HSRP – VRRP – GLBP

HSRP, VRRP and GLBP are the three commonly used first hop redundancy protocols in local area networks and the data center.

In this post, I will briefly describe them and highlight the major differences. I will ask you a design question so we will discuss in the comment section below.

hsrp vrrp glbp

source: Orhan Ergun CCDE Study Guide – Workbook

HSRP and GLBP are the Cisco specific protocols but VRRP is an IETF standard. So if the business requirement states that more than one vendor will be used , then VRRP is the best choice to avoid any vendor interoperability issue.

For the default gateway functionality HSRP and VRRP uses one virtual IP corresponds one Virtual Mac address.

GLBP operates in a different way. Clients still use one virtual IP address but more than one virtual mac address is used. So each default gateway switch has its own virtual Mac address but same virtual IP address.

To illustrate this, lets look at the below picture.

 

hsrp virtual mac

source: Orhan Ergun CCDE Study Guide – Workbook

In the above picture, clients use same gateway mac address since the first hop redundancy protocol is HSRP.

If GLBP was in used, on the PC we would see different gateway Continue reading

Should We Use OpenFlow for Load Balancing?

Yesterday I described the theoretical limitations of using OpenFlow for load balancing purposes. Today let’s focus on the practical part and answer another question:

I wrote about the same topic years ago here and here. I know it’s hard to dig through old blog posts, so I collected them in a book.

Read more ...

Legislation requiring tech industry to report terrorist activity may be revived

Legislation requiring tech companies to report on terrorist activity on their platforms is likely to be revived in the U.S., following concerns about the widespread use of Internet communications by terrorists.A proposed rule that would require companies to report vaguely defined "terrorist activity" on their platforms had been included as section 603 in the Intelligence Authorization Act for Fiscal Year 2016.But Senator Ron Wyden, a Democrat from Oregon, removed a hold on the bill only after the controversial provision was deleted from it.To read this article in full or to leave a comment, please click here

Former Secret Service agent sentenced for corruption in Silk Road investigation

A former Secret Service agent was sentenced Monday to 71 months in prison for stealing bitcoins from vendors on the Silk Road, the now-shuttered underground marketplace he was investigating. Shaun W. Bridges, 33, of Laurel, Maryland, must also forfeit US$650,000, the U.S. Justice Department said.Bridges pleaded guilty on Oct. 31 in the U.S. District Court for the Northern District of California to money laundering and obstruction of justice.He was one of two federal investigators charged with crimes committed during the probe of the Silk Road, which was shut down in October 2013.To read this article in full or to leave a comment, please click here

Iran-based hackers may be tracking dissidents and activists, Symantec says

Hackers based in Iran have been using malware to spy on individuals, including potentially dissidents and activists in the country, according to new research from Symantec.The attacks aren't particularly sophisticated, but the hackers have had access to their targets' computers for more than a year, Symantec said, which means they may have gained access to "an enormous amount of sensitive information."Two groups of hackers, named Cadelle and Chafer, distributed malware that steals information from PCs and servers, including from airlines and telcos in the region, Symantec said.To read this article in full or to leave a comment, please click here

Joking aside: Trump is Unreasonable

Orin Kerr writes an excellent post repudiating Donald Trump. As a right-of-center troll, sometimes it looks like I support Trump. I don't -- I repudiate everything about Trump.

I often defend Trump, but only because I defend fairness. Sometimes people attack Trump for identical policies supported by their own favorite politicians. Sometimes they take Trump's bad policies and make them even worse by creating "strawman" versions of them. Because I believe in fairness, I'll defend even Trump from unfair attacks.

But Trump is an evil politician. Trump is "fascism-lite". You'll quickly cite Godwin's Law, but fascism is indeed the proper comparison. He's nationalistic, racist, populist, and promotes the idea of a "strongman" -- all the distinctive hallmarks of Nazism and Italian Fascism.

Scoundrels, like Trump, make it appear that opposition is unreasonable, that they are somehow sabotaging progress, and that all it takes is a strongman with the "will" to overcome them. But the truth is that in politics, reasonable people disagree. I'll vigorously defend my politics and call yours wrong, but at the end of the day, we can go out and have a beer together without hating each other. Trump-style politicians, on the other hand, do everything in Continue reading

Broadcom BroadView Instrumentation

The diagram above, from the BroadView™ 2.0 Instrumentation Ecosystem presentation, illustrates how instrumentation built into the network Data Plane (the Broadcom Trident/Tomahawk ASICs used in most data center switches) provides visibility to Software Defined Networking (SDN) controllers so that they can optimize network performance.
The sFlow measurement standard provides open, scaleable, multi-vendor, streaming telemetry that supports SDN applications. Broadcom has been augmenting the rich set of counter and flow measurements in the base sFlow standard with additional metrics. For example, Broadcom ASIC table utilization metrics, DevOps, and SDN describes metrics that were added to track ASIC table resource consumption.

The highlighted Buffer congestion state / statistics capability in the slide refers to the BroadView Buffer Statistics Tracking (BST) instrumentation. The Memory Management Unit (MMU) is on-chip logic that manages how the on-chip packet buffers are organized.  BST is a feature that enables tracking the usage of these buffers. It includes snapshot views of peak utilization of the on-chip buffer memory across queues, ports, priority group, service pools and the entire chip.
The above chart from the Broadcom technical brief, Building an Open Source Data Center Monitoring Tool Using Broadcom BroadView™ Instrumentation Software, shows buffer utilization trended over an Continue reading

Measuring DNS Performance with Open Recursive Name Servers

dns-provider-pairwise-grid-anonymized-large

Dyn prides itself on being fast, but how do we measure ourselves? How do we compare to everyone else? With all the vagaries of DNS measurement due to caching effects, congestion, and routing irregularity, is it even possible to devise a useful, believable metric, one that anyone could validate for themselves? Dyn Research decided to tackle this challenge and this blog explains our approach. We encourage our readers to suggest improvement and try this methodology out for themselves.

Over the years Dyn has built a high-performing authoritative DNS network using strategic placement of sites and carefully engineered anycast to provide low-latency performance to recursive name servers all over the world. We use our Internet performance monitoring network of over 200 global “vantage points” to monitor DNS performance and our comprehensive view of Internet routing from over 700 BGP peering sessions to make necessary routing adjustments. This synthetic DNS monitoring and routing analysis are important tools to understand performance. But since the ultimate goal is delivering a good user experience, it’s important to measure performance from the user’s perspective. (We have written about the importance of user-centric DNS performance testing in the past.)

User perception of DNS performance depends on Continue reading

IDG Contributor Network: GPS signal jamming could cause serious, widespread problems

Unintentional interference from radios and space can cause problems for the GPS system, as can intentional jamming and spoofing of signals. But communications companies aren't prepared to protect the GPS system from these threats, according to a 2012 Homeland Security report that was recently released under the Freedom of Information Act, as reported by EE Publishing.The communications sector is "vulnerable to potential long-term GPS disruptions" of a few days or more "that could cause sector-wide service degradations," the report says.Jamming That Global Positioning Systems are vulnerable to interference and disruptions isn't news. However, the apparent lack of preparedness in civilian systems noted by DHS should be an eye-opener.To read this article in full or to leave a comment, please click here

IDG Contributor Network: GPS signal jamming could cause serious, widespread problems

Unintentional interference from radios and space can cause problems for the GPS system, as can intentional jamming and spoofing of signals. But communications companies aren't prepared to protect the GPS system from these threats, according to a 2012 Homeland Security report that was recently released under the Freedom of Information Act, as reported by EE Publishing.The communications sector is "vulnerable to potential long-term GPS disruptions" of a few days or more "that could cause sector-wide service degradations," the report says.Jamming That Global Positioning Systems are vulnerable to interference and disruptions isn't news. However, the apparent lack of preparedness in civilian systems noted by DHS should be an eye-opener.To read this article in full or to leave a comment, please click here

Congressman incorrectly claimed 72 people on terrorist watch list work for DHS

Not only is President Barack Obama wanting assistance from tech firms to fight terrorism, as he plans to “urge hi-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice,” but in his address late Sunday he proposed several steps that Congress should take now to defeat ISIS.That is likely to include a fresh wave of stale arguments against encryption and for NSA bulk collection power which were rehashed in the wake of recent terrorist attacks. Yet presidential hopeful Senator Rand Paul told CNN, “There will always be authoritarians like [New Jersey Gov. Chris] Christie who want you to give up your liberty for a false sense of security.”To read this article in full or to leave a comment, please click here

DARPA scheme would let high-tech systems “see” as never before

Researchers at the Defense Advanced Research Projects Agency want to build extremely small light detection and ranging (LIDAR) systems -- which use light to image objects and their motions like RADAR systems use radio waves – to enable a host of new applications that would let high-tech systems “see” as they never have before.+More on Network World: The world’s most popular Instagram shots+According to DARPA, a LIDAR system beams light out and then precisely monitors the timing of reflections back to map and track objects within its detection range. Unlike a camera that captures a two-dimensional rendition of three-dimensional scenes, a LIDAR system essentially captures full-fledged three-dimensional reality. The basic technology already is out there—LIDAR allowed many robots at the DARPA Robotics Challenge to “see” and it enables autonomous vehicles to sense obstacles in their surroundings, for example—but those systems are too big, heavy and expensive for widespread use, the agency stated.To read this article in full or to leave a comment, please click here

Google patches critical media processing and rooting vulnerabilities in Android

Google has released a new batch of security fixes for its Nexus smartphones and tablets, addressing flaws that could allow attackers to compromise the Android devices via rogue emails, Web pages, and MMS messages.Firmware updates are being rolled out to supported Nexus devices as an over-the-air update and the patches will be added the Android Open Source Project (AOSP) over the next 48 hours. Builds LMY48Z and Android Marshmallow with a Dec. 1, 2015, Security Patch Level contain these fixes, Google said in its security bulletin.The updates address five vulnerabilities rated as critical, 12 rated as high and two as moderate. A significant number of flaws were again located in the OS' media processing components, which handle audio and video file playback and corresponding file metadata parsing.To read this article in full or to leave a comment, please click here

10 most important networking acquisitions of 2015

Big money2015 was a big year for mergers and acquisitions in the networking industry. Here are the ones that are most likely to have the biggest long-term impact on the industry.Check Point Software acquires Hyperwise and LacoonAlthough these were small acquisitions (both in the $80 million range), they were notable as Check Point rarely makes acquisitions. Check Point has been one of the leaders in combatting threats that go through a firewall, but more hackers are now finding ways to get around perimeter security. These acquisitions help Check Point’s customers fight the security fight on other fronts.To read this article in full or to leave a comment, please click here

10 cool ways tech companies give it up for charity

From Philadelphia to Phoenix and points in between, the Commvault Hockey Team is lacing up their skates this winter to raise awareness and money for children's organizations.The data-management vendor's Hockey Helping Kids program, now in its 16th season, runs hockey events in NHL arenas across the country. Employees, partners, customers and kids have a chance to skate with former NHL and Olympic players. Raffles and auctions are part of each day-long event, and all proceeds go to designated children’s charities.Getting kids, many of whom have disabilities, on the NHL ice with the other players is one of the most rewarding parts of the program, says Randy DeMeno, chief technologist at Commvault.To read this article in full or to leave a comment, please click here

1 3,137 3,138 3,139 3,140 3,141 3,755