Worth Watching: The Economics of the Internet

Old economics explains the new economy well. When we buy something, we spend time and money searching for it, comparing it with other products, negotiating a price, and ensuring that we get what we paid for. This is what economists call ‘transaction costs.’ The internet dramatically reduces these costs, making it cheaper for people, businesses and governments to do business. -via the World Bank

The post Worth Watching: The Economics of the Internet appeared first on 'net work.

Securing BGP: A Case Study (3)

To recap (or rather, as they used to say in old television shows, “last time on ‘net Work…”), this series is looking at BGP security as an exercise (or case study) in understanding how to approach engineering problems. We started this series by asking three questions, the third of which was:

What is it we can actually prove in a packet switched network?

From there, in part 2 of this series, we looked at this question more deeply, asking three “sub questions” that are designed to help us tease out the answer this third question. Asking the right questions is a subtle, but crucial, part of learning how to deal with engineering problems of all sorts. Those questions can be summed up as:

• Is the path through this peer going to pass through someone I don’t want it to pass through?
• Is the path this peer is advertising a valid route to the destination?

Let’s quickly look at the first of these two to see why it’s not provable in the context of a packet switched network, using the network diagram below.

When working with BGP at Internet scale, we tend to think of an autonomous system as one “thing”—we Continue reading

Worth Reading: Virtualization Slides

Server virtualization is a relatively heavy way to drive up utilization on servers, and it has been particularly well suited for Windows workloads where various container technologies have not yet been brought to bear. … While enterprises are not apt to change platforms quickly, the slowing growth in server virtualization means they have virtualized the stacks they can and that they are probably looking at how they might deploy containers either on top of or instead of virtual machines. -via the next platform

The post Worth Reading: Virtualization Slides appeared first on 'net work.

EIGRP Basic Operation

The post EIGRP Basic Operation appeared first on 'net work.

Loss of Carrier

The post Loss of Carrier appeared first on 'net work.

IS-IS Deployment in IP Networks

The post IS-IS Deployment in IP Networks appeared first on 'net work.

Optimal Routing Design

Optimal Routing Design provides the tools and techniques, learned through years of experience with network design and deployment, to build a large-scale or scalable IP-routed network. The book takes an easy-to-read approach that is accessible to novice network designers while presenting invaluable, hard-to-find insight that appeals to more advanced-level professionals as well.

The post Optimal Routing Design appeared first on 'net work.

Practical BGP

“I would recommend this book to network engineers, Internet service providers, network software developers, and IT staff who need to deal with network planning and routing.”

The post Practical BGP appeared first on 'net work.

Art of Network Architecture

The Art of Network Architecture is the first book that places business needs and capabilities at the center of the process of architecting and evolving networks. Two leading enterprise network architects help you craft solutions that are fully aligned with business strategy, smoothly accommodate change, and maximize future flexibility

The post Art of Network Architecture appeared first on 'net work.

Navigating Network Complexity

Navigating Network Complexity is the first comprehensive guide to managing this complexity in both deployment and day-to-day operations.

The post Navigating Network Complexity appeared first on 'net work.

Worth Reading: Making IPv6 Work

Wouldn’t it be nice if turning on IPv6 really was ‘press one button and the rest is magic’ easy? For some things, it is. If you’re talking about client-side, enabling an IPv4-only home service on DSL or fibre really can be this simple, because all the heavy lifting is being done inside your ISP: you’re not enabling IPv6 in the network, you’re turning on the last mile. It was knocking at your door and you just had to let it in. -via circleid

The post Worth Reading: Making IPv6 Work appeared first on 'net work.

Beach Bird

The post Beach Bird appeared first on 'net work.

Worth Reading: Net Ring Buffers

The problem with things like netmap is that it means the network hardware no longer is a shareable resource, but instead must be reserved for a single application. This violates many principles of a “general purpose operating system”. In addition, it ultimately means that the application is going to have to implement it’s own TCP/IP stack. That means it’s going to repeat all the same mistakes of the past, such as “ping of death” when a packet reassembles to more then 65536 bytes. This introduces a security problem. But these criticisms are nonsense. -via errata security

The post Worth Reading: Net Ring Buffers appeared first on 'net work.

Research ‘net 0x1339ED3: Traffic engineering versus network complexity

Since spending quality time with complexity theory when writing Navigating Network Complexity, I’ve started seeing the three sided complexity problem crop up all over the place. Remember this? Fast, high quality, cheap: choose two. We face this problem in a number of ways in network design. A recent (last year) paper by researchers from University of Louvain, ETH Zürich and Princeton have figured out how to engineer traffic in a straight IP network (no MPLS) by injecting false nodes into the shortest path tree. You can read the paper here, and listen to Ivan’s podcast with one of the authors here.

What’s interesting to me is the direct tradeoff this paper represents between the amount of state in the control plane and optimal traffic flow through the network. Adding state does, in fact, allow you to optimize traffic flow—at the cost of calculating the state and injecting it into your control plane (in this case OSPF). This state must be carried through the network, increasing the amount of state in the network, and it must change as traffic flows change, increasing the speed at which the state changes in the network. Finally, this idea opens up a new interaction surface Continue reading

Worth Reading: WAN Technology is Changing

For many of us, the price of WAN connectivity is the price. Rotary shopping the few providers available for a given location isn’t going to net much difference. We have been trained for decades to simply hold our noses, eat what’s put on the plate in front of us and pretend we like it. Hybrid WAN technologies are changing this.

The post Worth Reading: WAN Technology is Changing appeared first on 'net work.

Security ‘net 0x1339ED2: Security begins with you

I’m a couple of days late with this post for Data Privacy Day,, but not too late for Data Privacy Month (February). I wanted to highlight it anyway (and maybe I’ll put it on my calendar so I don’t forget next year). The point, of course (“you don’t need to have a point to have a point”) is that each and every one of us—that’s you and I, in case you’ve not gotten it yet—need to take security seriously. Security begins with you. To this end, the Cloud Security Alliance has a good post up on what you can do to improve data privacy.

Why are end users so mistake-prone? Because, frankly, most don’t care. They think data security is IT’s problem—that if IT does its “job” and filters out the threats, they have nothing to worry about. Moreover, when they do something stupid, they think it’s IT’s job to come to the rescue. They don’t understand the risks they create for the company or the fact that once rung they can’t unring the bell. So, they go on ignoring security policies and finding creative workarounds for security measures that inconvenience them—such as utilizing “shadow IT.”

Continue reading

Worth Reading: How to Defend Your Backlog

So there you are, once again in the center of what you expect will quickly become a whirlwind of escalations. Your backlog has been carefully crafted over the past months into a well balanced and well groomed condition and it has taken an enormous amount of effort to get it like that.

The post Worth Reading: How to Defend Your Backlog appeared first on 'net work.

Technology ‘net 0x1339ED1: Cloudy Business Cycles

The cloud is definitely having an impact on business cycles, but how much? There are at least two sides to this story; let’s take a look at both. First there is the continued growth of Amazon Web Services (AWS). According to the Next Platform, this chart represents the various options for the growth of AWS over the next decade or so:

It looks like, based on this projection, that AWS can keep growing at a fairly strong pace for a while yet longer. Of course, there are many factors that might impact this growth. For instance, one thing the original post points out is that recessions slow down spending in fixed IT and drive up spending in flexible IT. A recession, then, might improve the bottom line for AWS. The opposite of this, however, is that when companies can afford to build infrastructure, they tend to. There are, believe it or not, still justifications for building your own data center, especially if you can afford it.

There are other points to consider, however, as well, in the relationship between the network and business cycles. For instance, if open source and white box start bleeding out of the largest networks into Continue reading

Worth Reading: Should Firewalls Track Sequence Numbers?

Firewalls that include application level gateways (example: FTP command session inspection), web application firewalls (including stuff marketed as next-generation whatever) or any other devices that performs deep packet inspection have to include full-blown TCP stack including retransmissions, packet reordering and IP fragment reassembly. A device that doesn’t do all of the above will eventually be spoofed (aka Fernando Gont will eventually get you with the right sequence of extension headers).

The post Worth Reading: Should Firewalls Track Sequence Numbers? appeared first on 'net work.

Worth Reading: Beyond Open Standards

Traditionally, open standards organizations (particularly the IETF) have been populated by vendors selling software embedded in hardware. What happens to open standards when the software is separated from the software through a trend like NFV? Does this mean the end of open standards? As we are currently moving towards disaggregation at LinkedIn, the relationship between open standards and the disaggregation process has become for me a matter that requires some serious thought. -via network computing

The post Worth Reading: Beyond Open Standards appeared first on 'net work.