DHCP Topology Customization Options

The Dynamic Host Configuration Protocol (DHCP) is widely used, and yet poorly understood. There are, in fact, a large number of options in DHCP—but before we get to these, let’s do a quick review of basic off-segment operation.

When the client, which has no IP address, sends out a request for configuration information, what happens? The Router, A, if it is configured to be a DHCP helper, will receive the packet and forward it to the DHCP server, which is presumably located someplace else in the network. The router generally knows what address to send the request to because of manual configuration—but how does the server know how to get the packet back to the original requester?

The helper—Router A in this case—inserts the IP address of the interface on which the request was received into the giaddr field of the DHCP packet. As boring as this might seem, this is where things actually get pretty interesting. It’s possible, of course, for a router to have an logical layer three interface that sits on a bridge group (or perhaps an IRB interface). The router obviously needs to be able to put more information in the DHCP request to handle this Continue reading

IDG Contributor Network: Triggered NetFlow — A Trick of the Trade

Triggered NetFlow: A Woland-Santuka Pro-Tip Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Triggered NetFlow — A Trick of the Trade

Triggered NetFlow: A Woland-Santuka Pro-Tip Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Triggered NetFlow — <br>A Trick of the Trade

Triggered NetFlow: A Woland-Santuka Pro-Tip Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.To read this article in full or to leave a comment, please click here

Lenovo advises users to remove a vulnerable support tool preinstalled on their systems

PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems. The vulnerable tool is called Lenovo Accelerator Application and is designed to speed up the launch of other Lenovo applications. It was preinstalled on more than 100 laptop and desktop models shipped with Windows 10, but not those from the ThinkPad and ThinkStation lines. The flaw was discovered by researchers from security firm Duo Security as part of an analysis of OEM software update tools from five PC manufacturers. The company found that a process called LiveAgent, apparently the update component of the Lenovo Accelerator Application, does not use encrypted connections when checking and downloading updates. LiveAgent also does not validate the digital signatures of the downloaded files before running them, the researchers said.To read this article in full or to leave a comment, please click here

Lenovo advises users to remove a vulnerable support tool preinstalled on their systems

PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems. The vulnerable tool is called Lenovo Accelerator Application and is designed to speed up the launch of other Lenovo applications. It was preinstalled on more than 100 laptop and desktop models shipped with Windows 10, but not those from the ThinkPad and ThinkStation lines. The flaw was discovered by researchers from security firm Duo Security as part of an analysis of OEM software update tools from five PC manufacturers. The company found that a process called LiveAgent, apparently the update component of the Lenovo Accelerator Application, does not use encrypted connections when checking and downloading updates. LiveAgent also does not validate the digital signatures of the downloaded files before running them, the researchers said.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Is ‘in situ’ performance monitoring the holy grail for cloud-native apps?

Developers specifically design apps natively for the cloud with the expectation that they will achieve massive scale with millions or billions of concurrent users. While many aspire to be the next Facebook, Twitter, Snapchat or Uber, plenty of app developers for banks, ecommerce sites or SaaS companies design for scale that is still far beyond what was even imagined a decade ago.Monitoring the performance of cloud applications with this kind of scale, however, is daunting, and the traditional approach of doing periodic collection and analysis of statistics is simply impractical. Only machine learning techniques, applied to intelligent performance data collection, can reduce data loads without inadvertently omitting context- and performance-sensitive data.To read this article in full or to leave a comment, please click here

Flash Needs a Highway

Last week at Storage Field Day 10, I got a chance to see Pure Storage and their new FlashBlade product. Storage is an interesting creature, especially now that we’ve got flash memory technology changing the way we think about high performance. Flash transformed the industry from slow spinning gyroscopes of rust into a flat out drag race to see who could provide enough input/output operations per second (IOPS) to get to the moon and back.

Take a look at this video about the hardware architecture behind FlashBlade:

It’s pretty impressive. Very fast flash storage on blades that can outrun just about anything on the market. But this post isn’t really about storage. It’s about transport.

Life Is A Network Highway

Look at the backplane of the FlashBlade chassis. It’s not something custom or even typical for a unit like that. The key is when the presenter says that the architecture of the unit is more like a blade server chassis than a traditional SAN. In essence, Pure has taken the concept of a midplane and used it very effectively here. But their choice of midplane is interesting in this case.

Pure is using the Broadcom Trident II switch as their Continue reading

IDG Contributor Network: Stackanetes: Just because you can do it, should you do it?

At the recent OpenStack summit in Austin, Texas, infrastructure company CoreOS demonstrated Stackanetes, a new initiative it dreamed up that is designed to make it easier for organizations to utilize applications sitting on top of Kubernetes.Kubernetes is, of course, the open source container management initiative that was borne out of the internal systems that Google uses to manage its own infrastructure.Stackanetes came from CoreOS's focus on delivering what it calls GIFEE (Google's Infrastructure for Everyone). The idea is that currently only massive organizations like Google have the ability to run these highly efficient platforms. CoreOS wants to democratize that ability.To read this article in full or to leave a comment, please click here

Espionage cited as the US Federal Reserve reports 50-plus breaches from 2011 to 2015

The U.S. Federal Reserve, the nation's central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage.The Fed's Washington-based Board of Governors identified 51 information disclosures during the five-year period, according to information obtained through a Freedom of Information Act request by Reuters.The breaches reported include only those at the Fed's Washington location and don't include any at its 12 privately owned regional branches.To read this article in full or to leave a comment, please click here

Espionage cited as the US Federal Reserve reports 50-plus breaches from 2011 to 2015

The U.S. Federal Reserve, the nation's central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage.The Fed's Washington-based Board of Governors identified 51 information disclosures during the five-year period, according to information obtained through a Freedom of Information Act request by Reuters.The breaches reported include only those at the Fed's Washington location and don't include any at its 12 privately owned regional branches.To read this article in full or to leave a comment, please click here

Credibility and trust: Microsoft blows it

On the surface, Microsoft has yielded to turns in the market more rapidly. But now they’ve blown it, pushing back increased trust and credibility, perhaps years, and for an inane reason: shoving Windows 10 down user’s throats.It’s a fine operating system. It has the madness of near-malware ads now sewn into it, and damnable tracking—with no publicly vetted method of preventing adware malware. Yet it’s more stable than Windows 7, it’s nicer to use than Windows 8-something, and it’s a great price model.That is, it’s a great price model until you get to this point: allowing users to reject it, for whatever reason they want. Foisting it upon them is boorish. Citations of “quit bitching” don’t acknowledge that the current trust for Microsoft is still really tenuous.To read this article in full or to leave a comment, please click here

Office 365 Advanced Security Management brings powerful protection for a price

Enterprises using Microsoft's Office 365 have a new security product that they can use to better lock down their organizations -- for a price. The company introduced a new Advanced Security Management service on Wednesday that gives companies a trio of tools aimed at helping detect security threats, provide granular controls and let IT administrators track if people in their organization are using unauthorized services.It's another part of Microsoft's push to lure businesses over to its subscription-based productivity suite. By providing more advanced security capabilities, Microsoft may be able to convince security-conscious businesses to buy into Office 365, rather than avoid a subscription or choose one of Office's competitors like Google Apps for Work.To read this article in full or to leave a comment, please click here

Office 365 Advanced Security Management brings powerful protection for a price

Enterprises using Microsoft's Office 365 have a new security product that they can use to better lock down their organizations -- for a price. The company introduced a new Advanced Security Management service on Wednesday that gives companies a trio of tools aimed at helping detect security threats, provide granular controls and let IT administrators track if people in their organization are using unauthorized services.It's another part of Microsoft's push to lure businesses over to its subscription-based productivity suite. By providing more advanced security capabilities, Microsoft may be able to convince security-conscious businesses to buy into Office 365, rather than avoid a subscription or choose one of Office's competitors like Google Apps for Work.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Farming off the grid: How IoT helps remote communities grow more with less

An IoT solution isn't the first idea that comes to mind when you're standing in the African heat, thinking of ways to empower a village. But that's exactly what happened.Brandi DeCarli and Scott Thompson had been building a Youth Empowerment Center from a modified shipping container in Kisumu, Kenya, as part of the UN Habitat Program. While doing this work, they realized that the local community lacked basic necessities, such as access to fresh and healthy food. They thought, why not use a modified shipping container to provide a plug-and-play farming unit?To read this article in full or to leave a comment, please click here

Linux Foundation Adds OpenSwitch NOS Project

Net neutrality may be an unenforceable pipedream. Here’s why.

Net neutrality—the idea that carriers should not be allowed to provide preferential treatment to certain kinds of content—is a heavily politicized topic. With patriotic fervor on both sides of the aisle, last year’s FCC Open Internet rules pleased proponents and enraged opponents of the concept. (Several groups of carriers are suing the FCC over the rules, but the cases have yet to be resolved.)Zero ratings and usage caps But the reality seems to be that clever moves and creative definitions by carriers and content providers are increasingly making the FCC rules moot. While making efforts to avoid technically or obviously breaking the letter of the law, carriers and content providers are combining zero ratings and usage caps—neither expressly outlawed by the FCC—to get around the intent of net neutrality regulations.To read this article in full or to leave a comment, please click here

Your open source security problem is worse than you think

The 200 applications reviewed by Black Duck Software for its "State of Open Source Security in Commercial Applications" report used an average of 105 open source components, comprising 35% of the code. That's twice as much open source as the companies participating in Black Duck's audits were aware they used, according to the report.To read this article in full or to leave a comment, please click here(Insider Story)

Is network fabric heading down the same path as ‘software defined’ and ‘stacking’?

Technology vendors love to grab terms that are hot and then overuse them to the point where no one really understands what it means any more. I understand the desire to catch a market trend and have the “rising tide” lift the vendors along with a number of others. But the overuse of terms tends to confuse buyers while they are trying to figure out what’s what.This is one reason why Gartner’s Hype Cycle has the phases it does. While I think some of the terms are a little silly, the fact is that the first upslope creates vendor overhype and then technology goes into a lull while users do their own research. Gartner If you’ve been around the network industry for a while, you probably remember the days when the term “stacking” became such a term. There’s some debate as to who invented stacking.To read this article in full or to leave a comment, please click here

Is network fabric heading down the same path as ‘software defined’ and ‘stacking’?

Technology vendors love to grab terms that are hot and then overuse them to the point where no one really understands what it means any more. I understand the desire to catch a market trend and have the “rising tide” lift the vendors along with a number of others. But the overuse of terms tends to confuse buyers while they are trying to figure out what’s what.This is one reason why Gartner’s Hype Cycle has the phases it does. While I think some of the terms are a little silly, the fact is that the first upslope creates vendor overhype and then technology goes into a lull while users do their own research. Gartner If you’ve been around the network industry for a while, you probably remember the days when the term “stacking” became such a term. There’s some debate as to who invented stacking.To read this article in full or to leave a comment, please click here