NetworkingNexus.net

WISP Design – OSPF “Leapfrog” path for traffic engineering

Introduction

One challenge that every WISP owner or operator has faced is how to leverage unused bandwidth on a backup path to generate more revenue.

For networks that have migrated to MPLS and BGP, this is an easier problem to solve as there are tools that can be used in those protocols like communities or MPLS TE to help manage traffic and set policy.

However, many WISPs rely solely on OSPF and cost adjustment to attempt to influence traffic. Alternatively, trying to use policy routing can lead to a design that doesn’t failover or scale well.

Creating a bottleneck on a single path

WISPs that are OSPF routed will often have a primary path back to the Internet at one or more points in the network typically from a tower that aggregates multiple backhauls.

As more towers are added that rely on this path, it can create a bottleneck while other paths are unused.

Creating an alternate best path by leapfrogging another router

One way to solve this problem is to use VLANs to create another subnet for OSPF to form an adjacency.

By tagging the VLAN from Tower 6 through Tower 3 and into Tower 4, a new path Continue reading

AI for IT: Who Will Lead the Charge for a Standard?

For artificial intelligence in networking to become mainstream, we need a common standard across the IT stack.

Intent-Based Networking’s True Intent Revealed

For some companies, the goal of intent-based networking may be rather simple.

Show 392: Debating The Value Of Expert Certifications

On today’s Weekly Show the Packet Pushers jump on the live grenade that is the debate over the value of IT certifications.

Spurred by Greg’s blog about giving up his CCIE status, this episode looks at the value of technology certifications such as the CCIE and others.

Greg and guests Mike Fryar, Chris Kluka, and Jeremy Filliben discuss the benefits and limits of professional certifications, the differences between certifications and actual skills, whether certifications represent a standardized body of knowledge or just a set of instructions, and how the industry might better foster learning.

Sponsor: InterOptic

InterOptic offers high-performance, high-quality optics at a fraction of the cost. Find out more at InterOptic.com, and if you re attending Interop 2018 in Vegas, stop by the InterOptic booth to learn how they can help you spec the right optics for your network.

Sponsor: Cumulus Networks

The Cumulus Linux network OS is simple, open, untethered Linux that can run on more than 70 hardware platforms and help you transition from your legacy infrastructure. Cumulus Networks is Web-scale networking for the digital age. Go to cumulusnetworks.com to find out more.

Show Links:

Quitting My CCIE Status – Greg Ferro

Jeremy Filliben.com

Install Netmiko on Windows

Netmiko develop by kirk Byers is open source python library based on Paramiko which simplifies SSH management to network devices .

Netmiko library makes task to automate . Its very tedious to find out the procedure to install Netmiko in Windows enviornment.Let’s make out task simple :-

Steps:

Install Anaconda ( https://www.anaconda.com/download/)
From the Anaconda shell, run “conda install paramiko”.
From the Anaconda shell, run “pip install scp”.
Install git for windows (https://www.git-scm.com/downloads)
Clone Netmiko from Git Bash Window (https://github.com/ktbyers/netmiko).
Change directory to netmiko.
Run python setup.py install from Git Bash Window
Check on Python console to confirm the availabilty of paramiko and netmiko library

Its done.. Enjoy automating tasks !!!!

Install Netmiko on Windows

Netmiko develop by kirk Byers is open source python library based on Paramiko which simplifies SSH management to network devices . Netmiko library makes task to automate . Its very tedious to find out the procedure to install Netmiko in Windows enviornment.Let’s make out task simple :- Steps: Install Anaconda ( https://www.anaconda.com/download/) From the Anaconda […]

From the Trenches: Rampant MacGyver-ism

Here’s a response I got from Simon Milhomme on my Why Is Network Automation So Hard article:

ForkBase: an efficient storage engine for blockchain and forkable applications

ForkBase: an efficient storage engine for blockchain and forkable applications Wang et al., arXiv’18

ForkBase is a data storage system designed to support applications that need a combination of data versioning, forking, and tamper proofing. The prime example being blockchain systems, but this could also include collaborative applications such as GoogleDocs. Today for example Ethereum and HyperLedger build their data structures directly on top of a key-value store. ForkBase seeks to push these properties down into the storage layer instead:

One direct benefit is that it reduces development efforts for applications requiring any combination of these features. Another benefit is that it helps applications generalize better by providing additional features, such as efficient historical queries, at no extra cost. Finally, the storage engine can exploit performance optimization that is hard to achieve at the application layer.

Essentially what we end up with is a key-value store with native support for versioning, forking, and tamper evidence, built on top of an underlying object storage system. At the core of ForkBase is a novel index structure called a POS-Tree (pattern-oriented-split tree).

The ForkBase stack

From the bottom-up, ForkBase comprises a chunk storage layer that performs chunking and deduplication, a Continue reading

Today we mitigated 1.1.1.1

On May 31, 2018 we had a 17 minute outage on our 1.1.1.1 resolver service; this was our doing and not the result of an attack.

Cloudflare is protected from attacks by the Gatebot DDoS mitigation pipeline. Gatebot performs hundreds of mitigations a day, shielding our infrastructure and our customers from L3/L4 and L7 attacks. Here is a chart of a count of daily Gatebot actions this year:

Today we mitigated 1.1.1.1

In the past, we have blogged about our systems:

Meet Gatebot, a bot that allows us to sleep

Today, things didn't go as planned.

Gatebot

Today we mitigated 1.1.1.1

Cloudflare’s network is large, handles many different types of traffic and mitigates different types of known and not-yet-seen attacks. The Gatebot pipeline manages this complexity in three separate stages:

attack detection - collects live traffic measurements across the globe and detects attacks
reactive automation - chooses appropriate mitigations
mitigations - executes mitigation logic on the edge

The benign-sounding "reactive automation" part is actually the most complicated stage in the pipeline. We expected that from the start, which is why we implemented this stage using a custom Functional Reactive Programming (FRP) framework. If you want to know more about it, see the talk and the presentation.

AMD’s EPYC server encryption is the latest security system to fall

It’s a good thing AMD had the sense not to rub Intel’s nose in the Meltdown/Spectre vulnerability, because it would be getting it right back for this one: Researchers from the Fraunhofer Institute for Applied and Integrated Safety in Germany have published a paper detailing how to compromise a virtual machine encrypted by AMD's Secure Encrypted Virtualization (SEV).The news is a bit of a downer for AMD, since it just added Cisco to its list of customers for the EPYC processor. Cisco announced today plans to use EPYC in its density-optimized Cisco UCS C4200 Series Rack Server Chassis and the Cisco UCS C125 M5 Rack Server Node.To read this article in full, please click here

AMD’s EPYC server encryption is the latest security system to fall

AMD’s Epyc server encryption is the latest security system to fall

It’s a good thing AMD had the sense not to rub Intel’s nose in the Meltdown/Spectre vulnerability, because it would be getting it right back for this one: Researchers from the Fraunhofer Institute for Applied and Integrated Safety in Germany have published a paper detailing how to compromise a virtual machine encrypted by AMD's Secure Encrypted Virtualization (SEV).The news is a bit of a downer for AMD, since it just added Cisco to its list of customers for the Epyc processor. Cisco announced today plans to use Epyc in its density-optimized Cisco UCS C4200 Series Rack Server Chassis and the Cisco UCS C125 M5 Rack Server Node.To read this article in full, please click here

Is open source software a network security risk?

Networks are changing. More and more we’re hearing terms like whitebox, britebox, disaggregation, NOS, commodity hardware and open source when we talk about the future of networking. Since you’re reading this on the Cumulus Networks blog, I’ll assume you get that and spare you a description of these terms here. If you do want a crash course on network disaggregation and how it relates to orchestration/SDN, check out my previous post on the Packet Pushers blog.

With that bit of housekeeping out of the way, let’s dig right into today’s topic: open source software security.

First, why does security matter? If you’re like most network engineers, your primary goal typically is to get bits of data from one place to another. Anything that interferes with the free flow of packets and frames is a potential problem. So the goals of security can at first appear contrary to those of the network. Raise your hand if you’ve ever been frustrated by a firewall rule or some seemingly arcane security policy!

Unfortunately, we no longer have the luxury of ignoring security. Today’s network is one of the most crucial pieces of IT infrastructure for any organization and for the economies we operate in. Continue reading

FBI Blames North Korea for Malware, Kaspersky Lawsuits Dismissed

The two malware families target U.S. media, aerospace, financial, and critical infrastructure sectors’ networks.

Viewer’s Guide: Virtual Cloud Network Online Event

Start Building the Virtual Cloud Network Today, join the online event June 5 at 11am PDT

You might not know it yet, but your network is holding you back. Unconnected clouds and data silos prevent your enterprise from securing and mining valuable data. VMware creates connections from your data center to the cloud to the edge – providing a secure, consistent foundation that drives business forward, rather than holding it back.

VMware recently announced our vision for the next era of networking – the Virtual Cloud Network. Join us for an exclusive online event to learn about how your organization can start building the network of the future. To prepare for this event, I not only spent time with the customers, technical leads and executives you hear from, but also behind the scenes, I have been part of many more conversations that I was not able to share. Pulling from those conversations, I’ve created your viewer’s guide for each segment of the event.

An overview of the Virtual Cloud Network by Rajiv Ramaswami, Chief Operating Officer, Products and Cloud Services

Rajiv and Pat share their executive views on the Virtual Cloud Network at the beginning of the event. To Continue reading

The First Lady’s bad cyber advice

First Lady Melania Trump announced a guide to help children go online safely. It has problems.

Melania's guide is full of outdated, impractical, inappropriate, and redundant information. But that's allowed, because it relies upon moral authority: to be moral is to be secure, to be moral is to do what the government tells you. It matters less whether the advice is technically accurate, and more that you are supposed to do what authority tells you.

That's a problem, not just with her guide, but most cybersecurity advice in general. Our community gives out advice without putting much thought into it, because it doesn't need thought. You should do what we tell you, because being secure is your moral duty.

This post picks apart Melania's document. The purpose isn't to fine-tune her guide and make it better. Instead, the purpose is to demonstrate the idea of resting on moral authority instead of technical authority.
<-- --="" more="">

Strong Passwords

"Strong passwords" is the quintessential cybersecurity cliché that insecurity is due to some "weakness" (laziness, ignorance, greed, etc.) and the remedy is to be "strong".

The first flaw is that this advice is outdated. Ten years ago, important websites would frequently get hacked and Continue reading

Sprint Uses 5G Network Preparations to Overhaul Its IoT Business

Sprint hired former Vodafone IoT executive Ivo Rook to revamp its IoT business. Rook joined the company in January.

AT&T and Tech Mahindra Sponsor an Artificial Intelligence Contest

They're working with the Linux Foundation to host the Acumos AI Challenge, which seeks innovative open source AI solutions.

Study shows admins are doing a terrible job of patching servers

Open source has taken over the server side of things, but admins are doing a terrible job of keeping the software patched and up to date.Black Duck Software, a developer of auditing software for open-source security, has released its annual Open Source Security and Risk Analysis, which finds enterprise open source to be full of security vulnerabilities and compliance issues.[ For more on IoT security see our corporate guide to addressing IoT security concerns. | Get regularly scheduled insights by signing up for Network World newsletters. ] According to the study, open-source components were found in 96% of the applications the company scanned last year, with an average of 257 instances of open source code in each application.To read this article in full, please click here

Study shows admins are doing a terrible job of patching servers

« Previous 1 … 1,586 1,587 1,588 1,589 1,590 … 3,841 Next »