Routing Security boosted by major network operators

There have been some important developments towards improving routing security over the past few weeks, with announcements at NLNOG and AusNOG, as well as from Cloudflare about commitments to validate IP prefixes and reduce route leaks and hijacks. This supports the work we’ve being doing with the MANRS initiative to raise awareness of this issue, and to persuade network operators to take collaborative responsibility for this critical aspect of the Internet.

Cloudflare to deploy RPKI

Cloudflare has been a long-time advocate of routing security, and during their recent Crypto Week, they announced that they’ll be deploying RPKI on their networks. Resource Public Key Infrastructure (RPKI) allows IP address prefixes and AS numbers to be cryptographically verified (using Route Origin Authorization), and therefore provides some assertion that the holders of these have the right to announce them. The use of RPKI is included as one of the four MANRS actions “Global Validation – facilitating validation of routing information on global scale” which includes the creation of ROAs and the maintenance of accurate data in Internet Routing Registries (IRRs).

Cloudflare also announced GoRTR, which is an open-source implementation of the RPKI to Router (RTR) protocol (see RFC 6810). This is Continue reading

Indigenous Connectivity Summit – my perspective

As the Director of Technology for the Southern California Tribal Chairmen’s Association I’ve been working with Native communities in San Diego County and Southern Riverside County of California in the United States for the past seventeen years. With a long background in Dot Com graphic design exposed to networking and web servers, the transition into technology was an obvious one.

A descendant of the Cree Nation with ancestors hailing from Norway and Finland may partially explain why I’ve been tagged a “cyber warrior for broadband.” I am 6’4” with long hair. Maybe it’s because I sketch in metal to build cyborg arms. But I believe it has more to do with the fact that I have lived in and among Southern California reservations since 2001, working with a team of local people, solving a myriad issues related to connectivity. We’ve come a long way, connecting thousands of homes to the Internet. Several thousand remain, but we are getting closer.

But more needs to happen.

The views, voices and knowledge of Indigenous people need to be included in the policy and tech that help build the Internet. If we’re not part of it, we’re literally written out of it.

So, Continue reading

Counting Up on the Benefits that Leaf-Spine Architecture Brings to Enterprise Networks

Counting Up the Benefits that Leaf-Spine Architecture Brings to Enterprise Networks

If your network, like most, is growing in size and complexity, perhaps it’s time to consider whether the traditional three-tier network architecture has run its course. It’s becoming apparent that a flatter, two-tier leaf spine network topology can bring dramatic changes in the way we manage networks – with as good or better performance.

Common enterprise network challenges

For decades we’ve been building networks based on the three-tier model: access, aggregation and core. Typical enterprise environments based on this model can easily comprise hundreds or thousands of individual networking devices, creating numerous challenges for implementation and operations teams to overcome in managing and maintaining the networks.

Sure, the teams have lots of software tools to manage and monitor the infrastructure, but they often have little to no integration with each other. Ongoing configuration management along with upgrades, policy and security changes therefore become exceedingly complex and time-consuming, often requiring administrators to log into each device, one at a time, to make changes.

And all the while, the network is often not efficiently utilizing bandwidth due to the use of Spanning Tree Protocol (STP). While the network is likely built Continue reading

Last Month in Internet Intelligence: September 2018

Over the course of a given month, hundreds of Internet-impacting “events” are visible within the Oracle Internet Intelligence Map. Many are extremely short-lived, lasting only minutes, while others last for hours or days; some have a minor impact on a single metric, while others significantly disrupt all three metrics. In addition, for some events, the root cause is publicly available/known, while for other events, digging into the underlying data helps us make an educated guess about what happened. Ultimately, this creates challenges in separating the signal from the noise, triaging and prioritizing that month’s events for review in this blog post.

Having said that, in September we observed Internet disruptions due to exams, power outages, extreme weather, and submarine cable issues, as well as a number of others with unknown causes. Additionally, a third test of nationwide mobile Internet connectivity took place in Cuba.

Cuba

As noted in our August post, ETECSA (the Cuban state telecommunications company) carried out two tests of nationwide mobile Internet connectivity, which were evident as spikes in the DNS query rates from Cuba. In a Facebook post, they noted, “On August 14th was a first test that measured levels of traffic congestion and Continue reading

IoT analytics guide: What to expect from Internet of Things data

The growth of the Internet of Things (IoT) is having a big impact on lots of areas within enterprise IT, and data analytics is one of them.Companies are gathering huge volumes of information from all kinds of connected of objects, such as data about how consumers are using certain products, the performance of corporate assets, and the environmental conditions in which systems operate. By applying advanced analytics to these incoming streams of data, organizations can gain new insights that can help them make more informed decisions about which actions to take. And with companies placing IoT sensors on more and more objects, the volumes of incoming data will continue to grow.To read this article in full, please click here

The Week in Internet News: AI Can Help, But Humans Are the Problem with Fake News

AI battles the fake news: Can Artificial Intelligence combat all the fake news that’s out there? An article in Forbes looks at several ways fake news fighters are using AI, but the author casts some doubt on these approaches. Ultimately, humans are the problem, the article says: “The willingness to believe sensational information is a real phenomenon and debunking false information does not always change people’s minds.”

Fake tweets: As social networks take steps to fight against fake news, some still have a way to go. Twitter, for example, is still flooded with sham accounts that generate more than 1 million tweets a day, reports CBS News. Twitter disputed the study the story is based on, noting it has suspended more than 70 million suspicious accounts in May and June.

Tiny infiltrations: Chinese hackers have used tiny microchips to gain access to computers at 30 U.S. companies, including Apple and Amazon, Bloomberg reports. Both companies disputed the report, and the U.K.’s National Cyber Security Centre appeared to support the denials later in the week, Reuters says.

Blockchain’s bright future: There were several reports this week focused on the growth projections of the blockchain technology, with the blockchain Continue reading

VXLAN and EVPN on Hypervisor Hosts

One of my readers sent me a series of questions regarding a new cloud deployment where the cloud implementers want to run VXLAN and EVPN on the hypervisor hosts:

I am currently working on a leaf-and-spine VXLAN+ EVPN PoC. At the same time, the systems team in my company is working on building a Cloudstack platform and are insisting on using VXLAN on the compute node even to the point of using BGP for inter-VXLAN traffic on the nodes.

Using VXLAN (or GRE) encap/decap on the hypervisor hosts is nothing new. That’s how NSX and many OpenStack implementations work.

Read more ...

Online parameter selection for web-based ranking problems

Online parameter selection for web-based ranking problems Agarwal et al., KDD’18

Last week we looked at production systems from Facebook, Airbnb, and Snap Inc., today it’s the turned of LinkedIn. This paper describes the system and model that LinkedIn use to determine the items to be shown in a user’s feed:

It replaces previous hand-tuning of the feature mix and ranking:

In the past, a developer spent days to accurately estimate [the feature weights] with desired behavior with every significant drift and intervention. Using the approach described in this paper, we have completely eliminated the laborious manual tuning, significantly increased developer productivity as well as obtained better Pareto optimal solutions.

Here are representative results comparing the impact on three key metrics for a setting found by the new algorithm over a period of 36 hours, vs the best setting that could be found in 7 days of hand-tuning:

Viral Actions is the most important metric for the LinkedIn feed, ‘with far reaching consequences from more subsequent sessions to more revenue.’ The algorithm is tasked with maximising this metric while not allowing others to drop by more than 1%. (Increases in the other metrics as well are Continue reading

1 1,448 1,449 1,450 1,451 1,452 3,849