cables were labeled.
Read more ...PDU-12C
"After all, what's the best part of Halloween?" Jimmy pleaded over the phone. He was trying yet again to convince Tom to skip work for the night and head over to the party he was throwing. Tom and Jimmy were good friends, but he already knew how the conversation was going to end.
"I dunno, the candy?" Tom played dumb.
"No, the eye candy! I'm telling you bro, you don't want to miss it. Rachel will be there." Jimmy sang the last bit tauntingly.
"I told you," Tom countered. "I've got work." It was around 6pm now, and he was just pulling into the parking lot outside the data center where he planned to spend the night recabling several racks of equipment. The scariest part of his Halloween would be picking through years' worth of undressed patch cabling.
"I don't get why you have to do that shit at night anyway. Why can't you do it during the day when you're stuck at work anyway?" Jimmy prodded.
Tom parked across from the building's entrance and turned off his car. Other than a couple vehicle belonging to the operations staff, the parking lot was deserted. He Continue reading
Happy Tenth Anniversary Arista Networks!
Every year at Arista has been filled with milestones and enriching memories. I want to acknowledge and thank each and every Arista well-wisher for contributing to this incredible experience. So let’s take a walk together down memory lane and look back on our journey from start-up to a now public company. I think of Arista’s first decade as being comprised of three phases:
2004+ Our Humble Beginnings:
Funded in a unique fashion, without traditional venture capital investment, Arista (first called Arastra, located on Arastradero road in Palo Alto) was placed in a unique position. Our founders, Andy and David, were our funders, too, and they cared deeply about building the company with the right technology foundation. Ken Duda, also a founder and our EOS software genius, brought a radical, resilient and programmable network-OS for modern, disruptive applications. Bringing some of the best and brightest engineering minds together resulted in an innovative network-wide operating system that challenged legacy enterprise switching vendors. Andy Bechtolsheim and I launched the company officially in October 2008. With just 50 engineers we gained 50 customers by the end of 2008, proving what small focused teams could accomplish. Our early adopters welcomed us as a breath of Continue reading
Show 210 – SPB Implementation Fundamentals
Dominik and Ricki Cook join Packet Pushers Greg Ferro and Ethan Banks in a hands-on exploration of Shortest Path Bridging, IEEE 802.1aq. Most of us have had our hands on Avaya gear that does SPB — Ethan in the lab, and Dominik + Ricki in production environments. We go through the basic goals, setup, and commands […]
Author information
The post Show 210 – SPB Implementation Fundamentals appeared first on Packet Pushers Podcast and was written by Ethan Banks.
Retro installation wizard
Just upgrading my soundcard drivers to some newer ones that were issued in 2012, and the wizard they use for this appears to be from 1995!
20-year-old graphics!
Ruckus Wireless User? Here’s your OS X Yosemite Warning.
A quick post today. As you may recall, I run two Ruckus Wireless APs at home – a Zoneflex 7982 AP and a Zoneflex 7363 AP managed by a Zone Director 1106. The ZF7982 and ZD1106 were provided courtesy of Ruckus … Continue reading
If you liked this post, please do click through to the source at Ruckus Wireless User? Here’s your OS X Yosemite Warning. and give me a share/like. Thank you!
Take a break and watch two recent engineering talks
Recently, I spoke at the dotGo 2014 conference in Paris and my colleague (and creator of OpenResty) Yichun Zhang spoke at the first NGINX conference in San Francisco.
If you need to take a break, go grab a drink and enjoy one of these two talks.
The Latest and Greatest from ngx_lua: New Features & Tools
Tired of writing NGINX C-modules or setting-up back-end application servers? The ngx_lua module was created to save time and pain, while opening up new possibilities in the world of NGINX. The ngx_lua module embeds the Lua dynamic language into the NGINX core, turning NGINX into a highly scriptable proxy server. Many use it as a non-blocking full-stack web application server as well--also known as OpenResty.
Led by ngx_lua co-creator and sole-maintainer, CloudFlare’s Yichun Zhang, this presentation will introduce all the latest features implemented in the ngx_lua module as well as other new tools. Yichun will focus on features including: light threads, websockets, timers, NGINX worker initialization hooks, SSL/TLS coroutine-based sockets (or “cosockets”), full-duplex cosockets and more.
. .
The session wraps-up covering new advanced tools to troubleshoot and profile ngx_lua-based systems including dynamic tracing utilities based on Systemtap and GDB extension commands.
I came for the Continue reading
The Power of Correlated Visualization
I am sure our work environment is not all that different from many others. There are large whiteboards everywhere and you cannot find a meeting room that does not have circles, lines and squares drawn on them. Some of our favorite bloggers have written blogs about network drawing tools and aids. Probably not restricted to just networking folks, but we certainly love to visualize the things we do. Out of all the customers I have visited, the amount of them where one of us did not end up on a whiteboard can probably be counted on one hand.
It is not surprising that we are drawn to diagrams of the networks we have created. We build our network one device at a time, then use network links to connect the next and on we go until our network is complete. Which of course it never is. To track how we have connected all our devices we need diagrams. They tell us what devices we have, how they are attached to each other, how they are addressed and what protocols we have used to govern their connectivity. They are multi layered and the layers are semi independent.
I have previously said Continue reading