Label Switched Multicast – An Introduction

There are two common methods for transporting multicast packets within an MPLS-based Layer 3 VPN:

1. Generic Routing Encapsulation (GRE) with Protocol Independent Multicast (PIM) (also known as “draft-rosen”)
2. Label Switched Multicast (LSM)

There’s also a third method which uses Resource Reservation Protocol—Traffic Engineering (RSVP-TE) but I’m not going to get into that one.

In this first post in a series on LSM, I’ll describe how draft-rosen works, how LSM works, and then compare and contrast the two. Subsequent posts will focus solely on LSM.

At the end of this post, you will be able to describe conceptually how the control and data planes work with LSM and what the pros and cons are of LSM as compared to draft-rosen.

I will not be covering any theory on multicast or MPLS and will instead recommend that you be familiar with both topics before reading further.

Here we go!

Draft-rosen

All in all, draft-rosen is not all that different from running PIM-Sparse Mode (SM) in a non-MPLS network.

Draft-rosen requires that the MPLS network — the P and PE routers — all be multicast enabled and all run PIM. Each PE that is participating in the draft-rosen multicast network will form a Continue reading

Cross Continental vMotion with VMware NSX and IBM Softlayer Cloud

Ten years ago, using VMware vMotion to migrate a Virtual Machine from one server to another, even in the same rack without interruption, was considered black magic, prompting raised eyebrows and a flurry of questions.  Today, it takes quite a bit more than just a standard host-to-host vMotion to solicit a similar response.Recently however, we received a reaction similar to the days of old, rich with the nostalgia of the early days of vMotion. Continue reading

Apple vs. FBI case colors European debate about securing digital identity

Although Apple does not exhibit at Mobile World Congress, the giant trade show in Barcelona, the company casts a long shadow over it.The iPhone maker's influence there extends to app developers, accessory vendors and, now, the debate about securing digital identity.In a keynote session on security at the show, moderator Michael O'Hara asked presenters whether they sided with Apple or the U.S. government in the legal dispute over whether Apple should help the Federal Bureau of Investigation unlock an iPhone belonging to the employer of one of the San Bernardino attack suspects.For Simon Segars, CEO of ARM, the company that designs the microprocessors found in most smartphones, "It's a complex situation, there are rights and wrongs."To read this article in full or to leave a comment, please click here

The Need For Network Assessments Before Adding On

Internet Of Things Startups Pushing The Limits Of Innovation

What They Said: vSphere 6 Networking Deep Dive

One of the engineers watching the vSphere 6 Networking Deep Dive found it particularly useful:

There were pearls of knowledge in there which expanded my understanding of ESX and gave me more than a few "aha!" moments […] The course is worth the money and time for sections "uplink redundancy & load balancing" and "VLAN based virtual networks" alone.

Not convinced? Check out other reviews and survey results.

CloudFlare launches secure domain name management service

CloudFlare has launched a domain name registration service with enhanced security controls designed to prevent domain hijacking, a serious attack that can have far-reaching consequences for companies.Its Registrar keeps a close eye on domain name registrations and changes to registrations with the intention of preventing attackers from gaining control of a domain name, said Ryan Lackey, who works with CloudFlare's security product strategy.The idea came after CloudFlare began looking for a domain name registrar with better security, Lackey said. CloudFlare is a constant target for attackers. They couldn't find anything suitable, so CloudFlare decided to develop its own.To read this article in full or to leave a comment, please click here

Setting up bonding on Ubuntu 14.04

This one was a twister to me. Linux bonding is fairly simple and there are numerous blogs out there explaining the steps to get two interfaces on a linux machine bonded. There's tons of information and step-by-step guides describing what needs to be done on an Ubuntu based system for bond configuration. I was surprised when I failed to get it working after multiple attempts. I finally ended up mixing steps from more than two different blog sources to get the setup configured correctly and more importantly persist it over reboots.

Before diving deep with specifics and yet another step-by-step guide to setting up bonds on an Ubuntu 12.02 or 14.04 machine, lets see what linux bonds are and why bonding in the first place. If you were a kid in the 90's or before you'd know what a NIC is. These days with PC's going almost extinct in the home and personal computing space, it is quite hard for users to be acquainted with network cards housing one or more NICs (Network Interface Controller). This era is all about wireless - you still do have a wireless card in your laptop or notebooks or tablets but that's Continue reading

Label Switched Multicast — An Introduction

There are two common methods for transporting multicast packets within an MPLS-based Layer 3 VPN:

1. Generic Routing Encapsulation (GRE) with Protocol Independent Multicast (PIM) (also known as “draft-rosen”)
2. Label Switched Multicast (LSM)

There's also a third method which uses Resource Reservation Protocol-Traffic Engineering (RSVP-TE) but I'm not going to get into that one.

In this first post in a series on LSM, I'll describe how draft-rosen works, how LSM works, and then compare and contrast the two. Subsequent posts will focus solely on LSM.

At the end of this post, you will be able to describe conceptually how the control and data planes work with LSM and what the pros and cons are of LSM as compared to draft-rosen.

I will not be covering any theory on multicast or MPLS and will instead recommend that you be familiar with both topics before reading further.

Here we go!

Most Americans support the FBI over Apple, Pew study finds

Most Americans think that Apple should help the FBI unlock a smartphone used by one of the terrorists in the San Bernardino mass shooting, according to a study released Monday by the Pew Research Center. Fifty-one percent of those asked said they think Apple should unlock the iPhone to help the FBI with its investigation, while 38 percent said it should not unlock the phone to protect the security of its other users. Eleven percent of respondents had no opinion either way. Pew Pew found that a majority of Americans think Apple should help the FBI unlock the iPhoneTo read this article in full or to leave a comment, please click here

Network Break 75: Apple Vs. FBI; Private Clouds

Network Break weighs in on the Apple/FBI controversy to discuss technical, legal, and even moral implications. Plus, hospital ransomware, shy private clouds, SD-WAN deals, and more.

The post Network Break 75: Apple Vs. FBI; Private Clouds appeared first on Packet Pushers.

Network Break 75: Apple Vs. FBI; Private Clouds

Network Break weighs in on the Apple/FBI controversy to discuss technical, legal, and even moral implications. Plus, hospital ransomware, shy private clouds, SD-WAN deals, and more.

The post Network Break 75: Apple Vs. FBI; Private Clouds appeared first on Packet Pushers.

Are we in artificial intelligence winter?

Can the development of artificial intelligence technology be kicked up a notch? Scientists at Intelligence Advanced Research Projects Activity (IARPA) certainly hope so and recently issued a Request For Information about how AI advances could be made more quickly and consistently.“Artificial intelligence, defined here as computer simulation of cognitive processes such as perception, recognition, reasoning, and control, have captured the public’s imagination for over 60 years. However, artificial intelligence research has proceeded in fits and starts over much of that time, as the field repeats a boom/bust cycle characterized by promising bursts of progress followed by inflated expectations and finally disillusionment, leading to what has become known as an “AI winter” – a long period of diminished research and funding activity,” IARPA wrote.   IARPA is the high-risk, high-reward research arm of the Office of the Director of National Intelligence.To read this article in full or to leave a comment, please click here

Making an Innovator, a Network Original

Some of you may recognize the name Brocade. Yes, you may know Brocade as the leading supplier of data center networking products, and have heard of their IP connectivity and enterprise mobility solutions. But we’d like you to consider another side of Brocade — a side deep-rooted in the enabling technologies currently shaping and redefining... Read more →

Career Ladder, Salaries, and Retaining Top Talent

Reflecting on the recent PacketPushers podcasts on certifications and consulting life, I’m trying to document ideal conditions to train and retain top talent. (e.g. In the context of building a new consulting firm.) Please leave a comment to let me know what I’ve left out or gotten wrong. Establish a career ladder that clearly establishes […]

The post Career Ladder, Salaries, and Retaining Top Talent appeared first on Packet Pushers.

Career Ladder, Salaries, and Retaining Top Talent

Reflecting on the recent PacketPushers podcasts on certifications and consulting life, I’m trying to document ideal conditions to train and retain top talent. (e.g. In the context of building a new consulting firm.) Please leave a comment to let me know what I’ve left out or gotten wrong. Establish a career ladder that clearly establishes […]

The post Career Ladder, Salaries, and Retaining Top Talent appeared first on Packet Pushers.

IDG Contributor Network: Create a data recovery plan and secure your network

We discussed building malware defenses the last time out, but today we’re going to focus on Critical Security Controls 10, 11, and 12 covering data recovery, secure network configuration, and boundary defense.It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so it’s vital to have a proper data recovery plan in place. You can also tighten your defenses significantly by ensuring all of your network devices are properly configured, and by putting some thought into all of your potential network borders.To read this article in full or to leave a comment, please click here

Band-Aids over Basics: Anti-Drone Bill Revisions Compound Earlier Missteps

Startup touts four-factor authentication for VIP-level access

Startup Trusona is launching what it claims to be a 100% accurate authentication scheme aimed at corporate executives, premiere banking customers and IT admins who have unfettered authorization to access the most valued corporate assets.The system uses four-factor authentication to assure that the person logging in is the person they say they are. It requires a dongle that is tied to a set of specific devices (phones, tablets, laptops), certain cards with magnetic stripes that the user already owns, and a biometric ID based on how the card is swiped through the card reader on the dongle.The TruToken dongle is the miniaturization of anti-ATM-card cloning technology made by MagTek that reads not the digital data recorded on cards’ magnetic strips but rather the arrangement of the pattern of the barium ferrite particles that make the strips magnetic. The particles are so numerous and so randomly placed that no two strips have identical patterns, says Ori Eisen, Trusona’s CEO. That also makes the strips unclonable, he says.To read this article in full or to leave a comment, please click here

OpenDaylight Beryllium Reflects SDN’s Emerging Use Cases

SDN in production? Let It Be.