NetworkingNexus.net

RPKI – The required cryptographic upgrade to BGP routing

We have talked about the BGP Internet routing protocol before. We have talked about how we build a more resilient network and how we can see outages at a country-level via BGP. We have even talked about the network community that is vital to the operation of the global Internet.

Today we need to talk about why existing operational practices for BGP routing and filtering have to significantly improve in order to finally stop route leaks and hijacks; which are sadly pervasive in today’s Internet routing world. In fact, the subtle art of running a BGP network and the various tools (both online and within your a networks subsystems) that are vital to making the Internet routing world a safe and reliable place to operate need to improve.

Internet routing and BGP and security along with its operational expertise must improve globally.

Nothing specific triggered today’s writing except the fact that Cloudflare has decided that it's high-time we took a leadership role to finally secure BGP routing. We believe that each and every network needs to change its mindset towards BGP security both on a day-by-day and a long-term basis.

It's time to stop Continue reading

Better Together: Net Managers are Partnering with the Security Team

Network managers need to be open to an expanded partnership with the security group. A new EMA report finds such collaboration is already underway in many organizations.

Windows XP OpenVPN TAP installation, “devcon.exe failed”

Although this article mainly targets OpenVPN TAP driver installation issue, The problem is likely not limited to that specific driver.

You may want to continue reading and give the very easy solution at the end of the article a try.

Recently I had to install OpenVPN on a system running Windows XP (Don’t ask). The installation went smoothly up until TAP driver installation and then suddenly things went haywire:

An error occurred installing the TAP device driver

The yellow marked status with the code of 28 in the device manager was not promising either:

The drivers for this device are not installed. (Code 28)

In Windows XP, to install its inf file, TAP driver installation uses the built-in Windows Device Console (Devcon.exe). Pretty simple stuff, you just use devcon.exe with the install argument, supply the inf file and then provide the device’s Hardware ID.

This is the command being used to install each TAP NIC:
"C:\Program Files\TAP-Windows\bin\devcon.exe" install "C:\Program Files\TAP-Windows\driver\OemWin2k.inf" tap0901

Which gave a mundane error:

devcon.exe failed.

Devcon however, leaves a log file of its operation behind in %windir%\setupapi.log which included these lines:

#E122 Device install failed. Error 2: The system cannot find Continue reading

Infrastructure-as-Code, NETCONF and REST API

This is the third blog post in “thinking out loud while preparing Network Infrastructure as Code presentation for the network automation course” series. You might want to start with Network-Infrastructure-as-Code Is Nothing New and Adjusting System State blog posts.

As I described in the previous blog post, the hardest problem any infrastructure-as-code (IaC) tool must solve is “how to adjust current system state to desired state described in state definition file(s)”… preferably without restarting or rebuilding the system.

There are two approaches to adjusting system state:

Relational inductive biases, deep learning, and graph networks

Relational inductive biases, deep learning, and graph networks Battaglia et al., arXiv’18

Earlier this week we saw the argument that causal reasoning (where most of the interesting questions lie!) requires more than just associational machine learning. Structural causal models have at their core a graph of entities and relationships between them. Today we’ll be looking at a position paper with a wide team of authors from DeepMind, Google Brain, MIT, and the University of Edinburgh, which also makes the case for graph networks as a foundational building block of the next generation of AI. In other words, bringing back and re-integrating some of the techniques from the AI toolbox that were prevalent when resources were more limited.

We argue that combinatorial generalization must be a top priority for AI to achieve human-like abilities, and that structured representation and computations are key to realizing this objective… We explore how using relational inductive biases within deep learning architectures can facilitate learning about entities, relations, and the rules for composing them.

Relational reasoning and structured approaches

Human’s represent complex systems as compositions of entities and their interactions. We use hierarchies to abstract away fine-grained differences, manage part-whole associations and other more Continue reading

VMware NSX-T Data Center in Evaluation for Common Criteria EAL4+ Certification

VMware NSX-T Data Center 2.x is now under evaluation for Common Criteria certification at Evaluation Assurance Level 4+ with BSI, Germany’s Federal Office for Information Security. Common Criteria is an internationally recognized standard (ISO-15408) that defines, validates, and assures security features and capabilities of IT security products. To see the evaluation status for VMware NSX-T 2.x, visit the German BSI certification website and reference certificate # BSI-DSZ-CC-1099.

VMware NSX-T was introduced to help organizations meet the stringent security demands of containerized workloads, multi-hypervisor, and multi-cloud. And this latest milestone for NSX-T 2.x reinforces VMware’s continuing commitment to deliver secure software to our customers. During the Common Criteria certification process, VMware NSX-T will undergo a thorough and rigorous evaluation methodology, with testing performed by a commercial Common Criteria Evaluation Facility under the oversight of the Certification Body. The Common Criteria certification acts as a seal of assurance for the federal government, its agencies, contractors and other organizations and assures that the product complies with strict security requirements specified within the designated level.

Within the VMware NSX portfolio, we have a long history of investing in certification efforts. For example, VMware NSX Data Center for vSphere 6.x also Continue reading

Kernel of Truth episode 7: data center networking in APAC and EMEA

Subscribe to Kernel of Truth on iTunes, Google Play, Spotify, Cast Box and Sticher!

Click here for our previous episode.

We wanted to give this podcast a bit of international flair, so we invited some overseas guests into the recording booth. I’m joined by Attilla de Groot (Sales Engineer for EMEA) and Sutharsan Sivapalan (Sales Engineer for APAC), who filled me in on the networking customers, trends and challenges that are cropping up in their respective regions. There are definitely differences between these two ends of the world, but you’d be surprised how much these regions have in common despite the distance.

Tweet any questions, feedback or topics you want us to discuss at @cumulusnetworks and use the hashtag #KernelOfTruth — let us know if you like what you’re hearing!

Guest bios

Sutharsan Sivapalan: CCIE #40322 (Data Center), is a Senior Systems Engineer covering the US West and Asia-Pacific regions for Cumulus Networks. Prior to joining Cumulus, Sutharsan spent 6 years at Cisco designing and troubleshooting some of the most complex networks in the world, as a member of their Technical Services organisation. In that role, he supported the entire Data Centre portfolio, including UCS, the Nexus Continue reading

Intel’s Growing Chip Portfolio Stretches From Cloud to Edge

Intel may be best known for its x86 server chips, but its growing silicon portfolio targets cloud and edge applications, as well as 5G.

ARM Supports Chip Makers in Servers, IoT, and 5G

Instead of manufacturing chips, ARM provides its instruction set architecture to its customers — such as Qualcomm, Broadcom, NXP, and Marvell — and those companies manufacture the chips.

Linkerd 2.0 Update Moves Closer to Kubernetes

The service mesh's 2.0 update is focused on easing deployment for service owners compared to other platforms like Istio.

Arm Upstart Ampere Starts Chipping Away At Intel Xeons

When this is all done, Intel might have wished it had kept Renee James as president and chief executive officer, because Ampere, an Arm server chip startup that James has been running since this spring, wants a big piece of the Xeon datacenter business and it has the financial backing to start a price war that others can win and only Intel can lose. …

Arm Upstart Ampere Starts Chipping Away At Intel Xeons was written by Timothy Prickett Morgan at .

AMD plots its move against Intel in the data center

Smelling blood in the water, a revitalized AMD is preparing for a big push against Intel in the data center, hoping to win back the market share it gained and lost a decade ago.AMD is promoting its Epyc processors, with 16 or 32 cores, as a lower TCO, higher performance option than Intel’s Xeon. It argues a single-socket 32-core server is cheaper up front and in the long run than a dual socket setup, which is Intel’s bread and butter.“We’re not saying single socket is for everyone, but at the heart of the market is where 50 percent to 80 percent are 32 cores per server and down, and our top single socket can do it more efficiently with lower costs and licensing. But in some cases some people will want to stay at two-socket,” said Glen Keels, director of product and segment marketing for data center products at AMD.To read this article in full, please click here