IDG Contributor Network: How a smart grid can empower a smart city

As smart cities continue to depart the realm of fiction and instead become a staple of life in the 21st century, eager entrepreneurs and aspirational scientist alike are increasingly turning to smart grids to power these cities of the future. Designing the infrastructure which enables smart cities is anything but easy, however, and many people today seem entirely unfamiliar with even the basic concept of a smart grid.So, what exactly is a smart grid, and how are they increasingly shaping how America’s smart cities are taking form? Anyone who hopes to understand the cities of tomorrow should keep these facts in mind as they picture tomorrow’s cityscapes in their minds.To read this article in full or to leave a comment, please click here

7 Enterprise Networking Trends for 2018

The Value of NAT Support

IPv6 deployment guide

IPv6 has been gaining traction since it was developed in the late 1990s, and enterprises that are implementing it now are considered to be among the early majority – meaning widespread adoption is well underway – so if you haven’t already begun, you need to start planning IPv6 deployment.To read this article in full or to leave a comment, please click here(Insider Story)

IPv6 deployment guide

IPv6 has been gaining traction since it was developed in the late 1990s, and enterprises that are implementing it now are considered to be among the early majority – meaning widespread adoption is well underway – so if you haven’t already begun, you need to start planning IPv6 deployment.To read this article in full or to leave a comment, please click here(Insider Story)

Tier 1 carrier performance report: October, 2017

The post Tier 1 carrier performance report: October, 2017 appeared first on Noction.

The Three Paths of Enterprise IT

Everyone knows that Service Providers and Enterprise networks diverged decades ago. More precisely, organizations that offer network connectivity as their core business usually (but not always) behave differently from organizations that use networking to support their core business.

Obviously, there are grey areas: from people claiming to be service providers who can’t get their act together, to departments (or whole organizations) who run enterprise networks that look a lot like traditional service provider networks because they’re effectively an internal service provider.

Introduction to RADIUS- Remote Authentication Dial-In User Service

November 2017 IETF Journal Now Available Online

The November 2017 issue of the IETF Journal is now online at https://www.ietfjournal.org/journal-issues/november-2017/. With IETF 100 in Singapore starting this coming weekend, this is the perfect time to get caught up on what’s been happening in the world of Internet standards lately. (Starting next week, you can also learn more about the Internet Society’s work at IETF 100 via our series of Rough Guide blog posts.)

In this issue, you’ll learn about implementation work taking place in the Human Rights Protocol Considerations Research Group, the latest security updates to Network Time Protocol, new email-related Working Groups JMAP and EXTRA, as well as the important coding work that took place as part of the IETF Hackathon.

Our regular columns from the IETF, IAB, and IRTF chairs and coverage of the Birds-of-a-Feather meetings and presentations from the Applied Networking Research Prize winners wrap up the issue.

There will be print copies available at IETF in Singapore, the email version will hit subscribers’ inboxes in the coming days, and print subscribers will receive their issues shortly thereafter.

This issue marks the final hardcopy version of the IETF Journal. As we explain in “We’re Continue reading

LavaRand in Production: The Nitty-Gritty Technical Details

Introduction

Courtesy of @mahtin

As some of you may know, there's a wall of lava lamps in the lobby of our San Francisco office that we use for cryptography. In this post, we’re going to explore how that works in technical detail. This post assumes a technical background. For a higher-level discussion that requires no technical background, see Randomness 101: LavaRand in Production.

Background

As we’ve discussed in the past, cryptography relies on the ability to generate random numbers that are both unpredictable and kept secret from any adversary. In this post, we’re going to go into fairly deep technical detail, so there is some background that we’ll need to ensure that everybody is on the same page.

True Randomness vs Pseudorandomness

In cryptography, the term random means unpredictable. That is, a process for generating random bits is secure if an attacker is unable to predict the next bit with greater than 50% accuracy (in other words, no better than random chance).

We can obtain randomness that is unpredictable using one of two approaches. The first produces true randomness, while the second produces pseudorandomness.

True randomness is any information learned through the Continue reading

Randomness 101: LavaRand in Production

Introduction

Courtesy of @mahtin

As some of you may know, there's a wall of lava lamps in the lobby of our San Francisco office that we use for cryptography. In this post, we’re going to explore how that works. This post assumes no technical background. For a more in-depth look at the technical details, see LavaRand in Production: The Nitty-Gritty Technical Details.

Background

Randomness in Cryptography

As we’ve discussed in the past, cryptography relies on the ability to generate random numbers that are both unpredictable and kept secret from any adversary.

But “random” is a pretty tricky term; it’s used in many different fields to mean slightly different things. And like all of those fields, its use in cryptography is very precise. In some fields, a process is random simply if it has the right statistical properties. For example, the digits of pi are said to be random because all sequences of numbers appear with equal frequency (“15” appears as frequently as “38”, “426” appears as frequently as “297”, etc). But for cryptography, this isn’t enough - random numbers must be unpredictable.

To understand what unpredictable means, it helps to consider that all Continue reading

Rough Guide to IETF 100 – Slinging Standards in Singapore

It’s time for the third and final IETF meeting of 2017. Starting on Sunday, 12 November, the Internet Engineering Task Force will be in Singapore for IETF 100, where about 1000 engineers will discuss the latest issues in open internet standards and protocols. All this week, we’re providing our usual Internet Society Rough Guide to the IETF via a series of blog posts on topics of mutual interest:

• Internet of Things (IoT)
• Routing Infrastructure Security Resilience
• IPv6
• DNSSEC, DANE and DNS Security
• Identity, Privacy, and Encryption

All these posts can be found on our blog and will be archived through our Rough Guide to IETF 100 overview page.

Here are some of the activities that the Internet Society is involved in and some of my personal highlights.

IETF Journal

Catch up on highlights from IETF 99 in Prague by reading the IETF Journal. You can read all the articles online at https://www.ietfjournal.org, or pick up a hardcopy in Singapore.

This issue marks the final hardcopy version; starting in 2018, we’ll be shifting our focus to longer-form articles online and via our Twitter and Facebook channels. In the meantime, this issue has articles on the Human Rights Continue reading

Kubernetes on OpenStack: The Technical Details

This is a liveblog of the OpenStack Summit session titled “Kubernetes on OpenStack: The Technical Details”. The speaker is Angus Lees from Bitnami. This is listed as an Advanced session, so I’m hoping we’ll get into some real depth in the session.

Lees starts out with a quick review of Bitnami, and briefly clarifies that this is not a talk about OpenStack on Kubernetes (i.e., using Kubernetes to host the OpenStack control plane); instead, this is about Kubernetes on OpenStack (OpenStack as IaaS, Kubernetes to do container orchestration on said IaaS).

Lees jumps quickly into the content, providing a “compare-and-contrast” of Kubernetes versus OpenStack. One of the key points is that Kubernetes is more application-focused, whereas OpenStack is more machine-focused. Kubernetes’ multi-tenancy story is shaky/immature, and the nature of containers means there is a larger attack surface (VMs provide a smaller attack surface than containers). Lees also points out that Kubernetes is implemented mostly in Golang (versus Python for OpenStack), although I’m not really sure why this matters (unless you are planning to contribute to one of these projects).

Lees next provides an overview of the Kubernetes architecture (Kubernetes master node containing API server talking to controller manager Continue reading

Issues with OpenStack That Are Not OpenStack Issues

This is a liveblog of OpenStack Summit session on Monday afternoon titled “Issues with OpenStack that are not OpenStack Issues”. The speaker for the session is Sven Michels. The premise of the session, as I understand it, is to discuss issues that arise during OpenStack deployments that aren’t actually issues with OpenStack (but instead may be issues with process or culture).

Michels starts with a brief overview of his background, then proceeds to position today’s talk as a follow-up (of sorts) to a presentation he did in Boston. At the Boston Summit, Michels discussed choosing an OpenStack distribution for your particular needs; in this talk, Michels will talk about some of the challenges around “DIY” (Do It Yourself) OpenStack—that is, OpenStack that is not based on some commercial distribution/bundle.

Michels discusses that there are typically two approaches to DIY OpenStack:

• The “Donald” approach leverages whatever around, including older hardware.
• The “Scrooge” approach is one in which money is available, which typically means newer hardware.

Each of these approaches has its own challenges. With older hardware, it’s possible you’ll run into older firmware that may not be supported by Linux, or hardware that no longer works as expected. With new hardware, Continue reading

To K8s or Not to K8s Your OpenStack Control Plane

This is a liveblog of the Monday afternoon OpenStack Summit session titled “To K8s or Not to K8s Your OpenStack Control Plane”. The speaker is Robert Starmer of Kumulus Technologies. This session is listed as a Beginner-level session, so I’m hoping it’s not too basic for me (and that readers will still get some value from the liveblog).

Starmer begins with a quick review of his background and expertise, and then proceeds to provide—as a baseline—an overview of containers and Kubernetes for container orchestration. Starmer covers terminology and concepts like Pods, Deployments (and Replica Sets), Services, StatefulSets, and Persistent Volumes. Starmer points out that StatefulSets and Persistent Volumes are particularly applicable to the discussion about using Kubernetes to handle the OpenStack control plane. Following the discussion of Kubernetes components, Starmer points out that the Kubernetes architecture is designed to be resilient, talking about the use of etcd as a distributed state storage system, multiple API servers, separate controller managers, etc.

Next, Starmer spends a few minutes talking about Kubernetes networking and some of the components involved, followed by a high-level discussion around persistent volumes and storage requirements, particularly for StatefulSets.

Having covered Kubernetes, Starmer now starts talking about the requirements Continue reading

OpenStack Summit Sydney Day 1 Keynote

This is a liveblog of the day 1 keynote here at the OpenStack Summit in Sydney, Australia. I think this is my third or fourth trip to Sydney, and this is the first time I’ve run into inclement weather; it’s cloudy, rainy, and wet here, and forecasted to remain that way for most of the Summit.

At 9:02am, the keynotes (there are actually a set of separate keynote presentations this morning) kicks off with a video with Technical Committee memebers, community members, and others talking about the OpenStack community, the OpenStack projects, and the Summit itself. At 9:05am, the founders of the Australian OpenStack User Group—Tristan Goode and Tom Fifield—take the stage to kick off the general session. Goode and Fifield take a few minutes to talk about the history of the Australian OpenStack User Group and the evolution of the OpenStack community in Australia. Goode also takes a few moments to talk about his company, Aptira.

After a few minutes, Goode and Fifield turn the stage over to Mark Collier and Lauren Sell from the OpenStack Foundation. Collier and Sell set the stage for the upcoming presentations, do some housekeeping announcements, and talk about sponsors and support partners. Sell Continue reading

Perfect locality and three epic SystemTap scripts

In a recent blog post we discussed epoll behavior causing uneven load among NGINX worker processes. We suggested a work around - the REUSEPORT socket option. It changes the queuing from "combined queue model" aka Waitrose (formally: M/M/s), to a dedicated accept queue per worker aka "the Tesco superstore model" (formally: M/M/1). With this setup the load is spread more evenly, but in certain conditions the latency distribution might suffer.

After reading that piece, a colleague of mine, John, said: "Hey Marek, don't forget that REUSEPORT has an additional advantage: it can improve packet locality! Packets can avoid being passed around CPUs!"

John had a point. Let's dig into this step by step.

In this blog post we'll explain the REUSEPORT socket option, how it can help with packet locality and its performance implications. We'll show three advanced SystemTap scripts which we used to help us understand and measure the packet locality.

A shared queue

The standard BSD socket API model is rather simple. In order to receive new TCP connections a program calls bind() and then listen() on a fresh socket. This will create a single accept queue. Programs can share the file descriptor - pointing Continue reading

OpenStack now featured in Cumulus in the Cloud

First of all, we’re thrilled to announce that today we launched OpenStack with Cumulus in the Cloud. That means that you can now test out Cumulus Networks technology with an OpenStack environment easily and at zero cost to you.

I’ve written previously about Cumulus In The Cloud (CitC) when we first released it a month ago with Mesos as the initial release flavor. Since then, JR Rivers and his team have been diligently working on adding additional flavors to the CitC offering. I could not have been happier to hear the good news that they had integrated an OpenStack solution with the cloud testing framework.

I immediately launched my own free instance of Cumulus in the Cloud using the standard steps. I was greeted with a new option where I could pick the flavor of CitC I wanted to initiate:

Since I had already experimented with Mesos, I was eager to tinker with OpenStack to better learn this technology.

To be upfront, I am not an OpenStack expert. I have been diligently learning it over the past six months ever since a majority of my customer engagements have involved private cloud deployments leading with OpenStack. As a network engineer first, Continue reading

Introduction to Point to Point Authentication : PAP and CHAP protocols

Introduction to ACI Multi-Site Fabric Design Network