BGP FlowSpec on white box switch

BGP FlowSpec is a method of distributing access control lists (ACLs) using the BGP protocol. Distributed denial of service (DDoS) mitigation is an important use case for the technology, allowing a targeted network to push filters to their upstream provider to selectively remove the attack traffic.

Unfortunately, FlowSpec is currently only available on high end routing devices and so experimenting with the technology is expensive. Looking for an alternative, Cumulus Linux is an open Linux platform that allows users to install Linux packages and develop their own software.

This article describes a proof of concept implementation of basic FlowSpec functionality using ExaBGP installed on a free Cumulus VX virtual machine.  The same solution can be run on inexpensive commodity white box hardware to deliver terabit traffic filtering in a production network.

First, install latest version of ExaBGP on the Cumulus Linux switch: 
curl -L https://github.com/Exa-Networks/exabgp/archive/4.0.0.tar.gz | tar zx
Now define the handler, acl.py, that will convert BGP FlowSpec updates into standard Linux netfilter/iptables entries used by Cumulus Linux to specify hardware ACLs (see Netfilter - ACLs): 
#!/usr/bin/python
 
import json
import re
from os import listdir,remove
from os.path import isfile
from  Continue reading

Reflecting On My First Cisco Live! Presentation

Well, I got to tick a big item off my list of goals last week. I successfully delivered a presentation at Cisco Live! in front of a large group of people. It didn’t kill me and I didn’t trip over anything and embarrass myself so no matter what, I have those two points to feel good about :-)

Me starting my presentation
Me starting my presentation

All joking aside, it actually went a whole lot better than that.

I’ve recently realized that I really enjoy teaching. Not in the sense that I want to be a trainer full time or have a job in a classroom, more like I feel that’s a big part of what drives me to write this blog and is why I feel (relatively) comfortable talking in front of people. As long as the subject is something that I feel I can weave some teaching/learning into, I’m comfortable to deliver it. By contrast, I would feel far less comfortable delivering something like a keynote speech or a toast at a wedding.

So along those lines, that was a big goal I set for myself in delivering my Cisco Live! (CLUS) presentation: empower the audience by sharing targeted, high-value knowledge and Continue reading

Mist’s wireless network lets companies personalize the user experience

The Wi-Fi networks of today were architected more than a decade ago. That even predates the iPhone, which ushered in the era of mobility. These old Wi-Fi architectures aren’t ready to handle the vast number of mobile devices that want to connect to wireless networks today.What’s more, these networks aren’t able to put any focus on what users experience when they are connected.The old generation of Wi-Fi networks are a hindrance to businesses that want to increase customer engagement over ubiquitous mobile devices. For example, restaurants and retail stores would like to capture customers’ attention by offering real-time discounts or coupons when customers enter or walk by the establishment. Doing so requires the use of several technologies that old wireless networks just can’t support at scale.To read this article in full or to leave a comment, please click here

Mist’s wireless network lets companies personalize the user experience

The Wi-Fi networks of today were architected more than a decade ago. That even predates the iPhone, which ushered in the era of mobility. These old Wi-Fi architectures aren’t ready to handle the vast number of mobile devices that want to connect to wireless networks today.What’s more, these networks aren’t able to put any focus on what users experience when they are connected.The old generation of Wi-Fi networks are a hindrance to businesses that want to increase customer engagement over ubiquitous mobile devices. For example, restaurants and retail stores would like to capture customers’ attention by offering real-time discounts or coupons when customers enter or walk by the establishment. Doing so requires the use of several technologies that old wireless networks just can’t support at scale.To read this article in full or to leave a comment, please click here

NVM Express spec updated for data-intensive operations

This is another one of those geeky stories that actually has some significance. The Non-Volatile Memory (NVM) Express group has issued version 1.3 of its SSD spec, with emphasis on performance around analytics and virtualization. NVMe is a communications interface/protocol designed specifically for solid-state drives (SSDs) because the old standard, SATA, was a relic of the hard disk days and nowhere near fast enough to provide proper throughput for flash memory. The NVM Express organization consists of storage and flash vendors such as Intel, Samsung, Sandisk, Dell EM, and Seagate. NVMe works with the M.2 and PCI Express buses, which are considerably faster than SATA. For example, it can handle 65,000 queues instead of one like in SATA, which is idea for a server environment where there is a lot of I/O. To read this article in full or to leave a comment, please click here

Off The Cuff – Conferences And Social Media For Engineers

What is the value of conferences and social media for network engineering types? Come hear out panel talk about how these tools have enhanced and changed their careers. This episode was recorded at Cisco Live in Las Vegas, NV.

 

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Tom Hollingsworth
Guest
Aaron Conaway
Guest
Jonathan Davis
Guest
Marena Karasevich
Guest
Jordan Martin
Host

Audio Only Podcast Feed:

The post Off The Cuff – Conferences And Social Media For Engineers appeared first on Network Collective.

Off The Cuff – Conferences And Social Media For Engineers

What is the value of conferences and social media for network engineering types? Come hear out panel talk about how these tools have enhanced and changed their careers. This episode was recorded at Cisco Live in Las Vegas, NV.

 

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Tom Hollingsworth
Guest
Aaron Conaway
Guest
Jonathan Davis
Guest
Marena Karasevich
Guest
Jordan Martin
Host

Audio Only Podcast Feed:

The post Off The Cuff – Conferences And Social Media For Engineers appeared first on Network Collective.

VTP modes and versions : VTPv1, VTPv2 and VTPv3

This topic is basically on the VLAN trunking Protocol which is called as VTP. I am talking about this topic as i am getting a lot of queries about the VTP protocol. Some of the questions i will summarised with this article. There are some of the questions which often asked at the time of the interview and are the basic questions.

Below are the questions about the VTP.
  • So what actual VTP do ? 
  • How we manage VLANs with the VTP ?
  • What are the various versions of VTP ?
  • How they differ from each other ?
  • what is the range of the VLANs supported ?
  • What is VTP Pruning ?
  • What are VTP modes ?
  • What are the different kinds of VTP advertisements ?

I understand there might be more queries on the VTP but let's start with the general talk about the VTP first. May be with this article most of the queries will be understandable.

Fig 1.1- Sample Switched Network

So VTP is a called as Layer 2 messaging protocol that contains VLAN configuration information  by managing the addition, deletion, and renaming of VLANs within a VTP domain. A VTP domain (also called a VLAN management domain) is made up of one Continue reading

Brocade : Zone‐Based Firewall

Today I am going to talk about the configuration of the Brocade router as Zone-Based Firewall. The first query in your mind will be that what is this zone based firewalls are ?

Well Zone based Firewalls are interfaces that are grouped into security “zones,” where each interface in a zone has the same security level.

In the Zone Based Firewalls, the packet-filtering policies are applied to the traffic flowing between the various zones in the network which is defined by the network administrator . So the concept is simple that the traffic flowing between interfaces that is there in the same zone is not filtered and flows freely because the interfaces share the same security level and the traffic flowing between the different zones will be filtered accordingly as security level can be different for different zones.

I will come up the Zone based Firewalls for Cisco soon in another article where i can share the configurations with the topology. This article is purely of Brocade where it is worked as Zone Based Firewall.

So below is the network where we defined three different zones which is defined by network administrator as per the demand in the network. The Zones are

One Year Ago Today



One year ago today, fourth of July, was my first day at Google Zürich. It’s been a very interesting journey so far, and from the beginning I spent most of my time to focus on three things: switch to Product Management to learn how to build great product, work on scalable Enterprise networking solution from cloud-based SDN to intent-driven automation, and learn data analysis in-depth from data visualization all the way to Machine Learning, to be used in product development.

As you notice, I rarely post new blog since I joined the company last year. And I find it quite difficult to find any active blog from other Googlers too. Just like any tech company, when we joined all of us signed an agreement containing various obligations including the requirement to hold proprietary information and trade secrets in strictest confidence. But I believe there should be some non-confidential things that we can share in our personal blog.

So why can’t we blog?

First, we are very busy here. And not because we have to, but we choose to.

I mean, there are just too many interesting things to do and to learn at Google. If you work for the Continue reading

Call on Your Government To Support Encryption

Eighty-three organizations and individuals from Australia, Canada, New Zealand, the United Kingdom, and the United States are insisting governments support strong encryption.

The letter, which was sent to government representatives in each of the above countries, called for public participation in any future discussions. It comes on the heels of the “Five Eyes” ministerial meeting in Ottawa, Canada earlier this week.

The Internet Society supports the substance of the letter.  

Mr. Olaf Kolkman
1 2,009 2,010 2,011 2,012 2,013 3,855