On the Web: Openfabric at IPspace

I was over at ipspace to talk to Ivan and several other folks about openfabric. This is one of those situations where… Well, the algorithm openfabric uses to calculate fabric location has changed slightly in the last week. Welcome to the world of networking technology.

As always, we started with the “what’s wrong with what we have right now, like using BGP as a better IGP” question, resulting in “BGP is becoming the trash can of the Internet”. You can probably guess the next set of intro questions: “Do we need policies and traffic engineering in a high-speed data center fabric?” Finally, we got to discussing OpenFabric, starting with how OpenFabric uses link-state database to modify IS-IS flooding behavior and thus reduces the total amount of flooding in a data center fabric. Next step: how do you know where it’s safe to reduce flooding? You have to figure out whether you’re a leaf or spine, and there are two ways in OpenFabric to solve that challenge.

Worth Reading: The Edge and Cloud

Low latency, reduced bandwidth, reduced backhaul — these are the axioms of edge computing, the process of moving intensive workloads from the cloud out to the edge of the network. —Megan O’Keefe @The New Stack

Worth Reading: Samza Aeon

You can’t fix something if you don’t know there’s a problem. Measuring and tracking the latency of requests through your system is essential to identifying and resolving issues quickly. —Max Wolffe and Akhilesh Gupta @Linkedin Engineering

Whatever is vOLT-HA?

Many network engineers find the entire world of telecom to be confusing—especially as papers are peppered with a lot of acronyms. If any part of the networking world is more obsessed with acronyms than any other, the telecom world, where the traditional phone line, subscriber access, and network engineering collide, reigns as the “king of the hill.”

Recently, while looking at some documentation for the CORD project, which stands for Central Office Rearchitected as a Data Center, I ran across an acronym I had not seen before—vOLT-HA. An acronym with a dash in the middle—impressive! But what is, exactly? To get there, we must begin in the beginning, with a PON.

There are two kinds of optical networks in the world, Active Optical Networks (AONs), and Passive Optical Networks (PONs). The primary difference between the two is whether the optical gear used to build the network amplifies (or even electronically rebuilds, or repeats) the optical signal as it passes through. In AONs, optical signals are amplified, while ins PONs, optical signals are not amplified. This means that in a PON, the optical equipment can be said to be passive, in that it does not modify the optical signal in Continue reading

Worth Reading: The Exploding Enpoint Problem

The future consumer will expect to access all human knowledge and services on-demand, using devices that fit in their pocket, and all for the price of a meal. This requires a digital experience that can connect anything to anything and continuously adapt to changing data and services. —Tyler Jewell @The New Stack

Pipes & Lights

Weekend Reads 042018: Mostly DNS Security Stuff

For many, the conversation about online privacy centers around a few high-profile companies, and rightly so. We consciously engage with their applications and services and want to know who else might access our information and how they might use it. But there are other, less obvious ways that accessing the World Wide Web exposes us. In this post we will look at how one part of the web’s infrastructure, the Domain Name System (DNS), “leaks” your private information and what you can do to better protect your privacy and security. Although DNS has long been a serious compromise in the privacy of the web, we’ll discuss some simple steps you can take to improve your privacy online. —Stan Adams @CDT

Cloudflare, the internet security and performance services company, announced a new service called “Spectrum.” The service gets its name from the fact that Cloudflare aims to offer DDoS protection for the whole “spectrum” of ports and protocols for its enterprise customers. @Tom’s Hardware

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication. In order to trick Continue reading

Worth Reading: DevOps and component chaos

Modern software development is trending more toward a componentized approach because developers would rather assemble something using a variety of well-built pieces of third-party code than reinvent the wheel every time they create something new. The approach has done wonders for speed and agility, but it’s increasing a lot of enterprise attack surfaces because too few organizations are keeping up with the vulnerabilities these components pose. —Ericka Chickowski @Dark Reading

The Network Collective One Year Anniversary Show: War Stories

Worth Reading: White box switching

White box switching seems to be all the networking hype. For some in-depth research, check out this podcast from packet pushers about ATT making its move into white box switching. Cisco is also committed to offering a decoupled version of IOS-XR from Cisco hardware to enable running their NOS on OCP (open compute project) compliant hardware aka “white box switching.” Fascinating stuff, but what’s the big deal? Well, I’m going to try and make a comparison. —Javi Isolis

Worth Reading: Topology Basics Part 2

In spaces like the real numbers, there is convenient framework available to quantify closeness and proximity, and which allows naturally for a definition of limit or tendency for sequences. In a general topological space missing this skeletal feature, convergence must be defined. —Rachel Traylor @The Math Citadel

Short Take: Disaggregating Firewalls

<div style=”width: 75%; float: left;”>

</div>

Worth Reading: A new JPEG

Why do virtual reality headsets make users nauseous? One reason is latency, or the almost imperceptible amount of time it takes for a display image to change in response to a user’s head movement. However, the Joint Photographic Experts Group (JPEG) has just introduced a new image compression standard that could resolve this problem. —Laure-Anne Pessina @Mediacom

Worth Reading: Microsegmentation

Network segmentation is a best-practice strategy for reducing the attack surface of data center networks. Just as the watertight compartments in a ship should contain flooding if the hull is breached, segmentation isolates servers and systems into separate zones to contain intruders or malware, limiting the potential security risks and damage. —Avishai Wool @Dark Reading

OSPF Topology Transparent Zones

Anyone who has worked with OSPF for any length of time has at least heard of areas—but perhaps before diving into Topology Transparent Zones (TTZs), a short review is in order.

In this diagram, routers A and B are in area 0, routers C and D are Area Border Routers (ABRs), and routers E, F, G, H, and K are all in area 1. The ABRs, C and D, do not advertise the existence of E, F, G, H, or K to the routers in area 0, nor the links to or between any of those routers. Any reachable destinations in area 1 are advertised using a em>summary LSA, or a type 3 LSA, towards A and B. From the perspective of A and B, 100::/64 and 101::/64 would be advertised by C and D as directly connected destinations, using the cost from C and D to each of these two destinations, based on a summary LSA.

What if you wanted to place H and K in their own area, with G as an ABR, behind the existing area 1? You cannot do this in OSPF using any form of a standard flooding domain, or area. There is no way Continue reading

Worth Reading: Blockers for IPv6 adoption

On a recent flight from the UK to the USA I sat next to the IT director for a global corporation. He asked me why I was travelling, to which I answered that I was giving the keynote presentation at an IPv6 conference held by the US Federal government. Without hesitation, his response was “IPv6 is not even on my radar”. —David Holder @APNIC

Worth Reading: Why people need to collide more

That’s why we’re observing that some of the most successful organizations today are those capable of shifting the way they think about the value of the interactions in the workplace. And to do that, they’ve radically altered their approach to management and leadership. —Jim Whitehurst

Reaction: DNS Complexity Lessons

Recently, Bert Hubert wrote of a growing problem in the networking world: the complexity of DNS. We have two systems we all use in the Internet, DNS and BGP. Both of these systems appear to be able to handle anything we can throw at them and “keep on ticking.”

But how far can we drive the complexity of these systems before they ultimately fail? Bert posted this chart to the APNIC blog to illustrate the problem—

I am old enough to remember when the entire Cisco IOS Software (classic) code base was under 150,000 lines; today, I suspect most BGP and DNS implementations are well over this size. Consider this for a moment—a single protocol implementation that is larger than an entire Network Operating System ten to fifteen years back.

What really grabbed my attention, though, was one of the reasons Bert believes we have these complexity problems—

DNS developers frequently see immense complexity not as a problem but as a welcome challenge to be overcome. We say ‘yes’ to things we should say ‘no’ to. Less gifted developer communities would have to say no automatically since they simply would not be able to implement all that new stuff. Continue reading

Worth Reading: The Easy Button

Automation has become this “all-encompassing thingy” much like SDN. It’s a software industry problem and it’s critical more now than ever that we do not slip backwards by trying to drag a broken idea forwards. —David Gee

Weekend Reading 041318: GDPR, and the ever deepening pile of security vulnerabilities

I think we are all hoping that when ICANN meets with the DPAs (Digital Protection Authorities) a clear path forward will be illuminated. We are all hoping that the DPAs will provide definitive guidance regarding ICANN’s interim model and that some special allowance will be made so that registrars and registries are provided with additional time to implement a GDPR-compliant WHOIS solution. —Matt Serlin @CircleID

Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. —Swati Khandelwal @The Hacker News

With the growing presence and sophistication of online threats like viruses, ransomware, and phishing scams, it’s increasingly important to have the right protection and tools to help protect your devices, personal information, and files from being compromised. Microsoft already provides robust security for Office services, including link checking and attachment scanning for known viruses and phishing threats, encryption in transit and at rest, as well as powerful antivirus protection with Windows Defender. Today, we’re announcing new advanced protection capabilities coming to Office 365 Home and Office 365 Personal subscribers to Continue reading