Hints and Principles: Applied to Networks
While software design is not the same as network design, there is enough overlap for network designers to learn from software designers. A recent paper published by Butler Lampson, updating a paper he wrote in 1983, is a perfect illustration of this principle. The paper is caleld Hints and Principles for Computer System Design. I’m not going to write a full review here–you should really go read the paper for yourself–but rather just point out some useful bits of the paper.
The first really useful point of this paper is Lampson breaks down the entire field of software design into three basic questions: What, How, and When (or who)? Each of these corresponds to the goals, techniques, and processes used to design and develop software. These same questions and answers apply to network design–if you are missing one of these three areas, then you are probably missing some important set of questions you have not answered yet. Each of these is also represented by an acronym: what? is STEADY, how? is AID, and when? is ART. Let’s look at a couple of these in a little more detail to see how Lampson’s system works.
STEADY stands for simple, timely, efficient, Continue reading
The Week in Internet News: Seven Countries Repeat Calls for Encryption Backdoors
Here we go again: Seven countries, including the U.S., U.K., Japan, and India, are again pushing tech companies to provide encryption backdoors for law enforcement, The Verge reports. The new international statement says encryption poses “significant challenges to public safety.” The U.S. and allies have long pushed for backdoors, even as security advocates have warned that criminals will find ways to exploit holes in encryption.
ISPs protest: ISPs in Dhaka, Bangladesh, are threatening to shut down service for three hours a day over a dispute on overhead wire replacement, Dhaka Tribune reports. The city is planning to move the wires underground, but ISPs are concerned about potential problems during the switch. Threatening a blackout to protest potential blackouts seems counterproductive.
Decency police: The government of Pakistan has banned short video app TikTok over “immoral and indecent” content, Al Jazeera says. It’s unclear what TikTok content the Pakistan Telecommunication Authority found offensive. A kickboxer in the country, hoping to market his training services on TikTok, challenged the ban, however, Reuters reports. “If TikTok can be banned even though it has millions of videos because of a few offensive ones, why can’t the whole internet be shut Continue reading
6 Reasons Why Internal Data Centers Won’t Disappear
Even with cloud, companies don't want to give up their internal data centers. Why do data centers have such staying power?Network Break 306: Cloudflare Launches Secure NaaS Offering; SonicWall Vulnerability Affects Nearly 800,000 Devices
Today's Network Break examines a new security service from Cloudflare, a SonicWall vulnerability that affects a massive number of its appliances, a fresh funding round for networking startup Alkira, and more nerdy networking news.
The post Network Break 306: Cloudflare Launches Secure NaaS Offering; SonicWall Vulnerability Affects Nearly 800,000 Devices appeared first on Packet Pushers.
Network Break 306: Cloudflare Launches Secure NaaS Offering; SonicWall Vulnerability Affects Nearly 800,000 Devices
Today's Network Break examines a new security service from Cloudflare, a SonicWall vulnerability that affects a massive number of its appliances, a fresh funding round for networking startup Alkira, and more nerdy networking news.How a Customer’s Trust in Cloudflare Led to a Big Win against Bots
Key Points
- Anyone with public-facing web properties is likely to have bot traffic on their website.
- One type of bot that commonly targets eCommerce and online portals is a ‘scraper bot’.
- Some scraper bots are good (such as those used by search engines to assess your website’s content to inform search results, or price comparison sites to help inform consumer decisions), however many are malicious, and will work to scrape not only images but also pricing data from your site for use by a competitor.
- Many Bot Management providers will need to divert your traffic to a dedicated data centre to analyse your traffic and ‘scrub’ it clean from malicious bot traffic before sending it on to your site. While effective this will almost certainly add latency to the traffic’s ‘journey’ resulting in degraded user experience. Look for a technology partner with an expansive network who can scan your traffic in real time as it passes through any data centre on their network.
- Good and bad scraper bots behave in largely the same way, making it difficult for bot protection systems to differentiate between the two. A common challenge with Bot Management solutions is that they can return a high Continue reading
New on ipSpace.net: Virtualizing Network Devices Q&A
A few weeks ago we published an interesting discussion on network operating system details based on an excellent set of questions by James Miles.
Unfortunately we got so far into the weeds at that time that we answered only half of James' questions. In the second Q&A session Dinesh Dutt and myself addressed the rest of them including:
- How hard is it to virtualize network devices?
- What is the expected performance degradation?
- Does it make sense to use containers to do that?
- What are the operational implications of running virtual network devices?
- What will be the impact on hardware vendors and networking engineers?
And of course we couldn’t avoid the famous last question: “Should network engineers program network devices?”
You’ll need Standard or Expert ipSpace.net subscription to watch the videos.
New on ipSpace.net: Virtualizing Network Devices Q&A
A few weeks ago we published an interesting discussion on network operating system details based on an excellent set of questions by James Miles.
Unfortunately we got so far into the weeds at that time that we answered only half of James’ questions. In the second Q&A session Dinesh Dutt and myself addressed the rest of them including:
- How hard is it to virtualize network devices?
- What is the expected performance degradation?
- Does it make sense to use containers to do that?
- What are the operational implications of running virtual network devices?
- What will be the impact on hardware vendors and networking engineers?
And of course we couldn’t avoid the famous last question: “Should network engineers program network devices?”
You’ll need Standard or Expert ipSpace.net subscription to watch the videos.
6G: New Generations of Wireless and the Impact on Measurement
Possible 6G use cases include tactile holographic communications, digital twins, Industrial IoT, and a pervasive use of AI to merge communications and computing with society.Worth Reading: Does your hammer own you?
My friend Marjan Bradeško wrote a great article describing how we tend to forget common sense and rely too much on technology. I would strongly recommend you read it and start thinking about the choices you make when building a network with magic software-intent-defined-intelligent technology from your preferred vendor.
Worth Reading: Does your hammer own you?
My friend Marjan Bradeško wrote a great article describing how we tend to forget common sense and rely too much on technology. I would strongly recommend you read it and start thinking about the choices you make when building a network with magic software-intent-defined-intelligent technology from your preferred vendor.
One more (Zero Trust) thing: Cloudflare Intrusion Detection System
Today, we’re very excited to announce our plans for Cloudflare Intrusion Detection System, a new product that monitors your network and alerts when an attack is suspected. With deep integration into Cloudflare One, Cloudflare Intrusion Detection System gives you a bird’s eye view of your entire global network and inspects all traffic for bad behavior, regardless of whether it came from outside or inside your network.
Analyze your network without doing the legwork
Enterprises build firewall rules to keep their networks safe from external and internal threats. When bad actors try to attack a network, those firewalls check if the attack matches a rule pattern. If it does, the firewall steps in and blocks the attack.
Teams used to configure those rules across physical firewall appliances, frequently of different makes and models, deployed to physical locations. Yesterday, we announced Magic Firewall, Cloudflare’s network-level firewall delivered in our data centers around the world. Your team can write a firewall rule once, deploy it to Cloudflare, and our global network will protect your offices and data centers without the need for on-premises hardware.
This is great if you know where attacks are coming from. If you don’t have that level Continue reading
Zero-Touch Provisioning with Nornir
In early 2018 I described how Hans Verkerk implemented zero-touch provisioning with Ansible. Recently he rewrote his scripts as a Python-only solution using Nornir. Enjoy!
Zero-Touch Provisioning with Nornir
In early 2018 I described how Hans Verkerk implemented zero-touch provisioning with Ansible. Recently he rewrote his scripts as a Python-only solution using Nornir. Enjoy!