NetDevOps: important idempotence

As more and more network engineers dive into network automation, the word idempotence keeps coming up. What is it? Why is it important? Why should we care? Idempotence is often described as the ability to perform the same task repeatedly and produce the same result. I want to demonstrate a super simple example of what this means.

If I am logged into a Linux box and want to add an IP address to the loopback address, I could use something simple like a sed command.

root@leaf01:mgmt-vrf:~# sed -i '/loopback/ a address 1.1.1.1/32' /etc/network/interfaces

This produces exactly what I want!
auto lo
iface lo inet loopback
        address 1.1.1.1/32
        address 10.0.0.11/32

I have appended the address 1.1.1.1/32 to the loopback interface stanza of the /etc/network/interfaces file. Now what happens if I run that same exact command again?

Running the command again produces the following output:
auto lo
iface lo inet loopback
        address 1.1.1.1/32
        address 1.1.1.1/32
        address 10.0.0.11/32

? That is not what I wanted. I performed the same task but instead of just leaving the file alone, since the 1.1.1. Continue reading

Evidence at the cost of trust: The trouble with the Department of Justice – DreamHost case

The social and economic benefits of the Internet cannot be realized without users’ ability to communicate and organize privately, and, where appropriate, anonymously. Data collection warrants must strike a balance to protect these benefits without impeding law enforcement’s ability to enforce the law. In recent weeks, the United States Department of Justice’s (DoJ) conflict with DreamHost, a website hosting service, has underscored the importance of this balance.

Mark Buell

This Mirai malware vaccine could protect insecure IoT devices

The hazard of unsophisticated and poorly secured Internet of Things (IoT) devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat.Researchers have posed an original solution to the problem: Use the vulnerability of these devices to inject a white worm that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.+ Also on Network World: How to improve IoT security + These devices are still a threat because some cannot be fixed because they have hard-coded back doors. Other insecure devices have software or firmware vulnerabilities that cannot be fixed because product designers did not include a software updates mechanism.To read this article in full or to leave a comment, please click here

This Mirai malware vaccine could protect insecure IoT devices

The hazard of unsophisticated and poorly secured Internet of Things (IoT) devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat.Researchers have posed an original solution to the problem: Use the vulnerability of these devices to inject a white worm that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.+ Also on Network World: How to improve IoT security + These devices are still a threat because some cannot be fixed because they have hard-coded back doors. Other insecure devices have software or firmware vulnerabilities that cannot be fixed because product designers did not include a software updates mechanism.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For August 25th, 2017

Hey, it's HighScalability time

 

View of the total solar eclipse from a hill top near Madras Oregon, August 21, 2017. As totality approaches, dragons gorge on sun flesh; darkness cleaves the day; a chill chases away the heat; all becomes still. Contact made! Diamonds glitter; beads sparkle; shadow band snakes slither across pale dust; moon shadow races across the valley, devouring all in wonder. Inside a circle of standing stones, obsidian knives slash and stab. Sacrifices offered, dragons take flight. In awe we behold the returning of the light.

 

If you like this sort of Stuff then please support me on Patreon.

 

  • ~5: ethereum transactions per second; 29+M: Snapchat news viewers; 100K: largest Mastodon instance; 2xAlibaba's cloud base growth; 1B: trees planted by a province in Pakistan; 90.07%: automated decoding of honey bee waggle dances; $86.4B: Worldwide Information Security Spending; 1200: db migrations from Mysql to Postgres; $7B: Netflix content spend (most not original); 13%: increased productivity by making vacation mandatory; 75%: US teens use iPhones; 30,000x: energy use for Bitcoin transaction compared to Visa; ~1 trillion: observations processed for Gaia mission; 50% Continue reading

RFC 8215: Local-Use IPv4/IPv6 Translation Prefix published

IPv6 BadgeRFC 8215 “Local-Use IPv4/IPv6 Translation Prefix” was recently published, reserving the IPv6 prefix 64:ff9b:1::/48 for local use within domains enabling IPv4/IPv6 translation mechanisms.

This allows the coexistence of multiple IPv4/IPv6 translation mechanisms in the same network, without requiring the use of a Network-Specific Prefix assigned from an allocated global unicast address space.

The well-known prefix 64:ff9b::/96 was originally reserved by RFC6052 for IPv4/IPv6 translation, but several new translation mechanisms such as those in RFCs 6146 and 7915 have subsequently been defined that target different use cases. It’s therefore possible that a network operator may wish to make use of several of these simultaneously, hence why a larger address space has been defined to accommodate this.

The shortest translation prefix being deployed in a live network was observed as being a /64, hence /48 was chosen as being on a 16-bit boundary whilst being able to accommodate multiple instances of /64.

If you’re interested in finding out more about IPv4/IPv6 translation mechanisms, there’s a few Deploy360 blogs on NAT64 and 464XLAT amongst others.

The post RFC 8215: Local-Use IPv4/IPv6 Translation Prefix published appeared first on Internet Society.

Worth Reading: Open core, open perimeter

Today, software development is built around APIs. Instead of embedding a vendor’s product into their application, developers can call an API to consume services from a vendor. The developers don’t need to know what’s responding to their calls on the backend; they simply need to know what the vendor’s API expects from their code and what they can expect to receive back from the API. It is, in many senses, wonderfully non-intimate. —Brian Reale @ Opensource

The post Worth Reading: Open core, open perimeter appeared first on rule 11 reader.

IDG Contributor Network: Seeing double: why IoT digital twins will change the face of manufacturing

If your organization is planning to leverage the Internet of Things (IoT) to gather data from products and systems, see how goods are performing in the field, enhance factory production, or any other reason, it needs to become familiar with the concept of the “digital twin.”A digital twin is a digital replica of a physical asset, process, or system that can be used for a variety of purposes. The digital representation of an object provides both the elements and the dynamics of how the object operates throughout its life cycle.The digital twin is intended to be an up-to-date and accurate replica of all elements of a physical object for which sensor data is available. Digital twins integrate technologies including artificial intelligence, machine learning, predictive analytics, and sensor telemetry to create digital clones of live and historical performance of physical machines and idealized digital simulation models that evolve based on the data collected from real-world instances.To read this article in full or to leave a comment, please click here

Abidjan Holds a Successful AfPIF 2017

Abidjan became the third West African city to hold the annual Africa Peering and Interconnection Forum (AfPIF), attracting top African and global players in the Internet ecosystem.

This year’s forum attracted 227 participants working in IXPs, ISPs, governments, content carriers, network providers, hardware providers, and software service providers among others. The meeting tool, which allows participants to discuss ways to exchange content, had 276 registered users who scheduled 170 meetings. Twenty networks introduced themselves during “Peering Introductions” session, held every day. This year there were 23 sponsors: Seacom, Liquid Telecom, Angonix, Angola Cables, De Cix, Linx, Adva, Afrinic, Akamai, Dolphin, Facebook, Flexoptix, France IX, Google, icolo.io, Main One, Netflix, Netnod, Yahoo, Medalion, MTN, Teraco, and ARTCI.

Getting more statistics

Research conducted by PCH reinforced the fact that most peering agreements have no formal agreement. The study done in 2016 found that 99 per cent of peering agreements in 148 countries were through a handshake. The study asked questions such as: are there formal agreements, is the peering arrangement symmetrical, is the content is IPv6 or IPv4, and what are the laws governing the agreement. Out of the 1,935,822 agreements, 49 percent comprised of matching peers, meaning it was easy Continue reading

IDG Contributor Network: The 3 types of SD-WAN architecture

If you’re contemplating whether SD-WAN will improve your company’s Wide Area Network, I’ve learned it’s important to first get a grasp of the different SD-WAN architectures.As a long-time business ISP and cloud broker, I’ve had the best seat in the house for watching the SD-WAN craze take flight. As dozens of SD-WAN product offerings pop up, I have the enviable job of making sense of it all. [sigh]In my observation, there are 3 main buckets of SD-WAN architecture, each of which benefit certain types of companies. Which architecture is “best” depends on the applications your company is accessing through your WAN.To read this article in full or to leave a comment, please click here

IDG Contributor Network: The 3 types of SD-WAN architecture

If you’re contemplating whether SD-WAN will improve your company’s Wide Area Network, I’ve learned it’s important to first get a grasp of the different SD-WAN architectures.As a long-time business ISP and cloud broker, I’ve had the best seat in the house for watching the SD-WAN craze take flight. As dozens of SD-WAN product offerings pop up, I have the enviable job of making sense of it all. [sigh]In my observation, there are 3 main buckets of SD-WAN architecture, each of which benefit certain types of companies. Which architecture is “best” depends on the applications your company is accessing through your WAN.To read this article in full or to leave a comment, please click here

1 1,935 1,936 1,937 1,938 1,939 3,849