Highlights: Multi-Threaded Routing Daemons

The multi-threaded routing daemons blog post generated numerous in-depth comments here and on LinkedIn. As always, thanks a million for keeping me honest and providing more details or additional perspectives. Here are some of the best bits.

Jeff Tantsura provided the first dose of reality:

All modern routing protocols implementations are multi-threaded, with a minimum separation of adjacency handling, route calculations and update generation. Note - writing multi-threaded code for complex tasks is a non trivial exercise (you could search for thread safety and similar artifacts and what happens when not implemented correctly). Moving to a multi-threaded code in early 2010s resulted in a multi-release (year) effort and 100s of related bugs all around.

Dr. Tony Przygienda added his hands-on experience (he’s been developing routing protocol software for ages):

Highlights: Multi-Threaded Routing Daemons

The multi-threaded routing daemons blog post generated numerous in-depth comments here and on LinkedIn. As always, thanks a million for keeping me honest and providing more details or additional perspectives. Here are some of the best bits.

Jeff Tantsura provided the first dose of reality:

All modern routing protocols implementations are multi-threaded, with a minimum separation of adjacency handling, route calculations and update generation. Note - writing multi-threaded code for complex tasks is a non trivial exercise (you could search for thread safety and similar artifacts and what happens when not implemented correctly). Moving to a multi-threaded code in early 2010s resulted in a multi-release (year) effort and 100s of related bugs all around.

Dr. Tony Przygienda added his hands-on experience (he’s been developing routing protocol software for ages):

Amazon announces third generation of Graviton processors

At its annual re:Invent conference, Amazon Web Services announced the newest generation of its Arm-based Graviton processors, the Graviton 3, which the company claims will be 25% or more faster than the last-generation chips  in key workloads.The 25% is likely for integer workloads, because AWS also said the Graviton 3 boasts double the floating-point performances (FLOP), a three-fold performance improvement in machine-learning workloads, and better cryptographic performance. AWS also claims the new chips will use 60% less power.[Get regularly scheduled insights by signing up for Network World newsletters.] The chips will power new EC2 C7g instances in the AWS cloud. The chips and instances will be the first to use DDR5 memory, which delivers 50% higher bandwidth than DDR4 but with a much lower power draw.To read this article in full, please click here

Amazon announces third generation of Graviton processors

At its annual re:Invent conference, Amazon Web Services announced the newest generation of its Arm-based Graviton processors, the Graviton 3, which the company claims will be 25% or more faster than the last-generation chips  in key workloads.The 25% is likely for integer workloads, because AWS also said the Graviton 3 boasts double the floating-point performances (FLOP), a three-fold performance improvement in machine-learning workloads, and better cryptographic performance. AWS also claims the new chips will use 60% less power.[Get regularly scheduled insights by signing up for Network World newsletters.] The chips will power new EC2 C7g instances in the AWS cloud. The chips and instances will be the first to use DDR5 memory, which delivers 50% higher bandwidth than DDR4 but with a much lower power draw.To read this article in full, please click here

Cisco hit with software and physical issues

Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware.First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail.The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible.To read this article in full, please click here

Cisco hit with software and physical issues

Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware.First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail.The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible.To read this article in full, please click here

Use dmseg to check your Linux system’s kernel message buffer

The dmesg command displays the content of the kernel's message buffer since the system's most recent boot. It displays a lot of details on how the system is working and problems it might be running into that you won't normally see. That can be a lot of data, but there are several tricks for paring it down.For example, Even though the system queried below has only been up a little more than three days, it's collected more than a thousand lines of data.$ dmesg | wc -l 1034 Linux security: Cmd provides visibility, control over user activity [Get regularly scheduled insights by signing up for Network World newsletters.] If you type only dmesg, you will see all available data. Sudo access is not required. You can also pipe the output of dmesg to the more and less commands to scan through it or simply pipe the output to grep, but the command itself provides a lot of options for selecting the most relevant information from the file.To read this article in full, please click here

Use dmseg to check your Linux system’s kernel message buffer

The dmesg command displays the content of the kernel's message buffer since the system's most recent boot. It displays a lot of details on how the system is working and problems it might be running into that you won't normally see. That can be a lot of data, but there are several tricks for paring it down.For example, Even though the system queried below has only been up a little more than three days, it's collected more than a thousand lines of data.$ dmesg | wc -l 1034 Linux security: Cmd provides visibility, control over user activity [Get regularly scheduled insights by signing up for Network World newsletters.] If you type only dmesg, you will see all available data. Sudo access is not required. You can also pipe the output of dmesg to the more and less commands to scan through it or simply pipe the output to grep, but the command itself provides a lot of options for selecting the most relevant information from the file.To read this article in full, please click here

Bumps in the road for open RAN

Open standards for radio access networking (RAN) technology have long been hyped as a way for mobile network operators to control the costs of 5G deployment, but some experts are beginning to question that potential, and legal difficulties for vendors working on the standard continue to arise.The idea behind open RAN is relatively simple. Using a standards-based approach to carrier radio equipment would allow carriers to mix and match the gear they use in base stations--freeing them from the traditional vertical integration of such equipment and potentially making the market more competitive, driving prices down.[Get regularly scheduled insights by signing up for Network World newsletters.] But this requires a considerable degree of coordination from companies like Ericsson, Nokia and Samsung that aren’t used to working cooperatively with one another. And some reports suggest that the hype around open RAN is considerably exaggerated.To read this article in full, please click here

Get Moving: 3G Sunsetting Deadline is Rapidly Approaching

They’ll Remember The Rage Monster

I was tired. Very tired. Tired in my brain. Tired in my body. I needed to eat, puke, and scream…all of those things as soon as possible. Big cutovers are like that. You know the kind of change I’m talking about. The kind where you only get a maintenance window twice a year, so you plan to throw in the new core switch pair because that’s easy, re-tool the BGP peering that twelve other changes are waiting for, and bring up the new firewall all in one night.

Stupid! Unthinkable! Small changes only!! I mean…obviously. Of course. But sometimes, that’s just not the way it works out. And so it was that after several hours of executing a meticulously planned change that would create the network foundation for the company’s big plans, I needed to eat, puke, and scream.

You see, the change hadn’t got entirely well. It had only gone mostly well. The core switch upgrade really was easy. The BGP peering work went well enough. The new firewall was a fight, though.

At first, the firewall pair wouldn’t pass traffic. At all. Despite a lovely routing table and so on. After sitting in the freezing data center for Continue reading

No REST For The Wicked

So far, this series has explored applying the Model, View, Controller (MVC) software design pattern to infrastructure with purely Python-driven network automation. We have created a fully function infrastructure-as-software application using the out-of-the-box Django framework; a PostgreSQL database (Model); pyATS jobs (Controller); and the trinity of Python URLs and Views and Django Templating Language (DTL) […]

The post No REST For The Wicked appeared first on Packet Pushers.

4 Hot Network Security Acronyms You Must Know: ZTN, XDR, SASE, BYOD

Tech Bytes: The Security Fabric Advantage With Fortinet (Sponsored)

Today's Tech Bytes podcast is a security conversation--specifically security fabrics or ‘security mesh’ architectures: an integrated set of products that work together to help you manage risk in the network, on endpoints, and to do things like improve detection and response. Fortinet is our sponsor.

The post Tech Bytes: The Security Fabric Advantage With Fortinet (Sponsored) appeared first on Packet Pushers.

Tech Bytes: The Security Fabric Advantage With Fortinet (Sponsored)

Real-time Kubernetes cluster monitoring example

Network Break 362: AWS Announces Private 5G Service; FTC Says No To Nvidia’s Arm Grab

Today's Network Break covers two AWS announcements including a private 5G offering and new networking service, discusses why the FTC is against Nvidia acquiring Arm Holdings, examines a new security feature in Aviatrix, and more tech news.

The post Network Break 362: AWS Announces Private 5G Service; FTC Says No To Nvidia’s Arm Grab appeared first on Packet Pushers.

Network Break 362: AWS Announces Private 5G Service; FTC Says No To Nvidia’s Arm Grab

Tier 1 Carriers Performance Report: November, 2021

The post Tier 1 Carriers Performance Report: November, 2021 appeared first on Noction.

AWS partners to provide more cloud options

AWS is offering a variety of new connectivity options for enterprise customers to access distributed cloud resources.The new options – unveiled at the company’s re:Invent conference—are designed to give businesses new network options and build more secure access to on-premises and other cloud applications.[Get regularly scheduled insights by signing up for Network World newsletters.] A new network offering called AWS Cloud WAN is a managed service that promises to make it easier to build, manage, and monitor global traffic across a wide area network that spans multiple locations and networks—eliminating the need to configure and manage the different networks individually using different technologies.To read this article in full, please click here