Best Analysis Finalist – Cisco IT Blog Awards for 2019
This blog was selected as a finalist in Cisco BLOG Awards in the Best Analysis category, the category for resources that provide insightful discussions and help for networking architects around the world. Fancy right? Do you agree? Go and vote, it’s the second one on the list ? https://www.ciscofeedback.vovici.com/se/705E3ECD18791A68
The post Best Analysis Finalist – Cisco IT Blog Awards for 2019 appeared first on How Does Internet Work.
Upcoming Workshops: NSX, ACI, VXLAN, EVPN, DCI and More
I’m running two workshops in Zurich in the next 10 days:
- Comparing VMware NSX and Cisco ACI (and how EVPN and VXLAN fit into the big picture) on Thursday, November 28th;
- Explaining how you could use VXLAN with EVPN to build infrastructure for active-active data centers on Tuesday, December 3rd.
I published the slide deck for the NSX versus ACI workshop a few days ago (and you can already download it if you have a paid ipSpace.net subscription) and it’s full of new goodness like ACI vPod, multi-pod ACI, multi-site ACI, ACI-on-AWS, and multi-site NSX-V and NSX-T.
Worth Reading: Early History of Usenet
Steve Bellovin wrote a great series of articles describing the early history of Usenet. The most interesting part in the “security and authentication” part was probably this gem:
That left us with no good choices. The infrastructure for a cryptographic solution was lacking. The uux command rendered illusory any attempts at security via the Usenet programs themselves. We chose to do nothing. That is, we did not implement fake security that would give people the illusion of protection but not the reality.
A lot of other early implementers chose the same route, resulting in SMTP, BGP… which wouldn’t be a problem if someone kept track of that and implemented security a few years later. Unfortunately we considered those problems solved and moved on to chase other squirrels. We’re still paying the interest on that technical debt.
CCDE Study Guide
CCDE Study Guide – Are you looking for a book that will teach you all the topics on advanced technical networking? If so, I would be very pleased to recommend CCDE Study Guide written by Marwan Al-Shawi to you.
As one of the professionals who contributed immensely to this book, I must admit that Marwan wrote this book in collaboration with a number of savvy designers. IT experts who contributed to this wonderful book include Russ White, Andre Laurent, Denise Fishbourne, Ivan Papeljnak, and Orhan Ergun. In fact, all the IT concepts in this book are enlightening! The book has many drawings, which will assist learners to understand network design.
Today, I spoke with one of my old friend, an expert in CCDE, who read Marwan’s book, and his comment was this: “The book contains pictures that explain a thousand words.”
The most important topics of the networking design, especially for the CCDE exam, are layer 3 technologies such as IGP, BGP, MPLS, Inter-AS MPLS, and IPv6 and VPNs. These topics are extensively covered in this book.
These topics are very important because CCDE exam is a layer 3 infrastructure exam and because these technologies provide an Continue reading
Go Notes: Structs
All about structs in Golang.Go Notes: Structs
A Structure or struct for short, is a type defined by the user that stores a collection of fields. go // create a struct type stuffAndThings struct // Instantiate a struct st := stuffAndThings // Use the dot (.) operator to access struct fields st.stuff st.thingsSignals, Go & Immutable Infrastructure
From the days of old, setting fire to a large torch would signal to a neighbouring town something was going on. On the Great Wall in China, reports of signals reaching some 470 miles can be read on Wikipedia! Back to the future and modern day times, signals are transmitted and received as part of every application we touch. Signals underpin a system’s communications, irrelevant of what that system is. Software gives off many signals of a wide variety in normal operations and through signal correlation, we can yield useful events. Signals can also be used to achieve an outcome in a remote system as well as direct application API calls.
Being a fan of systems that have a natural synergy to them, I also look for ways to tie application functionality into natural system interactions.
For this post, I want to talk about the separation of concerns between an application’s functionality via it’s primary operational interface, likely an API of some sort, versus the application’s operational configuration, which allows it start on the correct TCP/IP port and consume the correct credential information.
Why not just get the application to refresh its configuration through the operational interface? The best way Continue reading
Worth Reading: Going Back to Being an Engineer
Another great advice from Charity Majors: does it make sense to go back to being an engineer after being a manager for a few years?
Personal note: finding a great replacement for my CTO role was probably the best professional decision I ever made ;)
Asynchronous Zsh prompt with Git status
Zsh ships vcs_info, a function fetching information about the
VCS state for the current directory and populating a variable that can
be used in a shell prompt. It supports several VCS, including Git and
SVN. Here is an example of configuration:
autoload -Uz vcs_info zstyle ':vcs_info:*' enable git () { local formats="${PRCH[branch]} %b%c%u" local actionformats="${formats}%{${fg[default]}%} ${PRCH[sep]} %{${fg[green]}%}%a" zstyle ':vcs_info:*:*' formats $formats zstyle ':vcs_info:*:*' actionformats $actionformats zstyle ':vcs_info:*:*' stagedstr "%{${fg[green]}%}${PRCH[circle]}" zstyle ':vcs_info:*:*' unstagedstr "%{${fg[yellow]}%}${PRCH[circle]}" zstyle ':vcs_info:*:*' check-for-changes true } add-zsh-hook precmd vcs_info
You can use ${vcs_info_msg_0_} in your prompt to display the current
branch, the presence of staged and unstaged changes, as well as the
ongoing action.1 Have a look at the documentation for more
details.
vcs_info function.On large repositories, some information are expensive to fetch. While
vcs_info queries Git, interactions with Zsh are stuck. A possible
solution is to execute vcs_info asynchronously with zsh-async.
Operators Dish on Edge Computing Strategies at MEF 2019
Edge computing is a dispersion or distribution of the cloud and latency is the driving force of...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
TCP MD5
TCP_MD5 (RFC 2385) is something that doesn’t come up often. There’s a couple of reasons for that, good and bad.
I used it with tlssh, but back then (2010) it was not practical due to the limitations in the API on Linux and OpenBSD.
This is an updated post, written after I discovered TCP_MD5SIG_EXT.
What it is
In short it’s a TCP option that adds an MD5-based signature to every TCP packet. It signs the source and destination IP addresses, ports, and the payload. That way the data is both authenticated and integrity protected.
When an endpoint enables TCP MD5, all unsigned packets (including SYN packets) are silently dropped. For a signed connection it’s not even possible for an eavesdropper to reset the connection, since the RST would need to be signed.
Because it’s on a TCP level instead of part of the protocol on top of TCP, it’s the only thing that can protect a TCP connection against RST attacks.
It’s used by the BGP protocol to set a password on the connection, instead of sending the password in the handshake. If the password doesn’t match the TCP connection doesn’t even establish.
But outside of BGP it’s essentially Continue reading
BiB083 – Forescout – Visibility For Segmentation
I'm talking about Forescout after receiving a briefing during Tech Field Day 20.
The post BiB083 – Forescout – Visibility For Segmentation appeared first on Packet Pushers.
BiB083 – Forescout – Visibility For Segmentation
I'm talking about Forescout after receiving a briefing during Tech Field Day 20.Five Minutes To Magic Time
Have you ever worked with someone that has the most valuable time in the world? Someone that counts each precious minute in their presence as if you’re keeping them from something very, very important that they could use to solve world hunger or cure cancer? If you haven’t then you’re a very lucky person indeed. Sadly, almost everyone, especially those in IT, has had the misfortune to be involved with someone whose time is more precious than platinum-plated saffron.
That’s not to say that we should be wasting the time of those we work with. Simple things like being late to meetings or not having your materials prepared are easy ways to help reduce the time of meetings or to make things run smoothly. Those items are common courtesies that should be extended to all the people you meet, from the cashier that takes your order at a fast food establishment to the most powerful people on the planet. No, this is about something deeper and more insidious.
No Time For Hugs
I’ve seen the kind of behavior I’ve described very often in the higher echelons of companies. People that live at the CxO level often have very little time Continue reading
Heavy Networking 488: Using Genetic Algorithms To Avoid Internet Censorship
Today's Heavy Networking dives into a research project, Geneva, that uses genetic algorithms to evade Internet censorship. The project was developed at the University of Maryland. We drill into how it works with guests Dr. David Levin and graduate student Kevin Bock from the University of Maryland.
The post Heavy Networking 488: Using Genetic Algorithms To Avoid Internet Censorship appeared first on Packet Pushers.
Nokia Argues Cloud Native Is Essential to 5G Core
Nokia outlined five key business objectives for 5G that can only be delivered by a cloud-native...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
A10 Hires New CEO, No Word on Potential Sale
Almost four months after announcing that its founding CEO Lee Chen was on his way out, A10 Networks...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.