Remotely Triggered Black Hole (RTBH) Routing

The screen shot demonstrates real-time distributed denial of service (DDoS) mitigation. Automatic mitigation was disabled for the first simulated attack (shown on the left of the chart).  The attack reaches a sustained packet rate of 1000 packets per second for a period of 60 seconds. Next, automatic mitigation was enabled and a second attack launched. This time, as soon as the traffic crosses the threshold (the horizontal red line), a BGP remote trigger message is sent to router, which immediately drops the traffic.
The diagram shows the test setup. The network was built out of freely available components: CumulusVX switches and Ubuntu 16.04 servers running under VirtualBox.

The following configuration is installed on the ce-router:
router bgp 65140
 bgp router-id 0.0.0.140
 neighbor 10.0.0.70 remote-as 65140
 neighbor 10.0.0.70 port 1179
 neighbor 172.16.141.2 remote-as 65141
 !
 address-family ipv4 unicast
  neighbor 10.0.0.70 allowas-in
  neighbor 10.0.0.70 route-map blackhole-in in
 exit-address-family
!
ip community-list standard blackhole permit 65535:666
!
route-map blackhole-in permit 20
 match community blackhole
 match ip address prefix-len 32
 set ip next-hop 192.0.2.1
The ce-router peers with the upstream service provider router ( Continue reading

Cisco Port Security Basics and configurations

Today I am going to talk about the Switching topic and that topic is Port Security. Port security is required in the case you want to control the traffic by allowing Specific MAC address entries, which means if the invalid MAC addresses traffic comes, it will be blocked or dropped.

Lets talk about the port security and the modes of port security. So the question is why port security required, may be want to safe from the attacks as well.

Why Port Security is important ?
Well port security is generally used so that you can easily prevent the unwanted MAC address traffic from the external or the internal network.

Port security can be enabled in three different ways are defined as below:
  • Protect : In the protected state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. 
  • Restrict : In the restrict state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment
  • Shutdown : In the shutdown state, switch port will Continue reading

Arista’s new solutions sets the standard for cloud scale

When it comes to the cloud's impact on the network, there are two things I hear over and over again that I disagree with. The first is that the cloud commoditizes the network. This actually dovetails into the second fallacy where some believe that merchant silicon based products offer no differentiation and “good enough” will become the norm where price is the only way to compete.  I do believe the cloud will have a negative effect on many technologies, such as spinning disks (not flash) and rack mount servers, but the network does not fall into this category.With the cloud, the network matters more than ever. In fact, the network will be one of the competitive differentiators for cloud providers and enterprises building out their own private or hybrid clouds. A good enough network means a good enough cloud experience, where a high quality, agile network enables greater cloud performance. Don’t get me wrong, the network needs to change from the monolithic, hardware centric solutions available today to something more agile with the ability to scale up and out at “cloud speed” but it’s more important than ever.To read this article in full or to leave a Continue reading

Arista’s new solutions sets the standard for cloud scale

When it comes to the cloud's impact on the network, there are two things I hear over and over again that I disagree with. The first is that the cloud commoditizes the network. This actually dovetails into the second fallacy where some believe that merchant silicon based products offer no differentiation and “good enough” will become the norm where price is the only way to compete.  I do believe the cloud will have a negative effect on many technologies, such as spinning disks (not flash) and rack mount servers, but the network does not fall into this category.With the cloud, the network matters more than ever. In fact, the network will be one of the competitive differentiators for cloud providers and enterprises building out their own private or hybrid clouds. A good enough network means a good enough cloud experience, where a high quality, agile network enables greater cloud performance. Don’t get me wrong, the network needs to change from the monolithic, hardware centric solutions available today to something more agile with the ability to scale up and out at “cloud speed” but it’s more important than ever.To read this article in full or to leave a Continue reading

Reckless abuse (again) of surveillance spyware that was sold to governments

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here

Reckless abuse (again) of surveillance spyware that was sold to governments

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here

Reckless abuse of surveillance spyware sold to governments (again)

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here

My Cisco Live 2017 Schedule

It is that time once again.  CiscoLive 2017 – Summer Camp for Geeks!  This will be my 15th CiscoLive/Networkers. What is my absolute #1 suggestion to anyone going to a CiscoLive event?  Easy – “Begin with the End in Mind“.  Know what your priorities are and then schedule your week accordingly.

So… here you go.  My CiscoLive (CLUS) priorities and schedule for the week.

  • Teach
  • Recharge
  • Learn
  • Play and Have Fun

 

64% off Anker Astro E1 Ultra Compact High Speed Portable Charger – Deal Alert

This inexpensive smartphone charger from Anker is the size of a candy bar, and has enough juice to recharge any smartphone, including the iPhone 7 and 7 Plus, at least 1-2 times over. It's discounted 64% to just $18. The Astro E1 currently averages 4.5 out of 5 stars from over 8,200 people on Amazon (81% rate 5 stars: See reviews), and it's listed there as a #1 best-seller. See the attractively priced Anker Astro E1 charger now on Amazon.To read this article in full or to leave a comment, please click here

30% off Lexar Professional USB 3.0 Dual-Slot Reader – Deal Alert

While the high-speed Professional USB 3.0 Dual-Slot Reader supports the latest high-speed CF and SD formats, it’s also backwards compatible with standard CF and SD cards, as well as USB 2.0. The Lexar Professional USB 3.0 Dual-Slot Reader has the ability to read from both card slots simultaneously, and it also allows for easy file transfer from one card to another. Leverages SuperSpeed USB 3.0 technology for high-speed file transfers, with USB interface speed up to 500MB/s. The reader averages 4.5 out of 5 stars from over 770 people on Amazon (read reviews), where the typical list price has been reduced 30% to just $24.45. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Network engineering is key to meeting IoT expectations

The devil is in the details – best describes IoT. Computing will vanish says Walt Mossberg. And the public and data scientists gush with optimism at the thought of 20 billion to 50 billion connected IoT devices emitting an endless stream of data.Getting the billions of devices connected will be no small task. The thought of all the IoT applications of all that data is nothing less than seductive. Cities will self-regulate motor vehicle and public transportation saving commuters hours of travel time. Sensors will alert us and doctors when mom is not keeping to her pharmaceutical regimen.And, all these IoT devices will give context to people’s daily lives. Lights dimming or illuminating to match our mood or actions, refrigerators will warn that we have either eaten too much or not exercised enough before opening the door. Our designer glasses with integrated Microsoft Hololens technology will project the most salient context of the moment at that location.To read this article in full or to leave a comment, please click here

Mid-range models ring the changes in Top500 supercomputer ranking

With no change at the top of the latest Top500.org supercomputer list, you need to look further down the rankings to see the real story.Top500.org published the 49th edition of its twice-yearly supercomputer league table on Monday, and once again the Chinese computers 93-petaflop Sunway TaihuLight and 33.9-petaflop Tianhe 2 lead the pack.An upgrade has doubled the performance of Switzerland's GPU-based Piz Daint to 19.6 petaflops (19.6 quadrillion floating-point operations per second), boosting it from eighth to third place and nudging five other computers down a place. The top U.S. computer, Titan, is now in fourth.To read this article in full or to leave a comment, please click here

Mid-range models ring the changes in Top500 supercomputer ranking

With no change at the top of the latest Top500.org supercomputer list, you need to look further down the rankings to see the real story.Top500.org published the 49th edition of its twice-yearly supercomputer league table on Monday, and once again the Chinese computers 93-petaflop Sunway TaihuLight and 33.9-petaflop Tianhe 2 lead the pack.An upgrade has doubled the performance of Switzerland's GPU-based Piz Daint to 19.6 petaflops (19.6 quadrillion floating-point operations per second), boosting it from eighth to third place and nudging five other computers down a place. The top U.S. computer, Titan, is now in fourth.To read this article in full or to leave a comment, please click here

Mid-range supercomputers surge on the Top500 list of fastest machines

With no change at the top of the latest Top500.org supercomputer list, you need to look further down the rankings to see the real story.Top500.org published the 49th edition of its twice-yearly supercomputer league table on Monday, and once again the Chinese computers 93-petaflop Sunway TaihuLight and 33.9-petaflop Tianhe 2 lead the pack.An upgrade has doubled the performance of Switzerland's GPU-based Piz Daint to 19.6 petaflops (19.6 quadrillion floating-point operations per second), boosting it from eighth to third place and nudging five other computers down a place. The top U.S. computer, Titan, is now in fourth.To read this article in full or to leave a comment, please click here

Mid-range supercomputers surge on the Top500 list of fastest machines

With no change at the top of the latest Top500.org supercomputer list, you need to look further down the rankings to see the real story.Top500.org published the 49th edition of its twice-yearly supercomputer league table on Monday, and once again the Chinese computers 93-petaflop Sunway TaihuLight and 33.9-petaflop Tianhe 2 lead the pack.An upgrade has doubled the performance of Switzerland's GPU-based Piz Daint to 19.6 petaflops (19.6 quadrillion floating-point operations per second), boosting it from eighth to third place and nudging five other computers down a place. The top U.S. computer, Titan, is now in fourth.To read this article in full or to leave a comment, please click here

VMware NSX Achieves Common Criteria EAL 2+ Certification

VMware NSX 6.3 for vSphere has achieved Common Criteria certification at the Evaluation Assurance  Level (EAL) 2+ (view the certification report)(view the press release). This marks yet another milestone of our commitment to providing industry leading certified solutions for customers from federal departments and agencies, international governments and agencies, and other highly regulated industries and sectors. Along with FIPS, DISA-STIG, ICSA Labs firewall certification, and several other independent evaluations, the Common Criteria compliance accreditation validates NSX as a reliable network virtualization platform that satisfies stringent government security standards.

Common Criteria is an international set of guidelines (ISO-15408) that provides a methodology framework for evaluating security features and capabilities of Information Technology (IT) security products. It is mutually recognized by 26 member nations.

Regulatory compliance is one of the challenges faced by government IT departments in their efforts to modernize legacy systems, and Common Criteria is often required for procurement sales. The Common Criteria accreditation affirms that NSX for vSphere complies with the security requirements specified within the designated level and simplifies the introduction of NSX into government and highly regulated environments. NSX enables customers in the public sector to implement network Continue reading

1 2,032 2,033 2,034 2,035 2,036 3,860