Worth Reading: Disconnecting from Facebook

The smartphone has effectively transformed us into cyborgs, we have in our hands a highly efficient computing device equipped with a photo and video camera, microphone, GPS, accelerometer, gyroscope, magnetometer, light and proximity sensors, as well as other features that allow creation of increasingly useful, impressive and addictive applications. —Joao Carlos Caribe @CircleID

Worth Reading: Connectivity as a consumer service

Having Comcast et al provide Internet connectivity is like having your barber do surgery because he knows how to use a knife. I was reminded of this when my Comcast connection failed. —Bob Frankston @CircleID

On the ‘net: GPU’s and Composable Systems

Advances in computing often come from odd angles; routing and switching came out of the need to connect multiple proprietary systems in some way, locally and over long distances (hence the long standard emphasis on open standards and interoperability in the network engineering world). Another interesting development of this type is the boom in Graphic Processing Units (GPUs). @GestaltIT

Worth Reading: Latency wags the dog

The expression, the tail wags the dog, is used when a seemingly unimportant factor or infrequent event actually dominates the situation. It turns out that in modern datacenters, this is precisely the case – with relatively rare events determining overall performance. —Kevin Deierling @The Next Platform

Worth Reading: Model driven telemmetry

Telemetry is a big buzzword in the networking industry these days. As any buzzword, telemetry means different things to different people; exactly like SDN or intent-based networking (I guess this one will need its own blog entry at some point in time). —Benoit Claise

Deconfusing the Static Route

Configuring a static route is just like installing an entry directly in the routing table (or the RIB).

I have been told this many times in my work as a network engineer by operations people, coders, designers, and many other folks. The problem is that it is, in some routing table implementations, too true. To understand, it is best to take a short tour through how a typical RIB interacts with a routing protocol. Assume BGP, or IS-IS, learns about a new route that needs to be installed in the RIB:

• The RIB into which the route needs to be installed is somehow determined. This might be through some sort of special tagging, or perhaps each routing process has a separate RIB into which it is installing routes, etc.. In any case, the routing process must determine which RIB the route should be installed in.
• Look the next hop up in the RIB, to determine if it is reachable. A route cannot be installed if there is no next hop through which to forward the traffic towards the described destination.
• Call the RIB interface to install the route.

The last step results in one of two possible reactions. The first Continue reading

Worth Reading: OpenPower at the inflection point

When IBM launched the OpenPower initiative publicly five years ago, to many it seemed like a classic case of too little, too late. But hope springs eternal, particularly with a datacenter sector that is eagerly and actively seeking an alternative to the Xeon processor to curtail the hegemony that Intel has in the glass house. —Timothy Prickett Morgan @The Next Platform

Oriental Lantern

Weekend Reads 033018: Olympic Destroyer, SONiC, and all the rest

The crippling Olympic Destroyer attack that hit several systems supporting the Pyeongchang Winter Olympics last month may have forever changed the game of attack attribution: the sophisticated attackers created a convincing forgery of malware associated with the North Korean nation-state Lazarus Group, fooling several experts who initially pinned the blame for the attacks on the DPRK. —Kelly Jackson Higgins @Dark Reading

SONiC is the default switch OS powering Azure and many other parts of the Microsoft Cloud. Since last year’s Summit, we have grown its footprint substantially and are now also powering services such as our AI platform, making sure researches have the very best experience when working on solving some of the world’s most pressing problems. —Yousef Khalidi @Azure

For decades, academics and technologists have sparred with the government over access to crypographic technology. In the 1970s, when crypto started to become an academic discipline, the NSA was worried, fearing that they’d lose the ability to read other countries’ traffic. And they acted. For example, they exerted pressure to weaken DES. —Steve Bellovin @CircleID

Cybersecurity attacks have become a weekly occurrence in many news columns. One recent example was that of one of our customers, QIWI payment system, successfully Continue reading

Worth Reading: FRR turns one

The Free Range Routing project, a project we at Cumulus Networks set out to collaborate on with innovators in the industry to help shape the future of web-scale networking. —Kelsey Havens @Cumulus

History of Networking: Dinesh Dutt on the divergence of compute and networking

Worth Reading: One QUIC bit

I’m never surprised by the ability of an IETF Working Group to obsess over what to any outside observer would appear to be a completely trivial matter. —Geoff Huston @APNIC

Worth Reading: The problem with self-driving cars

Whatever happened to baby steps? @I, Cringely

Updated Icons

I’ve updated the icon set to add two switches—yes, they are square.

Policing, Shaping, and Performance

Policing traffic and shaping traffic are two completely different things, but it is hard to know, in the wild, what the impact of one or the other will have on a particular traffic flow, or on the performance of applications in general. While the paper under review here, An Internet-Wide Analysis of Traffic Policing, is largely focused on the global ‘net, specifically from a content provider’s perspective, it contains lessons for just about every network operator who needs to manage Quality of Service (QoS) in a sane and meaningful way.

Flach, Tobias, Pavlos Papageorge, Andreas Terzis, Luis Pedrosa, Yuchung Cheng, Tayeb Karim, Ethan Katz-Bassett, and Ramesh Govindan. 2016. “An Internet-Wide Analysis of Traffic Policing.” In Proceedings of the 2016 ACM SIGCOMM Conference, 468–482. SIGCOMM ’16. New York, NY, USA: ACM. https://doi.org/10.1145/2934872.2934873.

Traffic policing involves setting up a queue with a pool of tokens. For some unit of traffic—assume a packet here—received, a token is consumed. When a packet is transmitted, the token is added back to the pool. If the pool is sized correctly, short bursts in the traffic stream will be allowed through, but if the application attempts to establish a session using more bandwidth Continue reading

Worth Reading: The forgotten half

In 2008, network researcher Dan Kaminsky announced a DNS vulnerability that would let any determined attacker, for the cost of about 10 minutes of packet bombing, insert data into the DNS such that any victim could be made to see whatever an attacker wanted them to see. —Paul Vixie and Joe St. Sauver @farsight

Worth Reading: White papers don’t impress me much

Typically, most companies release white papers that claim to detail their architecture (or math, as one claimed). In reality, and with rare exception (Datrium actually comes to mind here), they’re little more than five to seven pages of marketing-style technical claims with no citations or justification. —Rachel Traylor @The Math Citadel

Short Take: Complexity Wormhole

Worth Reading: GEO versus MEO

Until the advent of medium earth orbit (MEO) provider O3b (short for ‘Other 3 billion [users]’), geostationary (GEO) satellites were the only option for such ISPs. That meant huge dish antennas and, most of all, bandwidth prices of many hundreds of dollars per megabit per second per month (Mbps/month). —Ulrich Speidel @APNIC

Worth Reading: Magical thinking on Internet security

Most of us expect Internet security spending to increase from $70B to $140B by the end of this decade. But even at $70B, our spending is in the same order of magnitude as our losses. —Paul Vixie @Far Sight Security