Segment Routing on JUNOS – The basics

Anybody who’s been to any seminar, associated with any major networking systems manufacturer or bought any recent study material, will almost certainly have come across something new called “Segment Routing” it sounds pretty cool – but what is it and why has it been created?

To understand this we first need to rewind to what most of us are used to doing on a daily basis – designing/building/maintaining/troubleshooting networks, that are built mostly around LDP or RSVP-TE based protocols. But what’s wrong with these protocols? why has Segment-Routing been invented and what problems does it solve?

Before we delve into the depths of Segment-Routing, lets first remind ourselves of what basic LDP based MPLS is. LDP or “Label Distribution Protocol” was first invented around 1999, superseding the now defunct “TGP” or “Tag distribution protocol” in order to solve the problems of traditional IPv4 based routing. Where control-plane resources were finite in nature, MPLS enabled routers to forward packets based solely on labels, rather than destination IP address, allowing for a much more simple design. The fact that the “M” in MPLS stands for “Multiprotocol” allowed engineers to support a whole range of different services and encapsulations, that could be tunnelled Continue reading

Guccifer 2.0 takes credit for hacking another Democratic committee

The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group.Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and is promising journalists "exclusive materials" if they contact him directly.Although Guccifer 2.0 claims to be a lone hacktivist, some security experts believe he's actually a persona created by Russian government hackers who want to influence the U.S. presidential election.To read this article in full or to leave a comment, please click here

Guccifer 2.0 takes credit for hacking another Democratic committee

The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group.Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and is promising journalists "exclusive materials" if they contact him directly.Although Guccifer 2.0 claims to be a lone hacktivist, some security experts believe he's actually a persona created by Russian government hackers who want to influence the U.S. presidential election.To read this article in full or to leave a comment, please click here

SDxCentral Weekly News Roundup — August 12, 2016

The Broadband Forum brings NFV into the home.

Quiz #25 &#8211 Troubleshooting IPsec Authentication Headers (AH)

Your company has an IPsec tunnel with another company for achieving network connectivity between servers in 10.10.10.0/24 on your side to 10.20.20.0/24 on theirs. Lately they complained that their equipment has problems dealing with ESP and requested to migrate this existing IPsec tunnel from Encapsulating Security Payloads (ESP) to Authentication Headers (AH), since encryption/confidentiality was never a requirement for this tunnel. What could go wrong ?

HP leaks some details on Intel’s Kaby Lake and Apollo Lake chips

HP may have tried, but it couldn't hold the secrets of Intel's unreleased Kaby Lake and Apollo Lake CPU chips close to its chest.Some details on the new chips were unintentionally shared by HP in the maintenance documents of an unannounced PC, the Pavilion x360 m1.PCs with Kaby Lake -- called 7th Generation Core chips -- are expected to ship this quarter. It is a highly anticipated successor to Intel's Skylake chips, with performance and multimedia improvements.Asus announced the Transformer 3 tablet PC with Kaby Lake in June but didn't share specific chip details. Lenovo and Acer will announce new Kaby Lake PCs at the IFA trade show starting at the end of the month.To read this article in full or to leave a comment, please click here

Docker Weekly | Roundup

This week, we’re taking a look at how to quickly create a Docker swarm cluster, setup a mail forwarder on Docker, and better understand the new Docker 1.12.0 load-balancing feature. As we begin a new week, let’s recap our top 5 most-read stories for the week of August 7, 2016:

Continue reading

Worth Reading: Email optimization

In Part 1 of this series, we introduced the problem of email volume optimization. We showed that on the one hand, email is among the principal drivers of engagement, but on the other hand, excessive email volume results in increased negative responses such as members unsubscribing from an email type or reporting emails as spam. We discussed an approach for email volume optimization that minimizes email volume while maximizing downstream sessions and minimizing the number of member complaints (unsubscribes and spam reports). In this post, we’ll discuss our learnings from this approach and describe our new, improved approach that has resulted. —LinkedIn Engineering Blog

The post Worth Reading: Email optimization appeared first on 'net work.

The telecom money pit: How to use audits to find significant discrepancies and big savings

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. Analysts estimate that 10% to 20% of telecom charges are billed in error, and the financial impact can range from a few dollars to tens of thousands of dollars a month. On any given monthly statement the items being over-billed run the gamut of services delivered by the provider, and can include charges for invalid circuits, billing disputes, contractual issues, fraudulent charges, set-up fees and improper rates.  These charges can appear on the invoice or can be buried within the bundled services comprising monthly recurring charges. To read this article in full or to leave a comment, please click here

The telecom money pit: How to use audits to find significant discrepancies and big savings

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. Analysts estimate that 10% to 20% of telecom charges are billed in error, and the financial impact can range from a few dollars to tens of thousands of dollars a month. On any given monthly statement the items being over-billed run the gamut of services delivered by the provider, and can include charges for invalid circuits, billing disputes, contractual issues, fraudulent charges, set-up fees and improper rates.  These charges can appear on the invoice or can be buried within the bundled services comprising monthly recurring charges. To read this article in full or to leave a comment, please click here

The telecom money pit: How to use audits to find significant discrepancies and big savings

Do you trust your cloud provider? Addressing these questions will help put you at ease

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.Finding a cloud provider you can trust has become a major responsibility.  Cloud providers come in all shapes and sizes—from global organizations delivering a range of services to small shops specializing in a limited number of capabilities. To normalize the differences you need to ask consistent questions about key issues.Security should be at or near the very top of your list, with their answers providing the transparency which will help build trust.  An essential first step is to avoid making assumptions on what security is and isn’t with respect to a provider. Every provider is different, with different rules, service-level agreements (SLAs), and terms and conditions. Make sure you thoroughly understand what each service provider commits to you, the customer.To read this article in full or to leave a comment, please click here

Do you trust your cloud provider? Addressing these questions will help put you at ease

Auto Renew Let’s Encrypt Certificates

I’m a big fan of Let’s Encrypt (free, widely trusted SSL certificates) but not a big fan of most of the client software available for requesting and renewing certificates. Unlike a typical certificate authority, Let’s Encrypt doesn’t have a webui for requesting/renewing certs; everything is driven via an automated process that is run between a Let’s Encrypt software client and the Let’s Encrypt web service.

Since the protocols that Let’s Encrypt uses are standards-based, there are many open source clients available. Being security conscious, I have a few concerns with most of the clients:

• Complication. Many of the clients are hundreds of lines long and unnecessarily complicated. This makes the code really hard to audit and since this code is playing with my crypto key material, I do want to audit it.
• Elevated privilege. At least one of the clients I saw required root permission. That’s a non starter.

I can’t remember how, but I discovered a very clean, very simple client called acme-tiny at github.com/diafygi/acme-tiny. This script was obviously written by someone who shares the same concerns as I do and I highly recommend it to others.

I used acme-tiny to request my initial certificates — and it Continue reading

10 key considerations when building a private cloud

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.A private cloud enables enterprises to secure and control applications and data while providing the ability for development teams to deliver business value faster and in a frictionless manner. But while building a private cloud can transform IT, it can also be an expensive science experiment without careful planning and preparation.  Here are ten considerations that will help ensure success.1. Involve the stakeholders.  Private clouds are not purely an IT project. The various business units that will be the actual users should be involved in figuring out the specifications and deliverables. A cloud changes the transactional relationship between IT and business. Both sides have to be engaged in figuring out and accepting how that relationship changes with a private cloud.To read this article in full or to leave a comment, please click here

10 key considerations when building a private cloud

People are patching Windows but not their apps

The good news? People are keeping Windows up to date and patched. The bad news? They are a lot sloppier about the apps they use on their Windows PCs.According to a new report from Secunia Research in its Country Reports, covering Q2 2016 for 12 countries, the number of unpatched Windows machines has declined to just 5.4 percent, which is a sizable drop from the 6.1 percent of the first quarter. In Q2 of 2015, that figure was 10.3 percent.+ Also on Network World: The unrelenting danger of unpatched computers +To read this article in full or to leave a comment, please click here

SD-WAN takes advantage of the 100x MPLS/Internet price gap

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Everyone is generally aware that MPLS is expensive compared to Internet connectivity (check out “Why MPLS is so expensive”), but are you aware exactly how enormous the difference is? Even with MPLS prices coming down, the precipitous drop in Internet prices has made the gap larger. A few years ago MPLS typically cost $300-$600 per Mbps per month for the copper connectivity (i.e. n x T1/E1) typically deployed at all but the largest enterprise locations, while today in most of North America and much of Europe a more typical range is $100 - $300 per Mbps per month.To read this article in full or to leave a comment, please click here

SD-WAN takes advantage of the 100x MPLS/Internet price gap

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Everyone is generally aware that MPLS is expensive compared to Internet connectivity (check out “Why MPLS is so expensive”), but are you aware exactly how enormous the difference is? Even with MPLS prices coming down, the precipitous drop in Internet prices has made the gap larger. A few years ago MPLS typically cost $300-$600 per Mbps per month for the copper connectivity (i.e. n x T1/E1) typically deployed at all but the largest enterprise locations, while today in most of North America and much of Europe a more typical range is $100 - $300 per Mbps per month.To read this article in full or to leave a comment, please click here

SD-WAN takes advantage of the 100x MPLS/Internet price gap