In the good old days of IPv4, an interface on a host could have only one IPv4 IP address. Things were very simple, every IP host would use that one address as the source IP for all communication. When we get into IPv6, each interface can have multiple IPv6 addresses. These addresses have different scopes such as global, unique-local and link-local. If an IPv6 enabled host would like to send a packets to another host, which source IPv6 address does it choose? What if it has four addresses: 2001:10::3/64 (Global from ISP A), 2001:23::3/64 (Global from ISP B), fc00:23::3/64 (Unique-Local) and fe80:23::3 (Link-Local)?
As with almost everything there is a nice RFC written on this topic. RFC6724 Default Address Selection for Internet Protocol Version 6 (IPv6) defines how to select a source IPv6 address. It mentions eight rules for source selection, here is the summary and translation:
Rule 1: Prefer same address
Rule 2: Prefer appropriate scope
Rule 3: Avoid deprecated addresses
Rule 4: Prefer home addresses
Rule 5: Prefer outgoing interface
Rule 6: Prefer matching label
Rule 7: Prefer temporary addresses
Rule 8: Use longest matching prefix
In the remainder of Continue reading
Sakura Internet operates several data centers across Japan, including this one, and my team is in charge of building and taking care of our IP backbones. In this article, I will introduce the ongoing process of upgrading our DDoS mitigation solution, which happens to be a down-to-earth, if not widely applicable, use case for OpenFlow. […]
The post OpenFlow 1.0 Actual Use-Case: RTBH of DDoS Traffic While Keeping the Target Online appeared first on Packet Pushers Podcast and was written by Tamihiro Yuzawa.
SDN innovation has been primarily focused on the data center where centralized network programmability has been shown to be capable of providing many benefits to the complex and dynamic (on-demand) data center environment. Service provider networks will also benefit from SDN. Traversing a service provider network involves crossing different network types, technologies, layers and administrative domains. SDN solutions, including OpenFlow’s programmatic control, will provide capabilities unique to these service provider technologies. Huawei presents an architecture that expands SDN into multiple, task specific, controllers and domains and extends networking control across all of the service provider network dimensions.
The post Show 142 – Huawei – End to End SDN Strategy – Sponsored appeared first on Continue reading
This post represents the solution and explanation for quiz-9. There are some challenges to allow an authenticated MD5 BGP session via a firewall, involving TCP Options. Let's see what happens!
It’s been a busy week for network engineers world wide, rerouting around broken optical links and of course the 300Gb/s DDOS attack towards Spamhaus and Cloudflare. This DDOS has been classified as the largest DDOS attack ever recorded and has been written about quite a bit in mainstream media.
There’s been a bit of discussion about how much this DDOS actually slowed down the Internet globally. Fact is that the Internet didn’t come to a halt but the large amount of new traffic that had to be handled by some of the carriers did result in congestion and significant packet loss by some of the Tier1 carriers last weekend. In this blog post we’ll look at this event from the routing perspective, what effects did this have on the Internet Exchanges and we’ll also look at some BGP hijacks related to this attack.
BGP hijack affecting Spamhause
The majority of the attack towards SpamHaus and cloudflare was a brute-force DDOS of attack. But in an attempt to affect spamhause services different techniques were used, one of them was a BGP hijack by the alleged initiator of the attack. Greenhost.nl has a great description on their blog about how AS34109 Continue reading
Join Mrs. Y, Taylor Banks and esteemed Nerd Captain Ivan Pepelnjak for another exciting episode of Healthy Paranoia! In this installment, we discover the day the security industry stood still for Bro IDS with expert and project contributor Liam Randall. Just a few of the fun facts you’ll learn include: The real meaning of “bromance.” […]
The post Healthy Paranoia Show 11: Bro – the Outer Limits of IDS appeared first on Packet Pushers Podcast and was written by Mrs. Y.
As I do most days, I took a walk in the woods at the back of my garden after a hearty dinner. I was quite surprised to come across a small wooden yellow door I’d never seen before, set into the trunk of a tree I’d never noticed until today. I opened the door and squeezed […]
The post A Small Yellow Wooden Door: Thinking Practically About SDN appeared first on Packet Pushers Podcast and was written by Steven Iveson.
In this show we speak with Michael Haugh, the chairperson of Testing and Interoperability Working Group https://www.opennetworking.org/working-groups/testing-a-interop at the Open Networking Foundation. Michael is a Senior Product Line Manager and oversees Ixia’s Carrier Ethernet go-to-market strategy and product line on the Ixia core and IxN2X platforms. Michael has been in networking for 17 years and […]
The post PQ Show 23 – OpenFlow and SDN – ONF Testing & Interoperability with Michael Haugh appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Network engineers deal with technical support frequently. That’s the nature of the networking business: the products often don’t work as advertised or break down under their own complexity. Throw in some ambiguous documentation that leaves you scratching your head, and you’ll finally resort to opening a case with the vendor to resolve the issue. In […]
The post Handling Tech Support Interaction Effectively appeared first on Packet Pushers Podcast and was written by Ethan Banks.
Your company makes a new contract with a Partner Company for a new research project. To provide network connectivity, NAT is being configured on your side but something does not work as desired. What is it?