Archive

Category Archives for "Russ White"

Worth Reading: In the Trenches with OpenStack

In a sense, and oversimplifying a bit, OpenStack is an automation framework for Linux that just happens to allow Windows instances to run on KVM, just like the Azure cloud and Azure Stack are similar extensions to Windows Server that just so happen to also support Linux instances on Hyper-V. There have been a dozen releases of OpenStack since that time, on a six-month cadence of April and October launches that, interestingly enough, have also regularized the pattern for Linux operating system launches, too. -via the next platform

The post Worth Reading: In the Trenches with OpenStack appeared first on 'net work.

Research ‘net: Dirt jumper -smart

Distributed Denial of Service (DDoS) attacks are often used to hold companies—particularly wealthy companies, like financial institutions—to ransom. Given the number of botnets in the world which can be purchased by the hour, and the relative ease with which new systems can be infected (especially given the rise of the Internet of Things), it’s important to find new and innovative ways to protect against such attacks. Dirt Jumper is a common DDoS platform based on the original Dirt, widely used to initiate such attacks. Probably the most effective protection against DDoS attacks, particularly if you can’t pin down the botnet and block it on a per-IP-address basis (try that one some time) is to construct a tar pit that will consume the attacker’s resources at a rate faster than your server’s are consumed.

The paper linked here describes one such tar pit, and even goes into detail around a defect in the Dirt Jumper platform, and how the defenders exploited the defect. This is not only instructive in terms of understanding and countering DDoS attacks, it’s also instructive from another angle. If you think software is going to eat the world, remember that even hacking software has defects that Continue reading

Worth Reading: Leave Your Gas Can at Home

There seems to be a trend in IT, where everyone likes to play follow the leader. Everyone uses the same vendor for the same things, and they try to use the same cookie cutter pattern. If you have any decent exposure to various organizations, you’ll know that’s just not the case. Trying to shove a square peg in a round hole, never works out well. -via Packet Pushers

The post Worth Reading: Leave Your Gas Can at Home appeared first on 'net work.

Should Technology Mirror Business?

The essence of SDN is to create a software model of the current data network business. This quantitative model is based on volumes of data: what ‘bandwidth’ resources do I have (i.e. supply), and how can I give different quantities of this ‘bandwidth’ to different users and uses (i.e. demand)? -via circleid

I’ve been in information technology since the early 1990’s, and it’s always been like this: business tells IT what to do, and IT does it. In other words, we make technology mirror business. Which is a fine formula for success, so long as you think business is the engine of innovation. The problem is innovation doesn’t come from one department or place. In fact, innovation most often comes from the intersection of two or more things. Think about it.

When did cars first start being innovative? When they combined the technology that existed in the latest horse drawn carriages with the latest in industrial technology, including internal combustion engines and assembly line production. All three of these came from someplace else—many people don’t know the idea of interchangeable parts came out of the firearms world, rather than the automotive industry. When did innovation come into the Continue reading

Worth Watching: The Economics of the Internet

Old economics explains the new economy well. When we buy something, we spend time and money searching for it, comparing it with other products, negotiating a price, and ensuring that we get what we paid for. This is what economists call ‘transaction costs.’ The internet dramatically reduces these costs, making it cheaper for people, businesses and governments to do business. -via the World Bank

The post Worth Watching: The Economics of the Internet appeared first on 'net work.

Securing BGP: A Case Study (3)

To recap (or rather, as they used to say in old television shows, “last time on ‘net Work…”), this series is looking at BGP security as an exercise (or case study) in understanding how to approach engineering problems. We started this series by asking three questions, the third of which was:

What is it we can actually prove in a packet switched network?

From there, in part 2 of this series, we looked at this question more deeply, asking three “sub questions” that are designed to help us tease out the answer this third question. Asking the right questions is a subtle, but crucial, part of learning how to deal with engineering problems of all sorts. Those questions can be summed up as:

  • Is the path through this peer going to pass through someone I don’t want it to pass through?
  • Is the path this peer is advertising a valid route to the destination?

Let’s quickly look at the first of these two to see why it’s not provable in the context of a packet switched network, using the network diagram below.

bgp-sec-02

When working with BGP at Internet scale, we tend to think of an autonomous system as one “thing”—we Continue reading

Worth Reading: Virtualization Slides

Server virtualization is a relatively heavy way to drive up utilization on servers, and it has been particularly well suited for Windows workloads where various container technologies have not yet been brought to bear. … While enterprises are not apt to change platforms quickly, the slowing growth in server virtualization means they have virtualized the stacks they can and that they are probably looking at how they might deploy containers either on top of or instead of virtual machines. -via the next platform

The post Worth Reading: Virtualization Slides appeared first on 'net work.

Optimal Routing Design

optimal-routing-designOptimal Routing Design provides the tools and techniques, learned through years of experience with network design and deployment, to build a large-scale or scalable IP-routed network. The book takes an easy-to-read approach that is accessible to novice network designers while presenting invaluable, hard-to-find insight that appeals to more advanced-level professionals as well.

The post Optimal Routing Design appeared first on 'net work.

Worth Reading: Making IPv6 Work

Wouldn’t it be nice if turning on IPv6 really was ‘press one button and the rest is magic’ easy? For some things, it is. If you’re talking about client-side, enabling an IPv4-only home service on DSL or fibre really can be this simple, because all the heavy lifting is being done inside your ISP: you’re not enabling IPv6 in the network, you’re turning on the last mile. It was knocking at your door and you just had to let it in. -via circleid

The post Worth Reading: Making IPv6 Work appeared first on 'net work.

Worth Reading: Net Ring Buffers

The problem with things like netmap is that it means the network hardware no longer is a shareable resource, but instead must be reserved for a single application. This violates many principles of a “general purpose operating system”. In addition, it ultimately means that the application is going to have to implement it’s own TCP/IP stack. That means it’s going to repeat all the same mistakes of the past, such as “ping of death” when a packet reassembles to more then 65536 bytes. This introduces a security problem. But these criticisms are nonsense. -via errata security

The post Worth Reading: Net Ring Buffers appeared first on 'net work.

Research ‘net 0x1339ED3: Traffic engineering versus network complexity

Since spending quality time with complexity theory when writing Navigating Network Complexity, I’ve started seeing the three sided complexity problem crop up all over the place. Remember this? Fast, high quality, cheap: choose two. We face this problem in a number of ways in network design. A recent (last year) paper by researchers from University of Louvain, ETH Zürich and Princeton have figured out how to engineer traffic in a straight IP network (no MPLS) by injecting false nodes into the shortest path tree. You can read the paper here, and listen to Ivan’s podcast with one of the authors here.research-net

What’s interesting to me is the direct tradeoff this paper represents between the amount of state in the control plane and optimal traffic flow through the network. Adding state does, in fact, allow you to optimize traffic flow—at the cost of calculating the state and injecting it into your control plane (in this case OSPF). This state must be carried through the network, increasing the amount of state in the network, and it must change as traffic flows change, increasing the speed at which the state changes in the network. Finally, this idea opens up a new interaction surface Continue reading

1 135 136 137 138 139 160