Worth Reading: Do We Need Segment Routing?
Etienne-Victor Depasquale sent me a pointer to an interesting NANOG discussion: why would we need Segment Routing. It’s well worth reading the whole thread (until it devolves into “that is not how MPLS works” arguments), which happens to be somewhat aligned with my thinking:
- SR-MPLS makes perfect sense (excluding the migration-from-LDP fun)
- SRv6 (in whatever incantation) is mostly a vendor ploy to sell new chipsets.
Enjoy!
Tips for Job Seekers In 2021
The year 2020 has been a rough ride. A lot of companies went out of business and a lot of people lost their jobs. However the job market is continuously evolving and it is still very competitive even after taking a hit during the pandemic. Technology is changing the way that employers find employees and employees find employers.
Employers are always looking for creative, efficient, innovative and empathetic individuals who are productive and can help in creating a better workplace for everyone. Employees will be looking for organizations who have a clear mission statement and are able to provide them with structure, clarity and meaning in their work.
Let’s take a look at some of the tips for job seekers in 2021.
You Need To Have a Portfolio
The first thing that a job seeker needs to do is have a portfolio of work that they can show off to potential employers. It’s no longer good enough just to have a CV, they need an online presence that reflects their personality and creativity.
Keep Your Online Profile Updated
Job seekers also need to make sure that they are on top of new developments in the industry and keep their LinkedIn Continue reading
New 5G LAN Technology Advances QoS Across The Enterprise
Recent technical advances allow network managers to automate the enforcement of quality of service (QoS) thresholds at a per-application level across both the 5G RAN and enterprise LAN.Calico on EKS Anywhere
Amazon EKS Anywhere is an official Kubernetes distribution from AWS. It’s a new deployment option for Amazon EKS that allows the creation and operation of on-premises Kubernetes clusters on your existing infrastructure.
Since its general availability release, we’ve been working hard to ensure support for Calico on EKS Anywhere, and are happy to announce that users can now choose to use Calico for container networking and security. This gives organizations already using or planning to adopt EKS Anywhere the flexibility to choose the best container networking solution for their needs. Organizations currently using Calico can add EKS Anywhere clusters and use the same Calico solution for networking and security across on-premises and cloud platforms.
Let’s take a look at how you can get started with Calico on EKS Anywhere.
Notes:
- This procedure is disruptive; it cannot be used to migrate a cluster with applications “in-service”
- Be aware that, at present, Amazon is unlikely to be able to provide support for a cluster built in this way
Install EKS Anywhere
Install EKS Anywhere as normal on vSphere, by following this documentation.
Install the Cilium CLI and uninstall Cilium
Removing Cilium from a cluster requires using the Cilium CLI, so Continue reading
Network certification for Microsoft Azure
Microsoft recently (well, maybe a couple months ago at this point) released a new certification focusing on the networking aspect of Microsoft Azure. This provides a great primer to get familiar with the Microsoft cloud from a connectivity perspective especially for those out there who are responsible maintaining cloud connectivity for Azure. The exam is […]VMware Achieves Industry-First AAA Rating for Network Detection & Response from SE Labs
In the first public test of is kind for Network Detection and Response, SE Labs awards the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR). The modern cyber battlefield is everywhere, and every attacker has to traverse multiple networks and in most cases many firewalls to achieve their goals. Internal to networks they look to move freely within the environment discovering valuable information they wish to exfiltrate. As attackers have continually innovated so must the industry and our testing. As a leader in the security industry, VMWare has gone through the industry’s first Network Detection and Response (NDR) test and received a AAA rating. It is well-known that attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and testing.
VMware customers can be assured that their data is better protected in this new arena as they continue to modernize their application and network infrastructure as part of their digital transformation initiatives.
According to the results from SE Labs, VMware NSX Continue reading
Measuring Hyper-Threading and Turbo Boost
We often put together experiments that measure hardware performance to improve our understanding and provide insights to our hardware partners. We recently wanted to know more about Hyper-Threading and Turbo Boost. The last time we assessed these two technologies was when we were still deploying the Intel Xeons (Skylake/Purley), but beginning with our Gen X servers we switched over to the AMD EPYC (Zen 2/Rome). This blog is about our latest attempt at quantifying the performance impact of Hyper-Threading and Turbo Boost on our AMD-based servers running our software stack.
Intel briefly introduced Hyper-Threading with NetBurst (Northwood) back in 2002, then reintroduced Hyper-Threading six years later with Nehalem along with Turbo Boost. AMD presented their own implementation of these technologies with Zen in 2017, but AMD’s version of Turbo Boost actually dates back to AMD K10 (Thuban), in 2010, when it used to be called Turbo Core. Since Zen, Hyper-Threading and Turbo Boost are known as simultaneous multithreading (SMT) and Core Performance Boost (CPB), respectively. The underlying implementation of Hyper-Threading and Turbo Boost differs between the two vendors, but the high-level concept remains the same.
Hyper-Threading or simultaneous multithreading creates a second hardware thread within a processor’s core, also known Continue reading
Graceful Restart and Other Control Plane Protocols
In the Graceful Restart 101 blog post, I promised to discuss the ugly parts of this concept in a follow-up post. It turns out we’ll need more than one; today, we’ll focus on other control plane protocols in an access network scenario.
Imagine an access router with multiple uplinks serving a bunch of non-redundantly-connected customers:
Non-redundant access network
Graceful Restart and Other Control Plane Protocols
In the Graceful Restart 101 blog post, I promised to discuss the ugly parts of this concept in a follow-up post. It turns out we’ll need more than one; today, we’ll focus on other control plane protocols in an access network scenario.
Imagine an access router with multiple uplinks serving a bunch of non-redundantly-connected customers:
Non-redundant access network
Wi-Fi 5 Vs. Wi-Fi 6
Wi-Fi 6 also known as 802.11ax is the latest generation of 802.11 WiFi standard and the successor of Wi-Fi 5 aka 802.11ac. Wi-Fi 6 increases user throughput by more efficient spectrum usage, provides larger signal coverage and reduces the power consumption. In the following section, we will discuss the significant improvements of Wi-Fi 6 over […]Continue reading...
Open Intelligence Gathering: Light and Dark
A few weeks ago, I asked my manager, Chris Bareford, if he would approve the purchase of a licence to use the https://www.shodan.io open intelligence platform. I was both vague and detailed enough to justify the purchase, something about gathering threat intelligence as far as I can recall. My request was approved, and I am now in possession of the Shodan freelancer API entitlement. This is useful to me in automating certain intelligence and discovery tasks.
This blog, however, is NOT about the Shodan freelancer API.
Part of my job is to help enable cyber readiness for both my internal colleagues and my customers and prospective customers, and as part of this remit I publish a weekly threat landscape report, which is essentially a collection of things I have found to be interesting (and/or concerning) during the previous week from a cyber-security perspective. One element of this report covers what I would consider to be largely opportunistic attacks (or probes), and so I summarize an anonymized set of the past week’s common vulnerabilities & exposures (CVE) that VMware customers have had. When collating this type of information on a regular basis, what you notice is that, in addition Continue reading
Understanding How Facebook Disappeared from the Internet
“Facebook can't be down, can it?”, we thought, for a second.
Today at 15:51 UTC, we opened an internal incident entitled "Facebook DNS lookup returning SERVFAIL" because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something else more serious was going on.
Social media quickly burst into flames, reporting what our engineers rapidly confirmed too. Facebook and its affiliated services WhatsApp and Instagram were, in fact, all down. Their DNS names stopped resolving, and their infrastructure IPs were unreachable. It was as if someone had "pulled the cables" from their data centers all at once and disconnected them from the Internet.
This wasn't a DNS issue itself, but failing DNS was the first symptom we'd seen of a larger Facebook outage.
How's that even possible?
Update from Facebook
Facebook has now published a blog post giving some details of what happened internally. Externally, we saw the BGP and DNS problems outlined in this post but the problem actually began with a configuration change that affected the entire internal backbone. That cascaded into Facebook and other properties disappearing and Continue reading