Archive

Category Archives for "Russ White"

Research ‘net 0x1339ED3: Traffic engineering versus network complexity

Since spending quality time with complexity theory when writing Navigating Network Complexity, I’ve started seeing the three sided complexity problem crop up all over the place. Remember this? Fast, high quality, cheap: choose two. We face this problem in a number of ways in network design. A recent (last year) paper by researchers from University of Louvain, ETH Zürich and Princeton have figured out how to engineer traffic in a straight IP network (no MPLS) by injecting false nodes into the shortest path tree. You can read the paper here, and listen to Ivan’s podcast with one of the authors here.research-net

What’s interesting to me is the direct tradeoff this paper represents between the amount of state in the control plane and optimal traffic flow through the network. Adding state does, in fact, allow you to optimize traffic flow—at the cost of calculating the state and injecting it into your control plane (in this case OSPF). This state must be carried through the network, increasing the amount of state in the network, and it must change as traffic flows change, increasing the speed at which the state changes in the network. Finally, this idea opens up a new interaction surface Continue reading

Security ‘net 0x1339ED2: Security begins with you

I’m a couple of days late with this post for Data Privacy Day,, but not too late for Data Privacy Month (February). I wanted to highlight it anyway (and maybe I’ll put it on my calendar so I don’t forget next year). The point, of course (“you don’t need to have a point to have a point”) is that each and every one of us—that’s you and I, in case you’ve not gotten it yet—need to take security seriously. Security begins with you. To this end, the Cloud Security Alliance has a good post up on what you can do to improve data privacy.

Why are end users so mistake-prone? Because, frankly, most don’t care. They think data security is IT’s problem—that if IT does its “job” and filters out the threats, they have nothing to worry about. Moreover, when they do something stupid, they think it’s IT’s job to come to the rescue. They don’t understand the risks they create for the company or the fact that once rung they can’t unring the bell. So, they go on ignoring security policies and finding creative workarounds for security measures that inconvenience them—such as utilizing “shadow IT.”

Continue reading

Technology ‘net 0x1339ED1: Cloudy Business Cycles

The cloud is definitely having an impact on business cycles, but how much? There are at least two sides to this story; let’s take a look at both. First there is the continued growth of Amazon Web Services (AWS). According to the Next Platform, this chart represents the various options for the growth of AWS over the next decade or so:

aws-financials-revenue-forecast-log

It looks like, based on this projection, that AWS can keep growing at a fairly strong pace for a while yet longer. Of course, there are many factors that might impact this growth. For instance, one thing the original post points out is that recessions slow down spending in fixed IT and drive up spending in flexible IT. A recession, then, might improve the bottom line for AWS. The opposite of this, however, is that when companies can afford to build infrastructure, they tend to. There are, believe it or not, still justifications for building your own data center, especially if you can afford it.

There are other points to consider, however, as well, in the relationship between the network and business cycles. For instance, if open source and white box start bleeding out of the largest networks into Continue reading

Cultivate questions

Imagine that you’re sitting in a room interviewing a potential candidate for a position on your team. It’s not too hard to imagine, right, because it happens all the time. You know the next question I’m going to ask: what questions will you ask this candidate? I know a lot of people who have “set questions” they use to evaluate a candidate, such as “what is the OSPF type four for,” or “why do some states in the BGP peering session not have corresponding packets?” Since I’ve worked on certifications in the past (like the CCDE), I understand the value of these sorts of questions. They pinpoint the set and scope of the candidate’s knowledge, and they’re easy to grade. But is easy to grade what we should really be after?

Let me expand the scope a little: isn’t this the way we see our own careers? The engineer with the most bits of knowledge stuffed away when they die wins? I probably need to make a sign that says that, actually, just to highlight the humor of such a thought.

The problem is it simply isn’t a good way to measure an engineer, including the engineer reading this Continue reading

Security ‘net 0x1339ECB: Who let the malware out?

According to ScadaFence, as quoted by Computer Weekly, industrial control systems are up next on hacker’s lists as a prime malware target. Apparently, they’ve grown tired of just defacing web sites and the like, and are moving to hard targets in meat space. What kind of damage could they do? Well, consider this attack, by way of Bruce Schneier:

We’re heading toward a world where driverless cars will automatically communicate with each other and the roads, automatically taking us where we need to go safely and efficiently. The confidentiality threats are real: Someone who can eavesdrop on those communications can learn where the cars are going and maybe who is inside them. But the integrity threats are much worse. Someone who can feed the cars false information can potentially cause them to crash into each other or nearby walls. Someone could also disable your car so it can’t start. Or worse, disable the entire system so that no one’s car can start.

Bruce Schneier moves the needle a little farther, discussing the current security model of confidentiality, integrity, and availability, and how it won’t work in the world that we’re building. Instead, he argues that it’s time to rethink our Continue reading

Worth Reading: Disaggregation at LinkedIn

Disaggregation has been on the top of my mind a good bit recently, partially because of our work at LinkedIn around this topic. Zaid has just posted a piece on the LinkedIn Engineering Blog about Project Falco, which is our internal disaggregation project for our data centers. Just a little taste to convince you to jump over there and read this one, because I think this sort of thing will have a major impact in the networking industry over the next three to five years.

Pigeon is a 3.2Tbps switching platform that can be used as a leaf or spine switch. Pigeon is our first foray into active switch software development. We are not venturing into developing our own switch because we aspire to become experts in the switching and routing space, but because we want control of our destiny. We continue to be supportive of our commercial vendors and work with them in a decoupling model.

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Disaggregation at LinkedIn appeared first on 'net work.

Technology ‘net 0x1339ECA: 2015 Measured and Plumbed

technology-netOne of the great things about APNIC is the amount of information about the state of the Internet Geoff Huston puts out each year. He’s recently posted two studies on the state of BGP and the state of IPv4 addresses as of 2015; they’re both well worth reading in full, but here are several key takeaways of particular interest.

BGP in 2015
Addressing in 2015

First, the size of the global (DFZ) table has crossed 512,000 routes. While the actual table size varies by your view of the network (BGP is a path vector protocol, which has many of the same attributes as a distance-vector protocol, including multiple views of the network), this is the first time the route view servers have actually crossed that number. Why is 512,000 a magic number? If there are 512,000 routes, there are likely 512,000 FIB entries (unless there’s some sort of FIB compression involved), and there are a number of older boxes that cannot support 512,000 routes in their FIB.

Second, the DFZ has been growing at a rate of about 7%-8% per year for a number of years. Given the number of new devices being added to the Internet, how can this Continue reading