CCDE – BGP Convergence

Introduction

This post will look at the steps involved in BGP convergence and how it interacts with IGP to converge.

Any network of scale will use route reflectors (RRs) so this post will focus on deployments with RRs. Networks running a full mesh will have all paths available which makes hot potato routing and fast convergence easily achievable, at the cost of scaling and management overhead. A combination of full mesh and RRs is also possible where one scenario would be to run a full mesh within a point of presence (PoP) and RRs within the pop, peering with central RRs.

BGP can be used for both internal (iBGP) and external (eBGP) peerings and convergence and timers differ depending if it’s internal or external peerings.

BGP is a path vector protocol which means that it behaves as a distance vector protocol where it can only advertise routes that are installed into the RIB. There is an exception to the rule when BGP selective route download (SRD) is used to not download routes to the RIB but still advertise the routes. BGP will by default only install one path into the RIB even if there are multiple equal candidates and it Continue reading

Verizon charts a different cloud services path

When running down the list of top cloud vendors, the name Verizon doesn't come up immediately, but the firm is looking to expand its particular brand of cloud services that complement main players like Amazon and Microsoft. It's also fending off rumors it's getting out of the cloud business. Late last year, the company denied reports it was looking to sell off its enterprise services business, which include cloud services and data centers. At the Wells Fargo Securities 2015 Technology, Media & Telecom Conference in late November, Verizon CFO Francis Shammo denied reports that his company is considering selling some of its enterprise assets after a Reuters report said just that. To read this article in full or to leave a comment, please click here

ContainerWorld2016 conference in review – Part II (Container Orchestration)




© Arun Sriraman
Picking up from Part I of ContainerWorld2016 conference in review, this post describes the various orchestration mechanisms available to manage containers. There are more than just the tree mechanisms out there to setup & manage containers but these; Kubernetes, Mesos and Docker Swarm are gaining traction and popularity. The Open Container Night Meetup (SVDevOps meetup group) although wasn't part of the conference tracks and hosted after day 1 sessions at the same venue was very informative. As part of this meetup's lightening talks, Adrian Otto provided a good in-depth comparison of the various container orchestration tools along with the roadmap for Openstack Magnum project and Carina by Rackspace.

When talking about containers and orchestration, as Adrian put it, one can think of two methods or paradigms of interacting with any system - imperative where you have complete control on how you want the system to work  along with configuration knobs accessible to you at every step and declarative where you describe the outcome and the system automates everything for you making it simple and easy but giving you less flexibility and configurability. The degree of configuration control and ease of use are two important factors that Continue reading

When Should Approximate Query Processing Be Used?

This is a guest repost by Barzan Mozafari, who is part of a new startup, www.snappydata.io, that recently launched an open source OLTP + OLAP Database built on Spark.

The growing market for Big Data has created a lot of interest around approximate query processing (AQP) as a means of achieving interactive response times (e.g., sub-second latencies) when faced with terabytes and petabytes of data. At the same time, there is a lot of misinformation about this technology and what it can or cannot do.

Having been involved in building a few academic prototypes and industrial engines for approximate query processing, I have heard many interesting statements about AQP and/or sampling techniques (from both DB vendors and end-users):

Myth #1. Sampling is only useful when you know your queries in advance
Myth #2. Sampling misses out on rare events or outliers in the data
Myth #3. AQP systems cannot handle join queries
Myth #4. It is hard for end-users to use approximate answers
Myth #5. Sampling is just like indexing
Myth #6. Sampling will break the BI tools
Myth #7. There is no point approximating if your data fits in memory

Although there is a Continue reading

Introducing VMware NSX Fundamentals LiveLesson from VMware Press

We are pleased to announce the first official video learning opportunity for VMware NSX VMware NSX Fundamentalstechnology – VMware NSX Fundamentals LiveLesson from VMware Press. This video course will provide viewers the information needed to understand NSX concepts, components and deployment options. As an added benefit, this course used the most recently version (VMware NSX 6.2) at its foundation to make sure you have the most current materials available for your reference. As it is based on NSX 6.2, the breadth of new features available are covered in detail including multi-vCenter, enhanced NSX operations tools, NSX automation and more! Continue reading

How an audit can shore up your security strategy

Information security audits are on the rise, as organizations look to not only bolster their security postures, but demonstrate their efforts to other parties such as regulators.Audits, which are measurable technical assessments of systems, applications and other IT components, can involve any number of manual and automated processes. Whether conducted by internal auditors or outside consultants, they are an effective way for companies to evaluate where they stand in terms of protecting data resources.The high-profile data breaches of recent years have forced many organizations to take a closer look at their security technologies and policies, experts say.To read this article in full or to leave a comment, please click here

Go inside a security operations center

Walk into a security operations center (SOC) and the first impression you get is of an immense war room, with large screens across the entire front wall displaying a world map and endless rows of tabular data.Analysts sit in rows facing the screens as they scrutinize streams of data on their own monitors. Most of the light comes from the wall screens, creating a cavelike atmosphere. The overall feel is one of quiet efficiency.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Welcome to Alert Logic’s 24/7 security operations center in Houston, Texas. This is where Alert Logic’s analysts monitor customer applications and networks, hunting for signs of an attack or a breach. For organizations with limited budgets and a small (or not) dedicated security team, working with a managed security services provider like Alert Logic helps close the security gap.To read this article in full or to leave a comment, please click here(Insider Story)

Ransomware rising

Ransomware is a familiar plague in the online world – it has existed for more than 25 years and become increasingly common during the past decade.But, until recently, it has been aimed more at organizations or individual computers than devices. And that is changing. With the explosive growth of the Internet of Things (IoT) – estimates of how many connected devices will be in use by 2020 range all the way up to 200 billion – experts say it is about to get much more common at the consumer level. An attack surface that broad and that vulnerable is irresistible to cybercriminals.[ ALSO: Many ransomware victims plead with attackers ]To read this article in full or to leave a comment, please click here

Outdated payment terminals exempted by Mozilla from SHA-1 certificate ban

Less than two months after a ban came into effect for new SSL/TLS certificates signed with the weak SHA-1 hashing algorithm, exemptions are already starting to take shape.Mozilla announced Wednesday that it will allow Symantec, which runs one of the world's largest certificate authorities, to issue nine new such certificates to a customer in order to accommodate over 10,000 payment terminals that haven't been upgraded in time.According to a discussion on the Mozilla security policy mailing list, Worldpay, a large payment processor, failed to migrate some of its SSL/TLS servers to SHA-2 certificates. As a result of an oversight, the company also didn't obtain new SHA-1 certificates for those servers before Dec. 31, 2015, when it was still allowed to do so.To read this article in full or to leave a comment, please click here

SDN Warriors All-In-One VM

SDN Warriors open community Facebook group today is releasing All-In-One VM v1.0, a Virtual Machine that anyone can run in PC or laptop to learn SDN & NFV skills. The VM runs Ubuntu OS and contains pre-installed OpenStack, OpenFlow network simulated by mininet with OpenDaylight controller, physical router simulated by dynamips, simple web portal and Network Manager written in python created by Riftadi SDN Warriors group admin. The VM is not created nor endorsed by Cisco, Canonical, ONF, Linux Foundation or OpenStack community, so please don’t ask for any support whatsoever from them. One way to use the VM is: by using only a single click in web portal we can provision automatically new vrouter VNF as OpenStack VM, configure OpenFlow network to connect physical router and vrouter, then configure OSPF routing in both physical and vrouter. You can start with this simple use case, then expand it as part of your learning. The VM is free to download and available here: https://facebook.com/groups/sdnwarriors/


With few options, companies pay hush money to data thieves

There's a disturbing new angle to cyberattacks that has become more common over the last year, and it is proving costly for organizations: extortion.Over the last year, companies have at times paid more than US$1 million in hush money to cyberattackers who have stolen their sensitive data and threatened to release it online, said Charles Carmakal, a vice president with Mandiant, the computer forensics unit of FireEye, in an interview on Wednesday."This is where a human adversary has deliberately targeted an organization, has stolen data, has reviewed that data and understands the value of it," Carmakal said. "We have seen seven-figure payouts by organizations that are afraid for that data to be published."To read this article in full or to leave a comment, please click here

Docker networking 101 – User defined networks

image In this post, I’d like to cover some of the new Docker network features.  Docker 1.9 saw the release of user defined networks and the most recent version 1.10 added some additional features.  In this post, we’ll cover the basics of the new network model as well as show some examples of what these new features provide.

So what’s new?  Well – lots.  To start with, let’s take a look at a Docker host running the newest version of Docker (1.10). 

Note: I’m running this demo on CentOS 7 boxes.  The default repository had version 1.8 so I had to update to the latest by using the update method shown in a previous post here.  Before you continue, verify that ‘docker version’ shows you on the correct release.

You’ll notice that the Docker CLI now provide a new option to interact with the network through the ‘docker network’ command…

image 
Alright – so let’s start with the basics and see what’s already defined…

image

By default a base Docker installation has these three networks defined.  The networks are permanent and can not be modified.  Taking a closer look, Continue reading

1 3,062 3,063 3,064 3,065 3,066 3,780