Worth Reading: WAN Technology is Changing

For many of us, the price of WAN connectivity is the price. Rotary shopping the few providers available for a given location isn’t going to net much difference. We have been trained for decades to simply hold our noses, eat what’s put on the plate in front of us and pretend we like it. Hybrid WAN technologies are changing this.

The post Worth Reading: WAN Technology is Changing appeared first on 'net work.

Security ‘net 0x1339ED2: Security begins with you

I’m a couple of days late with this post for Data Privacy Day,, but not too late for Data Privacy Month (February). I wanted to highlight it anyway (and maybe I’ll put it on my calendar so I don’t forget next year). The point, of course (“you don’t need to have a point to have a point”) is that each and every one of us—that’s you and I, in case you’ve not gotten it yet—need to take security seriously. Security begins with you. To this end, the Cloud Security Alliance has a good post up on what you can do to improve data privacy.

Why are end users so mistake-prone? Because, frankly, most don’t care. They think data security is IT’s problem—that if IT does its “job” and filters out the threats, they have nothing to worry about. Moreover, when they do something stupid, they think it’s IT’s job to come to the rescue. They don’t understand the risks they create for the company or the fact that once rung they can’t unring the bell. So, they go on ignoring security policies and finding creative workarounds for security measures that inconvenience them—such as utilizing “shadow IT.”

Continue reading

Worth Reading: How to Defend Your Backlog

So there you are, once again in the center of what you expect will quickly become a whirlwind of escalations. Your backlog has been carefully crafted over the past months into a well balanced and well groomed condition and it has taken an enormous amount of effort to get it like that.

The post Worth Reading: How to Defend Your Backlog appeared first on 'net work.

Technology ‘net 0x1339ED1: Cloudy Business Cycles

The cloud is definitely having an impact on business cycles, but how much? There are at least two sides to this story; let’s take a look at both. First there is the continued growth of Amazon Web Services (AWS). According to the Next Platform, this chart represents the various options for the growth of AWS over the next decade or so:

It looks like, based on this projection, that AWS can keep growing at a fairly strong pace for a while yet longer. Of course, there are many factors that might impact this growth. For instance, one thing the original post points out is that recessions slow down spending in fixed IT and drive up spending in flexible IT. A recession, then, might improve the bottom line for AWS. The opposite of this, however, is that when companies can afford to build infrastructure, they tend to. There are, believe it or not, still justifications for building your own data center, especially if you can afford it.

There are other points to consider, however, as well, in the relationship between the network and business cycles. For instance, if open source and white box start bleeding out of the largest networks into Continue reading

Worth Reading: Should Firewalls Track Sequence Numbers?

Firewalls that include application level gateways (example: FTP command session inspection), web application firewalls (including stuff marketed as next-generation whatever) or any other devices that performs deep packet inspection have to include full-blown TCP stack including retransmissions, packet reordering and IP fragment reassembly. A device that doesn’t do all of the above will eventually be spoofed (aka Fernando Gont will eventually get you with the right sequence of extension headers).

The post Worth Reading: Should Firewalls Track Sequence Numbers? appeared first on 'net work.

Worth Reading: Beyond Open Standards

Traditionally, open standards organizations (particularly the IETF) have been populated by vendors selling software embedded in hardware. What happens to open standards when the software is separated from the software through a trend like NFV? Does this mean the end of open standards? As we are currently moving towards disaggregation at LinkedIn, the relationship between open standards and the disaggregation process has become for me a matter that requires some serious thought. -via network computing

The post Worth Reading: Beyond Open Standards appeared first on 'net work.

Cultivate questions

Imagine that you’re sitting in a room interviewing a potential candidate for a position on your team. It’s not too hard to imagine, right, because it happens all the time. You know the next question I’m going to ask: what questions will you ask this candidate? I know a lot of people who have “set questions” they use to evaluate a candidate, such as “what is the OSPF type four for,” or “why do some states in the BGP peering session not have corresponding packets?” Since I’ve worked on certifications in the past (like the CCDE), I understand the value of these sorts of questions. They pinpoint the set and scope of the candidate’s knowledge, and they’re easy to grade. But is easy to grade what we should really be after?

Let me expand the scope a little: isn’t this the way we see our own careers? The engineer with the most bits of knowledge stuffed away when they die wins? I probably need to make a sign that says that, actually, just to highlight the humor of such a thought.

The problem is it simply isn’t a good way to measure an engineer, including the engineer reading this Continue reading

Worth Reading: Don’t Do Anything Twice

Automation is also a great labor multiplier, just like IT as a broader spectrum. Automation takes the time you would have spent doing the tasks and frees you up to do other things. Like more automation, which gives you more time, which lets you do more automation, etc, etc. Eventually, you’ll free up enough time in your day to spend your focus on enhancing your environment. Maybe you’ll finally get the time to tinker with Puppet or Docker. If you’re really lucky, you may even get the time to try out NSX in that lab you built a year ago and never got to use! -va packet pushers

The post Worth Reading: Don’t Do Anything Twice appeared first on 'net work.

Buenas Aires Penguins

The post Buenas Aires Penguins appeared first on 'net work.

Worth Reading: Cisco/Arista Lawsuit

The dispute between Arista Networks and Cisco heated up this week. Arista, the target of a lawsuit by Cisco for the past year over claims of copyright and patent infringement, leveled its own countersuit. This countersuit claims that Cisco violated the Sherman Antitrust Act by encouraging the industry to use Cisco’s CLI commands as a standard, then turning around and suing companies that embraced that CLI standard. -va network computing

The post Worth Reading: Cisco/Arista Lawsuit appeared first on 'net work.

Research ‘net 0x1339ECC: The cloud begins with coal

So is reading a book on your e-reader really cheaper than reading it in hardback? I know I do most of my reading electronically now, but that’s mostly because I fly a lot and I don’t want to carry a lot of books, and because I find it faster to take notes (and find them later) in electronic formats. But cheaper? I doubt it, really. Consider this:

The information economy is a blue-whale economy with its energy uses mostly out of sight. Based on a mid-range estimate, the world’s Information-Communications-Technologies (ICT) ecosystem uses about 1,500 TWh of electricity annually, equal to all the electric generation of Japan and Germany combined — as much electricity as was used for global illumination in 1985. The ICT ecosystem now approaches 10% of world electricity generation. Or in other energy terms – the zettabyte era already uses about 50% more energy than global aviation. Reduced to personal terms, although charging up a single tablet or smart phone requires a negligible amount of electricity, using either to watch an hour of video weekly consumes annually more electricity in the remote networks than two new refrigerators use in a year. And as the world continues to Continue reading

Worth Reading: The Challenges of IPv6 and DNSSEC

The purpose of this post is to share feedback, in the form of an analogical exercise, on the respective careers of IPv6 and DNSSEC and the challenges facing both technologies. I have decided to focus on the similitudes between IPv6 and DNSSEC rather than dwell on what separates them, especially as both technologies are derived from functional / protocol layers that are fundamentally different. -via circleid

The post Worth Reading: The Challenges of IPv6 and DNSSEC appeared first on 'net work.

Security ‘net 0x1339ECB: Who let the malware out?

According to ScadaFence, as quoted by Computer Weekly, industrial control systems are up next on hacker’s lists as a prime malware target. Apparently, they’ve grown tired of just defacing web sites and the like, and are moving to hard targets in meat space. What kind of damage could they do? Well, consider this attack, by way of Bruce Schneier:

We’re heading toward a world where driverless cars will automatically communicate with each other and the roads, automatically taking us where we need to go safely and efficiently. The confidentiality threats are real: Someone who can eavesdrop on those communications can learn where the cars are going and maybe who is inside them. But the integrity threats are much worse. Someone who can feed the cars false information can potentially cause them to crash into each other or nearby walls. Someone could also disable your car so it can’t start. Or worse, disable the entire system so that no one’s car can start.

Bruce Schneier moves the needle a little farther, discussing the current security model of confidentiality, integrity, and availability, and how it won’t work in the world that we’re building. Instead, he argues that it’s time to rethink our Continue reading

Worth Reading: Disaggregation at LinkedIn

Disaggregation has been on the top of my mind a good bit recently, partially because of our work at LinkedIn around this topic. Zaid has just posted a piece on the LinkedIn Engineering Blog about Project Falco, which is our internal disaggregation project for our data centers. Just a little taste to convince you to jump over there and read this one, because I think this sort of thing will have a major impact in the networking industry over the next three to five years.

Pigeon is a 3.2Tbps switching platform that can be used as a leaf or spine switch. Pigeon is our first foray into active switch software development. We are not venturing into developing our own switch because we aspire to become experts in the switching and routing space, but because we want control of our destiny. We continue to be supportive of our commercial vendors and work with them in a decoupling model.

The post Worth Reading: Disaggregation at LinkedIn appeared first on 'net work.

Worth Reading: What They’re Not Telling You About Global Deduplication

When it comes to endpoint backup, is global deduplication a valuable differentiator? Not if data security and recovery are your primary objectives. Backup vendors that promote global deduplication say it minimizes the amount of data that must be stored and provides faster upload speeds. What they don’t say is how data security and recovery are sacrificed to achieve these “benefits.” -via csa

The post Worth Reading: What They’re Not Telling You About Global Deduplication appeared first on 'net work.

Technology ‘net 0x1339ECA: 2015 Measured and Plumbed

One of the great things about APNIC is the amount of information about the state of the Internet Geoff Huston puts out each year. He’s recently posted two studies on the state of BGP and the state of IPv4 addresses as of 2015; they’re both well worth reading in full, but here are several key takeaways of particular interest.

BGP in 2015
Addressing in 2015

First, the size of the global (DFZ) table has crossed 512,000 routes. While the actual table size varies by your view of the network (BGP is a path vector protocol, which has many of the same attributes as a distance-vector protocol, including multiple views of the network), this is the first time the route view servers have actually crossed that number. Why is 512,000 a magic number? If there are 512,000 routes, there are likely 512,000 FIB entries (unless there’s some sort of FIB compression involved), and there are a number of older boxes that cannot support 512,000 routes in their FIB.

Second, the DFZ has been growing at a rate of about 7%-8% per year for a number of years. Given the number of new devices being added to the Internet, how can this Continue reading

Worth Reading: Standardized Models For Networking

From an operator’s perspective, one challenge with network automation is the lack of standard interfaces. In other words, it’s hard to configure a network programmatically if the details vary from device to device. Today, most operators know these differences in the form of CLI syntax. For example, the commands required to configure BGP on a Cisco device running IOS differ from the commands required to accomplish the same task on a Juniper device running Junos. -via packet pushers

The post Worth Reading: Standardized Models For Networking appeared first on 'net work.

Securing BGP: A Case Study (2)

In part 1 of this series, I pointed out that there are three interesting questions we can ask about BGP security. The third question I outlined there was this: What is it we can actually prove in a packet switched network? This is the first question I want dive in too—this is a deep dive, so be prepared for a long series. This question feels like it is actually asking three different things, what we might call “subquestions,” or perhaps “supporting points.” These three questions are:

• If I send a packet to the peer I received this update from, will it actually reach the advertised destination?
• If I send this information to this destination, will it actually reach the intended recipient?
• If I send a packet to the peer I received this update from, will it pass through an adversary who is redirecting the traffic so they can observe it?

These are the things I can try to prove, or would like to know, in a packet switched network. Note that I want to intentionally focus on the data plane and then transfer these questions to the control plane (BGP). This is the crucial point to remember: If I Continue reading

Worth Reading: Inside the Internet Archive

To most of the web surfing public, the Internet Archive’s Wayback Machine is the face of the Archive’s web archiving activities. Via a simple interface, anyone can type in a URL and see how it has changed over the last 20 years. Yet, behind that simple search box lies an exquisitely complex assemblage of datasets and partners that make possible the Archive’s vast repository of the web. How does the Archive really work, what does its crawl workflow look like, how does it handle issues like robots.txt, and what can all of this teach us about the future of web archiving? -via forbes

The post Worth Reading: Inside the Internet Archive appeared first on 'net work.

Beunos Aires at Night

The post Beunos Aires at Night appeared first on 'net work.