Is Networking Becoming a Commodity?

BGP Flowspec redirect with ExaBGP

I’ve been busy as hell since the summer, not had much time to work on blog posts – but it’s all been good work! I also got a new job working for Riot Games, (Makers of the worlds largest online multiplayer game – league of legends) which has been totally fantastic.

This post is about BGP Flowspec, specifically how we can now more easily redirect traffic to a scrubbing appliance, it’s common for a device such as an Arbor TMS, or some other type of filtering box, to be installed close to the network edge, it could be a linux box full of filters, a DPI box, anything that might be useful in terms of performing traffic verification or enforcement.

In the event that a DDOS event occurs, it’s possible to redirect suspect traffic, or traffic to a specific victim host, through an appliance where it can be dropped or permitted.

Traditionally this has been done with Layer-3 VPNS, where ingress traffic from the internet is punted into a “Dirty VRF” it’s then forced through a mitigation appliance where it’s either dropped, or permitted – where it returns back into the same router but in a new “Clean VRF”

It Continue reading

How to Become a Better Networking Engineer

Got an interesting set of questions from one of my readers. He started with:

I really like networks but I don't know if I am doing enough for this community. Most of my work is involved with technologies which are already discovered by people and I am not really satisfied with it.

Well, first you want to decide whether you want to be (primarily) a researcher (focusing on discovering new stuff), an engineer (mostly figuring out how to build useful things by using existing stuff), or an administrator (configuring stuff).

Red Hat Doubles Down on Containers with $250M CoreOS Acquisition

The deal is set to bolster Red Hat's OpenShift and enterprise focus.

Red Hat Shakes Up Container Ecosystem With CoreOS Deal

The container craze on Linux platforms just took an interesting twist now that Red Hat is sheling out $250 million to acquire its upstart rival in Linux and containers, CoreOS.

As the largest and by far the most profitable open source software company in the world – it had $2.4 billion in sales in fiscal 2017, brought $253.7 million of that to the bottom line, and ended that fiscal year in February with a $2.7 billion subscription and services backlog – Red Hat has not been afraid to spend some money to get its hands on control of key open …

Red Hat Shakes Up Container Ecosystem With CoreOS Deal was written by Timothy Prickett Morgan at The Next Platform.

Cumulus content roundup: February

We’ve made it through the first month of the year, and the future of networking is looking bright — but is your data center ready for the brave new world? In this content roundup, we’re giving out the latest articles, videos and reports so you’re ready for 2018 and not left behind in twenty late-teen. There’s no time to waste! Get started on your data center upgrade today.

What’s new from Cumulus:

Cumulus Networks: What we do: Looking for an overview of who we are and what we’re working towards? We’ve got you covered. Watch this video for more information about our mission and our products, and share it with anyone else who wants to know what we’re all about.

Getting started with Linux: the basics – part 1: Everyone has to start their journey with Linux somewhere, so why not start here? This three part blog series about the basics of Linux networking teaches you everything you need. Check out part one to start learning the language of the data center.

Understanding Linux internetworking: Let’s say you’ve already got the hang of the basics of Linux. What’s the next step, and how can you take your Continue reading

Nuage Networks Q&A: The 5 Key Success Factors on your Digital Transformation Journey for the WAN and Beyond

Thanks to all who joined us for the Nuage Networks webinar: The 5 Key Success Factors on your Digital Transformation Journey for the WAN and Beyond. With over 20 SD-WAN solutions in the market it is increasingly difficult to select the right one. Nuage Networks provided an evaluation framework that can be used to not... Read more →

Running OVS on Fedora Atomic Host

In this post, I’d like to share the results of some testing I’ve been doing to run Open vSwitch (OVS) in containers on a container-optimized Linux distribution such as Atomic Host (Fedora Atomic Host, specifically). I’m still relatively early in my exploration of this topic, but I felt like sharing what I’ve found so far might be helpful to others, and might help spark conversations within the relevant communities about how this experience might be improved.

The reason for the use of Docker containers in this approach is twofold:

1. Many of the newer container-optimized Linux distributions—CoreOS Container Linux (soon to be part of Red Hat in some fashion), Project Atomic, etc.—eschew “traditional” package management solutions in favor of containers.
2. Part of the reason behind my testing was to help the OVS community better understand what it would look like to run OVS in containers so as to help make OVS a better citizen on container-optimized Linux distributions.

In this post, I’ll be using Fedora 27 Atomic Host (via Vagrant with VirtualBox). If you use a different version or release of Atomic Host, your results may differ somewhat. For the OVS containers, I’m using the excellent keldaio/ovs Docker containers.

Continue reading

Networking With Intent

Networking has always been the laggard in the enterprise datacenter. As servers and then storage appliances became increasingly virtualized and disaggregated over the past 15 years or so, the network stubbornly stuck with the appliance model, closed and proprietary. As other datacenter resources became faster, more agile and easier to manage, many of those efficiencies were hobbled by the network, which could take months to program and could require new hardware before making any significant changes.

However slowly, and thanks largely to the hyperscalers and now telcos and other communications service providers, that has begun to change. The rise of …

Networking With Intent was written by Jeffrey Burt at The Next Platform.

802.11: Wi-Fi standards and speeds explained

In the world of wireless, the term Wi-Fi is synonymous with wireless access in general, despite the fact that it is a specific trademark owned by the Wi-Fi Alliance, a group dedicated to certifying that Wi-Fi products meet the IEEE’s set of 802.11 wireless standards.These standards, with names such as 802.11b (pronounced “Eight-O-Two-Eleven-Bee”, ignore the “dot”) and 802.11ac, comprise a family of specifications that started in the 1990s and continues to grow today. The 802.11 standards codify improvements that boost wireless throughput and range as well as the use of new frequencies as they  become available. They also address new technologies that reduce power consumption.To read this article in full, please click here

802.11: Wi-Fi standards and speeds explained

In the world of wireless, the term Wi-Fi is synonymous with wireless access in general, despite the fact that it is a specific trademark owned by the Wi-Fi Alliance, a group dedicated to certifying that Wi-Fi products meet the IEEE’s set of 802.11 wireless standards.These standards, with names such as 802.11b (pronounced “Eight-O-Two-Eleven-Bee”, ignore the “dot”) and 802.11ac, comprise a family of specifications that started in the 1990s and continues to grow today. The 802.11 standards codify improvements that boost wireless throughput and range as well as the use of new frequencies as they  become available. They also address new technologies that reduce power consumption.To read this article in full, please click here

Worth Reading: TCP Congestion Signatures

Congestion in the Internet is an age-old problem. With the rise of broadband networks, it had been implicitly accepted that congestion is most likely to occur in the ‘last mile’, that is, the broadband link between the ISP and the home customer. This is due to service plans or technical factors that limit the bandwidth in the last mile. —Srikanth Sundaresan @APNIC

Docker for Windows Desktop… Now With Kubernetes!

Today we are excited to announce the beta for Docker for Windows Desktop with integrated Kubernetes is now available in the edge channel! This release includes Kubernetes 1.8, just like the Docker for Mac and Docker Enterprise Edition and will allow you to develop Linux containers.

The easiest way to get Kubernetes on your desktop is here.

Simply check the box and go

What You Can Do with Kubernetes on your desktop?

Docker for Mac and Docker for Windows are the most popular way to configure a Docker dev environment, and are each used everyday by millions of developers to build, test, and debug containerized apps. The beauty of building with Docker for Mac or Windows is that you can deploy the exact same set of Docker container images on your desktop as you do on your production systems with Docker EE.

Docker for Mac and Docker for Windows are used for building, testing and preparing to ship applications, whereas Docker EE provides the ability to secure and manage your applications in production at scale. You eliminate the “it worked on my machine” problem because you run the same Docker containers on the same Docker engines in development, testing, and production environments, along with the Continue reading

ExtraHop Makes its Security Status Official with Reveal(x)

Security has been ExtraHop customers’ top use case for its real-time analytics software.

3 Ways Mobile Operators Can Give MEC An Edge

5G and mobile edge computing are inextricably linked and will herald a new wave of innovation.

Hyperledger Sawtooth 1.0 Includes Unique Consensus Software

Sawtooth supporters include Intel, AWS, Ericsson, Huawei, IBM, and Microsoft Azure.

Verizon Sets Table With Calix Gear for NG-PON2 Deployment

The carrier claims the technology is a better long-term solution than other options.

Reckoning The Spectre And Meltdown Performance Hit For HPC

While no one has yet created an exploit to take advantage of the Spectre and Meltdown speculative execution vulnerabilities that were exposed by Google six months ago and that were revealed in early January, it is only a matter of time. The patching frenzy has not settled down yet, and a big concern is not just whether these patches fill the security gaps, but at what cost they do so in terms of application performance.

To try to ascertain the performance impact of the Spectre and Meltdown patches, most people have relied on comments from Google on the negligible …

Reckoning The Spectre And Meltdown Performance Hit For HPC was written by Timothy Prickett Morgan at The Next Platform.

Giving the Monkey a Smaller Club

Over at the ACM blog, there is a terrific article about software design that has direct application to network design and architecture.

The problem is that once you give a monkey a club, he is going to hit you with it if you try to take it away from him.

What do monkeys and clubs have to do with software or network design? The primary point of interaction is security. The club you intend to make your network operator’s life easier is also a club an attacker can use to break into your network, or damage its operation. Clubs are just that way. If you think of the collection of tools as not just tools, but also as an attack surface, you can immediately see the correlation between the available tools and the attack surface. One way to increase security is to reduce the attack surface, and one way to reduce the attack surface is tools, reduce the number of tools—or the club.

The best way to reduce the attack surface of a piece of software is to remove any unnecessary code.

Consider this: the components of any network are actually made up of code. So to translate this to Continue reading

VMware Cuts 159 Employees Amid Dell Technologies Buyout Rumors

The job cuts come amid rumors that Dell Technologies is considering buying VMware — or that VMware may acquire Dell Technologies.