NetworkingNexus.net

Building a L2 Fabric on top of VXLAN: Arista or Cisco?

One of my readers working as an enterprise data center architect sent me this question:

I've just finished a one-week POC with Arista. For fabric provisioning and automation, we were introduced to CloudVision. My impression is that there are still a lot of manual processes when using CloudVision.

Arista initially focused on DIY people and those people loved the tools Arista EOS gave them: Linux on the box, programmability, APIs… However

Iran orders messaging apps to store data of local users in the country

Iran has ordered foreign messaging apps to transfer data and activity records of Iranian users to local servers within a year, a move that will give the country a greater ability to monitor and censor the online activity of its people.The country’s Supreme Council of Cyberspace has issued instructions to foreign messaging companies active in the country, requiring them “to transfer all data and activity linked to Iranian citizens into the country in order to ensure their continued activity," news reports said quoting state-run media.Social media platforms such as Twitter and Facebook are already blocked in the country whose government holds a tight control over Internet access by its people.To read this article in full or to leave a comment, please click here

Iran orders messaging apps to store data of local users in the country

Doing a ‘full scan’ of the Internet right now

So I'm doing a "full" scan of the Internet, all TCP ports 0-65535 on all addresses. This explains the odd stuff you see from 209.126.230.7x.

I'm scanning at only 125kpps from 4 source IP addresses, or roughly 30kpps from each source address. This is so that I'll get below many thresholds for IDSs, which trigger when they see fast scans from a single address. The issue isn't to avoid detection, but to avoid generating work for people who get unnecessarily paranoid about the noise they see in their IDS logs.

This scan won't finish at this speed, of course, it won't get even close. Technically, it'd take 50 years to complete at this rate.

The point isn't create a comprehensive scan, but to do sampling scan. I'll let it run a week like this, which will get 0.1% of the Internet, and then stop the scan.

What am I looking for? I don't know. I'm just doing something weird in order to see what happens. With that said, I am testing any port I connect to with Heartbleed. This should give us an estimation of how many Internet-of-Things devices are still vulnerable to that bug. I'm Continue reading

Microsoft CEO Satya Nadella follows Apple’s Tim Cook to India

Microsoft’s CEO Satya Nadella is visiting India, reflecting the growing importance of the country as a market for multinational technology companies. Nadella’s visit follows the first trip to India by Apple CEO Tim Cook, who visited the country this month to drum up support for the company’s plans to offer refurbished iPhones in the price-sensitive market as well as to get permission to set up its wholly-owned stores in the country. Both deals appear to have been blocked by regulators, according to reports. While Apple was largely seen as lacking focus on India until recently, when its China revenue fell 11 percent, while iPhone sales in India grew 56 percent year-on-year in the last quarter, Microsoft has been a long-time player in the Indian market.To read this article in full or to leave a comment, please click here

31 – Multiple approaches interconnecting VXLAN Fabrics

As discussed in previous articles, VXLAN data plane encapsulation in conjunction with its control plane MP-BGP AF EVPN is becoming the foremost technology to support the modern network Fabric.

It is therefore interesting to clarify how to interconnect multiple VXLAN/EVPN fabrics geographically dispersed across different locations.

Three approaches can be considered:

The 1^st option is the extension of multiple sites as one large single stretched VXLAN Fabric. There is no network overlay boundary per se, nor VLAN hand-off at the interconnection, which simplifies operations. This option is also known as geographically dispersed VXLAN Multiple PoD. However we should not consider this solution as a DCI solution as there is no demarcation, nor separation between locations. Nonetheless this one is very interesting for its simplicity and flexibility. Consequently we have deeply tested and validated this design.

The second option to consider is multiple VXLAN/EVPN-based Fabrics interconnected using a DCI Layer 2 and layer 3 extension. Each greenfield DC located on different site is deployed as an independent fabric, increasing autonomy of each site and enforce global resiliency. This is often called Multisite. A Data Center Interconnect technology (OTV, VPLS, PBB-EVPN, or even VXLAN/EVPN) is therefore used to extend Layer 2 and Layer Continue reading

Docker macvlan and ipvlan network plugins

This is a continuation of my previous blog on macvlan and ipvlan Linux network drivers. Docker has added support for macvlan and ipvlan drivers and its currently in experimental mode as of Docker release 1.11. Example used in this blog In this example, we will use Docker macvlan and ipvlan network plugins for Container communication … Continue reading →

Macvlan and ipvlan in CoreOS

This is a continuation of my previous blog on macvlan and ipvlan Linux network drivers. In this blog, I will cover usage of macvlan and ipvlan network plugins with CoreOS Rkt Container runtime and CNI(Container network interface). Rkt and CNI Rkt is another Container runtime similar to Docker. CNI is Container networking standard proposed by … Continue reading →

Macvlan and IPvlan

Macvlan and ipvlan are Linux network drivers that exposes underlay or host interfaces directly to VMs or Containers running in the host. In this blog, I will cover basics of macvlan and ipvlan, compare macvlan and ipvlan to Linux bridge and sub-interfaces and also show how to create these interfaces in Linux system. In the … Continue reading →

Experimental Docker with Docker machine

Docker Experimental channel is used to release experimental Docker features so that Docker users can try the new features and provide feedback. It is nice to use the experimental Docker in a test environment rather than upgrading Docker in the main development machine. The preferred approach is to use docker-machine and create a VM with experimental Docker. … Continue reading →

FBI raids home of researcher who reported unsecured patient data on a public server

What does a security researcher get for responsibly disclosing a dental database vulnerability that is exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under Computer Fraud and Abuse Act (CFAA).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here

FBI raids home of researcher who reported unsecured patient data on a public server

FBI raids home of researcher who reported unsecured patient data on public server

What does a security researcher get for responsibly disclosing a dental database vulnerability exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under CFAA (Computer Fraud and Abuse Act).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here

FBI raids home of researcher who reported unsecured patient data on public server

The shocking truth of how you’ll be tracked online and why

A recent study, Online tracking: A 1-million-site measurement and analysis, conducted by researchers at Princeton University discovered that Google is tracking users on nearly 80 percent of all of the Top 1 Million Domains. How are they doing this? Not surprisingly, they’re using a variety of tracking and identification techniques and they’re doing it for the obvious reason: To manipulate you. In the beginning tracking you was just about getting you to buy stuff; now, it’s evolving, and in the future, it will be all about subtle, insidious manipulation.To read this article in full or to leave a comment, please click here

The shocking truth of how you’ll be tracked online and why

How To Install dCore Linux in a virtual machine

dCore Linux is a minimal Linux system based on the Tiny Core Linux system. Like Tiny Core Linux, dCore loads its file system entirely into RAM, which should provide good performance in large network emulation scenarios running on a single host computer.

tiny-core-linux_kraked

dCore Linux allows users to install additional software from the Debian or Ubuntu repositories, instead of using the pre-built (and often out-of-date) TCE extensions provided for Tiny Core Linux. This should simplify the process of building network appliances for use in a network emulator, as you will not need to compile and build your own extensions, or use out-of-date pre-built extensions.

dCore Linux is designed to run as a “live” Linux system from removable media such as a CD or a USB drive but, for my use, I need to install it on a hard drive. Currently available instructions for installing dCore Linux onto a hard drive are incomplete and hard to follow. This post lists a detailed procedure to install dCore Linux on a virtual disk image connected to a virtual machine. I use VirtualBox in this example, but any other virtual machine manager would also be suitable.

Notes about dCore

Because dCore Linux is a Continue reading

Node-RED, wiring the Raspberry Pi to the IoT

One of the many things that Raspberry Pi-based systems are excellent for is for building Internet of Things platforms. The price is right ($35), the performance is great for the price, the input/output options are great, there’s an enormous ecosystem of add-on and compatible sensors and other hardware, and an equally enormous supporting community. As a result of this vibrant market, a slew of operating system choices for the Raspberry Pi have appeared (see my Ultimate Guide to Raspberry Pi Operating Systems parts 1, 2, and 3) along with some really creative software development tools such as Node-RED, a free, open source, visual wiring tool built by IBM Emerging Technologies. To read this article in full or to leave a comment, please click here

Hiroshima is a complex memorial

In the news is Obama's visit to the Hiroshima atomic bomb memorial. The memorial is more complex than you think. It's not a simple condemnation of the bomb. Instead, it's a much more subtle presentation of the complexity of what happened.

I mention this because of articles like this one at Foreign Policy magazine, in which the author starts by claiming he frequently re-visits Hiroshima. He claims that the memorial has a clear meaning, a message, that he takes back from the site. It doesn't.

The museum puts the bombing into context. It shows how Japan had been in a constant state of war since the 1890s, with militaristic roots going back further in to Samurai culture. It showed how Japan would probably have continued their militaristic ways had the United States not demanded complete surrender, a near abdication of the emperor, and imposed a pacifist constitution on the country.

In other words, Japan accepts partial responsibility for having been bombed.

It doesn't shy away from the horror of the bomb. It makes it clear that such bombs should never again be used on humans. But even that has complexity. More people were killed in the Tokyo firebombing than Hiroshima Continue reading

The EFF is Orwellian as fuck

As this blog has documented many times * * * *, the Electronic Frontier Foundation (EFF) is exactly the populist demagogues that Orwell targets in his books 1984 and Animal Farm. Today, the EFF performed yet another amusingly Orwellian stunt. Urging the FCC to regulate cyberspace, it cites the exact law that it had previously repudiated.

Specifically, the EFF frequently champions the document Declaration of Independence of Cyberspace, written by one of its founders, John Perry Barlow. This document says:

"Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather."

Specifically, Barlow is talking about a then recent act of Congress:

In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.

That 1996 Act adds sections to the telcom laws, such as this portion:

Continue reading

« Previous 1 … 2,926 2,927 2,928 2,929 2,930 … 3,836 Next »