Archive

Category Archives for "Networking"

Unequal-Cost Multipath in Link State Protocols

TL&DR: You get unequal-cost multipath for free with distance-vector routing protocols. Implementing it in link state routing protocols is an order of magnitude more CPU-consuming.

Continuing our exploration of the Unequal-Cost Multipath world, why was it implemented in EIGRP decades ago, but not in OSPF or IS-IS?

Ignoring for the moment the “does it make sense” dilemma: finding downstream paths (paths strictly shorter than the current best path) is a side effect of running distance vector algorithms.

For a more formal discussion of loop-free alternates and downstream paths, please read RFC 5714 and RFC 5286.
Read more …

Unequal-Cost Multipath in Link State Protocols

TL&DR: You get unequal-cost multipath for free with distance-vector routing protocols. Implementing it in link state routing protocols is an order of magnitude more CPU-consuming.

Continuing our exploration of the Unequal-Cost Multipath world, why was it implemented in EIGRP decades ago, but not in OSPF or IS-IS?

Ignoring for the moment the “does it make sense” dilemma: finding downstream paths (paths strictly shorter than the current best path) is a side effect of running distance vector algorithms.

For a more formal discussion of loop-free alternates and downstream paths, please read RFC 5714 and RFC 5286.
Read more …

Shape the Internet’s Future with the Early Career Fellowship

Imagine a world where a global roster of Internet champions can stand up against the threats to the Internet.

This ideal was the inspiration for our new flagship program – the Early Career Fellowship!

This groundbreaking fellowship empowers a diverse new generation of Internet thinkers and doers.

The Early Career Fellows will have the opportunity to think, learning from Internet luminaries, today’s leading thinkers and organizations. They’ll explore topics like the Internet Ecosystem, Project Management & Advocacy, and the Internet Way of Thinking with Professor Dr Laura DeNardis of American University, scholars from the Oxford Internet Institute, and experts from the Internet Society, Diplo/GIP, Pyramid Learning and 89up.

The Fellows will also have the opportunity to do, getting direct support to nurture their professional growth. They’ll attend practical modules to help develop their own projects – bringing their ideas to life as they address the real-world challenges facing the future of the Internet.

These components, complemented with discussion, mentorship and leadership tracks, will:

  • Increase the capacity of Internet champions through targeted educational and leadership development activities – and expand their expertise to support the development of the Internet
  • Empower a cadre of talented early career professionals, giving Continue reading

Measuring ROAs and ROV

In 2020 APNIC Labs set up a measurement system for the validators. What we were trying to provide was a detailed view of where invalid routes were being propagated, and also take a longitudinal view of how things are changing over time. The report is at https://stats.labs.apnic.net/rpki and the description of the measurement is at https://www.potaroo.net/ispcol/2020-06/rov.html. I'd like to update this description with some work we’ve done on this measurement platform in recent months.

Automate Leaf and Spine Deployment – Part6

The 6th post in the ‘Automate Leaf and Spine Deployment’ series goes through the validation of the fabric once deployment has been completed. A desired state validation file is built from the contents of the variable files and compared against the devices actual state to determine whether the fabric and all the services that run on top of it comply.

How to Implement the Principle of Least Privilege With CloudFormation StackSets

This article was originally posted on the Amazon Web Services Security Blog.

AWS CloudFormation is a service that lets you create a collection of related Amazon Web Services and third-party resources and provision them in an orderly and predictable fashion. A typical access control pattern is to delegate permissions for users to interact with CloudFormation and remove or limit their permissions to provision resources directly. You can grant the AWS CloudFormation service permission to create resources by creating a role that the user passes to CloudFormation when a stack or stack set is created. This can be used to ensure that only pre-authorized services and resources are provisioned in your AWS account. In this post, I show you how to conform to the principle of least privilege while still allowing users to use CloudFormation to create the resources they need.

Network Break 325: VMware Buys API Security Startup; Gartner Bullish On SONiC Network OS

This week's Network Break podcast discusses VMware's purchase of API security startup Mesh7, looks at a new security option for third-party Web components from Tala Security, and analyzes why Gartner is so bullish on the SONiC network OS. We also speculate on motivations behind Google's real estate spending spree, and hand out a nice selection of virtual donuts.

Network Break 325: VMware Buys API Security Startup; Gartner Bullish On SONiC Network OS

This week's Network Break podcast discusses VMware's purchase of API security startup Mesh7, looks at a new security option for third-party Web components from Tala Security, and analyzes why Gartner is so bullish on the SONiC network OS. We also speculate on motivations behind Google's real estate spending spree, and hand out a nice selection of virtual donuts.

The post Network Break 325: VMware Buys API Security Startup; Gartner Bullish On SONiC Network OS appeared first on Packet Pushers.

What’s on your network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

What’s on your Linux network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

What’s on your network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

What’s on your Linux network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

New Tech Skills In Two Hours

How long does it take to learn a new skill? It’s like…a really long time, right? You never have that much time to learn whatever it is. Most people who learn new skills are dedicated super humans who put in 25 hour days doing labs and reading books and taking courses and sniffing markers. Those folks sacrifice everything to stay ahead and command the respect of their peers. Right? Isn’t that how it’s supposed to work?

Don’t overthink it.

New skills come from one thing. Focus. That’s it. That’s the secret. Focus to learn a skill comes in blocks of a few undistracted hours at a time. Not dramatic sacrifice. Not bragging to social media about how you’re crushing it on your studies because you’ve given up your personal life.

Let the public drama queen masochists do what they feel they must to impress…whomever. They are not your role model. You don’t need to be them. You just need to find a few consecutive hours on your calendar. Block them off. Use them to focus on a single thing you want to learn. During the blocked off time, learn the thing. Do not do any of the other things that Continue reading

Slow Learning and Range

Jack of all trades, master of none.

This singular saying—a misquote of Benjamin Franklin (more on this in a moment)—is the defining statement of our time. An alternative form might be the fox knows many small things, but the hedgehog knows one big thing.

The rules for success in the modern marketplace, particularly in the technical world, are simple: start early, focus on a single thing, and practice hard.

But when I look around, I find these rules rarely define actual success. Consider my life. I started out with three different interests, starting jazz piano lessons when I was twelve, continuing music through high school, college, and for many years after. At the same time, I was learning electronics—just about everyone in my family is in electronic engineering (or computers, when those came along) in one way or another.

I worked as on airfield electronics for a few years in the US Air Force (one of the reasons I tend to be calm is I’ve faced death up close and personal multiple times, an experience that tends to center your mind), including RADAR, radio, and instrument landing systems. Besides these two, I was highly interested in art and illustration, getting Continue reading

BrandPost: Effective Zero Trust Requires a New Definition of Data Protection

Data is the ultimate asset of modern business and the foundation of digital transformation. It is the currency that funds innovation and growth. Data must be protected with the utmost rigor, but it must also flow effortlessly to where it can deliver the greatest benefits.In an era where the cloud rules infrastructure, traditional network security is no longer useful.  The current construct for data protection is outmoded and in urgent need of an update. The biggest fundamental shift in the world of digital transformation is that data is no longer on a CPU that the enterprise owns. Security teams must invest in the right technology to achieve more complete data protection, and we all need to ensure Zeron Trust principles are applied everywhere data needs protection.To read this article in full, please click here

Cisco SD-WAN – Part II: Manual vEdge Provision Process

Introduction

 

This chapter explains how we can provision vEdge devices manually. It starts by explaining how to build an initial system and tunnel interface configurations. Then it goes through the various certificate installation steps (CA root certificate, Certificate Signing Request (CSR), and granted certificate). After the initial configuration and certificate process section, this chapter shows how we can verify the Control Plane operation. Figure 2-1 illustrates our example topology. For simplicity, there are only two vEdge devices used in this chapter.


Figure 2-1: SD-WAN Topology.


Continue reading
1 675 676 677 678 679 3,484