NetworkingNexus.net

Network Break 184: Arista’s Core Switch Challenges Cisco; Qualcomm Reconsiders Servers

Take a Network Break! Arista challenges Cisco in the campus with a new a new core switch, Qualcomm is reportedly considering backing away from data center server processors, and a security survey shows woeful patching habits.

Another security survey reveals that three quarters of respondents have been breached at least once in 2017, Apple abandons a planned data center site in Ireland, and ZTE halts major operations because of a US export ban on parts and software from American companies.

Finally, Google acquires cloud onboarding startup VeloStrata, while Google’s Duplex voice assistant raises hackles.

Get links to all these stories after our sponsor messages.

Sponsor: InterOptic

InterOptic offers high-performance, high-quality optics at a fraction of the cost. Find out more at InterOptic.com, and if you re attending Interop 2018 in Vegas, stop by the InterOptic booth to learn how they can help you spec the right optics for your network.

Sponsor: Cisco Systems

Find out how Cisco and its trusted partners Equilibrium Security and ePlus/IGX can help your organization tackle the General Data Protection Regulation, or GDPR. Tune into Packet Pushers Priority Queue episode 147 to get practical insights on how to get your arms around these wide-ranging rules.

Coffee Continue reading

Worth Reading: Back to Basics?

We, as the stewards of networking, need to help this process along. We need to spend more time talking about design and theory. We need to dissect protocols and help people understand how to use the tools they have rather than hoping someone will build the best mousetrap ever to solve each piece of a complicated puzzle. We need to teach people to be thinkers and problem solvers. And, yes, that does mean a bit less complaining about things like vendor code quality and VAR behavior. —Tom @The Networking Nerd

EXFO Ontology’s Benedict Enweani on Service Assurance Automation

In this interview, Benedict Enweani, director of business development, systems and analytics at EXFO Ontology, discusses challenges in achieving effective and efficient service assurance in modern service provider networks, as well as the benefits of automation.

Tracking CDN Usage Through Historical DNS Data

A woman is paying at a coffee shop. The cashier is a young man. They are smiling at each other.

With Mother’s Day having just passed, some e-commerce sites likely saw an associated boost in traffic. While not as significant as the increased traffic levels seen around Black Friday and Cyber Monday, these additional visitors can potentially impact the site’s performance if it has not planned appropriately. Some sites have extra infrastructure headroom and can absorb increased traffic without issue, but others turn to CDN providers to ensure that their sites remain fast and available, especially during holiday shopping periods.

To that end, I thought that it would be interesting to use historical Internet Intelligence data (going back to 2010) collected from Oracle Dyn’s Internet Guide recursive DNS service, to examine CDN usage. As a sample set, I chose the top 50 “shopping” sites listed on Alexa, and looked at which sites are being delivered through CDNs, which CDN providers are most popular, and whether sites change or add providers over time. Although not all of the listed sites would commonly be considered “shopping” sites, as a free and publicly available list from a well-known source, it was acceptable for the purposes of this post.

The historical research was done on the www hostname of the listed Continue reading

Windows Package Management

Welcome to the third installment of our Windows-centric Getting Started Series!

In the previous post we covered how you can use Ansible and Ansible Tower to help manage your Active Directory environment. This post will go into how you can configure some of those machines on your domain. Most of this post is going to be dominated by specific modules. Ansible has a plethora of Windows modules that can be found here. As time is not a flat circle, I can’t discuss all of them today but only a few that are widely used.

MSIs and the win_package Module

So you got your domain up, you have machines added to it, now let’s install some stuff on those machines. I do have a few notes before moving forward in regards to the modules we’ll be discussing. The module win_msi is deprecated and will be removed in Ansible 2.8 (current version as of this post is 2.5). In its place you can use win_package which I will be using throughout this post.

Alright, back to installing stuff. The win_package module is the place to be. It is used specifically for .msi and .exe files that need to be installed Continue reading

Chewing A Billion By Billion Matrix Crammed Into Gigabytes Of Memory

Sometimes, to appreciate a new technology or technique, we have to get into the weeds a bit. As such, this article is somewhat more technical than usual. But the key message that new libraries called ExaFMM and HiCMA gives researchers the ability to operate on billion by billion matrices using machines containing only gigabytes of memory, which gives scientists a rather extraordinary new ability to run on really big data problems.

King Abdullah University of Science and Technology (KAUST) has been enhancing the ecosystem of numerical tools for multi-core and many-core processors. The effort, which is a collaboration between KAUST, …

Chewing A Billion By Billion Matrix Crammed Into Gigabytes Of Memory was written by Timothy Prickett Morgan at The Next Platform.

End-to-End Segmentation with NSX SD-WAN and NSX Data Center

As you may have read earlier this month, NSX Data Center and NSX SD-WAN by VeloCloud are part of the expanded VMware NSX portfolio to enable virtual cloud networking. A Virtual Cloud Network provides end-to-end connectivity for applications and data, whether they reside in the data center, cloud or at the edge. I wanted to follow up, and walk through an example using NSX Data Center and NSX SD-WAN of how one could build an end to end segmentation model from the data center to the branch.

NSX SD-WAN Segmentation

Beyond lowering cost and increasing agility and simplicity of branch connectivity, one of the key values provided by NSX SD-WAN by VeloCloud is enterprise segmentation, which provides isolated network segments across the entire enterprise, enabling data isolation or separation by user or line of business, support for overlapping IP addresses between VLANs and support for multiple tenants. NSX SD-WAN provides this segmentation using a VRF-like concept with simplified, per-segment topology insertion. This is accomplished by inserting a “Segment ID” into the SD-WAN Overlay header as traffic is carried from one NSX SD-WAN Edge device to another Edge. Networks on the LAN-side of an NSX SD-WAN Edge with different Continue reading

The Week in Internet News: Artificial Intelligence Heads to the Final Frontier

Coming to a space station near you: Artificial intelligence is going to space – maybe not a space station, but a satellite – predicts an aerospace executive, quoted in SpaceNews.com. So-called geospatial intelligence, housed on satellites, will collect massive amounts of data in space and analyze it, she says.

More blockchain believers: Tech giant Oracle plans to release its own blockchain software with a platform-as-a-service product coming this month and decentralized ledger-based applications coming next month, Bloomberg notes. Oracle is working with Banco de Chile to log inter-bank transactions on a hyperledger and with the government of Nigeria to document customs and import duties on blockchain.

Does blockchain even lift? Blockchain can help improve the sports and fitness industry by allowing instructors to securely stream workouts, allowing customers to avoid that annoying trip to the gym, Forbes suggests.

Social media eyes encryption: Facebook and Twitter are both looking at encrypting some user communications, according to news reports. Facebook has voiced support for end-to-end encryption on its blog, apparently in response to concerns it was moving to weaken encryption on its WhatsApp messaging service, BGR.com notes. However, Facebook hasn’t enabled encryption by default on it Messenger service, the story Continue reading

Some notes on eFail

I've been busy trying to replicate the "eFail" PGP/SMIME bug. I thought I'd write up some notes.

PGP and S/MIME encrypt emails, so that eavesdroppers can't read them. The bugs potentially allow eavesdroppers to take the encrypted emails they've captured and resend them to you, reformatted in a way that allows them to decrypt the messages.

Disable remote/external content in email

The most important defense is to disable "external" or "remote" content from being automatically loaded. This is when HTML-formatted emails attempt to load images from remote websites. This happens legitimately when they want to display images, but not fill up the email with them. But most of the time this is illegitimate, they hide images on the webpage in order to track you with unique IDs and cookies. For example, this is the code at the end of an email from politician Bernie Sanders to his supporters. Notice the long random number assigned to track me, and the width/height of this image is set to one pixel, so you don't even see it:

Such trackers are so pernicious they are disabled by default in most email clients. This is an example of the settings in Thunderbird:

The problem is Continue reading

One Week Until Spousetivities in Vancouver

Only one week remains until Spousetivities kicks off in Vancouver at the OpenStack Summit! If you are traveling to the Summit with a spouse, significant other, family member, or friend, I’d encourage you to take a look at the great activities Crystal has arranged during the Summit.

Here’s a quick sneak peek at what’s planned:

On Monday, May 21, Spousetivities attendees will enjoy a tour of the highlights of Vancouver (including things like Stanley Park, Gastown, Chinatown, and Granville Island Public Market), followed by fun at the Capilano Suspension Bridge Park. (If for no other reason, you’ll want to attend this to see Crystal face her fear of heights and suspension bridges!)
On Tuesday, May 22, Spousetivities is off to Whistler Village. Along the way, see wonderful sights like Howe Sound, Britannia Beach, and Shannon Falls. Then you’ll get to ride the Sea to Sky Gondola up to Squamish for an adventure-filled time.
On Wednesday, May 23, the activities wrap up with a wine tour. This will include tastings at three beautiful wineries and a lovely picnic lunch at one of the venues.

All of these tours includes private transportation, and the pricing for each of the events is Continue reading

5 Campus Network Upgrade Planning Tips

Campus network design has become complex with cloud adoption and increased telecommuting. Here are some top considerations for ensuring a high-performing network.

How we chose 10 hot IoT startups to watch

The competition to find 10 hot IoT startups to watch began with 79 contenders, 14 of which were eliminated in round 1 for not really being IoT startups or for not following directions. (Pro tip: if you try the hard-to-get strategy - making us chase you down for the information we already asked for in my query – we won’t play that game. We just hit “delete” instead.)In Round 2, visitors to our website, Startup50.com, cast votes for their three favorite startups, with votes weighted at five points for a first-place vote, two points for a second-place vote and one point for a third-place vote. Only the top 20 startups moved into the final round.To read this article in full, please click here

10 Hot IoT startups to watch

The Internet of Things (IoT) promises to make machines smarter, industrial processes more efficient and consumer devices more responsive to our needs. According to research firm Gartner, there will be more than 20 billion connected things in use worldwide by 2020.But these constrained devices often run on woefully out-of-date software that must be manually patched and upgraded; the market potential is enormous, but so are the risks.[ Click here to download a PDF bundle of five essential articles about IoT in the enterprise. ] Figuring out successful IoT business models is still a work in progress, and many are trying. We’ve looked at a large sampling of companies that have formed to work on these problems and pared the list down to 10 that warrant special attention. (See how we did it.)To read this article in full, please click here

What Is EVPN?

EVPN might be the next big thing in networking… or at least all the major networking vendors think so. It’s also a pretty complex technology still facing some interoperability challenges (I love to call it SIP of networking).

To make matters worse, EVPN can easily get even more confusing if you follow some convoluted designs propagated on the ‘net… and the best antidote to that is to invest time into understanding the fundamentals, and to slowly work through more complex scenarios after mastering the basics.

Re-coding Black Mirror, Part I

In looking through the WWW’18 proceedings, I came across the co-located ‘Re-coding Black Mirror’ workshop.

Re-coding Black Mirror is a full day workshop which explores how the widespread adoption of web technologies, principles and practices could lead to potential societal and ethical challenges as the ones depicted in Black Mirror‘s episodes, and how research related to those technologies could help minimise or even prevent the risks of those issues arising.

The workshop has ten short papers exploring either existing episodes, or Black Mirror-esque scenarios in which technology can go astray. As food for thought, we’ll be looking at a selection of those papers this week. In the MIT media lab, Black Mirror episodes are assigned watching for new graduate students in the Fluid Interfaces research group.

Today we’ll be looking at:

The rise of emotion-aware conversational agents, Mensio et al., and
Digital Zombies – the reanimation of our digital selves, Tietz et al.

(If you don’t have ACM Digital Library access, all of the papers in this workshop can be accessed either by following the links above directly from The Morning Paper blog site, or from the WWW 2018 proceedings page).

Both papers pick Continue reading

Leaking securely, for White House staffers

Spencer Ackerman has this interesting story about a guy assigned to crack down on unauthorized White House leaks. It's necessarily light on technical details, so I thought I'd write up some guesses, either as a guide for future reporters asking questions, or for people who want to better know the risks when leak information.

It should come as no surprise that your work email and phone are already monitored. They can get every email you've sent or received, even if you've deleted it. They can get every text message you've sent or received, the metadata of every phone call sent or received, and so forth.

To a lesser extent, this also applies to your well-known personal phone and email accounts. Law enforcement can get the metadata (which includes text messages) for these things without a warrant. In the above story, the person doing the investigation wasn't law enforcement, but I'm not sure that's a significant barrier if they can pass things onto the Secret Service or something.

The danger here isn't that you used these things to leak, it's that you've used these things to converse with the reporter before you made the decision to leak. That's what happened in Continue reading

Tracing System CPU on Debian Stretch

This is a heavily truncated version of an internal blog post from August 2017. For more recent updates on Kafka, check out another blog post on compression, where we optimized throughput 4.5x for both disks and network.

Tracing System CPU on Debian Stretch
Photo by Alex Povolyashko / Unsplash

Upgrading our systems to Debian Stretch

For quite some time we've been rolling out Debian Stretch, to the point where we have reached ~10% adoption in our core datacenters. As part of upgarding the underlying OS, we also evaluate the higher level software stack, e.g. taking a look at our ClickHouse and Kafka clusters.

During our upgrade of Kafka, we sucessfully migrated two smaller clusters, logs and dns, but ran into issues when attempting to upgrade one of our larger clusters, http.

Thankfully, we were able to roll back the http cluster upgrade relatively easily, due to heavy versioning of both the OS and the higher level software stack. If there's one takeaway from this blog post, it's to take advantage of consistent versioning.

High level differences

We upgraded one Kafka http node, and it did not go as planned:

Having 5x CPU usage was definitely an unexpected outcome. For control datapoints, we Continue reading

Networking With Fish: YouTube Channel

Blogging, originally, was my go to and preferred method for sharing information to others – teaching, sharing, etc. For a few corner case type things I found video (YouTube) to be a better tool for those specific items. Recently, however, I am finding about half of my ideas of things I want to “pass on” to others… would be best (in my opinion) via video.

I’ve been trying to figure out and think about how best to have the two sharing tools – this blog site and the YouTube channel – best compliment each other. So I have been experimenting with this. What I have come up with that I like and works for me is the following…..

“Standalone Video” – If the YouTube is really a “standalone” and blogging with additional text around it here doesn’t “help” communicate what I’m trying to get across… then I won’t be blogging about it here.
“Video Series” – There will be series that will be building on each other – like the videos in the playlist “BGP Show and Tell: Beginners” and the playlist “Label Swapping Fun”. Video series, I believe, would definitely benefit from larger big Continue reading

Worth Reading: Cognitive Dissonance

I always wondered why it’s so hard to accept that someone might not find your preferred solution beautiful but would call it complex or even harmful (or from the other side, why someone could not possibly appreciate the beauty of your design)… and then stumbled upon this blog post by Scott Adams describing cognitive dissonance (the actual topic they’re discussing in the mentioned video doesn’t matter – look for the irrational behavior).

You might say “but we could politely agree to disagree” but unfortunately that implies that at least one of us is not fully rational due to Aumann’s Agreement Theorem.

Link Propagation 118

Welcome to Link Propagation, a Packet Pushers newsletter. Link Propagation is included in your free membership. Each week we scour the InterWebs to find the most relevant practitioner blog posts, tech news, and product announcements. We drink from the fire hose so you can sip from a coffee cup. Blogs Foundations of MPLS: Label Switching […]

« Previous 1 … 1,563 1,564 1,565 1,566 1,567 … 3,796 Next »