Archive

Category Archives for "Russ White"

Hedge 134: Ten Things

One of the many reasons engineers should work for a vendor, consulting company, or someone other than a single network operator at some point in their career is to develop a larger view of network operations. What are common ways of doing things? What are uncommon ways? In what ways is every network broken? Over time, if you see enough networks, you start seeing common themes and ideas. Just like history, networks might not always be the same, but the problems we all encounter often rhyme. Ken Calenza joins Tom Ammon, Eyvonne Sharp, and Russ White to discuss these common traits—ten things I know about your network.

download

On Building a Personal Brand

How do you balance loyalty to yourself and loyalty to the company you work for?

This might seem like an odd question, but it’s an important component of work/life balance many of us just don’t think about any longer because, as Pete Davis says in Dedicated, we live in a world of infinite browsing. We’re afraid of sticking to one thing because it might reduce our future options. If we dedicate ourselves to something bigger than ourselves, then we might lose control of our direction. In particular, we should not dedicate ourselves to any single company, especially for too long. As a recent (excellent!) blog post over at the ACM says:

Loyalty is generally a good trait, but extreme loyalty to the organization or mission may cause you to stay in the same job for too long.

The idea that we should control our own destiny, never getting lost in anything larger than ourselves, is ubitiquos like water is to a fish. We don’t question it. We don’t argue. It is just true. We assume there are three people who are going to look after “me:” me, myself, and I.

I get it. Honestly, I do. I’ve been there Continue reading

Controversial Reads 061122


In the hands of police and other government agencies, face recognition technology presents an inherent threat to our privacy, free expression, information security, and social justice.


From social credit scores and online censorship to electronic billboards that display a citizen’s “violations” like jaywalking, surveillance is a part of everyday life for millions of Chinese people.


But there’s a much bigger threat to democracy coming out of Silicon Valley and it’s this: America’s largest financial and tech increasingly act as independent countries, routinely exporting jobs, money and technology to our most significant global adversary.


It’s difficult to overstate how dramatic this shift is, both in substance and in tone. Overpaying, and even coddling, talented engineers has, for years, been seen as a point of pride among tech’s leadership class.


Excessive centralization can stymie coordination and erode freedom, democracy, and economic dynamism—decentralization is supposed to be the remedy. But the term on its own is too vague to be a coherent end goal.


In early March, weeks after senators advanced a sweeping bill to expand competition in the tech industry, a regional newspaper more than 2,000 miles from Silicon Valley ran a defensive op-ed.


Raskin didn’t foresee how tech giants would exploit Continue reading

Weekend Reads 061022


Alongside the announcement of Ryzen 7000 processors, AMD revealed a new technology coming to the platform: Smart Access Storage.


The web of global intermediary liability laws has grown increasingly vast and complex as policymakers around the world move to adopt stricter legal frameworks for platform regulation.


Like other kinds of computing, if you put garbage data into a machine learning training run and then pour new data through it, what comes out as the answer is puréed garbage.


A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products.


Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear.


By expanding the breadth of device-to-application solutions with IPv6, LoRaWAN’s addressable IoT market is also broadened to include internet-based standards required in smart electricity metering and new applications in smart buildings, industries, logistics, and homes.


Earlier this year, the LockBit group posted a table listing encryption speeds for more than 30 ransomware families, highlighting the fact that LockBit 2.0 was the fastest.


In this post, I’ll Continue reading

Learning BGP Module 2 Lesson 6: Next Hops – Video

In the final installment of this series, Russ White covers BGP next hops, including: -Next hop in iBGP vs. eBGP -Multi-access links -Route reflectors -Route servers You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and Greg, plus selected […]

The post Learning BGP Module 2 Lesson 6: Next Hops – Video appeared first on Packet Pushers.

Hedge 133: Brooks Westfield and Multifactor Testing

Multi-factor testing is one of the most important jobs a vendor takes on—and one of the most underrated. Testing across all possible configurations and use cases is nearly impossible. Brooks Westbrook joins Tom Ammon and Russ White on this episode of the Hedge to talk about the complexity of multi-factor testing and some of the consequences of that complexity.

download

Revisiting BGP Convergence

My video on BGP convergence elicited a lot of . . . feedback, mainly concerning the difference between convergence in a data center fabric and convergence in the DFZ. Let’s begin here—BGP hunt and the impact of the MRAI are very real in the DFZ. Withdrawing a route can take several minutes.

What about the much more controlled environment of a data center fabric?

Several folks pointed out that the MRAI is often set to 0 in DC fabrics (and many implementations by default). Further, almost all implementations will use an MRAI of 0 for the first received update, holding the second and subsequent advertisements by the MRAI. Several folks also pointed out that all the paths through a DC fabric are the same length, so the second part of the equation is also very small.

These are good points—how do they impact BGP convergence? Let’s use the network below, a small slice of a five-stage butterfly fabric, to think it through. Assume every router is in a different AS, so all the peering sessions are eBGP.

Start with A losing its connection to 101::/64—

  • T1: A withdraws its route from B and C
  • T2: B withdraws its route from D and E, Continue reading

Weekend Reads 060322

This edition of weekend reads begins with a few straight security stories of interest. I knew key loggers existed in the wild, but the logging of keystrokes before a web form is submitted is apparently a lot more common than I realized—


They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.

Illustrating that security is often a game of “whack-a-mole,” web skimmers are obfuscating their operation—


Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts.

Identity is fraught with problems even in the real world; just as people used to carry “letters of introduction” with them when they moved to a new area or started a new job, identity is often a matter of transitive trust. How to replicate transitive trust in the digital world is still a problem, but it’s also the foundation of decentralized systems—


The central thesis of the decentralized future is that I should be Continue reading

Hedge 132: DNS Complexity and the DNAME

We all intuitively know the DNS is complex—and becoming more complex over time. Describing just how complex, however, is difficult. Siva Kesava and Ryan Beckett just published a research paper taking on the task of describing DNS complexity, particularly in light of the new DNAME record type. It turns out its complex enough that you can no longer really validate zone files.

download

Learning BGP Module 2 Lesson 5: BGP Communities – Video

Russ White’s BGP course moves on to the concept of BGP communities, including the three basic types of communities, as well as no_export and no_advertise communities. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and Greg, plus selected […]

The post Learning BGP Module 2 Lesson 5: BGP Communities – Video appeared first on Packet Pushers.

Weekend Reads 052722

networks and policy

Leading off this weekend, an article by Simon Sharwood on the impact of the centralization of the Internet. I wrote a somewhat longer article on the Public Discourse a while back on the same topic.


The internet has become smaller, the result of a rethinking of when and where to use the ‘net’s intended architecture. In the process it may also have further concentrated power in the hands of giant technology companies.

Is softwarization really going to change the way we build networks from the ground up? I suspect things will change, but they’ve always changed. I also suspect we’ll be hearing about how software is going to eat the world ten years from now, and IPv6 still won’t be fully deployed.


DOCSIS 4.0 is set to deliver faster speeds for cable network operators, but the next generation technology will also spur an operational sea change, telecom consultant Sean McDevitt told Fierce.


By default, the Docker server configures container networks for IPv4-only, so I had a hard time running it in this environment.

security and other technologies

This one on Costa Rica is a serious warning—


A ransomware gang that infiltrated some Costa Rican government computer Continue reading

Hedge 131: Easier for the Computer or the Person?

One of the mainstays of scripting—and now network management—are increasingly focused on making things “easier” for the human operator. Does this focus on making things “easier” for the operator produce a better experience, though? Or does it create frustration as humans try to “outguess” the computer’s programming and process? Join Tom Ammon and Russ White as they discuss the problems with scripting, automation, and ease-of-use.

download

Learning BGP Module 2 Lesson 4: Best Path – Video

This installment of Russ White’s BGP course discusses how the BGP protocol calculates the best path for a route. Topics include: -Routes to discard -Weighting -Shortest AS path -Origin type -Multi-Exit Discriminator (MED) -Oldest eBGP Path -Tiebreakers You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a […]

The post Learning BGP Module 2 Lesson 4: Best Path – Video appeared first on Packet Pushers.

Learning BGP Module 2 Lesson 3: Messages And Updates – Video

Russ White’s BGP course continues with a lesson on messages and updates. Topics include: -BGP Open -BGP Reach -BGP MP-Reach -Address families -BGP Update -Update processing -TCP interaction You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and Greg, […]

The post Learning BGP Module 2 Lesson 3: Messages And Updates – Video appeared first on Packet Pushers.

Weekend Reads 052022


The steepening trajectory towards event-driven and real-time API architecture is imminent.


The idea of this declaration has a lot to do with the “Past of the Internet.” When the Internet was developing in the 1980s and 1990s, it was seen primarily as a tool that would expand individual freedoms worldwide, strengthen democracy, and create prosperity through innovation and economic progress.


I’m not sure that most people understand the extent to which our online experience has moved to the cloud – and this movement to the cloud means we’re using a lot more bandwidth than in the recent past.


Among the many disruptions facing modern communication service providers (CSPs), one of the biggest is the growing role of data centers (DCs) in their business.


A bargain-basement, $5 price tag on a 3-year-old remote access Trojan (RAT) has concerned some security researchers, who see the move as signs of a possible race to the bottom in terms of pricing — or that new, disrupting developers are entering the cybercriminal market.


Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest Continue reading

Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video

Russ White continues the discussion about BGP peering in part two of this lesson. Topics covered include: -Challenges with link-local next hop with IPv6 -How different BGP implementations handle these challenges -Promiscuous peering -Mitigating the attack surface of promiscuous peers -BGP Capabilities -Filtering before advertising/RFC 8212 You can subscribe to the Packet Pushers’ YouTube channel […]

The post Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video appeared first on Packet Pushers.

Learning BGP Module 2 Lesson 1: Peering Part 1 – Video

The first video in this second module of Russ White’s BGP course covers peering, including why BGP uses TCP for transport, passive and active peer, multi-hop peering, collisions, and more. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. […]

The post Learning BGP Module 2 Lesson 1: Peering Part 1 – Video appeared first on Packet Pushers.

1 15 16 17 18 19 164