Archive

Category Archives for "Russ White"

The History of Comm Servers with Kevin Herbert

Communication Servers designed to support hundreds or thousands of users reached their peak capabilities just as dial-up service access began to recede in importance. In fact, many network engineers today have probably never managed a dial-up communications server, which were once used to connect everything from individual users to services like AOL and remote workers to entire sites (hence OSPF’s demand circuit capability). Kevin Herbert joins us to discuss the early work on communication servers, including some of the challenges of working with early networking hardware.

download

Everyone Must Learn to Code

The word on the street is that everyone—especially network engineers—must learn to code. A conversation with a friend and an article passing through my RSS reader brought this to mind once again—so once more into the breach. Part of the problem here is that we seem to have a knack for asking the wrong question. When we look at network engineer skill sets, we often think about the ability to configure a protocol or set of features, and then the ability to quickly troubleshoot those protocols or features using a set of commands or techniques.

This is, in some sense, what various certifications have taught us—we have reached the expert level when we can configure a network quickly, or when we can prove we understand a product line. There is, by the way, a point of truth in this. If you claim your expertise is with a particular vendor’s gear, then it is true that you must be able to configure and troubleshoot on that vendor’s gear to be an expert. There is also a problem of how to test for networking skills without actually implementing something, and how to implement things without actually configuring them. This is a Continue reading

Weekend Reads 091120

In our final article on Kubernetes RBAC, we are focusing on RBAC itself. Everything else in the series led towards this key piece. In part one we discussed authentication and authorization on a high level and in part two we focused specifically on authentication. Now let’s dive into authorization.

LitmusChaos is a CNCF sandbox project. Its mission is to help Kubernetes SREs and developers to find weaknesses in Kubernetes platform and applications running on Kubernetes by providing a complete Chaos Engineering framework and associated chaos experiments.

China’s drive for technological dominance has resulted in a long-term, government-driven national strategy. This includes the creation of native technologies which reflect local policies and politics, micromanagement of the internet from the top down, and the use of international standards development organisations (SDOs), such as the UN agency the International Telecommunication Union (ITU), to legitimize and protect these technologies in the global marketplace.

The implementation of prop-132 (AS0 for unallocated and unassigned spaces) is completed, and APNIC is now publishing an AS0 Route Origin Authorization (ROA) covering the undelegated IPv4 and IPv6 ranges under our management.

Privacy has become a business imperative. May 25, 2020, marked the two-year anniversary of General Data Protection Regulation Continue reading

The Hedge Podcast 51: Tim Fiola and pyNTM

Have you ever looked at your wide area network and wondered … what would the traffic flows look like if this link or that router failed? Traffic modeling of this kind is widely available in commercial tools, which means it’s been hard to play with these kinds of tools, learn how they work, and understand how they can be effective. There is, however, an open source alternative—pyNTM. While this tool won’t replace a commercial tool, it can give you “enough to go on” for many network operators, and give you the experience and understanding needed to justify springing for a commercial product.

download

It Has to Work

From time immemorial, humor has served to capture truth. This is no different in the world of computer networks. A notable example of using humor to capture truth is the April 1 RFC series published by the IETF. RFC1925, The Twelve Networking Truths, will serve as our guide.

According to RFC1925, the first fundamental truth of networking is: it has to work. While this might seem to be overly simplistic, it has proven—over the years—to be much more difficult to implement in real life than it looks like in a slide deck. Those with extensive experience with failures, however, can often make a better guess at what is possible to make work than those without such experience. The good news, however, is the experience of failure can be shared, especially through self-deprecating humor.

Consider RFC748, which is the first April First RFC published by the IETF, the TELNET RANDOMLY-LOSE Option. This RFC describes a set of additional signals in the TELNET protocol (for those too young to remember, TELNET is what people used to communicate with hosts before SSH and web browsers!) that instruct the server not to provide random losses through such things as “system crashes, lost data, Continue reading

Understandability

According to Maor Rudick, in a recent post over at Cloud Native, programming is 10% writing code and 90% understanding why it doesn’t work. This expresses the art of deploying network protocols, security, or anything that needs thought about where and how. I’m not just talking about the configuration, either—why was this filter deployed here rather than there? Why was this BGP community used rather than that one? Why was this aggregation range used rather than some other? Even in a fully automated world, the saying holds true.

So how can you improve the understandability of your network design? Maor defines understandability as “the dev who creates the software is to effortlessly … comprehend what is happening in it.” Continuing—“the more understandable a system is, the easier it becomes for the developers who created it to change it in a way that is safe and predictable.” What are the elements of understandability?

Documentation must be complete, clear, concise, and organized. The two primary failings I encounter in documentation are completeness and organization. Why something is done, when it was last changed, and why it was changed are often missing. The person making the change just assumes “I’ll remember Continue reading

Weekend Reads 090420

Running a bit late this week … ?

Researchers at University College London (UCL) have set a new bandwidth record for fiber optic bandwidth transmission. They’ve been able to communicate through a fiber optic cable at over 178 terabits per second, or 178,000 gigabits per second.

Having spent my career in various roles in IT security, Ivan and I always bounced thoughts on the overlap between networking and security (and, more recently, Cloud/Container) around. One of the hot challenges on that boundary that regularly comes up in network/security discussions is the topic of this blog post: microsegmentation and host-based firewalls (HBFs).

For engineers, instead of whodunit, the question is often “what failed and why?” When a problem occurs, we put on our detective hats and start our mystery-solving process by gathering evidence. The more complex a system, the more places to look for clues. An engineer can find herself digging through logs, poring over traces, and staring at dozens of dashboards.

A vast majority of IoT hardware in homes and offices is vulnerable to attacks that allow devices to be easily taken over and manipulated for malicious purposes.

That said, Intel over the past couple of years has expanded its Continue reading

The Hedge Podcast #49: Karen O’Donoghue and Network Time Security

Time is critical for many of the systems that make the Internet and other operational networks “go,” but we often just assume the time is there and it’s right. In this episode of the Hedge, Karen O’Donoghue joins Alvaro and Russ to talk about some of the many attacks and failures that can be caused by an incorrect time, and current and ongoing work in securing network time in the IETF.

download

The Hedge Podcast #50: The Challenge of Growing People

Many network engineers complain about their companies not giving them opportunities—but how many think about helping the company grow in a way that allows them to have the opportunities they desire? Scott Morris, aka “evil ccie,” joins Tom and Russ on this episode of the Hedge to talk about the challenges of certifications, growing people, and people learning how to grow in a way what improves the business. Sometimes growing means creating opportunities rather than just waiting for them to knock.

download

History of Networking: Networking at Google with Richard Hay

Google fascinates network engineers because of the sheer scale of their operations, and their obvious influence over the way networks are built and operated. In this episode of the History of Networking, Richard Hay joins Donald Sharp and Russ White to talk about some past designs and stories of failure and success in one of the world’s largest operating networks.

download

Weekend Reads 082820

CENTR has published a white paper separating registry lock services into two standardized models. This categorization and the included recommendations can help top-level domain registries (re)design their registry lock services.

Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.

Blockchain technology is going to change everything: the shipping industry, the financial system, government … in fact, what won’t it change? But enthusiasm for it mainly stems from a lack of knowledge and understanding. The blockchain is a solution in search of a problem.

Or you could reduce all of that complexity to a single roll of 25 dice into a plastic box.

Multitenancy is a common pattern in Kubernetes. Many organizations deploy Kubernetes-as-a-Service, where one cluster houses many tenants and workloads. This pattern might sound familiar, as cloud computing services like AWS, Azure, and GCP have enabled multiple customers (tenants) to run their business-critical workloads in a single cluster for years.

As gaming grows in stature in the lives of Americans during the pandemic, it has highlighted the extraordinary grip that two of the four tech companies under investigation have over the white-hot industry.

In general Continue reading

Technologies that Didn’t: The Fiber Distributed Data Interface

Token Ring, in its original form, was—on paper—a very capable physical transport. For instance, because of the token passing capabilities, it could make use of more than 90% of the available bandwidth. In contrast, Ethernet systems, particularly early Ethernet systems using a true “single wire” broadcast domain, cannot achieve nearly that kind of utilization—hence “every device on its own switch port.” The Fiber Distributed Data Interface, or FDDI, is like Token Ring in many ways. For instance, FDDI uses a token to determine when a station connected to the ring can transmit, enabling efficient use of bandwidth.

And yet, Ethernet is the common carrier of almost all wired networks today, and even wireless standards mimic Ethernet’s characteristics. What happened to FDDI?

FDDI is a 100Mbit/second optical standard based on token bus, which used an improved timed token version of the token passing scheme developed for token ring networks. This physical layer protocol standard had a number of fairly unique features. It was a 100Mbit/second standard at a time when Ethernet offered a top speed of 10Mbits/second. Since FDDI could operate over a single mode fiber, it could support distances of 200 kilometers, or around 120 miles. Because it was Continue reading

The White Board and the Simulation

In the argument between OSPF and BGP in the data center fabric over at Justin’s blog, I am decidedly in the camp of IS-IS. Rather than lay my reasons out here, however (a topic for another blog post?), I want to focus on something else Justin said that I think is incredibly important for network engineers to understand.

I think whiteboards are the most important tool for network design currently available, which makes me sad. I wish that wasn’t true, I want much better tools. I can’t even tell you the number of disasters averted by 2-3 great network engineers arguing over a whiteboard.

I remember—way back—when I was working on the problems around making a link-state protocol work well in a Mobile Ad Hoc Network (MANET), we had two competing solutions presented to the IETF. The first solution was primarily based on whiteboarding through various options and coming up with one that should reduce flooding to an acceptable level. The second was less optimal on the whiteboard but supported by simulations showing it should reduce flooding more effectively.

Which solution “won?” I don’t know what “winning” might mean here, but the solution designed on the whiteboard has Continue reading

Weekend Reads 082120

When a zero-day vulnerability is exploited in the wild, it’s essential to identify the bug at the root of the attack. This “root cause analysis” informs researchers how an attack unfolded.

The House Judiciary chairman was closing in on his Perry Mason moment with Facebook CEO Mark Zuckerberg. Fortified with “hot” internal company documents, Rep. Jerrold Nadler was building his case at a hearing that seemed almost like a trial for Facebook and three other tech giants over alleged anti-competitive tactics.

While it’s true consumers have largely moved on, data centers are still looking for higher capacity hard drives. That’s why Western Digital (WD) developed new enterprise drives, which are packing what the company calls “ePMR” (energy-assisted perpendicular magnetic recording). For simplicity’s sake, we’ll stick with energy-assisted magnetic recording (EAMR).

Respondents to Tripwire’s survey revealed that they’re specifically worried about their employers’ cloud security. Indeed, 37% of participants indicated that risk management capabilities in the cloud were at least somewhat worse in the cloud than in other parts of the organization’s infrastructure.

In our previous blog about IcedID, we explored some of the changes in the malware and how it tries to evade detection. We also detailed how threat actors Continue reading

History of Networking: An African Perspective of the Internet

Dawit Bekele began his journey with the Internet while at college—but on returning to Africa, he discovered there was very little connectivity. While he was not involved in the initial stages of engineering the Internet in Africa, he began as an early user and proponent of connecting his home continent, and is now part of the Internet Society, helping to grow connectivity.

download

1 31 32 33 34 35 164