Reaction: Should routing react to the data plane?

Over at Packet Pushers, there’s an interesting post asking why we don’t use actual user traffic to detect network failures, and hence to drive routing protocol convergence—or rather, asking why routing doesn’t react to the data place.

I have been looking at convergence from a user perspective, in that the real aim of convergence is to provide a stable network for the users traversing the network, or more specifically the user traffic traversing the network. As such, I found myself asking this question: “What is the minimum diameter (or radius) of a network so that the ‘loss’ of traffic from a TCP/UDP ‘stream’ seen locally would indicate a network outage FASTER than a routing update?”

This is, indeed, an interesting question—and ones that’s highly relevant in our current software defined/drive world. So why not? Let me give you two lines of thinking that might be used to answer this question.

First, let’s consider the larger problem of fast convergence. Anyone who’s spent time in any of my books, or sat through any of my presentations, should know the four steps to convergence—but just in case, let’s cover them again, using a slide from my forthcoming LiveLesson on IS-IS:

Convergence Steps

There Continue reading

Georgia Tech awarded patent for dragonfly-inspired MAV

Well it’s springtime and if you are the type to embrace nature and hang out near freshwater, then you may see dragonflies. The next time you see one, consider that its robotic counterpart has finally been granted a patent.Wait, haven’t you seen dragonfly-like MAVs for years now? Probably. Georgia Tech Research Corporation filed the patent in 2012. At any rate, the patent says that in order for DARPA to consider an aerial vehicle as a MAV, it must be “smaller than 6 inches in any direction or must not have a gross takeoff weight greater than 100 grams” (about .22 pounds or roughly the same weight as 100 Skittles.)To read this article in full or to leave a comment, please click here

Sponsored Post: TechSummit, zanox Group, Varnish, LaunchDarkly, Swrve, Netflix, Aerospike, TrueSight Pulse, Redis Labs, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • The zanox Group are looking for a Senior Architect. We're looking for someone smart and pragmatic to help our engineering teams build fast, scalable and reliable solutions for our industry leading affiliate marketing platform. The role will involve a healthy mixture of strategic thinking and hands-on work - there are no ivory towers here! Our stack is diverse and interesting. You can apply for the role in either London or Berlin.

  • Swrve -- In November we closed a $30m funding round, and we’re now expanding our engineering team based in Dublin (Ireland). Our mobile marketing platform is powered by 8bn+ events a day, processed in real time. We’re hiring intermediate and senior backend software developers to join the existing team of thirty engineers. Sound like fun? Come join us.

  • Senior Service Reliability Engineer (SRE): Drive improvements to help reduce both time-to-detect and time-to-resolve while concurrently improving availability through service team engagement.  Ability to analyze and triage production issues on a web-scale system a plus. Find details on the position here: https://jobs.netflix.com/jobs/434

  • Manager - Performance Engineering: Lead the world-class performance team in charge of both optimizing the Netflix cloud stack and developing the performance observability capabilities Continue reading

US Federal Courts warn of aggressive scammers

The fraud and scam war rages. This week the Federal Courts warned of swindles involving people posing as federal court officials and U.S. Marshals targeting citizens, threatening them with arrest unless they pay some fake fine for failing to show up for jury duty .+More on Network World: What are grand technology and scientific challenges for the 21st century?+“This year’s scams are more aggressive and sophisticated than we’ve seen in years past,” says Melissa Muir, Director of Administrative Services for the U.S. District Court of Western Washington in a statement. “Scammers are setting up call centers, establishing call-back protocols and using specific names and designated court hearing times.”To read this article in full or to leave a comment, please click here

Docker at /Build

Every year, Microsoft welcomes thousands of developers to their /Build conference. This year, whether you’re attending live in San Francisco, or watching online, there will be lots of Docker at /Build. Building from the announcement last week of the beta for Docker for Mac … Continued

Control with Ansible Tower, Part 1

tower-control-series-screen.png

This is the first in a series of posts about how Ansible and Ansible Tower enable you to manage your infrastructure simply, securely, and efficiently.

When we talk about Tower, we often talk in terms of Control, Knowledge, and Delegation. But what does that mean?  In this series of blog posts, we'll describe some of the ways you can use Ansible and Ansible Tower to manage your infrastructure.

CONTROL - THE BASICS

The first step of controlling your infrastructure is to define what it is actually supposed to be. For example, you may want to apply available updates - here's a basic playbook that does that.

---
- hosts: all
  gather_facts: true
  become_method: sudo
  become_user: root
  tasks:
    - name: Apply any available updates
      yum:
        name: "*"
        state: latest
        update_cache: yes

Or you may have more detailed configuration. Here's an example playbook for basic system configuration.This playbook:

  • Configures some users

  • Installs and configures chrony, sudo, and rsyslog remote logging

  • Sets some SELinux parameters

Normally, we’d organize our configuration into Ansible roles for reusability, but for the purpose of this exercise we're just going to use one long playbook.

We'd want to apply this as part of our standard system configuration.

 Continue reading

Apple issues statement regarding DOJ suit: “This case should have never been brought”

The DOJ on Monday filed a brief seeking to vacate a previous court's ruling that would have required Apple to assist the FBI in hacking into a locked iPhone used by one of the San Bernardino shooters. The DOJ's motion seemingly brings to a conclusion a saga that has continued to make headlines since the story burst into the news a few weeks ago.According to the DOJ, the FBI no longer needs Apple's assistance because they managed to access the device's contents with the help of a third-party. While the identity of the third party was not revealed, it's been reported that the FBI received assistance from an Israeli software forensics company called Cellebrite. Whether that is true or not remains unknown, but we do know that the FBI did not receive any outside assistance from other government agencies like the NSA.To read this article in full or to leave a comment, please click here

Free Bitdefender tool prevents Locky, other ransomware infections, for now

Antivirus firm Bitdefender has released a free tool that can prevent computers from being infected with some of the most widespread file-encrypting ransomware programs: Locky, TeslaCrypt and CTB-Locker.The new Bitdefender Anti-Ransomware vaccine is built on the same principle as a previous tool that the company designed to prevent CryptoWall infections. CryptoWall later changed the way in which it operates, rendering that tool ineffective, but the same defense concept still works for other ransomware families.While security experts generally advise against paying ransomware authors for decryption keys, this is based more on ethical grounds than on a perceived risk that the keys won't be delivered.To read this article in full or to leave a comment, please click here

Arista takes aim at core router market with Universal Spine

The concept of using switching infrastructure as a replacement for a core router is certainly nothing new. Years ago, vendors like Foundry Networks and Force10 tried to make the case but were unsuccessful in their attempts. Although the switches were beefy and had massive port density they were missing some key features such as MPLS support, the ability to support a full Internet routing table and carrier class resiliency. From an economic perspective, the cost per port on a switch is about one-tenth what it is on a router, so there is a financial argument to be made but the products just didn’t have the technical chops to hang with big routers.Arista Networks is now taking a shot at this market again but is taking a significantly different approach to the market. Arista is attempting to disrupt the core router market by replacing the big boxes with a distributed spine, similar to the way the company disrupted the legacy data center switching market. Spine-Leaf configurations are well accepted today in big data centers and cloud providers but this wasn’t the case just a few years ago as there was a certain religion around big chassis deployed in multiple tiers. Continue reading

New York company profited by sending state records to India

A New York IT contractor "swelled its profits" by outsourcing government work offshore that should not have left the state. A major part of the work was sent to India in violation of state security rules, New York investigators said.The contractor, Focused Technologies Imaging Services in Albany County, was working under a $3.45 million contract to scan and index 22 million fingerprint cards maintained by the New York State Division of Criminal Justice Services.Focused Technologies, in turn, hired an India-based company that performed about 37% of the work and was paid $82,000.The fingerprint cards are associated with arrests and incarcerations, and with applications for jobs or licenses where a criminal history background check is required. The cards, which were all dated before 2009, contained sensitive data including signatures, Social Security numbers, physical characteristics and dates of birth. Focused Technologies employees were required to pass criminal background checks to work on it.To read this article in full or to leave a comment, please click here

The Universal Spine Is Born!

The Universal Spine Is Born!

The rapid migration from enterprise to cloud, driven by the economics of scale, the convergence of local and wide-area networking (LAN-WAN), the migration from Fibre Channel to IP storage, the rise of analytics and the emergence of new cloud applications is dramatic. In the past two years, we have witnessed a massive shift in the way applications are built and deployed, moving away from legacy siloed infrastructure to seamless workload mobility. The demands of these new workloads change the way spine networks are reconstructed for cloud networking. As physical compute or storage silos evolve to support cloud applications, one can automate and provision the entire network to handle any workload, workflow or workstream, with real time agility.

Some other comments on the ISIS dead-drop system

So, by the time I finished this, this New York Times article has more details. Apparently, it really is just TrueCrypt. What's still missing is how the messages are created. Presumably, it's just notepad. It's also missing the protocol used. It is HTTP/FTP file upload? Or do they log on via SMB? Or is it a service like DropBox?

Anyway, I think my way is better for sending messages that I describe below:


Old post:

CNN is reporting on how the Euro-ISIS terrorists are using encryption. The details are garbled, because neither the terrorists, the police, or the reporters understand what's going on. @thegrugq tries to untangle this nonsense in his post, but I have a different theory. It's pure guesswork, trying to create something that is plausibly useful that somehow fits the garbled story.

I assume what's really going is this.

The terrorist is given a USB drive with the TrueCrypt software and an encrypted partition/file. The first thing the terrorist does is put the USB drive into a computer, run the TrueCrypt program, then mount the file/partition, entering a password. In other words, all you see on the USB drive is the directory "TrueCrypt", and a large Continue reading
1 3,082 3,083 3,084 3,085 3,086 3,848