DDoS mitigation hybrid OpenFlow controller
This article describes an additional example, using the sFlow-RT controller to implement the ONS 2014 SDN Idol winning distributed denial of service (DDoS) mitigation solution - Real-time SDN Analytics for DDoS mitigation.
 |
| Figure 1: ISP/IX Market Segment |
 |
| Figure 2: Novel DDoS Mitigation solution using Real-time SDN Analytics |
// Define large flow Continue reading
Quiz #23 – QoS on IPsec Tunnels
Type: Lab Difficulty: Advanced Company ABC runs a static VTI-based VPN tunnel between Site-1, hosting 192.168.1.1, and Site-2, hosting 192.168.5.5. BGP is configured between the two sites, over the VTI Tunnel, making all traffic between the sites to be encrypted/protected by IPsec. A new requirement is received from the customer, asking that all traffic from 192.168.1.1 (in Site-1) to 192.168.2.2 (in Site-2) must be prioritized. The network engineer creates the... [read more]Quiz #23 – QoS on IPsec Tunnels
Company ABC runs a static VTI-based VPN tunnel between Site-1, hosting 192.168.1.1, and Site-2, hosting 192.168.5.5. BGP is configured between the two sites, over the VTI Tunnel, making all traffic between the sites to be encrypted/protected by IPsec. The network engineer tries to configure QoS but something does not work !...
BFD in the new Avatar
We all love Bi-directional Forwarding Detection (BFD) and cant possibly imagine our lives without it. We love it so much that we were ready with sabers and daggers drawn when we approached IEEE to let BFD control the individual links inside a LAG — something thats traditionally done by LACP.
Having done that, you would imagine that people would have settled down for a while (after their small victory dance of course) — but no, not the folks in the BFD WG. We are now working on a new enhancement that really takes BFD to the next level.
There isnt anything egregiously wrong or missing per se in BFD today. Its just not very optimal in certain scenarios and we’re trying to plug those holes (and doing our bit to ensure that folks in data comm industry have ample work and remain perennially employed).
Ok, lets not be modest – there are some scenarios where it doesnt work (as we shall see).
So what are we fixing here?
Slow Start
Well for one, BFD takes awfully looooong to bring up the session. Remember BFD starts with sedate timers and then slowly picks up (each side needs to come to an agreement on the rate at Continue reading
Whats next…
I have a lot of non-technical related projects in the pipeline, but study wise, whats next up for me is the IOS XR specialist exam.
I think the blueprint for it looks interesting and it provides a way for me to learn more about IOS XR.
I don’t really have a date for the exam just yet as I’m taking it easy and trying to lab out as much as i can to have it stick.
I will be posting about anything i find interesting or different from Classic IOS. Right now I’m trying to figure out the details on the LPTS implemented on XR platforms. A way of protecting the management/control plane of the router.
Take care!
Why You Should Learn to Code
I took a few C++ and Visual Basic courses back in high shcool. Now, at that time, they didn’t teach the STL (Standard Template Library), I remember using conio.h allot...[[ Summary content only, you can read everything now, just visit the site for full story ]]
Parsing a Routing Table with Python – Part 2
How a properly formatted data structure and a non-formatted data structure look like. Here, we’re going to convert the output of the popular show ip route..[[ Summary content only, you can read everything now, just visit the site for full story ]]
Impact of the FCC 5 GHz U-NII Report & Order on Wi-Fi Networks
Following the news release of the FCC's actions to change some technical rules for the 5 GHz U-NII bands, the official Report and Order was released on Tuesday.I've read through the R&O, and here are the technical modifications that were approved:
- U-NII 1 band (5.150 - 5.250 GHz) indoor operation restriction is removed. This allows use of the band for outdoor hotspots, WISPs, and bridge links. The growth of public hotspots will clearly benefit from this change.
- U-NII 1 band (5.150 - 5.250 GHz) power level restrictions are changed.
- AP power levels at the Intentional Radiator may be 1W (previously 50mW) and the EIRP may be 4W using a 6dBi antenna (previously 200mW), and following the 1dB reduction rule in transmitter power for every 1dB of antenna gain above 6dBi.
- Client power levels at the IR may be 250mW and the EIRP may be 1W, following the 1:1 dB reduction rule for antenna gain above 6dBi.
- WISPs may use up to 23dBi antennas on fixed point-to-point links without any corresponding reduction in transmitter power.
These changes help to unify the U-NII 1 band with the U-NII 2A/2C and U-NII 3 bands so Continue reading
Learn to Code
Background I took a few C++ and Visual Basic courses back in high shcool. Now, at that time, they didn’t teach the STL (Standard Template Library), I remember using conio.h allot, not really...[[ Summary content only, you can read everything now, just visit the site for full story ]]
Learn to Code
Background I took a few C++ and Visual Basic courses back in high shcool. Now, at that time, they didn’t teach the STL (Standard Template Library), I remember using conio.h allot, not really...[[ Summary content only, you can read everything now, just visit the site for full story ]]
Learn to Code
Background I took a few C++ and Visual Basic courses back in high shcool. Now, at that time, they didn’t teach the STL (Standard Template Library), I remember using conio.h allot, not really...[[ Summary content only, you can read everything now, just visit the site for full story ]]
Cisco, ACI, OpFlex and OpenDaylight
In, Cisco Submits Its (Very Different) SDN to IETF & OpenDaylight, SDNCentral editor Craig Matsumoto comments, "You know how, early on, people were all worried Cisco would 'take over' OpenDaylight? This is pretty much what they were talking about. It’s not a 'takeover,' literally, but OpFlex and the group policy concept steer OpenDaylight into a new direction that it otherwise wouldn’t have, one that Cisco happens to already have taken."
CIMI Corp. President, Tom Nolle, remarks "We’re all in business to make money, and if Cisco takes a position in a key market like SDN that seems to favor…well…doing nothing much different, you have to assume they have good reason to believe that their approach will resonate with buyers." - Cisco’s OpFlex: We Have Sound AND Fury
This article will look at some of the architectural issues raised by Cisco's announcement based on the following documents:
- OpenDaylight: Project Proposals:Group Based Policy Plugin
- IETF: OpFlex Control Protocol
Parsing a Routing Table with Python – Part 1
It's all in the API's, well, not exactly, not everything you want to get or parse is handed down in a nicely formatted XML file or JSON format.[[ Summary content only, you can read everything now, just visit the site for full story ]]
Parsing a Routing Table with Python – Part 1
It’s all in APIs! Well, not exactly, not everything you want to get or parse is handed down in a nicely formatted XML file or JSON format. These file structures translate to some type of data...[[ Summary content only, you can read everything now, just visit the site for full story ]]
Parsing a Routing Table with Python – Part 2
GETTING READY In the previous article (they’re split to make them easier to read) I talked about the theory and representation. How a properly formatted data structure and a non-formatted data...[[ Summary content only, you can read everything now, just visit the site for full story ]]
Parsing a Routing Table with Python – Part 1
It’s all in the API’s, well, not exactly, not everything you want to get or parse is handed down in a nicely formatted XML file or JSON format. These file structures translate to some type of data...[[ Summary content only, you can read everything now, just visit the site for full story ]]
Parsing a Routing Table with Python – Part 2
In the previous article (they’re split to make them easier to read) I talked about the theory and representation. How a properly formatted data structure and a non-formatted data structure look like....[[ Summary content only, you can read everything now, just visit the site for full story ]]
Parsing a Routing Table with Python – Part 2
In the previous article (they’re split to make them easier to read) I talked about the theory and representation. How a properly formatted data structure and a non-formatted data structure look like....[[ Summary content only, you can read everything now, just visit the site for full story ]]
Indonesia Hijacks the World
Yesterday, Indosat, one of Indonesia’s largest telecommunications providers, leaked large portions of the global routing table multiple times over a two-hour period. This means that, in effect, Indosat claimed that it “owned” many of the world’s networks. Once someone makes such an assertion, typically via an honest mistake in their routing policy, the only question remaining is how much of the world ends up believing them and hence, what will be the scale of the damage they inflict? Events of this nature, while relatively rare, are certainly not unheard of and can have geopolitical implications, such as when China was involved in a similar incident in 2010.
Keep in mind that this is how the Internet is designed to work, namely, on the honor system. Like Twitter and Facebook, where you can claim to be anyone you want, Internet routing allows you to lay claim to any network you want. There is no authentication or validation. None. But unlike Twitter and Facebook, such false claims propagate through the world in a matter of seconds and decisions, good or bad, are made algorithmically by routers, not humans. This means that innocent errors can have immediate global impacts. In this incident, Continue reading