Thoughts on Networked Storage and Performance (Its not about Bandwidth)
Networked storage has multiple angles on performance
OMG: VTP Is Insecure
One of my readers sent me an interesting pointer:
I just watched a YouTube video by a security researcher showing how a five line python script can be used to unilaterally configure a Cisco switch port connected to a host computer into a trunk port. It does this by forging a single virtual trunk protocol (VTP) packet. The host can then eavesdrop on broadcast traffic on all VLANs on the network, as well as prosecute man-in-the-middle of attacks.
I’d say that’s a “startling revelation” along the lines of “OMG, VXLAN is insecure” – a wonderful way for a security researcher to gain instant visibility. From a more pragmatic perspective, if you enable an insecure protocol on a user-facing port, you get the results you deserve1.
While I could end this blog post with the above flippant remark, it’s more fun considering two fundamental questions.
OMG: VTP Is Insecure
One of my readers sent me an interesting pointer:
I just watched a YouTube video by a security researcher showing how a five line python script can be used to unilaterally configure a Cisco switch port connected to a host computer into a trunk port. It does this by forging a single virtual trunk protocol (VTP) packet. The host can then eavesdrop on broadcast traffic on all VLANs on the network, as well as prosecute man-in-the-middle of attacks.
I’d say that’s a “startling revelation” along the lines of “OMG, VXLAN is insecure” – a wonderful way for a security researcher to gain instant visibility. From a more pragmatic perspective, if you enable an insecure protocol on a user-facing port, you get the results you deserve1.
While I could end this blog post with the above flippant remark, it’s more fun considering two fundamental questions.
Gratuitous ARP – GARP
GARP (Gratuitous ARP): Is an ARP message sent without request. Mainly used to notify other hosts in the network of a MAC address assignment change. When a host receives a GARP it either adds a new entry to the cache table or modifies an existing one. I will expand more about GARP in the next section, as it’s the one that concerns us most from a security point of view.
Gratuitous ARP
GARP messages
GARP Request: A regular ARP request that contains the source IP address as sender and target address, source MAC address as sender, and broadcast MAC address (ff:ff:ff:ff:ff:ff) as a target. There will be no reply to this request
GARP Reply: The source/destination IP addresses AND MAC addresses are set to the sender addresses. This message is sent to no request.
GARP Probe: When an interface goes up with a configured IP address, it sends a probe to make sure no other host is using the same IP; hence, preventing IP conflicts. A probe has the sender IP set to zeros (0.0.0.0), the target IP is the IP being probed, the sender MAC is the source MAC, and the target MAC address Continue reading
Pluribus named a Futuriom 40 Cloud Infrastructure and Communications Company
Pluribus is humbled and grateful to be named to the 2022 Futuriom 40, joining a group of companies that are all doing remarkable things in the cloud.
The post Pluribus named a Futuriom 40 Cloud Infrastructure and Communications Company appeared first on Pluribus Networks.
Pluribus named a Futuriom 40 Cloud Infrastructure and Communications Company
Scott Raynovich and the team at Futuriom have compiled their list of private companies that are making waves in cloud infrastructure. Futuriom knows this landscape and the customer trends thoroughly and recognizes companies that are innovating to stay ahead of the market, and delivering what customers need to achieve an agile cloud operating model across all of their distributed cloud locations.
Pluribus is humbled and grateful to be named to the 2022 Futuriom 40, joining a group of companies that are all doing remarkable things in the cloud. As Scott points out in the report and in this Forbes article, the market for cloud technology innovation will remain strong, as “…in many cases, traditional enterprise networking architectures aren’t useful for connecting to the cloud applications and platforms.” Pluribus is dedicated to simplifying cloud networking as organizations grapple with the new realities of the distributed cloud.
Of the top trends in the report, one of them is focused on networking across distributed clouds. Futuriom describes it as follows:
Distributed Cloud Infrastructure: Networking and connectivity platforms need to be engineered to connect cloud resources ranging from the edge to the public cloud. This has computer, networking, and storage elements, Continue reading
Network Engineer Salary
Network Engineer Salary, Average Network Engineer Salary, and Senior Network Engineer Salary
Many people have been searching these words on OrhanErgun.Net for some time.
Many people also have been asking me, how much they can earn monthly if they start their Network Engineering career or if they change the country, as an experienced Senior Network Engineer how much they can get.
Check these courses on CCNP Course and CCIE course content for becoming a better Network Engineer and definitely getting a higher salary as well.
I think the answer depends on many criterias. Since this post will be read by people all around the world, it is important to share some insights on the topic.
Before talking about dependencies, you should know some facts about the CCNA, CCNP, and CCIE certification. These are some of the most popular certifications which help you to get or change jobs. Of course, as of 2022, Cloud Computing and Network Automation jobs are getting very popular and there are some certifications for those technologies as well.
But I will use Cisco examples in this post.
Unlike CCDE, Cisco CCNP and Cisco CCIE Certification is known by the recruiters very Continue reading
is CCIE still worth it in 2022? CCIE vs Network Automation or something else?
Is CCIE still worth it in 2022?
I have been seeing this discussion on social media, especially Linkedin and Twitter for some time. In this post, I will be sharing my opinions on it and hope it can help the decision of some Network Engineers who follow our blog.
As of 2022, you may realize that many Evolving Technologies getting a lot of attention and I think, most of them deserve the attention.
These are SD-WAN, SDA, Cloud Computing, Network Automation and Programmability, SDN, IOT we can say. Of course, there are many other technologies if you are dealing with Security, Wireless, Service Provider, Datacenter or many other domains of IT.
But, as a certification, if we remember the subject of this post: Is CCIE still worth it in 2022?.
CCIE is not just a technology but as a certificate, deals with many technologies and products.
And, there are many different CCIE Tracks. CCIE Enterprise is the most popular one and I will give my examples by using CCIE Enterprise Infrastructure Exam as it is the by far most popular and most well-known by the Network Engineering community.
CCIE Enterprise Infrastructure exam doesn’t only cover Continue reading
Chiplets: The First Step To Integrated Silicon Photonics For Faster Interconnects At Lower Cost
Merchant silicon applies Moore’s Law to Ethernet switching with astounding results, well documented by tech luminary Andy Bechtolsheim almost four years ago. Since then, switch chips have doubled their throughput to 25.6 Tbps, powering products with up to 64 400GbE interfaces. The problem arises when trying to transmit electrical signals off chip because the power […]
The post Chiplets: The First Step To Integrated Silicon Photonics For Faster Interconnects At Lower Cost appeared first on Packet Pushers.
6 Barriers to Moving and Managing Legacy Data to the Cloud
When moving legacy data to cloud, companies must overcome several barriers to take full advantage of the benefits a cloud architecture can offer.Cisco NCS 5500 Series Routers
Cisco already supports industry standard sFlow telemetry across a range of products and the recent IOS-XR Release 7.5.1 extends support to Cisco NCS 5500 series routers.
Note: The NCS 5500 series routers also support Cisco Netflow. Rapidly detecting large flows, sFlow vs. NetFlow/IPFIX describes why you should choose sFlow if you are interested in real-time monitoring and control applications.
The following commands configure an NCS 5500 series router to sample packets at 1-in-20,000 and stream telemetry to an sFlow analyzer (192.127.0.1) on UDP port 6343.
flow exporter-map SF-EXP-MAP-1
version sflow v5
!
packet-length 1468
transport udp 6343
source GigabitEthernet0/0/0/1
destination 192.127.0.1
dfbit set
!
Configure the sFlow analyzer address in an exporter-map.
flow monitor-map SF-MON-MAP
record sflow
sflow options
extended-router
extended-gateway
if-counters polling-interval 300
input ifindex physical
output ifindex physical
!
exporter SF-EXP-MAP-1
!
Configure sFlow options in a monitor-map.
sampler-map SF-SAMP-MAP
random 1 out-of 20000
!
Define the sampling rate in a sampler-map.
interface GigabitEthernet0/0/0/3
flow datalinkframesection monitor-map SF-MON-MAP sampler SF-SAMP-MAP ingress
Enable sFlow on each interface for complete visibilty into network traffic.
The diagram shows the general architecture of an sFlow monitoring deployment. All the switches stream sFlow telemetry to a central sFlow analyzer Continue reading