Is BGP PIC Edge an Oxymoron?

This blog post discusses an old arcane question that has been nagging me from the bottom of my Inbox for almost exactly four years. Please skip it if it sounds like Latin to you, but if you happen to be one of those readers who know what I’m talking about, I’d appreciate your comments.

Terminology first:

  • Prefix Independent Convergence allows entries in the forwarding table to point to shared next hops (or next-hop groups), reducing the FIB update bottleneck when changing the next hop for a large number of prefixes (for example, when dealing with a core link failure). More details in the initial blog post and PIC applicability to fast reroute.
  • PIC Edge (as defined by vendor marketing) is the ability to switch to a backup CE route advertised to a backup PE router before the network convergence is complete.

Here’s (in a nutshell) how PIC Edge is supposed to work:

Read more …

From deals to DDoS: exploring Cyber Week 2024 Internet trends

In 2024, Thanksgiving (November 28), Black Friday (November 29), and Cyber Monday (December 2) significantly impacted Internet traffic, similar to trends seen in 2023 and previous years. This year, Thanksgiving in the US drove a 20% drop in daily traffic compared to the previous week, with a notable 33% dip at 15:45 ET. In contrast, Black Friday and Cyber Monday drove traffic spikes. But how global is this trend, and do attacks increase during Cyber Week?

At Cloudflare, we manage and protect a substantial amount of traffic for our customers, providing a unique vantage point to analyze traffic and attack patterns across the Internet. This perspective reveals insights like Cyber Monday being the busiest Internet traffic day of 2024 globally, followed by Black Friday, with patterns varying across countries. Notably, global HTTP request volume on Cyber Monday 2024 was 36% higher than 2023, with 5% of that traffic blocked as potential attacks.

For this analysis, we examined anonymized and aggregated HTTP requests and DNS queries across our network to uncover key patterns. Cyber Monday, December 2, was the day with peak traffic, and key findings for that day include:

PP042: CISO Liability Insurance, A Seriously Dangerous Menu Hack, and more Security News

Our monthly news roundup discusses liability insurance for CISOs (if you are one, you should get it), serious intrusions of US telecom companies by Chinese state actors (according to the FBI), and a novel attack that leapt across multiple Wi-Fi networks. We also discuss significant vulnerabilities affecting Palo Alto Networks’ Expedition migration product, how fake... Read more »

Bringing SWAG to Enterprise Campus Networking!

Bringing SWAG to Enterprise Campus Networking!

As client users, devices, and IoT continue to proliferate, the need for switching management and workload optimization across domains increases. Many sub-optimal and closed approaches have been designed in the past. Arista was founded to build the best software and hardware, equating to the highest performance and density in cloud/data centers, and now evolving to campus switches. In 2020, we introduced the smallest footprint of Arista CCS 750 and 720 series switches as a fitting example of the highest density and lowest footprint.

How AI Chatbots Improve Network Configuration Management

Templating and Data Representation: Aspect of Network Automation using a tailor made AI Chatbot just to handle this scenario

In today’s exploration, we’ll dive into the fascinating world of automation frameworks and how different data formats work together to create powerful, maintainable solutions. Drawing from extensive hands-on experience, I’ll share insights into how XML, JSON, and YAML complement each other in modern automation landscapes.

The Three Pillars of Automation Data Handling

  1. Expression Through XML XML has long served as the backbone of structured data expression. Its verbose yet precise nature makes it particularly valuable for scenarios requiring strict schema validation and complex hierarchical relationships. Think of XML as the detailed blueprints of your automation architecture.
  2. Serialisation with JSON JSON has revolutionised data interchange in modern applications. Its lightweight structure and native compatibility with JavaScript have made it the de facto standard for API communications. Consider JSON as your data’s travel format – efficient, universally understood, and easy to process.
  3. Presentation via YAML YAML brings human-readability to configuration management. Its clean syntax and support for complex data structures make it ideal for writing and maintaining configuration files. Think of YAML as your user interface to data representation – intuitive, clean, and Continue reading

From Python to Go 005. Code Flow Control: Loops and Conditionals.

Hello my friend,

In the previous blog post we briefly touched on the conditionals, when we talked about looking for presence of some element in Python list or Go slice. So I thought, it would make sense to introduce now the key concept of the code flow control, which are conditionals and loops. These items are essential for any production code, so let’s see how it works.

Does Automation Come Last?

Surfing through the LinkedIn today I’ve found an interesting picture, which was attributed to Elon Musk and Twitter (or X, how is that called now):

I don’t if that is really related to Mr Musk and Twitter in any capacity, but thoughts it contains are quite important: your first remove all unnecessary steps and optimize everything you can, before you start any automation. That’s very true and in our network automation trainings we talk about how to optimize network operations processes to ensure that they are viable for automation. Join our network trainings to learn how to build viable automation:

We offer the following training programs in network automation for you:

Lab: Dual-Stack IS-IS Routing

Contrary to the OSPF world, where we have to use two completely different routing protocols to route IPv4 and IPv6 (unless you believe in the IPv4 address family in OSPFv3), IS-IS provided multi-protocol support from the very early days of its embracement by IETF. Adding IPv6 support was only a matter of a few extra TLVs, but even there, IETF gave us two incompatible ways of making IPv6 work with IS-IS.

Want to know more? You’ll find the details in the Dual-Stack (IPv4+IPv6) IS-IS Routing lab exercise.

OpenVPN or WireGuard? A Detailed Performance Breakdown

OpenVPN has been a dominant player in the VPN space since its release in 2001. With a 23-year history, OpenVPN has proven to be a reliable and secure protocol. However, it has some downsides, particularly regarding performance and ease of use. OpenVPN creates a secure tunnel between two endpoints using SSL/TLS for encryption. While robust, the protocol is complex and requires considerable resources to run efficiently. Setting up and managing OpenVPN can be cumbersome, especially for DevOps teams juggling multiple environments and configurations. It wouldn’t be the first time an OpenVPN server stopped working because the TLS certificates expired. WireGuard, on the other hand, is the new kid on the block, having been introduced in recent years. What sets WireGuard apart from OpenVPN is its simplicity and efficiency. While OpenVPN relies on older, more complex cryptographic algorithms, WireGuard uses modern encryption that is both faster and more secure. Unlike OpenVPN, WireGuard is integrated directly into the Linux kernel, meaning it operates at a lower level and with less overhead. This results in faster connection times and lower resource usage. One of the significant benefits of WireGuard is its minimal codebase — about 10% the size of OpenVPN’s — which reduces Continue reading

IPv6 Support for Multiple Routers and Multiple Interfaces

Fernando Gont published an Individual Internet Draft (meaning it hasn’t been adopted by any IETF WG yet) describing the Problem Statement about IPv6 Support for Multiple Routers and Multiple Interfaces. It’s so nice to see someone finally acknowledging the full scope of the problem and describing it succinctly. However, I cannot help but point out that:

Anyway, Fernando wraps up his draft with:

Read more …

Post-Quantum Cryptography

If we ever get to the point of being able to build capable quantum computers when much of the security infrastructure of today's digital world is at risk. For some its not "if" but "when" and if that's the case then its already time to prepare.
1 126 127 128 129 130 3,878