Run the Antidote network emulator on KVM for better performance

Antidote is the network emulator that runs the labs on the Network Reliability Labs web site. You may install a standalone version of Antidote on your personal computer using the Vagrant virtual environment provisioning tool.

In this post, I show you how to run Antidote on a Linux system with KVM, instead of VirtualBox, on your local PC to achieve better performance — especially on older hardware.

Why use KVM instead of VirtualBox?

Antidote runs emulated network nodes inside a host virtual machine. If these emulated nodes must also run on a hypervisor, as most commercial router images require, then they are running as nested virtual machines inside the host virtual machine. Unless you can pass through your computer’s hardware support for virtualization to the nested virtual machines, they will run slowly.

VirtualBox offers only limited support for nested virtualization. If you are using a Linux system, you can get better performance if you use Libvirt and KVM, which provide native support for nested virtualization.

When to use VirtualBox

If you plan to run Antidote on a Mac or a PC, you should use Antidote’s standard installation with VirtualBox¹. Vagrant and VirtualBox are both cross-platform, open-source tools.

Continue reading

EIGRP RFC 7868

BGP Best External Feature

Worth Reading: the Lure of the Easy Button

Russ White wrote a great blog post explaining why you have to understand the problem you’re solving instead of blindly believing the $vendor slide deck… or as I said a long time ago, think about how you’ll troubleshoot your network in because you won’t be able to reformat it once it crashes.

Taiji: managing global user traffic for large-scale Internet services at the edge

Taiji: managing global user traffic for large-scale internet services at the edge Xu et al., SOSP’19

It’s another networking paper to close out the week (and our coverage of SOSP’19), but whereas [Snap][Snap] looked at traffic routing within the datacenter, Taiji is concerned with routing traffic from the edge to a datacenter. It’s been in production deployment at Facebook for the past four years.

The problem: mapping user requests to datacenters

When a user makes a request to http://www.facebook.com, DNS will route the request to one of dozens of globally deployed edge nodes. Within the edge node, a load balancer (the Edge LB) is responsible for routing requests through to frontend machines in datacenters. The question Taiji addresses is a simple one on the surface: what datacenter should a given request be routed to?

There’s one thing that Taiji doesn’t have to worry about: backbone capacity between the edge nodes and datacenters— this is provisioned in abundance such that it is not a consideration in balancing decisions. However, there are plenty of other things going on that make the decision challenging:

• Some user requests are sticky (i.e., they have associated session state) and always Continue reading

DXC is betting IT apps and services will stay on-premises

DXC Technology, the massive service provider formed in the 2017 merger of HPE Enterprise Services (formerly EDS) and Computer Sciences Corp., has a new CEO who is focused on shedding distraction businesses and focusing on core businesses of IT outsourcing.That means looking at "strategic alternatives," including the possible divesture of three of its businesses it feels are a distraction and slowing the company’s growth. The company feels most IT apps and services will remain on-premises and will focus on supporting that business.Last week’s conference call with financial analysts to discuss Q2 earnings was the first for new CEO Mike Salvino, who joined the company in September after 22 years at Accenture. DXC did not have a good quarter. The company reported non-GAAP earnings of $1.38 per share, which fell short of the consensus estimate of $1.44 and way down from EPS of $2.02 from the same quarter a year ago. Revenue of $4.85 billion fell short of the analyst estimate of $4.92 billion.To read this article in full, please click here

DXC is betting IT apps and services will stay on-premises

DXC Technology, the massive service provider formed in the 2017 merger of HPE Enterprise Services (formerly EDS) and Computer Sciences Corp., has a new CEO who is focused on shedding distraction businesses and focusing on core businesses of IT outsourcing.That means looking at "strategic alternatives," including the possible divesture of three of its businesses it feels are a distraction and slowing the company’s growth. The company feels most IT apps and services will remain on-premises and will focus on supporting that business.Last week’s conference call with financial analysts to discuss Q2 earnings was the first for new CEO Mike Salvino, who joined the company in September after 22 years at Accenture. DXC did not have a good quarter. The company reported non-GAAP earnings of $1.38 per share, which fell short of the consensus estimate of $1.44 and way down from EPS of $2.02 from the same quarter a year ago. Revenue of $4.85 billion fell short of the analyst estimate of $4.92 billion.To read this article in full, please click here

NetApp Treads Troubled Waters in Q2

Librem13v2 TPM upgrade

I have upgraded my TPM firmware on my Librem13v2. Its keys are now safe. \o/

Back in 2017 we had the Infineon disaster (aka ROCA). I’ve written about it before about how bad it is and how to check if you’re affected with a simple tool.

I TAKE NO RESPONSIBILITY IF YOU BRICK YOUR DEVICE OR FOR ANYTHING ELSE BAD HAPPENING FROM YOU FOLLOWING MY NOTES.

Before the upgrade

$ tpm_version | grep Chip
Chip Version:        1.2.4.40    <--- Example vulnerable version
$ cbmem -c | grep Purism         # I upgraded coreboot/SeaBIOS just before doing this.
coreboot-4.9-10-g123a4c6101-4.9-Purism-2 Wed Nov 13 19:54:43 UTC 2019 […]
[…]
Found mainboard Purism Librem 13 v2

Download upgrade tool

$ wget https://repo.pureos.net/pureos/pool/main/t/tpmfactoryupd/tpmfactoryupd_1.1.2459.0-0pureos9_amd64.deb
[…]
$ alien -t tpmfactoryupd_1.1.2459.0-0pureos9_amd64.deb
[…]
$ tar xfz tpmfactoryupd-1.1.2459.0.tgz
$ mv usr/bin/TPMFactoryUpd .
$ sudo systemctl stop trousers.service         # Need to turn off tcsd for TPMFactoryUpd to work in its default mode.
[…]
$ ./TPMFactorUpd -info
  **********************************************************************
  *    Infineon Technologies AG   TPMFactoryUpd   Ver 01.01.2459.00    *
  **********************************************************************

       TPM information:
       ----------------
       Firmware valid                    :    Yes
       TPM family                        :    1.2
       TPM firmware version               Continue reading

Ericsson, Nokia, Samsung Hype Open Virtualization

Balancing patient security with healthcare innovation | TECH(talk)

Healthcare organizations are one of the most targeted verticals when it comes to cyberattacks. While those organizations must work to secure patients' sensitive data, it can also be helpful to analyze that data to improve patient outcomes. Jason James, CIO of Net Health, joins Juliet to discuss why attackers target healthcare organizations, Google's Project Nightingale and what it means for a tech giant to have access to the medical data of millions of people.

Google, Microsoft Azure Beat AWS in Cloud Performance

VMware Expands Nokia Test Integration

Cisco Sinks on Rocky Q1, Dour Q2 Revenue Outlook  

AWS Launches Data Exchange, Simplifies Third-Party Sharing

BrandPost: Addressing Scalability Challenges with SD-WANs

It’s always difficult to tell how fast your business will grow, and hence how quickly you’ll need to scale your network and other IT infrastructure. When it comes to software-defined wide-area networks (SD-WAN), the scalability issue is particularly thorny because of the myriad factors that play into the equation.Some will tell you scaling an SD-WAN is a simple matter of adding appliances, but that is far from the case, says David Greenfield, Secure Networking Evangelist with Cato Networks. Cato provides a cloud-based SD-WAN service, so Greenfield is well-versed in the factors that make SD-WAN scalability so challenging. In this post, we’ll examine a handful of them.To read this article in full, please click here

Samsung Taps HPE, Openet for Multi-Vendor 5G SA Core Test

Cray to license Fujitsu Arm processor for supercomputers

Cray says it will be the first supercomputer vendor to license Fujitsu’s A64FX Arm-based processor with high-bandwidth memory (HBM) for exascale computing.Under the agreement, Cray – now a part of HPE – is developing the first-ever commercial supercomputer powered by the A64FX processor, with initial customers being the usual suspects in HPC: Los Alamos National Laboratory, Oak Ridge National Laboratory, RIKEN, Stony Brook University, and University of Bristol.[Get regularly scheduled insights by signing up for Network World newsletters.] As part of this new partnership, Cray and Fujitsu will explore engineering collaboration, co-development, and joint go-to-market to meet customer demand in the supercomputing space. Cray will also bring its Cray Programming Environment (CPE) for Arm processors over to the A64FX to optimize applications and take full advantage of SVE and HBM2.To read this article in full, please click here

Cray to license Fujitsu Arm processor for supercomputers

Cray says it will be the first supercomputer vendor to license Fujitsu’s A64FX Arm-based processor with high-bandwidth memory (HBM) for exascale computing.Under the agreement, Cray – now a part of HPE – is developing the first-ever commercial supercomputer powered by the A64FX processor, with initial customers being the usual suspects in HPC: Los Alamos National Laboratory, Oak Ridge National Laboratory, RIKEN, Stony Brook University, and University of Bristol.[Get regularly scheduled insights by signing up for Network World newsletters.] As part of this new partnership, Cray and Fujitsu will explore engineering collaboration, co-development, and joint go-to-market to meet customer demand in the supercomputing space. Cray will also bring its Cray Programming Environment (CPE) for Arm processors over to the A64FX to optimize applications and take full advantage of SVE and HBM2.To read this article in full, please click here

IoT Security Policy Platform Wants to Raise the Bar On Global IoT Security

By next year, five Internet of Things (IoT) devices are projected to be in use for every person on the planet.

IoT devices offer endless opportunities to improve productivity, economic growth, and quality of life. Think smart cities, self-driving cars, and the ways connected medical devices can monitor our health. The potential growth of IoT is virtually infinite.

But with opportunity comes a significant amount of risk. As much as we’d like to trust manufacturers to make sure burglars can’t watch our homes through data from an automated vacuum, many new devices lack even basic security features. And thousands of new devices are coming online each year without commitment to basic measures such as using unique passwords, encrypting our data, or updating software to address vulnerabilities.

To help people and businesses around the world prepare, a dedicated group is rising to the challenge of securing the Internet of Things though cooperation across borders and sectors.

They are government agencies, non-governmental organizations, and other organizations and experts working on IoT security joined together to form the IoT Security Policy Platform. We are proud to say the Internet Society is amongst them too. Together we’ve been discussing and sharing best practices and Continue reading