Heads Up! A Slight Change to the Internet Society Election Process

I’m writing to the Internet Society community today with a notice that there is a key change to the Procedures for Selecting Trustees starting this year.  This change reduces the duration of voting period from 28 to 14 days in the Internet Society Board of Trustees elections through which Chapters and Organization Members get to elect candidates to the Board.

If you read the 2019-2020 Elections Timetable carefully, you may notice that the Candidates Forum and the voting period are no longer done in parallel. As the below timeline shows, the 28-day period that used to be allocated for voting and the Candidates Forum is now split into two distinct sequential stages: the first 14 days is for the Candidates Forum and the second 14 days is for voting.

This decision was made for two reasons.

The first is to allow candidates to be heard fully before votes are cast. Upon examining the activity log of the last elections, we realized that some voters cast their ballots before the candidates had a chance to interact with the community. Voting before hearing what candidates have to say in the Candidates Forum is detrimental to the elections process as it encourages Continue reading

Juniper Targets VMware, Data Center Complexity With Contrail Insights

Deutsche Telekom, Telefónica, Vodafone Combat Germany’s Dead Zones

Celebrating Veterans Day: Docker Employee Profiles

On Veterans Day, and every day, we give thanks to our veterans. We are fortunate to have Brent Salisbury, Siobhan Casey, and Johnny Gonzalez, as Docker colleagues who were in the United States Marine Corps Reserve, the United States Army Reserve, and the United States Marine Corps. Thank you all for your service, hard work, and dedication. As a thank you for their service, we’re profiling them on our blog.

Brent Salisbury, Software Alliance Engineer

What is your job? 

Software Alliance Engineer.

How long have you worked at Docker?

4.5 years.

Is your current role one that you always intended on your career path? 

Data Networking has been my passion since college. Working at Docker has afforded me the opportunity to help usher in a new software paradigm in what can be achieved in host networking and security versus the traditional proprietary hardware models of the past.

What is your advice for someone entering the field?

It may sound cliche, but find your passion. Everyone in technology is Continue reading

BrandPost: The Benefits of Refreshing Router-Centric WANs with SD-WAN

The advantages of SaaS applications and other cloud services has businesses rethinking their traditional router-centric WAN strategy. That’s because many of today’s business-critical applications carry the twin challenges of needing high performance, especially for latency-sensitive applications such as unified communications, combined with high volumes of data. These requirements can quickly swamp traditional WAN connections that backhaul data and transactions through the data center. Without the ability to connect directly to the internet, application speeds slow and performance suffers.The other challenge is that routers generally only view data at the packet level, with little to no intelligent recognition or prioritization of business applications. As a result, mission-critical SaaS applications must not only compete for bandwidth with other business data, but also with non-essential traffic such as YouTube videos or Spotify streams. Without the ability to recognize, prioritize, and steer connections to business-critical SaaS applications, it’s all just data going in and out of the branch routers. The result is lowered application functionality, user experience, and business results.To read this article in full, please click here

The Week in Internet News: Facebook Moves Forward with Encryption, Despite Concerns

Forging ahead: Facebook plans to move ahead with plans to expand encryption despite concerns from law enforcement agencies that it will be used by criminals, the New York Times reports. Facebook’s decision to expand encryption across its Messenger platform comes after complaints by top law enforcement officials in the United States, United Kingdom, and Australia that Facebook’s plan to encrypt messaging on all its platforms would make it more difficult to find child sex predators and pornographers.

Investigate the ISPs: Mozilla has asked Congress to investigate data collection by Internet service providers following reports that Comcast is lobbying against browser plans to implement the encryption scheme DNS-over-HTTPS, Vice reports. Mozilla’s rollout of DNS-over-HTTPS “has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over internet usage,” the browser maker wrote.

The next billion: The next billion Internet users will have significantly different goals and needs than the first billion, Quartz says. While many observers have talked about the Internet being a tool to deliver basic needs, many new users will be focused on using the Internet for leisure activities, the article predicts. And while many users in the West are focused on privacy, many Continue reading

AT&T Sounds Alarm on 5G Security

BGP Route Reflector in Plain English

BGP Route Reflector in Plain English, in this post, I will explain you the BGP Route Reflector basics, after you read this post, you will be able to answer many questions regarding BGP Route Reflectors.

I am explaining this topic in deep detail in my Onsite CCDE , Live/Webex CCDE , Self Paced CCDE and also my specialized “BGP Zero to Hero” course.

Outline of this post is as below.

• What is BGP Route Reflector ?
• Why BGP Route Reflector is used ?
• What is the alternate methods ?
• Different type of BGP Route Reflectors
• Benefits of BGP Route Reflector
• Problems with the BGP Route Reflector
• BGP Route Reflector Redundancy

To have a great understanding of SP Networks, you can check my new published “Service Provider Networks Design and Perspective” Book. It covers the SP network Technologies with also explaining in detail a factious SP network. Click here
What is BGP Route Reflector ?

A route reflector (RR) is a network routing component for BGP (RFC 4456). It offers an alternative to the logical full-mesh requirement of internal border gateway protocol (IBGP).

Above is the wikipedia definition of BGP Route Reflector. Let’s extend the definition a bit.

BGP Route Reflector Continue reading

Juniper Guns for Cisco, Aruba With Mist AI

What does PE-CE mean in MPLS?

What does PE-CE mean in the context of MPLS ? What is CE , P and PE device in MPLS and MPLS VPN ?

These are foundational terms and definition in MPLS.

MPLS is one of the most commonly used encapsulation mechanism in Service Provider networks and before studying more advanced mechanisms, this article is must read.

In order to understand PE-CE, we need to understand first what are PE and CE in MPLS.

I am explaining this topic in deep detail in my Instructor Led CCDE and Self Paced CCDE course.

Let’s take a look at below figure.

Note: If you are looking for a much more detailed resource on this topic, please click here.

MPLS VPN PE-CE

Figure -1 MPLS network PE, P and CE routers

In Figure-1 MPLS network is shown. This can be an Enterprise or Service Provider network. MPLS is not only a service provider technology. It can provide segmentation/multi tenancy for the enterprise environment as well.

Three different types of router are shown. CE , PE and P routers.

CE devices are located in the customer site. PE and P devices are located in the Service Provider site.

If it is Enterprise network, WAN Continue reading

BGP Route Reflector Clusters

BGP route reflectors, used as an alternate method to full mesh IBGP, help in scaling.

BGP route reflector clustering is used to provide redundancy in a BGP RR design. BGP Route reflectors and RR clients create a cluster. (Cluster = BGP RR + BGP RR Clients)

I am explaining this topic in deep detail in my Onsite CCDE , Live/Webex CCDE , Self Paced CCDE and also my specialized “Live/Webex BGP Zero to Hero” course.

In IBGP topologies, every BGP speaker has to be in a logical full mesh. So, every BGP router has to have a direct IBGP neighborship with each other. However, route reflector is an exception.

If you place a BGP Route Reflector , IBGP router sets up BGP neighborship with only the route reflectors.

In this article, I will specifically mention the route reflector clusters and its design.

For those who want to understand BGP Route Reflectors, I highly recommend my ‘ BGP Route Reflector in Plain English ‘ post.

If you want to learn Route Reflector Loop Problem , check this post

Also, I explained BGP Route Reflectors, Route Reflector Design Options and many other Service Provider Design topic in my Service Provider Design Workshop.

Continue reading

How Difficult is SD-WAN?

In a recent Packet Pushers Heavy Networking episode, Ethan and Greg discussed how difficult SD-WAN is, and why you shouldn’t outsource your SD-WAN to a MSP. So, how difficult is really SD-WAN?

Now, this is of course going to depend on your organization’s level of skill, as well as what vendor you go with, but there are still some conclusions that we can come to.

Most of the SD-WAN solutions are operated by cloud-hosted SDN controllers, where the vendor has setup the virtual machines running the software for you. This greatly simplifies a lot of things that have been painful in the past. From a Cisco perspective, this is some of the pain that has been removed from you:

• Controllers – Controllers are installed for you and backed up by Cisco
• Software – Software is managed centrally, don’t need to login to each device to update it
• Traffic engineering – Can modify routing behavior without being an expert in say BGP
• Certificates – Only devices with a valid certificate can join the overlay, you don’t need your own Public Key Infrastructure (PKI)
• Pre Shared Keys (PSK) – Keys used for IPSec are rotated automatically without manual intervention

This means Continue reading

Junos – Loading Configs – 5 of 5 – Set

This is the fifth post in the Loading Configs series. In this post, we will cover the load set command. …

Continue reading →

The post Junos – Loading Configs – 5 of 5 – Set appeared first on Fryguy's Blog.

Stretched Layer-2 Subnets in Azure

Last Thursday morning I found this gem in my Twitter feed (courtesy of Stefan de Kooter)

Greg Cusanza in #BRK3192 just announced #Azure Extended Network, for stretching Layer 2 subnets into Azure!

As I know a little bit about how networking works within Azure, and I’ve seen something very similar a few times in the past, I was able to figure out what’s really going on behind the scenes in a few seconds… and got reminded of an old Russian joke I found somewhere on Quora:

Snap: a microkernel approach to host networking

Snap: a microkernel approach to host networking Marty et al., SOSP’19

This paper describes the networking stack, Snap, that has been running in production at Google for the last three years+. It’s been clear for a while that software designed explicitly for the data center environment will increasingly want/need to make different design trade-offs to e.g. general-purpose systems software that you might install on your own machines. But wow, I didn’t think we’d be at the point yet where we’d be abandoning TCP/IP! You need a lot of software engineers and the willingness to rewrite a lot of software to entertain that idea. Enter Google!

I’m jumping ahead a bit here, but the component of Snap which provides the transport and communications stack is called Pony Express. Here are the bombshell paragraphs:

Our datacenter applications seek ever more CPU-efficient and lower-latency communication, which Pony Express delivers. It implements reliability, congestion control, optional ordering, flow control, and execution of remote data access operations. Rather than reimplement TCP/IP or refactor an existing transport, we started Pony Express from scratch to innovate on more efficient interfaces, architecture, and protocol. (Emphasis mine).

and later on “we are seeking to grow Continue reading

Headcount: Firings, Hirings, and Retirings — October 2019

CVE 2019-14866: GNU cpio

I found a security bug in GNU cpio and thought I’d write down the story of that. It’s not the most interesting bug in the world, but it may still be an interesting story to some.

An odd limit

The whole thing started with me looking at the manpage

-H, --format=FORMAT
  Use given archive FORMAT. Valid formats are (the number in
  parentheses gives maximum size for individual archive member):
  bin    The obsolete binary format. (2147483647 bytes)
  odc    The old (POSIX.1) portable format. (8589934591 bytes)
  newc   The new (SVR4) portable format, which supports file
         systems having more than 65536 i-nodes. (4294967295 bytes)
  crc    The new (SVR4) portable format with a checksum added.
  tar    The old tar format. (8589934591 bytes)
  ustar  The POSIX.1 tar format. Also recognizes GNU tar archives, which are
         similar but not identical. (8589934591 bytes)
  hpbin  The obsolete binary format used by HPUX's cpio (which stores device
         files differently).
  hpodc  The portable format used by HPUX's cpio (which stores device files
         differently).

What’s wrong with this picture? Those are some very odd size limits. 2GiB and 4GiB I understand, as it’s 32bit signed and unsigned int. But tar having a max size of 8GiB? 33 bits? That Continue reading

Analysts Debate SASE’s Merits as Vendors Board Hype Train

Heavy Networking 484: Cloud And SD-WAN Are New Opportunities To Rethink Your Network (Sponsored)

Today on Heavy Networking, sponsor Open Systems comes on the podcast to discuss the new opportunities--and challenges--for networking in a time when more applications and services are running in the cloud. We explore how cloud services affect WAN design, how organizations can use SD-WAN to enhance networking and security, and much more. Our guest is Silvan Tschopp, head of solutions architecture at Open Systems.

The post Heavy Networking 484: Cloud And SD-WAN Are New Opportunities To Rethink Your Network (Sponsored) appeared first on Packet Pushers.

Why is everybody talking about 6G?

We're not even using 5G yet, and already 6G is in the news. What is 6G? Is it real? When do we all get it? (Spoiler alert: Nonexistent, no and a long time from now.)