Table Sizes in OpenFlow Switches

This article was initially sent to my SDN mailing list. To register for SDN tips, updates, and special offers, click here.

Usman asked a few questions in his comment on my blog, including:

At the moment, local RIB gets downloaded to FIB and we get packet forwarding on a router. If we start evaluating too many fields (PBR) and (assume) are able to push these policies to the FIB - what would become of the FIB table size?

Short answer: It would explode ;)

Read more ...

General – How to Build a Network Pt.1

Building a strong network of people is very important in creating a successful career in IT. In these posts we will start first look at why building a network is important and in the other posts we will look at how to actually build the network and how to make sure that you are also contributing to the network and not only exploiting it.

If you came here to read about connecting cables or routing protocols, sorry, this is not that kind of post. This post is about how to build a network of people.

People often understimate the power of having a big reach in the industry through a network of people. I often hear in my role that I’m almost too effective sometimes. Part of that is because I have a very good network of people that I trust and rely on. In this blog we will look at WHY you want to build a network of people.

The Borg Mind – Have you heard of Star Trek? No? Are you sure you work in IT? ? Jokes aside, there is species called the Borg in the series which do not so nice things. What it is nice about Continue reading

Large advertising-based cyberattack hit BBC, New York Times, MSN

Major websites including the BBC, Newsweek, The New York Times and MSN ran malicious online advertisements on Sunday that attacked users' computers, a campaign that one expert said was the largest seen in two years.The websites weren't at fault. Instead, they are unwitting victims of malvertising, a scheme where cyberattackers upload harmful ads to online advertising companies, which are then distributed to top-tier publishers.Tens of thousands of computers could have been exposed to the harmful advertisements on Sunday, which means some running vulnerable software may have been infected with malware or file-encrypting ransomware.Some bad ads were still appearing on some websites including the BBC on Monday, said Jerome Segura, a senior security researcher with Malwarebytes, in a phone interview Tuesday.To read this article in full or to leave a comment, please click here

Ubiquity gear replacing BT HomeHub router

These are my notes from setting up Ubiquity wifi access point and router to replace the horrible BT HomeHub 5.

What’s wrong with BT HomeHub?

  • It can’t hand out non-BT DNS servers (and BT’s DNS servers MITM your queries and spoof NXDOMAIN if the reply has rfc1918 addresses in them. This is known and they “can’t” turn this off)
    • This means that I had to turn off the DHCP server and run my own on a raspberry pi. So I’m actually replacing two devices. It was already not a all-in-one-box solution.
  • The port forwarding database is not using unique key constraints, so you have to try and re-try adding port forwardings until you’re lucky and don’t hit a key collision.
  • Only one wifi network. I want untrusted things (IoT) to be firewalled from the rest.
  • I want to deny Internet access to some IoT things. I don’t need them to be able to connect anywhere. HomeHub doesn’t support that.
  • Wifi range is not great. Not terrible, but bad enough that it doesn’t cover my home.
  • I don’t know if it’s to blame, but I did not have a good experience trying to set up a second AP to automatically roam Continue reading

Ubiquity gear replacing BT HomeHub router

These are my notes from setting up Ubiquity wifi access point and router to replace the horrible BT HomeHub 5.

What’s wrong with BT HomeHub?

  • It can’t hand out non-BT DNS servers (and BT’s DNS servers MITM your queries and spoof NXDOMAIN if the reply has rfc1918 addresses in them. This is known and they “can’t” turn this off)
    • This means that I had to turn off the DHCP server and run my own on a raspberry pi. So I’m actually replacing two devices. It was already not a all-in-one-box solution.
  • The port forwarding database is not using unique key constraints, so you have to try and re-try adding port forwardings until you’re lucky and don’t hit a key collision.
  • Only one wifi network. I want untrusted things (IoT) to be firewalled from the rest.
  • I want to deny Internet access to some IoT things. I don’t need them to be able to connect anywhere. HomeHub doesn’t support that.
  • Wifi range is not great. Not terrible, but bad enough that it doesn’t cover my home.
  • I don’t know if it’s to blame, but I did not have a good experience trying to set up a second AP to automatically roam Continue reading

Managing Cisco IOS Upgrades with Ansible

upgradesI was recently asked to automate the way a client handles Cisco IOS upgrades. As I’ve been using Ansible a lot lately I decided to start there. Basically the steps required to do the upgrade can be broken down into parts which map quite nicely to tasks in an Ansible playbook. Even if you aren’t using IOS you might find it interesting to see how different Ansible modules can be combined in order to complete a set of tasks.

Continue reading

Managing Cisco IOS Upgrades with Ansible

upgradesI was recently asked to automate the way a client handles Cisco IOS upgrades. As I’ve been using Ansible a lot lately I decided to start there. Basically the steps required to do the upgrade can be broken down into parts which map quite nicely to tasks in an Ansible playbook. Even if you aren’t using IOS you might find it interesting to see how different Ansible modules can be combined in order to complete a set of tasks.
Continue reading

Privacy issues hit all branches of government at once

In a rare confluence of events, all three branches of the federal government are weighing changes that would affect when and how personal data is accessed.The approaches are somewhat contradictory: Some moves would protect citizen privacy, while others could result in more access by government agencies to records kept by businesses and smartphone users about personal information. Encryption technology is usually at the center of the discussions, with intelligence officials eager to find ways to detect communications on smartphones used by criminals and terrorists.Various actions are taking place in the federal judiciary, before Congress, as well as the executive branch.To read this article in full or to leave a comment, please click here

Defense Dept. wants your help in imagining the worst

Uncle Sam wants your brain power, technical expertise and imagination to help defend the U.S. No enlistment required.The Department of Defense says it needs to understand how everyday objects and available technologies can be used by terrorists.The range of technologies is so vast that the military's main scientific agency, the Defense Advanced Research Projects Agency (DARPA), says it needs input from as many technical people as possible.The agency has put out an open call for anyone from a credentialed professional to "skilled hobbyist" in all technical areas, including IT.INSIDER: 5 ways to prepare for Internet of Things security threats DARPA, in its announcement, wants people to show it "how easily-accessed hardware, software, processes and methods might be used to create products or systems that could pose a future threat."To read this article in full or to leave a comment, please click here

How far have we come with HTTPS? Google turns on the spotlight

HTTPS is widely considered one of the keys to a safer Internet, but only if it's broadly implemented. Aiming to shed some light on how much progress has been made so far, Google on Tuesday launched a new section of its transparency report dedicated to encryption.Included in the new section is data highlighting the progress of encryption efforts both at Google and on popular third-party sites."Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the Web even safer for everyone," wrote HTTPS evangelists Rutledge Chin Feman and Tim Willis on the Google Security Blog.To read this article in full or to leave a comment, please click here

How far have we come with HTTPS? Google turns on the spotlight

HTTPS is widely considered one of the keys to a safer Internet, but only if it's broadly implemented. Aiming to shed some light on how much progress has been made so far, Google on Tuesday launched a new section of its transparency report dedicated to encryption.Included in the new section is data highlighting the progress of encryption efforts both at Google and on popular third-party sites.MORE: Agony & Ecstasy of Google I/O 2016 Invite Day"Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the Web even safer for everyone," wrote HTTPS evangelists Rutledge Chin Feman and Tim Willis on the Google Security Blog.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Wi-Fi-tracing delivers vast insights into behavioral patterns

Collecting Wi-Fi data on pedestrians as they move around can provide analysis on infrastructure, to a depth that’s never been seen before, think scientists.Collecting breadcrumb data, as people go about their daily business can be used to discover human motivations, predict how individuals react to change, and where to locate simple resources, such as automated teller machines, the researchers from Swiss university Ecole Polytechnique Fédérale de Lausanne (EPFL) believe.“We have statistics and numbers on people who drive and take the train, but pedestrian behavior is often a mystery,” says Antonin Danalet of the school in a university website article. “Understanding the use of pedestrian infrastructure at music festivals, museums and hospitals” could be useful too, he says.To read this article in full or to leave a comment, please click here

This one patch panel trick will make all your cables the right length

Remember that one time the cable you grabbed from the box was exactly the right length for the run from patch panel to server shelf?What if every patch cable you picked up were just the right length?That's the goal of 1-year-old Austrian company PatchBox, which wants to eliminate tangles and speed up network moves, adds and changes with its system of retractable cables in rack-mountable cassettes. It's showing the product in the start-up hall at the Cebit trade show in Hanover, Germany, this week.PatchBox sells kits of 24 cassettes that slot into a 1U module just under the patchboard, right where you would usually put your horizontal cable management system. Each shelf comes with four Patch Catches -- essentially cable posts that mount on the sides of the rack, around which you can route the cables on their way between patch boards.To read this article in full or to leave a comment, please click here

This one patch panel trick will make all your cables the right length

Remember that one time the cable you grabbed from the box was exactly the right length for the run from patch panel to server shelf?What if every patch cable you picked up were just the right length?That's the goal of 1-year-old Austrian company PatchBox, which wants to eliminate tangles and speed up network moves, adds and changes with its system of retractable cables in rack-mountable cassettes. It's showing the product in the start-up hall at the Cebit trade show in Hanover, Germany, this week.PatchBox sells kits of 24 cassettes that slot into a 1U module just under the patchboard, right where you would usually put your horizontal cable management system. Each shelf comes with four Patch Catches -- essentially cable posts that mount on the sides of the rack, around which you can route the cables on their way between patch boards.To read this article in full or to leave a comment, please click here

Reaction: More Encryption is Bad?

This week I was peacefully reading the March 9th issue of ACM Queue when I received a bit of a surprise. It seems someone actually buys the “blame the victim” game, arguing that governments are going to break all encryption if we don’t give them what they want.

These ideas are all based on the same principle: If we cannot break the crypto for a specific criminal on demand, we will preemptively break it for everybody. And whatever you may feel about politicians, they do have the legitimacy and power to do so. They have the constitutions, legislative powers, courts of law, and police forces to make this happen. The IT and networking communities overlooked a wise saying from soldiers and police officers: “Make sure the other side has an easier way out than destroying you.” But we didn’t, and they are.

reaction-3If you don’t get the point, it’s simple: the only way to really have secure communications is to give the government the keys. Once again, my inner philosopher threw up (as I recently said on a Network Break podcast). The reason I find the line of argument above so horrifying is simple: it’s just true enough to Continue reading

1 3,105 3,106 3,107 3,108 3,109 3,853