NetworkingNexus.net

Thoughts on Luminus Networks

Late last week, Cyrus Durgin from Luminus Networks published an article on SDx Central titled “The (R)evolution of Network Operations.” You may notice that my name is mentioned at the bottom of the article as someone who provided feedback. In this post, I’d like to share some thoughts—high-level and conceptual in nature—on network operations and Luminus Networks.

I was first introduced to Luminus Networks when I met its CEO, Kelly Wanser, at the Open Networking User Group (ONUG) meeting in New York City last November. We met again in the Denver area in late December, and Kelly gave me a preview of what Luminus was building. I must confess that I was immediately intrigued by what Kelly was describing. One key thing really jumped out at me: we need to treat the network as a system, not as a bunch of individual elements.

When it comes to network monitoring/management/operations, so many of the tools are focused on the individual elements that comprise a network: provisioning a switch, pushing configuration changes to a router or group of routers, polling counters from interfaces on switches, etc. While there’s nothing wrong with any of these things, it seems to me that there’s Continue reading

TOTP SSH port fluxing

Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties and while that is generally viewed as an action of [security through obscurity](https://en.wikipedia.org/wiki/S

Docker Networking: macvlan bridge

Docker takes a slightly different approach with its network drivers, confusing new users which are familiar with general terms used by other virtualization products. If you are looking for a way to bridge the container into a physical network, you have come to the right place. You can connect the container into a physical Layer 2 network by using macvlan driver. If you are looking for a different network connection, refer to my docker network drivers post.

Before I begin, you should check some basics on what macvlan is, why it is a better alternative to a linux bridge and how it compares with ipvlan.

Important: As of Docker 1.11 macvlan network driver is part of Docker’s experimental build and is not available in the production release. You can find more info on how to use the experimental build here. If you are looking for a production ready solution to connected your container into a physical Layer 2 network, you should stick to pipework for the time being.

Last but not least, macvlan driver requires Linux Kernel 3.9 or greater. You can check your kernel version with uname -r. If you’re running RHEL (CentoOS, Continue reading

OpenNSL

Open Network Switch Layer (OpenNSL) is a library of network switch APIs that is openly available for programming Broadcom network switch silicon based platforms. These open APIs enable development of networking application software based on Broadcom network switch architecture based platforms.

The recent inclusion of the APIs needed to enable sFlow instrumentation in Broadcom hardware allows open source network operating systems such as OpenSwitch and Open Network Linux to implement the sFlow telemetry standard.

Kansas Heart Hospital hit with ransomware; attackers demand two ransoms

Kansas Heart Hospital in Witchita was hit with ransomware last week. The ransomware attack occurred on Wednesday, and the KWCH 12 news video from Friday night said some files were still inaccessible by the hospital.Hospital President Dr. Greg Duick refused to disclose the ransom amount and the ransomware variant. He said, “I'm not at liberty because it's an ongoing investigation, to say the actual exact amount. A small amount was made.”Yes, the hospital paid the ransom. No, the hackers didn’t decrypt the files—at least it was described as not returning “full access to the files.” Instead, the attackers asked for another ransom. This time the hospital refused to pay because it was no longer “a wise maneuver or strategy.”To read this article in full or to leave a comment, please click here

Kansas Heart Hospital hit with ransomware; attackers demand two ransoms

Kansas Heart Hospital hit with ransomware, paid, but attackers demanded 2nd ransom

Kansas Heart Hospital in Witchita was hit with ransomware last week. The ransomware attack occurred on Wednesday and the KWCH 12 news video from Friday night said some files were still inaccessible by the hospital.Hospital president Dr. Greg Duick refused to disclose the ransom amount and the ransomware variant; he said, “I'm not at liberty because it's an ongoing investigation, to say the actual exact amount. A small amount was made.”Yes, the hospital paid the ransom. No, the hackers didn’t decrypt the files – at least it was described as not returning “full access to the files.” Instead, the attackers asked for another ransom. This time the hospital refused to pay because it was no longer “a wise maneuver or strategy.”To read this article in full or to leave a comment, please click here

Kansas Heart Hospital hit with ransomware, paid, but attackers demanded 2nd ransom

Boston BSides needs more space to grow

The Boston BSides conference is bursting at its seams and may have to find a new place to carry out its mission of providing inexpensive IT security training, educational sessions and informal networking where peers can share experiences and help guide aspiring security pros.The conference this weekend at Microsoft’s New England Research and Development (NERD) Center in Cambridge, Mass., was full to capacity with about 400 people attending – the NERD limit, says Daniel Reich, one of the show’s organizers.He says the organizers had to turn away about 100 others who wanted to attend, and after reading surveys by attendees and comments on Twitter, they may be looking for a larger venue for next year.To read this article in full or to leave a comment, please click here

Boston BSides needs more space to grow

There’s finally reason to hope in the war against ransomware

Now when ransomware tries to take over your computer, there’s something you can be sides pay up: stop it, buy more time to deal with it or mitigate the damage it might do.These options include both hardware and software approaches IT pros can take to defeat the malware, a group at this weekend’s Security BSides Boston conference was told.By looking at how several variants of ransomware work - CryptoLocker, CryptoWall, Locky, SamSam - researcher Weston Hecker found characteristics of their behavior that could be turned against them.One method goes after the droppers that first infect target machines in preparation for downloading the main malware payloads. Their purpose is to examine the machines for indications that it might be an inhospitable host and to eliminate the roadblocks if possible.To read this article in full or to leave a comment, please click here

There’s finally reason to hope in the war against ransomware

Mininet dashboard

Mininet Dashboard has been released on GitHub, https://github.com/sflow-rt/mininet-dashboard. Follow the steps in Mininet flow analytics to install sFlow-RT and configure sFlow instrumentation in Mininet.

The following steps install the dashboard and start sFlow-RT:

cd sflow-rt
./get-app.sh sflow-rt mininet-dashboard
./start.sh

The dashboard web interface shown in the screen shot should now be accessible. Run a test to see data in the dashboard. The following test created the results shown:

sudo mn --custom extras/sflow.py --link tc,bw=10 --topo tree,depth=2,fanout=2 --test iperf

The dashboard has three time series charts that update every second and show five minutes worth of data. From top to bottom, the charts are:

Top Flows - Click on a peak in the chart to see the flows that were active at that time.
Top Ports - Click on a peak in the chart to see the ingress ports that were active at that time.
Topology Diameter - The diameter of the topology.

The dashboard application is easily modified to add additional metrics, generate events, or implement controls. For example, adding the following code to the end of the sflow-rt/app/mininet-dashboard/scripts/metrics.js file implements equivalent functionality to the large flow detection Python script described in Mininet flow analytics Continue reading

Stressed? Low energy? The answer is Thync

Stressed? Of course you are. Do you find it hard to chill without a drink or three in the evening? Yep, that’s pretty common when you’re dealing with the kind of pressures IT professionals are often under. And then what about when you get up in the morning? Are you low on energy? How about when it’s 2pm and you’re flagging and there’s the prospect of having to pull an all-nighter to roll out the new whatever-it-is you’re wrestling with? Do you turn to endless cups of coffee or, the gods forfend, do you down endless energy drinks until you have a caffeine high that makes you vibrate like a tuning fork? To read this article in full or to leave a comment, please click here

iPhone 7 Rumor Rollup: ‘actual’ renders; 3 not 2 versions; 4 never-going-to-happens

No one has ever mistaken me for a gadget guy, but the regular author of our “iPhone 7 Rumor Rollup” is unavailable this week so into the breach I step. I do carry an iPhone 5s, but, truth be told, there is close to zero chance that I will be upgrading. Nonetheless, in addition to genuine iPhone 7 rumors I intend to offer here a few suggestions that could conceivably up my upgrade odds.Behold ‘exclusive’ renders The language used by Apple sites to convey the fruits of their rumor farming is an art form in and of itself. Take this headline from GSM Arena: “Exclusive: Apple iPhone 7 renders appear.” Exclusive is self-explanatory, though at times less than accurate. The interesting use here is “appear,” as in out of thin air. This wasn’t the case at all.To read this article in full or to leave a comment, please click here

PIM Sparse Mode Vs PIM SSM

One of my students asked me this question a month ago. “What is the difference between PIM Sparse Mode and PIM SSM (Source Specific Multicast)?” But, since I had two CCDE bootcamps in one month, I didn’t have time to answer the question on this platform. By the way I have seen this mis understanding […]

The post PIM Sparse Mode Vs PIM SSM appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

CCDE – My Journey To Becoming Swedens 2nd CCDE

On May the 17th I passed the CCDE practical in Madrid and became Swedens 2nd CCDE, CCDE #20160011. This post describes my journey to passing the CCDE practical in my 1st attempt and the materials that I used to do so.

Let me start by saying that this is a tough exam, a very tough exam. You need to be an expert in RS and SP technologies and there is no instant feedback in the exam, like you would get in the CCIE lab. In the CCIE lab you will see you are missing routes or if your output does not match the output the lab guidelines told you to match. In the CCDE practical there will be very few questions that you are 100% sure that you got the optimal answer. Design is a more subjective skill than implementation. I had several moments where I felt that I could just as well leave because there was no chance I was going to pass the lab. You need to be mentally strong to put those thoughts aside and just keep performing your best throughout the whole exam. You might be doing a lot better than you think.

The first section Continue reading

OpenStack SDN – Interconnecting VMs and Physical Devices With Cumulus VX L2 Gateway

One of the basic function of any data centre network is the ability to communicate with baremetal servers. In this post we’ll see how Neutron L2 Gateway plugin can be used to configure a Cumulus VX switch for VXLAN-VLAN bridging.

QNAP NAS also does DAS via Thunderbolt

If you look through the scores of online forums where Network Attached Storage (NAS) systems are discussed, one of the most common user “wants” is for a NAS to simultaneously be a DAS (Direct Attached Storage). It’s a functionality that, at first blush, you might think easy to achieve but it turns out that it really isn’t because it’s not been an available option from any major NAS vendor. I first discovered the market’s desire for a combined NAS and DAS when I was editing video and wondered if I could use the eSATA interface on the QNAP NAS I had in the Gibbs Universal Secret Underground Bunker. It turned out that, in common with other vendors’ implementations, the QNAP’s eSATA ports were host-only interfaces which meant they could only connect to a slave drive.To read this article in full or to leave a comment, please click here

Google’s modular smartphone project sacrificed its original vision to move forward

Google's Project Ara modular smartphone is coming to developers soon, but it's lost a key part of its customization vision along the way. Developers will be able to get their hands on an early release version of Ara by the end of this year, to begin building custom hardware modules for the device, Google announced at its I/O conference Friday. The modules will allow users to customize their phones with hardware like cameras, speakers, and even a rear-facing display. Ara's initial philosophy was to serve as a wholly modular smartphone, which would allow users to customize all of the phone's components, including its processor, battery, network connectivity, and screen. Now, many of those components will be integrated into the Ara "frame," which will still retain space for some customization. To read this article in full or to leave a comment, please click here

« Previous 1 … 2,948 2,949 2,950 2,951 2,952 … 3,841 Next »