NetworkingNexus.net

A look at Auto-Tunnel Mesh Groups

In this post I would like to give a demonstration of using the Auto-Tunnel Mesh group feature.

As you may know, manual MPLS-TE tunnels are first and foremost unidirectional, meaning that if you do them between two PE nodes, you have to do a tunnel in each direction with the local PE node being the headend.

Now imagine if your network had 10 PE routers and you wanted to do a full mesh between them, this can become pretty burdensome and error-prone.
Thankfully there’s a method to avoid doing this manual configuration and instead rely on your IGP to signal its willingness to become part of a TE “Mesh”. Thats what the Auto-Tunnel Mesh Group feature is all about!

In my small SP setup, I only have 3 PE devices, namely PE-1, PE-2 and PE-3. I also only have one P node, called P-1.
However small this setup is, its enough to demonstrate the power of the Auto-Tunnel mesh functionality.

Beyond that, I have setup a small MPLS L3 VPN service for customer CUST-A, which has a presence on all 3 PE nodes. The VPNv4 address-family is using a RR which for this purpose is P-1.

We are running OSPF Continue reading

OSPF Forwarding Address: Yet another Kludge

One of my readers sent me an interesting NSSA question (more in a future blog post) that sent me chasing for the reasons behind the OSPF Forwarding Address (FA) field in type-5 and type-7 LSAs.

This is the typical scenario for OSPF FA I was able to find on the Internet:

CIA updates rules for collecting and retaining info on US people

The U.S. Central Intelligence Agency on Wednesday updated rules relating to the collection, retention and dissemination of information of U.S. persons, including putting a limit of five years on holding certain sensitive data and introducing restrictions for querying the data.The announcement by the spy agency comes a couple of days before a new administration under President-elect Donald Trump takes charge, and could address to an extent concerns expressed by civil rights groups about the collection and handling of information of U.S. persons in the course of overseas surveillance. Such information is collected by the CIA under Executive Order 12333.To read this article in full or to leave a comment, please click here

CIA updates rules for collecting and retaining info on US people

LSA issue @ January 19, 2017 at 10:43AM

Here is the question: if Host A wants to transmit some data across TCP/IP network to Host B with IP address of 1.2.3.4 how will this Dest_IP address be represented? Correct, it will be hex encoded, but will the bytestream be like 0x01 02 03 04 or 0x04 03 02 01? Yep, you see where

2016 Year in Review

Every beginning of the year I usually review what I have done the past one year, make notes, and build the plan for the upcoming year. I made many mistakes in the past, did things I’m not proud of, however I use them as opportunity to learn and try to be better next time.

Early 2016 I found that my startup company was competing directly against Cisco (that was still my employer at that time). That was quite surprising. I founded that company in 2012 initially as my pet project, the lab for my MBA, where I can practice whatever I learned from the business school. My pitch for the startup was simple: we do what Cisco (or Cisco Services) will not do. We built online learning platform to learn Cisco certification using group mentoring system. We run physical network audit. We did system integration projects to interoperate Cisco products with any other vendors.

However, since late 2014 the engineering team in my company have evolved. They grew skills in network programming. The team put more focus on Software Defined Networking (SDN). They built lab to validate Network Function Virtualization (NFV). And then the team started to develop our own Continue reading

Video: Newbie Guide to Python and Network Automation

Plain Text Productivity Redux

Almost 2 years ago, I set out on an experiment in plain text productivity. I won’t say the experiment was a failure; I did learn from the experiment, and gaining knowledge is usually a positive outcome. In the end, I switched back to OmniFocus, the OS X- and iOS-specific app I’d been using previously. In the last few weeks, though, I’ve revisited the idea of a plain text productivity system as part of my migration to Ubuntu Linux as my primary desktop OS, and I think I’ve resolved some of the issues that were present in my last attempt.

To recap, in my previous attempt I settled on the TaskPaper format (named after the OS X app of the same name). The format is extraordinarily flexible, and the OS X app is more powerful than you might expect. However, I uncovered some issues that made the solution untenable; namely:

Handling future tasks is a problem.
Handling repeating tasks is a problem.
Handling tasks with due dates is a problem.
Handling lots of tasks is a problem.
Keeping task lists synced across computers can be a problem.

At the time, the app had no way to dynamically respond to Continue reading

Technology Short Take #76

Welcome to Technology Short Take #76, the first Technology Short Take of 2017. Normally, I’d publish this on a Friday, but due to extenuating circumstances (my mother-in-law’s funeral is tomorrow) I’m posting it today. Here’s hoping you find something useful!

Networking

As of Vagrant 1.9.1, the Cumulus plugin for Vagrant is no longer needed. See this post for more details.
Ivan Pepelnjak (one of my absolutely favorite folks in the IT industry) has a great post on using regex filters in Ansible to parse text printouts from network devices. This is a super-practical post that anyone working with network automation can put to use right away.
Craig Matsumoto has an informative article on why machine learning is hard to apply to networking. I’ve heard David Meyer—who is quoted extensively in the article—speak several times, and most of the time his stuff is way beyond my understanding. At least now, though, I get the general direction he’s heading.
Interested in using OVS with VXLAN on Hyper-V, but without OpenStack? This article by Alin Serdean from Cloudbase Solutions describes how it’s done.
Here’s an article describing how to establish a site-to-site VPN between a Cisco ASA and Microsoft Azure. Anecdotally, Continue reading

Running a Pelican Blog on Docker Cloud with Let’s Encrypt

It's 2017 and my blog was starting to look a little dated so I decided it was time for a face-lift. While I was at it, I overhauled the way I deploy my blog too.

Mac malware is found targeting biomedical research

A Mac malware that’s been spying on biomedical research centers may have been circulating undetected for years, according to new research.Antivirus vendor Malwarebytes uncovered the malicious code, after an IT administrator spotted unusual network traffic coming from an infected Mac.The malware, which Apple calls Fruitfly, is designed to take screen captures, access the Mac’s webcam, and simulate mouse clicks and key presses, allowing for remote control by a hacker, Malwarebytes said in a blog post on Wednesday.The security firm said that neither it nor Apple have identified how the malware has been spreading. But whoever designed it relied on “ancient” coding functions, dating back before the Mac OS X operating system launch in 2001, said Malwarebytes researcher Thomas Reed in the blog post.To read this article in full or to leave a comment, please click here

Mac malware is found targeting biomedical research

10 Cool Security Startups Vying for Glory at RSA Conference

Hot topics at this year's RSA Conference in February will include cloud security, Internet of Things security and encryption -- and all of those issues unsurprisingly are represented among the 10 finalists announced for the event's annual Innovation Sandbox Contest for startups.I ran the company descriptions provided in the RSA Conference press release about the contest through a Wordcloud generator and produced the spectacular graphic above that put "data" protection at the heart of what these newcomers are addressing. The biggest shock for me was that machine learning didn't get mentioned in each description...but it did make the cut in three of the 10.To read this article in full or to leave a comment, please click here

10 Cool Security Startups Vying for Glory at RSA Conference

Microsoft’s new Linux option for Azure is Clear in the cloud

Microsoft announced today that it has added support for the Intel-backed Clear Linux distribution in instances for its Azure public cloud platform.It’s the latest in a lengthy string of Linux distributions to become available on the company’s Azure cloud. Microsoft already supports CentOS, CoreOS, Debian, Oracle Linux, Red Hat Enterprise Linux, SUSE Enterprise Linux, OpenSUSE and Ubuntu in Azure instances.+ALSO ON NETWORK WORLD: Windows 10 peeping: Microsoft fails to understand the uproar + Oracle patches raft of vulnerabilities in business applicationsTo read this article in full or to leave a comment, please click here

Slack finally launches threaded replies

Slack, the popular work chat app, has launched one of the features that users have been clamoring for over its entire lifetime: threaded messages.On Wednesday, the company began the process of rolling out the update to all of its users, which will allow them to keep conversations about a particular topic corralled into a single thread. The feature is designed to keep conversations on a particular topic out of the main flow of a chat channel, the company said in a blog post.Starting a thread just requires users to hover over a message, click the “Start a Thread” button, and type their response. Replies will be grouped into a sidebar thread, and a small link will appear below the original message showing who has replied to a thread and how many replies it has garnered.To read this article in full or to leave a comment, please click here

New $29 Pine64 computer takes on Raspberry Pi Compute Module 3

Raspberry Pi's new Compute Module 3 has serious competition coming its way from the maker of the Pine64 board computer.The new SOPINE A64 64-bit computing module is a smaller version of the popular US$15 Pine64 computer.It was announced the same week as the Raspberry Pi Compute Module 3, which is a smaller version of the popular namesake board, was released.At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website.The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer.To read this article in full or to leave a comment, please click here

Red Hat Makes Container Storage a Little More Dynamic

Gluster gets a boost in the container world.

Fraud for online holiday sales spikes by 31%

Fraud attempts on digital retail sales jumped 31% from Thanksgiving to Dec. 31 over the previous year, according to a survey of purchasing data from ACI Worldwide.The fraud increase was based on hundreds of millions of online transactions with major merchants globally. Also, the number of e-commerce transactions grew by 16% for the same period, ACI said.Some of the fraud attempts came from the use of credit card numbers purchased in underground chat channels, ACI said.“Given the consistent and alarming uptick in fraudulent activity on key dates, merchants must be proactive in their efforts to identify weak spots and define short and long-term strategies for improved security and enhanced customer experience,” said Markus Rinderer, senior vice president of platform solutions at ACI.To read this article in full or to leave a comment, please click here

Fraud for online holiday sales spikes by 31%

« Previous 1 … 2,347 2,348 2,349 2,350 2,351 … 3,808 Next »