Weekend Reads 032219

The pursuit of monopoly has led Silicon Valley astray. —Tim O’Reilly

There is no better way to protect legacy revenues than by legally barring those entities that might decide to compete by building better broadband. —Doug Dawson

The ongoing debate around the controversial Article 13 of the EU’s Copyright Directive has exposed what looks like a sizable gap between what regulators think is covered by copyright and what is actually covered by copyright. —Stan Adams

However, under some circumstances, BGP communities can be used to drop and redirect traffic. In principle, the same effect can be achieved via BGP hijacks, but community-based attacks are way harder to spot and almost impossible to attribute. —Florian Streibelt

Phone numbers stink for security and authentication —Krebs on Security

Register an abandoned DNS server domain, and you can redirect querying clients to any destination of your choosing. —Kaan Onarlioglu

The Optical Transport Network (OTN) architecture is now almost two decades old, and some pundits are proclaiming that its role as a distinct transport layer will soon give way to an IP-over-DWDM architecture. —Jonathan Homa

Transnational data is sometimes, but not always, associated with a transaction or exchange. Much of the data, as personal data, Continue reading

Stuff The Internet Says On Scalability For March 22nd, 2019

Wake up! It's HighScalability time:

 

Van Gogh? Nope. A satellite image of phytoplankton populations or algae blooms in the Baltic Sea. (NASA)

 

Do you like this sort of Stuff? I'd greatly appreciate your support on Patreon. Know anyone who needs cloud? I wrote Explain the Cloud Like I'm 10 just for them. It has 41 mostly 5 star reviews. They'll learn a lot and love you even more.

 

  • .5 billion: weekly visits to Apple App store; $500m: new US exascale computer; $1.7 billion: EU's newest fine on Google; flat: 2018 global box office; up: digital rentals, sales, and subscriptions to streaming services; 43%: Dutch say let AI run the country; 2 min: time from committing an AWS key to Github to first attack; 40: bugs in blockchain platforms found in 30 days; 100%: Norwegian government 2025 EV target; 

  • Quotable Quotes:
    • @raganwald: You know what would really help restore confidence? Have members of the executive leadership team, and Boeing’s board of directors, fly on 737 Max’s, every day, for a month. Let them dogfood the software patch. I am ? serious.
    • skamille: I worry that the cloud Continue reading

BrandPost: 6 Reasons Why 802.11ax (Wi-Fi 6) Access Points are the Preferred IoT Platform

Walking into Amazon Go store is stepping into the future. You scan your Amazon Go app and the gates open before you. You can pick up a healthy salad for lunch, a quick snack, or dinner. You just drop the items in your bag and walk out. Seconds later, you get a receipt for your purchase. It’s truly frictionless retail. Beyond the magic, there is technology: a foundation of digital signage, cameras, smart shelves, wayfinding, point-of-sale, CRM, connectivity, and much more.Amazon Go is not alone: Numerous companies are trying to stay competitive by bringing these new experiences to their clients.Why Use 802.11ax as an IoT PlatformAt Aruba, we’ve been providing high-performance secure Wi-Fi connectivity to mobile devices for many years. With the addition of Bluetooth Low Energy (BLE) radios into our access points, we opened up new opportunities that include wayfinding, geofencing, and asset tracking.To read this article in full, please click here

Triton and the new wave of IIoT security threats

As IIoT grows in prominence, so too does its status as a target for malicious hackers – particularly given its increased impact on the physical world; the latest and potentially most dangerous is called Triton.Triton first reared its ugly head near the end of 2017, according to security company Fireeye. It targets an industrial safety system made by Schneider Electric that monitors and secures valves, turbines and the like and shuts them down if it determines they are about to fail and cause explosions or other consequences that could damage the facility or cause harm to people. (It’s named Triton because it targets the widely used Schneider Electric Triconex industrial safety system.)To read this article in full, please click here(Insider Story)

Internet Resilience Discussions at IETF 104

Let’s look at what’s happening in the Internet Engineering Task Force (IETF) and the upcoming IETF 104 meeting in the area of Internet infrastructure resilience. As usual, my focus here is primarily on the routing and forwarding planes, and specifically routing security and unwanted traffic of Distributed Denial of Service Attacks (DDoS) attacks. There’s interesting and important work underway at the IETF that can help addressing problems in both areas.

This time there are a lot of new ideas, especially of an operational nature, that people bring to the IETF in the form of Internet Drafts that aim to improve the security and resilience of the Internet infrastructure. So I’d like to introduce some of them to you, but keep in mind that an Internet Draft (I-D) does not necessarily indicate IETF endorsement. It also does not constitute a standard and may even not result in any work at the IETF.

So let’s look at what’s happening in BGP land.

Can BGP Communities be harmful? 

In the recent paper “BGP Communities: Even more Worms in the Routing Can“, the authors demonstrated that Border Gateway Protocol (BGP) communities can be exploited by remote parties to influence routing in Continue reading

Slim: OS kernel support for a low-overhead container overlay network

Slim: OS kernel support for a low-overhead container overlay network Zhuo et al., NSDI’19

Container overlay networks rely on packet transformations, with each packet traversing the networking stack twice on its way from the sending container to the receiving container.

There are CPU, throughput, and latency overheads associated with those traversals.

In this paper, we ask whether we can design and implement a container overlay network, where packets go through the OS kernel’s network stack only once. This requires us to remove packet transformation from the overlay network’s data-plane. Instead, we implement network virtualization by manipulating connection-level metadata at connection setup time, saving CPU cycles and reducing packet latency.

Slim comes with some caveats: it requires a kernel module for secure deployment, has longer connection establishment times, doesn’t fit with packet-based network policies, and only handles TCP traffic. For UDP, ICMP, and for its own service discovery, it also relies on an existing container overlay network (Weave Net). But for longer lasting connections managed using connection-based network policies it delivers some impressive results:

  • memcached throughput up by 71%, with latency reduced by 42%, and CPU utilisation reduced by 56%.
  • Nginx CPU utilisation reduced by 22-24%
  • PostgreSQL Continue reading

The Serverlist Newsletter: Serverless Benchmarks, Workers.dev, security implications of serverless cloud computing, and more

Check out our third edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

Migration Strategy: Moving From MPLS/LDP to Segment Routing

MPLS core networks that use Label Distribution Protocol (LDP) are common in SP core networks and have served us well. So, the thought of pulling the guts out of the core is pretty daunting and invites the question why you would want to perform open-heart surgery on such critical infrastructure.   This article attempts to explain the benefits that would accrue from such a move and gives a high-level view of a migration strategy.

Why Do I Need Segment Routing?

  • Simplicity:   LDP was invented as a label distribution protocol for MPLS because nobody wanted to go back to the standards bodies to re-invent OSPF or IS-IS so that they could carry labels.  A pragmatic decision, but one that results in networks having to run two protocols.  Two protocols means twice the complexity.  
    Segment Routing simplifies things by allowing you to turn off LDP.  Instead it carries label (or Segment ID) information in extensions to the IGP.  This then leaves you with only IS-IS or OSPF to troubleshoot.  As Da Vinci reportedly said, ‘simplicity is the ultimate sophistication’. 

  • Scale:  LDP scales, but for fast convergence RSVP-TE is often used to tunnel LDP across a core. RSVP requires core routers to Continue reading
1 1,293 1,294 1,295 1,296 1,297 3,856