Real-time visibility at 400 Gigabits/s

The chart above demonstrates real-time, up to the second, flow monitoring on a 400 gigabit per second link. The chart shows that the traffic is composed of four, roughly equal, 100 gigabit per second flows.

The data was gathered from The International Conference for High PerformanceComputing, Networking, Storage, and Analysis (SC18) being held this week in Dallas. The conference network, SCinet, is described as the fastest and most powerful network in the world.
This year, the SCinet network includes recently announced 400 gigabit switches from Arista networks, see Arista Introduces 400 Gigabit Platforms. Each switch delivers 32 400G ports in a 1U form factor.
NRE-36 University of Southern California network topology for SuperComputing 2018
The switches are part of 400G demonstration network connecting USC, Caltech and StarLight booths. The chart shows traffic on a link connecting the USC and Caltech booths.

Providing the visibility needed to manage large scale high speed networks is a significant challenge. In this example, line rate traffic of 80 million packets per second is being monitored on the 400G port. The maximum packet rate for 64 byte packets on a 400 Gigabit, full duplex, link is approximately 1.2 billion packet per second Continue reading

How to add IoT functions to legacy equipment

Powerful new Internet of Things (IoT) devices promise to revolutionize everything from farm equipment to satellites. But can those benefits also be added to the enormous installed base of existing, legacy, equipment, and infrastructure? After all, much of that stuff has been in place for decades, if not centuries, and still works just fine. Replacing it all would cost untold trillions, so no matter what the possible profits might be, it’s unlikely to fall out of service any time soon.To read this article in full, please click here

U.S. R&E Community Embraces Routing Security

The Internet Society participated in a Routing Security Workshop that was held during the Internet2 Technology Exchange 2018 on 15 October 2018 in Orlando, United States. The research and education networking community has been one of the key targets of the MANRS initiative that is promoting adoption of best practices to reduce threats to the global routing system, and this community workshop followed on from a previous engagement we had with Internet2 and a number of other R&E networks in the US earlier in the year.

Internet2 interconnects R&E institutes across the United States in conjunction with regional and state networks, so we see them as a key partner in raising awareness of the routing security issues, as well as encouraging the adoption of the four MANRS principles. Indeed, one of the aims of MANRS is for network operator communities to take ownership of this process by generating awareness and disseminating best practices, along with making recommendations for improvement. So this workshop was a fantastic step in this direction.

Another positive step was Internet2 formally becoming a MANRS participant shortly before the workshop, follow in the footsteps of ESnet, CAAREN, KanREN, George Washington University, Indiana University, and DePaul University. WiscNet Continue reading

Interview with Juniper Networks Ambassador Nupur Kanoi

In our next Juniper Ambassador interview, I spend time with fellow Juniper Ambassador Nupur Kanoi at the Juniper NXTWORK 2018 conference in Las Vegas. We discuss her life as an Ambassador, her engineering role at Virtela, her upcoming Day One Guide “MPLS Up and Running” scheduled for release next month, and her family life back …

Continue reading "Interview with Juniper Networks Ambassador Nupur Kanoi"

VNFs and Containers: Heptagonal Pegs and Triangle Holes

One of my readers sent me this question:

It would be nice to have a blog post or a webinar describing how to implement container networking in case when: (A) application does not tolerate NAT (telco, e.g. due to SCTP), (B) no DNS / FQDN, is used to find the peer element and (C) bandwidth requirements may be tough.

The only thing I could point him to is the Advanced Docker Networking part of Docker Networking Fundamentals webinar (available with free subscription) where macvlan and ipvlan are described.

Read more ...

Unikernels as processes

Unikernels as processes Williams et al., SoCC’18

Ah, unikernels. Small size, fast booting, tiny attack surface, resource efficient, hard to deploy on existing cloud platforms, and undebuggable in production. There’s no shortage of strong claims on both sides of the fence.

See for example:

In today’s paper choice, Williams et al. give us an intriguing new option in the design space: running unikernels as processes. Yes, that’s initially confusing to get your head around! That means you still have a full-fat OS underneath the process, and you don’t get to take advantage of the strong isolation afforded by VMs. But through a clever use of seccomp, unikernels as processes still have strong isolation as well as increased throughput, reduced startup time, and increased memory density. Most importantly though, with unikernels as processes we can reuse standard infrastructure and tools:

We believe that running unikernels as processes is an important step towards running them in production, because, as processes, they can Continue reading

Cisco links wireless, wired worlds with new Catalyst 9000 switches

Cisco is making it possible to run, manage, automate and secure wired and wireless networks all on top of a single operating system.Key to the company's next step in operational efficiency is a new Catalyst 9000 switch, the 802.11ax-ready 9800 Wireless LAN Controller family which is available in an on-premises chassis or as a software addition that can be run on select Catalyst 9000 switches or a private or public cloud, Cisco said.[ Related: Getting grounded in intent-based networking] High-Efficiency Wireless or 802.11ax promises a fourfold increase in average throughput per user and is designed to handle high-density public environments. But it also will be beneficial in Internet of Things (IoT) deployments, in heavy-usage homes, in apartment buildings and in offices that use bandwidth-hogging applications like videoconferencing.To read this article in full, please click here

Cisco links wireless, wired worlds with new Catalyst 9000 switches

Cisco is making it possible to run, manage, automate and secure wired and wireless networks all on top of a single operating system.Key to the company's next step in operational efficiency is a new Catalyst 9000 switch, the 802.11ax-ready 9800 Wireless LAN Controller family which is available in an on-premises chassis or as a software addition that can be run on select Catalyst 9000 switches or a private or public cloud, Cisco said.[ Related: Getting grounded in intent-based networking] High-Efficiency Wireless or 802.11ax promises a fourfold increase in average throughput per user and is designed to handle high-density public environments. But it also will be beneficial in Internet of Things (IoT) deployments, in heavy-usage homes, in apartment buildings and in offices that use bandwidth-hogging applications like videoconferencing.To read this article in full, please click here

Prepare For The ITIL Certification Exams With This $49 Training Bundle

Enterprise demands for IT services have grown considerably, so considering a role in IT service management (ITSM) can be a stable and lucrative career move. However, not just anyone can become an IT service manager; it requires earning IT certifications, which demand rigorous preparation. Not to mention, there are numerous courses to choose from online. If you want to earn an IT certification, this Ultimate ITIL Certification Training Bundle by Integrity Training can help you prepare for $49.To read this article in full, please click here

Choosing an EVPN Underlay Routing Protocol

EVPN is all the rage these days. The ability to do L2 extension and L3 isolation over a single IP fabric is a cornerstone to building the next-generation of private clouds. BGP extensions spelled out in RFC 7432 and the addition of VxLAN in IETF draft-ietf-bess-evpn-overlay established VxLAN as the datacenter overlay encapsulation and BGP as the control plane from VxLAN endpoint (VTEP) to VxLAN endpoint. Although RFC 7938 tells us how to use BGP in the data center, it doesn’t discuss how it would behave with BGP as an overlay as well. As a result, every vendor seems to have their own ideas about how we should build the “underlay” network to get from VTEP to VTEP, allowing BGP-EVPN to run over the top.

An example of a single leaf’s BGP peering for EVPN connectivity from VTEP to VTEP

Let’s take a look at our options in routing protocols we could use as an underlay and understand their strengths and weaknesses that make them a good or bad fit for deployment in an EVPN network. We’ll go through IS-IS, OSPF, iBGP and eBGP. I won’t discuss EIGRP. Although it’s now an IETF standard, it’s still not widely supported Continue reading

Real URLs for AMP Cached Content Using Cloudflare Workers

Real URLs for AMP Cached Content Using Cloudflare Workers
Real URLs for AMP Cached Content Using Cloudflare Workers

Today, we’re excited to announce our solution for arguably the biggest issue affecting Accelerated Mobile Pages (AMP): the inability to use real origin URLs when serving AMP-cached content. To allow AMP caches to serve content under its origin URL, we implemented HTTP signed exchanges, which extend authenticity and integrity to content cached and served on behalf of a publisher. This logic lives on Cloudflare Workers, meaning that adding HTTP signed exchanges to your content is just a simple Workers application away. Publishers on Cloudflare can now take advantage of AMP performance and have AMP caches serve content with their origin URLs. We're thrilled to use Workers as a core component of this solution.

HTTP signed exchanges are a crucial component of the emerging Web Packaging standard, a set of protocols used to package websites for distribution through optimized delivery systems like Google AMP. This announcement comes just in time for Chrome Dev Summit 2018, where our colleague Rustam Lalkaka spoke about our efforts to advance the Web Packaging standard.

What is Web Packaging and Why Does it Matter?

You may already see the need for Web Packaging on a daily basis. On your smartphone, perhaps you’ve searched for Christmas Continue reading

GPUs are vulnerable to side-channel attacks

Computer scientists at the University of California at Riverside have found that GPUs are vulnerable to side-channel attacks, the same kinds of exploits that have impacted Intel and AMD CPUs.Two professors and two students, one a computer science doctoral student and a post-doctoral researcher, reverse-engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them. The researchers believe these are the first reported side-channel attacks on GPUs.[ Read also: What are the Meltdown and Spectre exploits? | Get regularly scheduled insights: Sign up for Network World newsletters ] A side-channel attack is one where the attacker uses how a technology operates, in this case a GPU, rather than a bug or flaw in the code. It takes advantage of how the processor is designed and exploits it in ways the designers hadn’t thought of.To read this article in full, please click here

GPUs are vulnerable to side-channel attacks

Computer scientists at the University of California at Riverside have found that GPUs are vulnerable to side-channel attacks, the same kinds of exploits that have impacted Intel and AMD CPUs.Two professors and two students, one a computer science doctoral student and a post-doctoral researcher, reverse-engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them. The researchers believe these are the first reported side-channel attacks on GPUs.[ Read also: What are the Meltdown and Spectre exploits? | Get regularly scheduled insights: Sign up for Network World newsletters ] A side-channel attack is one where the attacker uses how a technology operates, in this case a GPU, rather than a bug or flaw in the code. It takes advantage of how the processor is designed and exploits it in ways the designers hadn’t thought of.To read this article in full, please click here

GPUs are vulnerable to side-channel attacks

Computer scientists at the University of California at Riverside have found that GPUs are vulnerable to side-channel attacks, the same kinds of exploits that have impacted Intel and AMD CPUs.Two professors and two students, one a computer science doctoral student and a post-doctoral researcher, reverse-engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them. The researchers believe these are the first reported side-channel attacks on GPUs.[ Read also: What are the Meltdown and Spectre exploits? | Get regularly scheduled insights: Sign up for Network World newsletters ] A side-channel attack is one where the attacker uses how a technology operates, in this case a GPU, rather than a bug or flaw in the code. It takes advantage of how the processor is designed and exploits it in ways the designers hadn’t thought of.To read this article in full, please click here

1 1,417 1,418 1,419 1,420 1,421 3,858