Domain Name System Security Extensions Now Deployed in all Generic Top-Level Domains – ICANN

Considerations for Host-based Firewalls (Part 2)

This is a guest blog post by Matthias Luft, Principal Platform Security Engineer @ Salesforce, and a regular ipSpace.net guest speaker.

A couple of months ago I had the pleasure to publish my first guest post here and, as to be expected from ipspace.net, it triggered some great discussion.

With this input and some open thoughts from the last post, I want to dive into a few more topics.

Application Engineering vs. (?) Network Engineering

One trigger for the initial post was the question whether host-based firewalls (HBFs), potentially combined with solutions to learn rulesets based on flows, are intrinsically better than central firewalls. While we discussed the mileage around that already, comments and questions emphasized how often we have to handle a “software engineering vs. network engineering” mentality – which should not involve any blame in either direction as this mindset is usually enforced by organizational structures.

For whatever it is worth, I can only stress the point that a strong collaboration between software and network engineering will resolve way more issues than any technology. I award myself a “Thanks, Captain Obvious” here, but I still want to make the point to try Continue reading

Considerations for Host-based Firewalls (Part 2)

This is a guest blog post by Matthias Luft, Principal Platform Security Engineer @ Salesforce, and a regular ipSpace.net guest speaker.

A couple of months ago I had the pleasure to publish my first guest post here and, as to be expected from ipspace.net, it triggered some great discussion.

With this input and some open thoughts from the last post, I want to dive into a few more topics.

BizOps: Powering Data-Driven Decision Making

You’re not imaging things, there is a serious chip shortage

If you’ve noticed components are hard to get these days, you are not alone. The supply of computing components can get a little tight around the end of the year but this year is especially bad, much of it due to Covid-19-related issues.Intel spent much of 2020 struggling with CPU shortages. In the latter half of the year it was hit with chipset shortages, with the B460 and H410 chipsets reportedly out of stock through the end of last year, and availability of the Z590 chipset is also constrained.AMD also has a problem: it can’t make enough chips. Some of its Ryzen processors, particularly the Ryzen 5 line, are immensely popular, and there are simply none to be had on Amazon, Newegg, or any other online retailer.To read this article in full, please click here

You’re not imagining things, there is a serious chip shortage

If you’ve noticed components are hard to get these days, you are not alone. The supply of computing components can get a little tight around the end of the year but this year is especially bad, much of it due to Covid-19-related issues.Intel spent much of 2020 struggling with CPU shortages. In the latter half of the year it was hit with chipset shortages, with the B460 and H410 chipsets reportedly out of stock through the end of last year, and availability of the Z590 chipset is also constrained.AMD also has a problem: it can’t make enough chips. Some of its Ryzen processors, particularly the Ryzen 5 line, are immensely popular, and there are simply none to be had on Amazon, Newegg, or any other online retailer.To read this article in full, please click here

Disaster recovery lessons from an island struck by a hurricane

(A hurricane devastated an island that held two data centers controlling mission-critical systems for an American biotech company. They flew a backup expert with four decades of experience to the island on a corporate jet to save the day. This is the story of the challenges he faced and how he overcame them. He spoke on the condition of anonymity, so we call him Ron, the island Atlantis, his employer Initech, and we don’t name the vendors and service providers involved.)Initech had two data centers on Atlantis with a combined 400TB of data running on approximately 200 virtual and physical machines. The backup system was based on a leading traditional backup software vendor, and it backed up to a target deduplication disk system. Each data center backed up to its own local deduplication system and then replicated its backups to the disk system in the other data center. This meant that each datacenter had an entire copy of all Initech’s backups on Atlantis, so even if one data center were destroyed the company would still have all its data.To read this article in full, please click here

Disaster recovery lessons from an island struck by a hurricane

(A hurricane devastated an island that held two data centers controlling mission-critical systems for an American biotech company. They flew a backup expert with four decades of experience to the island on a corporate jet to save the day. This is the story of the challenges he faced and how he overcame them. He spoke on the condition of anonymity, so we call him Ron, the island Atlantis, his employer Initech, and we don’t name the vendors and service providers involved.)Initech had two data centers on Atlantis with a combined 400TB of data running on approximately 200 virtual and physical machines. The backup system was based on a leading traditional backup software vendor, and it backed up to a target deduplication disk system. Each data center backed up to its own local deduplication system and then replicated its backups to the disk system in the other data center. This meant that each datacenter had an entire copy of all Initech’s backups on Atlantis, so even if one data center were destroyed the company would still have all its data.To read this article in full, please click here

Istio 1.8: A Virtual Machine Integration Odyssey

Tetrate sponsored this post. Jimmy Song Jimmy is a developer advocate at Tetrate, CNCF Ambassador, co-founder of ServiceMesher, and Cloud Native Community(China). He mainly focuses on Kubernetes, Istio, and cloud native architectures. In this article, I’ll give you an overview of

The Hedge Podcast #65: Jacquelyn Adams and the Future of Work

Everyone in networking—and beyond networking, in fact—thinks about what the future of work might look like. Jacquelyn Adams joins Eyvonne Sharp, Tom Ammon, and Russ White on this episode of the Hedge to discuss what work might look like based on this era of rapid change, and how you can prepare for that future.

download

Internet traffic disruption caused by the Christmas Day bombing in Nashville

On Christmas Day 2020, an apparent suicide bomb exploded in Nashville, TN. The explosion happened outside an AT&T network building on Second Avenue in Nashville at 1230 UTC. Damage to the AT&T building and its power supply and generators quickly caused an outage for telephone and Internet service for local people. These outages continued for two days.

Looking at traffic flow data for AT&T in the Nashville area to Cloudflare we can see that services continued operating (on battery power according to reports) for over five hours after the explosion, but at 1748 UTC we saw a dramatic drop in traffic. 1748 UTC is close to noon in Nashville when reports indicate that people lost phone and Internet service.

We saw traffic from Nashville via AT&T start to recover over a 45 minute period on December 27 at 1822 UTC making the total outage 2 days and 34 minutes.

Traffic flows continue to be normal and no further disruption has been seen.

How Change Review Boards Really Work to Fail

IBGP, IGP Metrics, and Administrative Distances

TL&DR: If you run multiple IGP protocols in your network, and add BGP on top of that, you might get the results you deserve. Even better, the results are platform-dependent.

One of my readers sent me a link to an interesting scenario described by Jeremy Filliben that results in totally unexpected behavior when using too many routing protocols in your network (no surprise there).

Imagine a network in which two edge routers advertise the same (external) BGP prefix. All other things being equal, it would make sense that other routers in the same autonomous system should use the better path out of the autonomous system. Welcome to the final tie-breaker in BGP route selection process: IGP metric.

IBGP, IGP Metrics, and Administrative Distances

TL&DR: If you run multiple IGP protocols in your network, and add BGP on top of that, you might get the results you deserve. Even better, the results are platform-dependent.

One of my readers sent me a link to an interesting scenario described by Jeremy Filliben that results in totally unexpected behavior when using too many routing protocols in your network (no surprise there).

Imagine a network in which two edge routers advertise the same (external) BGP prefix. All other things being equal, it would make sense that other routers in the same autonomous system should use the better path out of the autonomous system. Welcome to the final tie-breaker in BGP route selection process: IGP metric.

From AI to 5G, How Global Trends Will Transform Data Centers in 2021

Add Friendly ID to a Rails 6 App

George Sadowsky on the History of Networking

George Sadowsky was a pioneer in recognizing the importance of networking technology for economic development, particularly in developing economies. He has worked in over 50 countries to bring training and networking infrastructure to the local population. In this episode of the History of Networking, George recounts some of the early, pre-Internet, work in computer networking, and the development of many of the organizations that make the Internet work today. His web site can be found here.

download

Tools 3. Checking your connectivity bandwidth with Speedtest

Hello my friend,

Continuing our discussion about the network troubleshooting tools we can’t pass by one of the most popular and widely used, which is named SpeedTest.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Can automation help with performance troubleshooting?

Doing the collection and initial analysis of the information during the troubleshooting could be quite a time-consuming task. On the other hand, the troubleshooting of the live outages should be as quick as possible to minimise the downtime of the affected services. That’s where the automation can help you.

In our network automation training we explain how to use existing open-source tools and create your own with Ansible, Bash and Python. Leveraging them and all possible interfaces (CLI, NETCONF, RESTCONF, gNMI) we teach you how to effectively build, operate and troubleshoot your network.

Start your automation training today.

Brief description

From the name of the tool, SpeedTest, it is obvious that the main goal is to measure the “speed”. In fact, it measures Continue reading

Nominations Now Open for Public Interest Registry (PIR) Board of Directors

The Public Interest Registry (PIR) is the non-profit operator of the .ORG, .NGO and .ONG domains. PIR has been a champion for a free and open Internet for more than 15 years with a clear mission to be an exemplary domain name registry, provide a trusted digital identity and help educate those who dedicate themselves to improving our world.

If you or someone you know has the interest and qualifications to help guide the future of PIR, the Internet Society invites you to submit a nomination for a seat on the PIR Board of Directors. 

Prior board or senior executive experience is preferred. All directors must have an appreciation for PIR’s Mission and the potential impact of PIR decisions on the customers of PIR and the global community served by .ORG and the other TLDs PIR operates. Directors must be able to read and understand a balance sheet, as well as read and communicate effectively in the English language.

In 2021 there are four positions opening on the PIR Board. The appointed directors will serve staggered terms, with half appointed to two year terms and half to three year terms, with terms beginning mid-year in 2021. 

More information about the position, the qualifications, and a link to the Continue reading

Running IPv6 Only Networks

In today’s episode we’re talking about IPv6. More specifically, we discuss what it takes to run an IPv6 only network. Why now? And why not dual stack? Well, in the middle of November (2019), the US government put out a memo outlining their updated guidelines and expectations for IPv6. In it, they mandate a future vision of 80% of devices connected to IPv6 only networks by 2025. That’s not that far away. So, as many of our peers who work in US federal organizations are preparing for a world that is IPv6 only, we figured it might be time for us to do the same. 

Show Notes

• Impact of OMB memo (is this the same as last time or not?)
• Other IPv4 Flag days (turn off IPv4)
  • Washington State Policy 300, IPv4 decommissioned Dec. 31, 2025
    • https://ocio.wa.gov/policy/statewide-migration-ipv6
  • China 100% by 2025 
    • https://blog.apnic.net/2019/06/06/100-by-2025-china-getting-serious-about-ipv6/ 
  • IPv4 Flag Day (February 1st, 2030)  
    • https://ipv4flagday.net/
• Benefits of running an IPv6-only network
• IPv6 has the potential to perform better than IPv4
• Prevailing recommendation for IPv6 adoption has been dual stack. This memo mandates IPv6 only network adoption. What are some of the additional considerations that need to be considered when Continue reading