For those not following the current state of the ITU, a proposal has been put forward to (pretty much) reorganize the standards body around “New IP.” Don’t be confused by the name—it’s exactly what it sounds like, a proposal for an entirely new set of transport protocols to replace the current IPv4/IPv6/TCP/QUIC/routing protocol stack nearly 100% of the networks in operation today run on. Ignoring, for the moment, the problem of replacing the entire IP infrastructure, what can we learn from this proposal?
What I’d like to focus on is deterministic networking. Way back in the days when I was in the USAF, one of the various projects I worked on was called PCI. The PCI network was a new system designed to unify the personnel processing across the entire USAF, so there were systems (Z100s, 200s, and 250s) to be installed in every location across the base where personnel actions were managed. Since the only wiring we had on base at the time was an old Strowger mainframe, mechanical crossbars at a dozen or so BDFs, and varying sizes of punch-downs at BDFs and IDFs, everything for this system needed to be punched- or wrapped-down as physical circuits.
The latest Network Break podcast examines Cisco's acquisition of Modcam for video analytics, discusses how the Mirai botnet takes advantage of vulnerable F5 load balancers, reviews financial results from Extreme and Arista, and tackles even more IT news.
The post Network Break 296: Cisco Acquires Video Analytics Company; F5 Gear Targeted By Botnet appeared first on Packet Pushers.
A firewall is a firewall, right? While on the surface that assumption may appear to be correct, a closer look reveals that there are critical differences between a traditional, appliance-based firewall that protects your network perimeter and a distributed, scale-out internal firewall that protects east-west traffic within your data center.
It’s true that both types of firewalls monitor network traffic, detect threats, and block malicious activity. However, appliance-based firewalls are designed to monitor north-south traffic, which has different volumes and characteristics than east-west traffic. Traditional north-south firewalls were never designed to be used interchangeably to protect both north-south and east-west traffic.
Figure 1: Data center traffic patterns
While it might appear to be the right choice, provisioning appliance-based firewalls for east-west traffic monitoring is not only expensive, it’s highly ineffective in delivering the level of control and performance required to protect growing numbers of dynamic workloads.
One of the most common drawbacks of using appliance-based firewalls as internal firewalls is the need to hairpin east-west traffic to and Continue reading
Scrubbing the Net: U.S. Secretary of State Mike Pompeo says he wants a “clean” Internet free of Chinese apps and network equipment, The Next Web reports. Pompeo also wants to keep U.S. cloud data away from Chinese companies and stop China from spying on traffic in undersea cables. Critics say Pompeo is trying to create a U.S. version of the Great Firewall of China. The Verge, meanwhile, says Pompeo’s announcement is “just bluster” for now.
NOTE: Please read the Internet Society’s statement on the U.S. Clean Network Program.
Trump vs. TikTok: In a related story, U.S. President Donald Trump has continued his fight against Chinese video app TikTok, recently issuing executive orders that would ban TikTok and fellow Chinese app WeChat in 45 days, CNet reports. Trump calls the use of these apps on U.S. devices a security problem, but he earlier gave TikTok time to sell to a more acceptable owner. Microsoft is interested in buying the video app.
Buy local: In yet another related story, the Economic Times reports that the use of locally made apps are surging after the Indian government took its own action against Chinese apps. In late June, Continue reading
We’ve just released NFA v 2.08 with several improvements and some cool new features to help network administrators take their IP flow
The post Noction Flow Analyzer v 2.08 with support for Ubuntu appeared first on Noction.
A lot of people out there are interested in knowing what your handshake says about you. It is an implicit gesture that inadvertently starts a discussion at practically any gathering. This form of greeting is your first impression on the person you just shook hands with.
As indicated by an observation, everybody should give close consideration to their handshake. You might not know, but people are forming judgments and their opinions of you based on the handshake that you just initiated with them!
Different people initiate different types of handshakes. So, keep reading to find out different types of handshakes and what your handshake says about you.
A double hander is a type where the person uses his other hand to keep on the back of the hand of the person he is shaking hands with. This may indicate that the one initiating it is accepting the dominance of the other person, but wants to have a further discussion with him. It can also mean that the person doesn’t trust the person he is shaking hands with and keeping his second hand on the back of the Continue reading
MPLS Applications, what are the MPLS Applications?. MPLS Applications mean MPLS Services. So what can we do with MPLS basically.
Although the very first purpose of MPLS was fast switching, by the time services/applications with MPLS evolved and there are just so many reasons to use MPLS.
Below are some of the most common use case , or in other words, Applications with MPLS.
Important MPLS applications/services for the network designers are listed below.
MPLS infrastructure can have all of the above MPLS application/ services at the same time. Most of them are architecture, so MPLS Labeling protocols itself (such as LDP, RSVP) are not enough for providing above applications/services.
Usually MPLS protocols, are used commonly with BGP, IGP and other protocols.
I just wanted to mention what people mean when they talk about MPLS applications, thus I am keeping post short but before I finish the post, let me recommend you a book, called . ‘ MPLS Continue reading
Integrated Services QoS – Hard QoS is first QoS approach, but currently we are not using. At the end of this post, you will know what is Integrated QoS, what was the idea with it and why it is not used today.
Quality of service (QoS) is the overall performance of a telephony or computer network, particularly the performance seen by the users of the network.
Two QoS approaches have been defined by standard organizations.
These are:
Intserv QoS demands that every flow requests a bandwidth from the network and that the network would reserve the required bandwidth for the user during a conversation.
Think of this as on-demand circuit switching, each flow of each user would be remembered by the network. This clearly would create a resource problem (CPU, memory , bandwidth) on the network, and thus it was never widely adopted.
Not only allocation bandwidth for each and every flow on each network device in the path, but also keep tracking these flows and tearing down when the flow is terminated is very resource intensive and people thought this will not be scalable and we haven’t seen deployment for it.
Protocol Continue reading
VPN – Virtual Private Network is most common overlay mechanism in Networking. We have many of them, GRE, mGRE, IPSEC, DMVPN, GETVPN, LISP, FlexVPNs, MPLS VPNs and so on. But what are the important and fundamentals thing about VPNs?.In this post I will explain some of them.
Virtual Private Network is the logical entity, which is created over a physical infrastructure. It can be setup over another private network such as MPLS or public network such as Internet.
All VPN technologies add extra byte to the packet or frame, which increases the overall MTU so the network links should be accommodated to handle bigger MTU values.
VPN technologies work based on encapsulation and decapsulation.
For example GRE, mGRE and DMVPN encapsulate IP packets into another IP packet, VPLS and EVPN encapsulates Layer 2 frame into an MPLS packets.
You can run routing protocols over some VPN technologies but not all VPN technologies allow you to run routing protocols.
In order to support routing over tunnel, tunnel endpoints should be aware from each other.
For example MPLS Traffic Engineer tunnels don’t support routing protocols to run over, since the LSPs are unidirectional which mean Head-end Continue reading
OPEX and CAPEX are two important network design considerations. From the high level we should understand these two design requirements.
OpEx refers to operational expenses such as support, maintenance, labor, bandwidth and utilities. Creating a complex network design may show off your technical knowledge but it can also cause unnecessary complexity making it harder to build, maintain, operate and manage the network.
A well- designed network reduces OpEx through improved network uptime (which in turn can avoid or reduce penalties related to outages), higher user productivity, ease of operations, and energy savings. Consider creating the simplest solution that meets the business requirements.
CapEx refers to the upfront costs such as purchasing equipment, inventory, acquiring intellectual property or real estate. A well-thought design provides longer deployment lifespan, investment protection, network consolidation and virtualization, producing non-measurable benefits such as business agility and business transformation and innovation, thus reducing risk and lowering costs in the long run.
Last metric in the COST constraint is TCO (Total cost of ownership).
TCO is a better metric than pure CapEx to evaluate network cost, as it considers CapEx plus OpEx. Make your network designs cost-effective in the long run and do more Continue reading