QoS – Quick Post on Low Latency Queuing

A friend was looking for some input on low latency queuing yesterday. I thought the exchange we had could be useful for others so I decided to write a quick post.

The query was where the rule about the priority queue being limited to 33% came from. The follow up question is how you handle dual priority queues.

This is one of those rules that are known as a best practice and doesn’t really get challenged. The rule is based on Cisco internal testing within technical marketing. Their testing showed that data applications suffered when the LLQ was assigned a to large portion of the available bandwidth. The background to this rule is that you have a converged network running voice, video and data. It is possibly to break this rule if you are delivering a pure voice or pure video transport where the other traffic in place is not business critical. Other applications are likely to suffer if the LLQ gets too big and if everything is priority then essentially nothing is priority. I have seen implementations using around 50-55% LLQ for VoIP circuits which is a reasonable amount.

How should dual LLQs be deployed? The rule still applies. Continue reading

3 nightmare election hack scenarios

The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen. The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges -- more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots. But the major difficulty of hacking an election is less a technological challenge than an organizational one, with hackers needing to marshal and manage the resources needed to pull it off, election security experts say. And a handful of conditions would need to fall into place for an election hack to work.To read this article in full or to leave a comment, please click here

Hacked voter registration systems: a recipe for election chaos

How do you disrupt the U.S. election? Hacking a voter registration database could very well do just that. Imagine thousands or even millions of citizens' names mysteriously disappearing from a database. Then when election day comes along, they find out they aren't registered to vote.   Some security experts warn that this scenario isn't totally far-fetched and could deny citizens from casting ballots. "If that happens to a few voters here and a few there, it's not a big deal," said Dan Wallach, a professor at Rice University who studies electronic voting systems. "If that happens to millions of voters, the processes and procedures we have would grind to a halt."To read this article in full or to leave a comment, please click here

5 ways to improve voting security in the US

With the U.S. presidential election just weeks away, questions about election security continue to dog the nation's voting system. It's too late for election officials to make major improvements, "and there are no resources," said Joe Kiniry, a long-time election security researcher. However, officials can take several steps for upcoming elections, security experts say. "Nobody should ever imagine changing the voting technology used this close to a general election," said Douglas Jones, a computer science professor at the University of Iowa. "The best time to buy new equipment would be in January after a general election, so you've got almost two years to learn how to use it."To read this article in full or to leave a comment, please click here

IDG Contributor Network: Building an insider threat program that works — Part 2

Organizations attempting to implement a world-class insider threat program have learned from experience what doesn't work well (see Part I of this post). As a result, they have a better sense of what they require to prevail in today's evolving insider threat landscape.There is an emerging consensus that any world-class insider threat program must have the following three core characteristics:1. Preventive: Organizations want more than just a threat detection system that tells them an attack has already taken place. They need an early-warning system that allows them to prevent insider threat events through a comprehensive threat assessment framework that leverages all available internal and external data and produces far fewer false negatives and positives.To read this article in full or to leave a comment, please click here

Cisco ACI Multipod

Since 2.0, Multipod for ACI enables provisioning a more fault tolerant fabric comprised of multiple pods with isolated control plane protocols. Also, multipod provides more flexibility with regard to the full mesh cabling between leaf and spine switches.  When leaf switches are spread across different floors or different buildings, multipod enables provisioning multiple pods per floor or building and providing connectivity between pods through spine switches.

A new White Paper on ACI Multipod is now available

http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737855.html?cachemode=refresh

US tech giants say they didn’t do Yahoo-style email spying

Reports of a secret Yahoo program to search through customers' incoming emails has spurred other tech companies to deny ever receiving a similar request from the U.S. government.The program, reportedly created last year through a classified U.S. order, involves Yahoo searching through hundreds of millions of user accounts at the behest of the National Security Agency or FBI.Other U.S. tech companies, including Google, Microsoft, Twitter and Facebook, denied doing anything like it. Most also said they would challenge such a request in court.Privacy advocates said the government enlisting Yahoo to assist in email monitoring would be wrong.To read this article in full or to leave a comment, please click here

US tech giants say they didn’t do Yahoo-style email spying

Reports of a secret Yahoo program to search through customers' incoming emails has spurred other tech companies to deny ever receiving a similar request from the U.S. government.The program, reportedly created last year through a classified U.S. order, involves Yahoo searching through hundreds of millions of user accounts at the behest of the National Security Agency or FBI.Other U.S. tech companies, including Google, Microsoft, Twitter and Facebook, denied doing anything like it. Most also said they would challenge such a request in court.Privacy advocates said the government enlisting Yahoo to assist in email monitoring would be wrong.To read this article in full or to leave a comment, please click here

Five questions about taking Google’s new phones to work

Google unveiled a massive strategic shift on Tuesday, announcing that it is officially getting into the business of designing and releasing its own smartphones. The Pixel and Pixel XL, announced at a special event in San Francisco, are the company's first forays into that market after working with outside manufacturers for several years to produce its Nexus line of devices. The phones are snazzy gizmos packed with some of the latest features that Google could come up with, like a new intelligent assistant and a high-quality camera. It feels like one of the best Android smartphones on the market and could be a serious contender to take on Apple's iPhone, especially for people looking to purchase a flagship smartphone.To read this article in full or to leave a comment, please click here

OpenConfig, RESTCONF, and Automated Cable Verification at iNOG9

Last week I was in Dublin for business which just so happened to overlap with iNOG9, which was last Wednesday. As luck would have it, I had the opportunity to speak at iNOG9 about network automation.

You can watch the video if you want to see the presentation, but the three mini demos I gave were:

  1. Cable verification on Juniper vMX devices using Ansible
  2. Automating BGP on IOS-XR using OpenConfig BGP models using Ansible
  3. Using Postman to explore and demo the new RESTCONF/YANG interface on IOS XE.

Few words about each.

Cable verification

Usually when the topic of network automation comes up, configuration management is assumed. It should not be as there are so many other forms and types of automation. Here I showed how we can verify cabling (via neighbors) is accurate on a Junos vMX topology. Of course, the hard part here is having the discipline to define the desired cabling topology first. Note: links for sample playbooks can be found below on the GitHub repo.

OpenConfig BGP Automation with Ansible

I built a custom Ansible module built around NETCONF (ncclient), but uses the OpenConfig YANG model for global BGP configuration. For example, this is the Continue reading

A Triple-Provider Vagrant Environment

In this post, I’d like to share with you some techniques I used to build a triple-provider Vagrant environment—that is, a Vagrant environment that will work unmodified with multiple backend providers. In this case, it will work (mostly) unmodified with AWS, VirtualBox, and the VMware provider (tested with Fusion, but should work with Workstation as well). I know this may not seem like a big deal, but it marks something of a milestone for me.

Since I first started using Vagrant a couple of years ago, I’ve—as expected—gotten better and better at leveraging this tool in a flexible way. You can see this in the evolution of the Vagrant environments found in my GitHub “learning-tools” repository, where I went from hard-coded data values to pulling data from external YAML files.

One thing I’d been shooting for was a Vagrantfile that would work with multiple backend providers without any modifications, and tonight I managed to build an environment that works with AWS, VirtualBox, and VMware Fusion. There are still a couple of hard-coded values, but the vast majority of information is pulled from an external YAML file.

Let’s take a look at the Vagrantfile that I created. Here’s Continue reading

OpenConfig, RESTCONF, and Automated Cable Verification at iNOG9

Last week I was in Dublin for business which just so happened to overlap with iNOG9, which was last Wednesday. As luck would have it, I had the opportunity to speak at iNOG9 about network automation.

You can watch the video if you want to see the presentation, but the three mini demos I gave were:

  1. Cable verification on Juniper vMX devices using Ansible
  2. Automating BGP on IOS-XR using OpenConfig BGP models using Ansible
  3. Using Postman to explore and demo the new RESTCONF/YANG interface on IOS XE.

Few words about each.

Cable verification

Usually when the topic of network automation comes up, configuration management is assumed. It should not be as there are so many other forms and types of automation. Here I showed how we can verify cabling (via neighbors) is accurate on a Junos vMX topology. Of course, the hard part here is having the discipline to define the desired cabling topology first. Note: links for sample playbooks can be found below on the GitHub repo.

OpenConfig BGP Automation with Ansible

I built a custom Ansible module built around NETCONF (ncclient), but uses the OpenConfig YANG model for global BGP configuration. For example, this is the Continue reading

The Yahoo-email-search story is garbage

Joseph Menn (Reuters) is reporting that Yahoo! searched emails for the NSA. The details of the story are so mangled that it's impossible to say what's actually going on.

The first paragraph says this:
Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails
The second paragraph says this:
The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts
Well? Which is it? Did they "search incoming emails" or did they "scan mail accounts"? Whether we are dealing with emails in transmit, or stored on the servers, is a BFD (Big Fucking Detail) that you can't gloss over and confuse in a story like this. Whether searches are done indiscriminately across all emails, or only for specific accounts, is another BFD.

The third paragraph seems to resolve this, but it doesn't:
Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
Who are these "some surveillance experts"? Why is the Continue reading

Applied Micro Finds ARM Server Footing, Reaches Higher

One of the frustrating facts about peddling any new technology is that the early adopters that discover a strategic advantage in that technology want to keep that secret all to themselves. Word of mouth and real-world use cases are big factors in the adoption of any new technology, and anything that hampers this actually causes the adoption to move slower than it otherwise might.

But eventually, despite all of the secrecy, there comes a time when the critical mass is reached and adoption proceeds apace. We have been waiting for that moment for a long time now for 64-bit ARM

Applied Micro Finds ARM Server Footing, Reaches Higher was written by Timothy Prickett Morgan at The Next Platform.

WikiLeaks plans to dump more sensitive files on US election

WikiLeaks is promising to release secret documents relating to the U.S. election, at a time when there are already questions over whether Russian hackers are feeding the site information.WikiLeaks will publish the documents "every week for the next 10 weeks" and the topics include the U.S. election, war, arms, Google, and mass surveillance, site founder Julian Assange said on Tuesday in a press conference.  All the U.S. election documents will be released before Nov. 8, when voters cast their ballots. The leaks pertain to "U.S. power factions and how they operate," Assange said. However, he denied deliberately trying to sabotage Democratic presidential candidate Hillary Clinton's election chances.To read this article in full or to leave a comment, please click here

1 2,600 2,601 2,602 2,603 2,604 3,819