Linux bridge, macvlan, ipvlan, adapters

The open source Host sFlow project added a feature to efficiently monitor traffic on Linux host network interfaces: network adapters, Linux bridge, macvlan, ipvlan, etc. Implementation of high performance sFlow traffic monitoring is made possible by the inclusion of random packet sampling support in the Berkeley Packet Filter (BPF) implementation in recent Linux kernels (3.19 or later).

In addition to the new BPF capability, hsflowd has a couple of other ways to monitor traffic:
  • iptables, add a statistic rule to the iptables firewall to add traffic monitoring
  • Open vSwitch, has built-in sFlow instrumentation that can be configured by hsflowd.
The BPF sampling mechanism is less complex to configure than iptables and can be used to monitor any Linux network device, including: network adapters (e.g. eth0) and the Linux bridge (e.g. docker0). Monitoring a network adapter also provides visibility into lightweight macvlan and ipvlan network virtualization technologies that are likely to become more prevalent in the Linux container ecosystem, see Using Docker with macvlan Interfaces.

The following commands build and install hsflowd on an Ubuntu 14.03 host:
sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install libpcap-dev
sudo apt-get install git
git clone https://github. Continue reading

IRS: Actually, that breach last year was way worse than we thought

For U.S. taxpayers, the news just keeps getting worse about the cyberattack discovered last year on the IRS's Get Transcript application,At first, it looked like just over 100,000 taxpayers had been affected. Then, last August, the number was updated to more than 300,000.Now, it looks like a further 390,000 people's information could have been breached, bringing the total estimate to over 700,000."The Treasury Inspector General for Tax Administration conducted a nine-month-long investigation looking back to the launch of the application in January 2014 for additional suspicious activity," the Internal Revenue Service announced on Friday. "This expanded review has identified additional suspicious attempts to access taxpayer accounts using sensitive information already in the hands of criminals."To read this article in full or to leave a comment, please click here

Cisco’s dominance continues

To the surprise of perhaps no one, Cisco maintained its dominant leadership share of enterprise and service provider switching and routing in the fourth quarter of 2015, according to Synergy Research. Cisco’s share was 56% of both the aggregate $11 billion market in Q4, and the $41 billion market for all of 2015. Synergy Research Group Its share remained flat from 2014, when the aggregate market was $39.8 billion, Synergy found.To read this article in full or to leave a comment, please click here

Troubleshoot#1: Correlation vs Causation

Network problems can be as simple as follows: Ping neighbor. 100% packet loss. Check network interface, it’s down. Change SFP and you are done, problem solved   But they can also be complex; really complex .. In the past few years, I have had the unplanned privilege to see some of the shi**iest networking problems […]

Apple vs. the FBI: The legal arguments in a nutshell

Apple has raised some interesting, and potentially winning, legal arguments in its motion to overturn a judge’s order requiring the company to help the FBI unlock the iPhone of a mass shooter.The FBI's request for Apple to write new software to defeat password protections on the phone violates the company’s free speech and due process rights, Apple argued Thursday in its motion to vacate Magistrate Judge Sheri Pym’s Feb.16 order.To read this article in full or to leave a comment, please click here

Cloud security is good, but here’s how to make it better

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

More than a third of businesses in the United States currently use the cloud, but by 2020 that number is expected to more than double to a whopping 80%. But even though the cloud is secure, it doesn’t guarantee immunity from data breaches. Now that the cloud is rapidly becoming a mainstream part of IT, businesses must think more critically about how to bolster their security beyond cloud providers’ default security infrastructure—which often proves to be inadequate for the changing face of business.

To read this article in full or to leave a comment, please click here

Oscar ad finds Carrie Fisher, IBM Watson and robots dealing with humans

Apparently IBM’s Watson isn’t all that popular amongst the robot community – at least that’s how it looks in a new IBM commercial "Coping with Humans": A Support Group for Bots.”In the commercial Carrie Fisher (or Princess Leia of Star Wars fame) tries to guide a raft of disgruntled robots in a therapy session that apparently has had problems in the past – saying “maybe this week we might try and listen more – and throw things less.”It’s pretty funny, take a look. +More on Network World: NASA touts real technologies highlighted in 'The Martian' flick+ To read this article in full or to leave a comment, please click here

Oscar ad finds Carrie Fisher, IBM Watson and robots dealing with humans

Apparently IBM’s Watson isn’t all that popular amongst the robot community – at least that’s how it looks in a new IBM commercial "Coping with Humans": A Support Group for Bots.”In the commercial Carrie Fisher (or Princess Leia of Star Wars fame) tries to guide a raft of disgruntled robots in a therapy session that apparently has had problems in the past – saying “maybe this week we might try and listen more – and throw things less.”It’s pretty funny, take a look. +More on Network World: NASA touts real technologies highlighted in 'The Martian' flick+ To read this article in full or to leave a comment, please click here

Fixing the Internet’s routing security is urgent and requires collaboration

The Internet is fragile. Many of its protocols were designed at a time when the goal was rapid network expansion based on trust among operators. Today, the Internet's open nature is what makes it so great for business, education and communication, but the absence of security mechanisms at its core is something that criminals are eager to exploit.In late January, traffic to many IP (Internet Protocol) addresses of the U.S. Marine Corps was temporarily diverted through an ISP in Venezuela. According to Doug Madory, director of Internet analysis at Dyn, such routing leaks occur almost on a daily basis and while many of them are accidents, some are clearly attempts to hijack Internet traffic.To read this article in full or to leave a comment, please click here

PlexxiPulse—Powering Networks On a Global Scale

This week, we announced that Perseus selected Plexxi to deploy a next-generation network system to expand its service operations into 11 new major Asian markets and offer new services between 29 sites across the globe. By using our solutions, Perseus is able to supply low latency point-to-point and multipoint Ethernet services as well as global market data distribution in all of the world’s key emerging markets and financial liquidity centers.

Perseus came to us looking for a vendor to help improve its network’s geographic scale, simplicity, agility and service offering capabilities. Through Plexxi’s technology, the company found ways to reduce its network’s operational overhead, intense manual labor and complexity, while at the same time increasing and improving service delivery options for its customers. We’re proud that we were able to help Perseus find a solution that accommodated their requirements of today as well as those of the future. Interested in learning more about how we’re working together? Take a look at this blog post from our CEO Rich Napolitano.

Below please find a few of our top picks for our favorite news articles of the week.

Light Reading: Perseus Builds 75,000-Mile Global SDN Network
By Mitch Wagner
Perseus is deploying Continue reading

The Unabomber’s brother has written a book that I can’t wait to read

David Kaczynski has lived the unimaginable: His brother Ted, the Unabomber, did more than merely kill and maim those who were victims of his attacks, he exacted a terrible toll on his own family, as is always the case with those who commit evil acts.Now David Kaczynski has written a book -- Every Last Tie – that aspires to makes some sense of an otherwise senseless situation. From a review in the New Republic:To read this article in full or to leave a comment, please click here

Implenting Idempotency using HPE IMC

 

Try saying that five times fast.

 

What if those VLANS already exist?

There’s a concept called idempotency which can be loosely explained as

Make sure it’s like this. If it’s not like this, make it like this. If it’s already like this. Don’t do anything

Essentially, it’s a way to declare the desired configuration state of whatever it is you’re trying to configure. If the configuration state of that server, or switch or router is already in that state, than just leave it alone.

It’s a way to ensure that configuration drift doesn’t happen.

So if there’s some rabbid network administrator with a console cable running around laughing maniacly as they randomly changes things… this will help you keep them in check.

jack photo

 

Idempotent VLANs

So we’re going to look at the last example here where we did the following:

  • grabbed the jinja template for vlans directly from a GIThub repository
  • grabbed the desired vlans file directly from a GIThub repository
  • renderd the Jinja template using the values from the vlan file to get our final config
  • used the pyhpeimc library to push the commands through the executecmd RESTful API
 

Import Libraries

You know the drill here, Continue reading