We all know that ‘lock in’ is inevitable. You make a choice and then you live with the consequences of what you have bought. However, I see a number of area where vendors are actively promoting lockin to capture unearned profits and control their partners. These dark patterns are not always obvious and I wanted […]
Take a Network Break! Cisco announced that it would allow third-party OSs to run on Nexus 9200 and 9300 switches, and let customers run NX-OS on other hardware. The company is also making its IOS-XR router OS available for “curated” third-party hardware.
AT&T announces a plan to deploy 60,000 whitebox routers as part of its 5G rollout, and its dNOS open network OS moves to the Linux Foundation. Juniper’s OpenContrail also joins the Linux Foundation and gets renamed Tungsten Fabric.
The P4 network programming language becomes an official project of the Open Networking Foundation, HPE buys Cape Networks for WLAN performance monitoring, Microsoft reorganizes the company, and Arista announces new 25 and 100GbE switches.
Get links with more details to all these stories after our sponsor message.
Send files to the cloud quickly and easily with Couchdrop, a cloud-based service that uses the Secure Copy Protocol to transfer files. Couchdrop integrates with Dropbox, GoogleDrive, Amazon S3 buckets and more. Head to Couchdrop.io to get details, and get two months free with a one-year subscription.
An Architectural Approach to Flexible Consumption for Service Providers with IOS XR – Cisco
Enabling IOS-XR on Third-Party Network Hardware Continue reading
This is a guest post by Jonathan Kosgei, founder of ipdata, an IP Geolocation API.
I woke up on Black Friday last year to a barrage of emails from users reporting 503 errors from the ipdata API.
Our users typically call our API on each page request on their websites to geolocate their users and localize their content. So this particular failure was directly impacting our users’ websites on the biggest sales day of the year.
I only lost one user that day but I came close to losing many more.
This sequence of events and their inexplicable nature — cpu, mem and i/o were nowhere near capacity. As well as concerns on how well (if at all) we would scale, given our outage, were a big wake up call to rethink our existing infrastructure.
Do you believe ICANN should go ahead with the plan to roll the Root Key Signing Key (KSK) on 11 October 2018? If so (or if not), the deadline for public comment is TODAY, 2 April 2018, at 23:59 UTC. That’s about 9.5 hours from the time I’m publishing this post.
My colleague Kevin Meynell provided more info about this public comment process when it began in March. At the IETF 101 meeting in London, I spoke with ICANN staff who again stated that they would like to hear from many voices about whether they should go ahead with the Root KSK Rollover on 11 October 2018. It’s very simple to send in comments:
You can see the current list of comments at: https://mm.icann.org/pipermail/comments-ksk-rollover-restart-01feb18/2018q1/thread.html (All comments are public.)
I would encourage anyone interested to submit comments (even if they are simply “I support the plan.”).
And if you have want more information about how to get started with using DNSSEC, please see our Deploy360 Start page to begin.
Image credit: Bryce Barker on Unsplash
The post Deadline TODAY (23:59 UTC) to submit comments to ICANN Continue reading
I'm positive on Juniper Contrail, but there are many things to think about regarding the company's SDN strategy and the changing market.
What IoT security problem? Most IT professionals realize the Internet of things poses some security risks, but less than a third of them actively monitor for third-party IoT security problems, according to a survey detailed at ZDNet. More than a third of those surveyed said that nobody in their organization is responsible for reviewing the risk-management policies of their IoT vendors.
Some security risks, only faster: Meanwhile, the European Union Agency for Network and Information Security is warning organizations that 5G mobile service may bring the same security risks as earlier mobile standards have. Known flaws in SS7 and Diameter, the signaling protocols used in 2G, 3G, and 4G, could end up in 5G, and allow traffic to be eavesdropped or spoofed, reports ARN.
Community broadband for net neutrality: The American Civil Liberties Union is urging U.S. cities to build their own broadband networks as a way to protect net neutrality principles, now that the Federal Communications Commission has repealed its related regulations. The Hill has a story. Many small U.S. cities are already building their own, in an effort to provide faster or cheaper service than commercial providers, Governing Magazine says.
Fake news in the news: Malaysia Continue reading
Last week I announced my departure from VMware, and my intention to step away from VMware’s products and platforms to focus on a new technology area moving forward. Today marks the “official” start of a journey that’s been building for a couple years, a journey that will take me into a future that’s containerized. That journey starts in Seattle, Washington.
Why Seattle, Washington? Because that’s where Heptio is based, and because today I am joining Heptio as a senior member of the field engineering team to help drive the adoption of Kubernetes across the industry. Only a couple of folks guessed that I was headed to Heptio. If you were one of those folks, you guessed correctly!
Two questions are probably rolling around in your head right now:
Good questions!
It’s clear to me that containers will have a significant impact on how we as IT professionals will develop, deploy, upgrade, and manage applications. It’s also clear to me that when it comes to orchestrating containers, Kubernetes is the clear leader. So, if I accept that containers are going to be a significant part of IT moving forward, then it logically follows that Kubernetes is Continue reading
For networking pros, subnetting is an essential skill. Follow these steps to ensure reliable performance and security in IPv4 networks.
For networking pros, subnetting is an essential skill. Follow these steps to ensure reliable performance and security in IPv4 networks.
What I am saying is that those arguing that we should reject third-party access out of hand haven’t carried their research burden. ... There are two reasons why I think there hasn’t been enough research to establish the no-third-party access position. First, research in this area is “taboo” among security researchers. ... the second reason why I believe more research needs to be done: the fact that prominent non-government experts are publicly willing to try to build secure third-party-access solutions should make the information-security community question the consensus view.
Earlier this week, Cisco announced that they will be offering a disaggregated solution with their Cisco IOS XR and Nexus operating systems (1). It’s true, the same organization that claimed to have killed white-box networking is jumping on the bandwagon three years later.
It’s now a requirement in today’s innovative data centers. Cumulus was founded on the notion that the future of data center networking is disaggregation, that the industry should be open and that innovation will only prevail when open networking does. The fact that one more incumbent vendor has acknowledged this notion about where the industry is headed only validates our vision. The future of networking truly is here, and we welcome Cisco to the club — really!
In the last few years, and even last several months, we’ve seen open networking takeoff. From the moment we helped bring ONIE to the market back in 2013, we knew things were going to change in the industry. Since then, we’ve seen the list of participating hardware vendors grow like crazy and our customer base grow with them. We’ve seen web-scale companies like Facebook, Google, LinkedIn and more contribute to the Continue reading
Cloudflare's mission is to help build a better Internet. We're excited today to take another step toward that mission with the launch of 1.1.1.1 — the Internet's fastest, privacy-first consumer DNS service. This post will talk a little about what that is and a lot about why we decided to do it. (If you're interested in the technical details on how we built the service, check out Ólafur Guðmundsson's accompanying post.)
DNS is the directory of the Internet. Whenever you click on a link, send an email, open a mobile app, often one of the first things that has to happen is your device needs to look up the address of a domain. There are two sides of the DNS network: Authoritative (the content side) and Resolver (the consumer side).
Every domain needs to have an Authoritative DNS provider. Cloudflare, since our launch in September 2010, has run an extremely fast and widely-used Authoritative DNS service. 1.1.1.1 doesn't (directly) change anything about Cloudflare's Authoritative DNS service.
On the other side of the DNS system are resolvers. Every device that connects to the Internet needs a DNS resolver. By default, Continue reading
Cloudflare’s mission is to help build a better Internet and today we are releasing our DNS resolver, 1.1.1.1 - a recursive DNS service. With this offering, we’re fixing the foundation of the Internet by building a faster, more secure and privacy-centric public DNS resolver. The DNS resolver, 1.1.1.1, is available publicly for everyone to use - it is the first consumer-focused service Cloudflare has ever released.
We’re using the following IPv4 addresses for our resolver: 1.1.1.1 and 1.0.0.1. Easy to remember. These addresses have been provided to Cloudflare by APNIC for both joint research and this service. You can read more about their work via the APNIC blog.
DNS resolver, 1.1.1.1, is served by Cloudflare’s Global Anycast Network.
Our friends at DNSimple have made this amazing DNS Tutorial for anyone to fill in their gaps on how DNS works. They explain all about resolvers, root name servers, and much more in a very informative way.
When resolving a domain name, a query travels from your end system (i.e. a web browser) to Continue reading
I suspect all of my readers are well aware of the Spectre exploit affecting, among others, Intel CPUs going back many years. Intel for their part, after a few missteps, have issued microcode updates for more recent CPUs. But for those of us with computers running older CPUs, the solutions are less likely to be forthcoming. Thankfully there is a solution.
The Spectre exploit affects processors which perform branch prediction, a kind of optimistic lookahead where the processor prepares and executes a potential instruction before it is actually requested. For example, if the processor encounters conditional code (like and if..then..else construct), based on previous behavior it predicts what the most likely outcome is and thus which branch of code would be executed as a result, then loads and executes that code in advance (hence “speculative execution”). If the branch prediction is correct, then since the code was already executed the code will benefit from improved performance. Spectre abuses some predictable timing behavior of the speculative execution to be able to extract other processes’ data from the CPU caches. In other words, it’s bad news for security.
The only way to restore security Continue reading
Hot off the presses! Cloudflare just completed provisioning our Luxembourg City and Chișinău data centers, expanding our Europe network to 41 cities, and our global network to 151 cities across 74 countries. In the coming days, we'll ramp up traffic from across millions of websites using Cloudflare, and get routes optimized across all networks. Cloudflare is a participant at the Chișinău Internet Exchange (KIVIX), Luxembourg Commercial Internet eXchange (LU-CIX), and Moldova Internet Exchange (MD-IX), amongst ~180 other interconnection points.
This has been an exciting month, with 31 cities added just in March, for an average of one per day! Collectively, they provide additional resilience and performance across countries spanning a population of over one billion people. To recap, here's the list of our newest data centers: Beirut, Phnom Penh, Kathmandu, Istanbul, Reykjavík, Riyadh, Macau, Baghdad, Houston, Indianapolis, Montgomery, Pittsburgh, Sacramento, Mexico City, Tel Aviv, Durban, Port Louis, Cebu City, Edinburgh, Riga, Tallinn, Vilnius, Calgary, Saskatoon, Winnipeg, Jacksonville, Memphis, Tallahassee, Bogotá, Luxembourg and Chișinău!
We are very excited to surpass a milestone of 150 cities, or our sixth cohort of Continue reading
I just got back from Aruba Atmosphere this week and I thought it would be a good chance to go over some of the cool stuff that I saw there.