As Expected: Where Have All the SDN Controllers Gone?

Roy Chua (SDx Central) published a blog post titled “Where Have All the SDN Controllers Gone” a while ago describing the gradual disappearance of SDN controller hype.

No surprise there - some of us were pointing out the gap between marketing and reality years ago.

It was evident to anyone familiar with how networking actually works that in a generic environment the drawbacks of orthodox centralized control plane SDN approach far outweigh its benefits. There are special use cases like intelligent patch panels where a centralized control plane makes sense.

Read more ...

Towards federated learning at scale: system design

Towards federated learning at scale: system design Bonawitz et al., SysML 2019

This is a high level paper describing Google’s production system for federated learning. One of the most interesting things to me here is simply to know that Google are working on this, have a first version in production working with tens of millions of devices, and see significant future expansion for the technology (‘we anticipate uses where the number of devices reaches billions’).

So what exactly is federated learning?

Federated Learning (FL) is a distributed machine learning approach which enables training on a large corpus of decentralized data residing on devices like mobile phones. FL is one instance of the more general approach of “bringing the code to the data, instead of the data to the code” and addresses the fundamental problems of privacy, ownership, and locality of data.

Note that this beyond using an on-device model to make predictions based on local data. Here we’re actually training the model in a distributed fashion, using data collected on the devices, without the data ever leaving those devices. The FL system contains a number of privacy-enhancing building blocks, but the privacy guarantees of any end-to-end system Continue reading

Juniper: Security could help drive interest in SDN

Security challenges and developing AI/ML technologies are among the key issues driving software defined networking implementations according to a new Juniper survey of 500 IT decision-makers.And SDN interest abounds – 98 percent of the 500 said they were already using or considering an SDN implementation. Juniper said it had Wakefield Research poll IT decision makers of companies with 500 or more employees about their SDN strategies between May 7 and May 14, 2019. More about SD-WANTo read this article in full, please click here

Community Week: Share Ideas to Help Make the Internet Stronger

The role people play in our community is vital for an open and trustworthy Internet for everyone. We know that without the knowledge, experience, and contributions of our members the Internet Society wouldn’t be complete.

Chapters Leaders Training in Latin America and the Caribbean

The Chapters of the Latin American and Caribbean (LAC) region have come together to implement a training program that allows members to work with their local Chapter, contributing to the four focus areas of the Internet Society’s Action Plan 2019. The first LAC Capacity Building Program for Chapters was successfully launched last week, with the participation of 182 people out of almost 1000 applicants.

This initiative started at the beginning of the year as a result of a working session held with LAC Chapters leaders. During the session, it was determined that capacity building was an important leverage point for Chapter development and it would be a tool to achieve the Chapters’ local goals during 2019. In the process, three important phases were defined for the program:

  • Capacity Building: Training in our different focus areas
  • Community engagement: Allocation of trained members in Chapters to support local initiatives
  • 2020-2025 Planning: LAC Chapters Workshop to define LAC Community Continue reading

Happy Birthday BGP

The first RFC describing BGP, RFC 1105, was published in June 1989, thirty years ago. That makes BGP a venerable protocol in the internet context and considering that it holds the Internet together it's still a central piece of the Internet's infrastructure. How has this critically important routing protocol fared over these thirty years and what are its future prospects? It BGP approaching its dotage or will it be a feature of the Internet for decades to come?

On the 7th World IPv6 Launchiversary, How About Listening to a Podcast About IPv6?

photo of a bee

On this 7th “launchiversary” of World IPv6 Launch, I thought I’d share a way I’ve enjoyed learning more about IPv6 over the past year. I like listening to podcasts while I’m running or driving, and a show that’s in my playlist is “IPv6 Buzz” where IPv6 veterans Ed Horley, Scott Hogg, and Tom Coffeen “dive into the 128-bit address space wormhole.

IPv6 buzz podcast logo

Anyone working with IPv6 for any amount of time, and particularly IPv6 advocacy, has probably read or heard something from Ed, Scott, or Tom. They’ve been explaining and promoting IPv6 for a long time in their own individual endeavors.

This podcast, which launched one year ago today, brings the three of them together with a wide range of guests from across the industry. Even with all my own years of IPv6 activity, I’ve learned a great amount about IPv6 security, recent drivers of deployment (including state task forces), tools and suggestions for promoting IPv6 growth. They dove deeply into IPv6 inside the IETF with Fred Baker, talked about going IPv6-only with Veronika McKillop of Microsoft, got into Happy Eyeballs with Dan Wing, and most recently explored enterprise IPv6 issues with Enno Rey.

Part Continue reading

Can Huawei survive, and what should customers do?

Chinese IT hardware giant Huawei is in a very tough position now, cut off from most western technology partners following the Trump administration’s declaration of the firm as a national security risk. The question now becomes what do its customers do.The Trump administration issued an order that effectively bars American firms from selling components and software to the company, and very quickly Huawei was cut off from Intel, ARM, Infineon, Samsung, and Google. The SD Association and Wi-Fi Alliance have also cut ties with Huawei.However, Huawei got a temporary break last month when the Commerce Department gave the company a reprieve after it added Huawei to a list of companies it considered a national security risk. Instead, the department posted a notice to the Federal Register that it would grant 90-day permissions for transactions necessary to maintain and support existing cellular networks and handsets.To read this article in full, please click here

How Linux can help with your spelling

Linux provides all sorts of tools for data analysis and automation, but it also helps with an issue that we all struggle with from time to time – spelling! Whether you're grappling with the spelling of a single word while you’re writing your weekly report or you want a set of computerized "eyes" to find your typos before you submit a business proposal, maybe it’s time to check out how it can help.look One tool is look. If you know how a word begins, you can ask the look command for provide a list of words that start with those letters. Unless an alternate word source is provided, look uses /usr/share/dict/words to identify the words for you. This file with its hundreds of thousands of words will suffice for most of the English words that we routinely use, but it might not have some of the more obscure words that some of us in the computing field tend to use — such as zettabyte.To read this article in full, please click here

NSX-T Infrastructure Deployment Using Ansible

VMware NSX-T Data Center 2.4 was a major release adding new functionality for virtualized network and security for public, private and hybrid clouds. The release includes a rich set of features including IPv6 support, context-aware firewall, network introspection features, a new intent-based networking user interface and many more.

Along with these features, another important infrastructure change is the ability to deploy highly-available clustered management and control plane.

NSX-T 2.4 Unified Appliance Cluster

What is the Highly-Available Cluster?

The highly-avilable cluster consists of three NSX nodes where each node contains the management plane and control plane services. The three nodes form a cluster to give a highly-available management plane and control plane. It provides application programming interface (API) and graphical user interface (GUI) for clients. It can be accessed from any of the manager or a single VIP associated with the cluster. The VIP can be provided by NSX or can be created using an external Load Balancer. It makes operations easier with less systems to monitor, maintain and upgrade.

Besides a NSX cluster, you will have to create Transport Zones, Host and Edge Transport Nodes to consume NSX-T Data Center.

  • A Transport Zone defines the scope of hosts and virtual machines (VMs) for participation Continue reading

A10 Networks ACOS Critical Insecure Cookie Vulnerability 2 of 2

The following summarizes an HTTP persistence cookie vulnerability that I identified in A10 ACOS ADC software. This was disclosed to A10 Networks in June 2016 and has now been resolved.

A10 Networks Cookie Vulnerability

As noted in a previous post, ACOS uses insecure HTTP/HTTPS persistence cookies which can allow a malicious user to craft a cookie determining the server and port to which a persistent session should be sent. In addition, for vports using the default “port-based” HTTP cookie persistence, it was discovered that when using the default persistence cookie type, ACOS does not perform a check to ensure that the server/port defined in the cookie is within the configured service-group for that VIP.

The only sanity check appears to be to ensure that the server IP read from the cookie has been configured on the A10 within the same partition. If that constraint is met, packets will be forwarded by ACOS to the real server based solely on the value contained in the cookie. This is extremely serious as it allows a malicious user to connect, for example, through a public VIP and access back end servers used by other VIPs, including those only accessible via internal IPs.

SUMMARY OF VULNERABILITY

When using Continue reading

Cisco to buy IoT security, management firm Sentryo

Looking to expand its IoT security and management offerings Cisco plans to acquire Sentryo, a company based in France that offers anomaly detection and real-time threat detection for Industrial Internet of Things (IIoT) networks.Founded in 2014 Sentryo products include ICS CyberVision – an asset inventory, network monitoring and threat intelligence platform – and CyberVision network edge sensors, which analyze network flows. More on IoT:To read this article in full, please click here

Cisco to buy IoT security, management firm Sentryo

Looking to expand its IoT security and management offerings Cisco plans to acquire Sentryo, a company based in France that offers anomaly detection and real-time threat detection for Industrial Internet of Things (IIoT) networks.Founded in 2014 Sentryo products include ICS CyberVision – an asset inventory, network monitoring and threat intelligence platform – and CyberVision network edge sensors, which analyze network flows. More on IoT:To read this article in full, please click here

1 1,168 1,169 1,170 1,171 1,172 3,794