Secure forwarding of sFlow using ssh

Typically sFlow datagrams are sent unencrypted from agents embedded in switches and routers to a local collector/analyzer. Sending sFlow datagrams over the management VLAN or out of band management network generally provides adequate isolation and security within the site. Inter-site traffic within an organization is typically carried over a virtual private network (VPN) which encrypts the data and protects it from eavesdropping.

This article describes a simple method of carrying sFlow datagrams over an encrypted ssh connection which can be useful in situations where a VPN is not available, for example, sending sFlow to an analyzer in the public cloud, or to an external consultant.

The diagram shows the elements of the solution. A collector on the site receives sFlow datagrams from the network devices and uses the sflow_fwd.py script to convert the datagrams into line delimited hexadecimal strings that are sent over an ssh connection to another instance of sflow_fwd.py running on the analyzer that converts the hexadecimal strings back to sFlow datagrams.

The following sflow_fwd.py Python script accomplishes the task: 
#!/usr/bin/python

import socket
import sys
import argparse

parser = argparse.ArgumentParser(description='Serialize/deserialize sFlow')
parser.add_argument('-c', '--collector', default='')
parser.add_argument('-s', '--server')
parser.add_argument('-p', '--port', type=int, default=6343)
 Continue reading

Minipack Highlight Video from OCP Summit

Minipack is an open, modular super spine switch and is the most recent addition to the industry’s open modular switches. Paired with the flexibility and cost benefits of Cumulus Linux OS, the platform is ideal for deploying the next generation of high-capacity data center fabrics. Based on Broadcom’s StrataXGS Tomahawk III Switch Series, Minipack is more powerful than other chassis while occupying a smaller footprint.

Together, Cumulus Networks and Edgecore Networks are bringing the hyperscale that was once only available to the largest enterprises to an entirely new segment of the market with Minipack.

Listen to Brian Sullivan, Sr Director of Product Management at Cumulus Networks and Michael Lane, VP of Business Development at Edgecore Networks as they discuss the recently launched Minipack, open, modular switch.

Minipack Announcement Blog
Minipack Datasheet
Edgecore Networks Minipack launch Press Release
Please let me know if you have any comments or questions, or via Twitter at @CicconeScott.

Cisco releases a critical security patch for a virtualized automation tool

Cisco has released a  patch for a critical vulnerability in software used to control large virtual environments.The weakness gets a 10 out of 10 severity score and is found in Cisco’s Elastic Services Controller (ESC), which the company describes as offering a single point of control to manage all aspects of Virtual Network Functions and offers capabilities such as VM and service monitoring, auto-recovery and dynamic scaling. With ESC users control the lifecycle all virtualized resources, whether using Cisco or third-party VNFs, Cisco stated.RELATED: What IT admins love/hate about 8 top network monitoring tools The vulnerability in this case lies in the REST API of ESC and could let  an unauthenticated remote attacker to bypass authentication on the REST API and execute arbitrary actions through with administrative privileges on an affected system. The vulnerability is due to improper validation of API requests, Cisco wrote in its advisory.To read this article in full, please click here

Cisco releases a critical security patch for a virtualized automation tool

Cisco has released a  patch for a critical vulnerability in software used to control large virtual environments.The weakness gets a 10 out of 10 severity score and is found in Cisco’s Elastic Services Controller (ESC), which the company describes as offering a single point of control to manage all aspects of Virtual Network Functions and offers capabilities such as VM and service monitoring, auto-recovery and dynamic scaling. With ESC users control the lifecycle all virtualized resources, whether using Cisco or third-party VNFs, Cisco stated.RELATED: What IT admins love/hate about 8 top network monitoring tools The vulnerability in this case lies in the REST API of ESC and could let  an unauthenticated remote attacker to bypass authentication on the REST API and execute arbitrary actions through with administrative privileges on an affected system. The vulnerability is due to improper validation of API requests, Cisco wrote in its advisory.To read this article in full, please click here

Backblaze report shows slight uptick in HDD failure rates

Cloud backup vendor Backblaze issued its latest quarterly findings for hard-disk drive (HDD) reliability, and it shows a slight uptick in failure rates — but hardly something to fret over.All told, Backblaze has 106,238 hard drives spinning in three data center colocations, and every quarter it highlights the failure rate of each model drive it uses. The company first came to prominence several years ago when it highlighted an abnormally high failure rate of Seagate drives.The problem arose about two years after massive floods in Thailand (around 2011) ruined the manufacturing facilities of several hard drive manufacturers, with Seagate taking it especially hard. I did some reporting back then for a now-defunct publication and found out that some corners were cut to get hard drive production going again and that those cuts resulted in a bunch of time bomb hard drives with higher than average failure rates.To read this article in full, please click here

BrandPost: How to Handle More Support Tickets With Less Resources

No big surprise here: the number of support tickets increased again last year, following the same trend it has for nearly a decade. More than 57% of organizations reported an increase in ticket volume in 2018, according to the latest HDI Technical Support Practices & Salary Report.The question is, why? It seems clear that end users are now fully acclimatized to using technology in the workplace, so what’s triggering this very consistent increase in support incidents and issues?It comes down to three factors:Greater complexity in the technology environment. Nearly 50% of organizations are supporting Internet of Things (IoT) devices, with more businesses following suit to stay competitive. These IoT devices scan, measure, and report on the network, adding a whole new world of support issues to manage.To read this article in full, please click here

Real-Life Data Center Meltdown

A good friend of mine who prefers to stay A. Nonymous for obvious reasons sent me his “how I lost my data center to a broadcast storm” story. Enjoy!

Small-ish data center with several hundred racks. Row of racks supported by an end-of-row stack. Each stack with 2 x L2 EtherChannels, one EC to each of 2 core switches. The inter-switch link details don’t matter other than to highlight “sprawling L2 domains."

VLAN pruning was used to limit L2 scope, but a few VLANs went everywhere, including the management VLAN.

Read more ...

Distributed consensus revised – Part II

Distributed consensus revised (part II) Howard, PhD thesis

In today’s post we’re going to be looking at chapter 3 of Dr Howard’s thesis, which is a tour (“systematisation of knowledge”, SoK) of some of the major known revisions to the classic Paxos algorithm.

Negative responses (NACKs)

In classic Paxos acceptors only send replies to proposer messages with an epoch greater than or equal to the acceptors last promised epoch (Property 6). The algorithms relies on timeouts to determine when a proposer abandons the current phase and retries with a new epoch number. We can eliminate the timeout delays by adding negative responses, for example no\_promise(e) and no\_accept(e), to be sent by the acceptor in response to prepare or propose messages with an invalid epoch number. These negative acknowledgements (NACKS) can also include further information such as the acceptor’s last promised epoch and last accepted proposal value. (There’s no point a proposer retrying with a new epoch less than the acceptor’s last promised one for example).

NACKs have replaced timeouts as we assume that messages are eventually delivered. We can therefore remove the synchrony assumptions from our progress proof.

Bypassing phase two

If a proposer learns during phase one that a value Continue reading

The Mythical Eight Hour Workday

I haven’t tracked my time in many years. I’ve always felt the practice was a nuisance. Hey, I’m busy. I have a lot to do. I’m working on it. Don’t distract me with a time sheet. You know what I do, boss, right? Do I really have to document my daily doings?

Working for myself means I don’t have to perform such trivial tasks, and of course, I don’t. However, I have been wondering over the last month where my workday goes. Often, it feels like I park my tush in my office chair, begin working on tasks, and then the day is suddenly over.

Except that often, the day isn’t over. My workday ends when I’ve accomplished everything I need to for that day. Eight hours gone by? Whatever. Head down. Keep at it. Get everything done. The list won’t get shorter tomorrow. If I want to get paid, I have to get my work done.

The Final Countdown

With more days than I want falling into a pattern of working more hours than I’d like, I’ve gotten serious about determining what the problem is. Do I need to turn away projects? Should I hire someone to handle some Continue reading

1 1,243 1,244 1,245 1,246 1,247 3,845