Securing BGP: A Case Study (2)

In part 1 of this series, I pointed out that there are three interesting questions we can ask about BGP security. The third question I outlined there was this: What is it we can actually prove in a packet switched network? This is the first question I want dive in too—this is a deep dive, so be prepared for a long series. This question feels like it is actually asking three different things, what we might call “subquestions,” or perhaps “supporting points.” These three questions are:

• If I send a packet to the peer I received this update from, will it actually reach the advertised destination?
• If I send this information to this destination, will it actually reach the intended recipient?
• If I send a packet to the peer I received this update from, will it pass through an adversary who is redirecting the traffic so they can observe it?

These are the things I can try to prove, or would like to know, in a packet switched network. Note that I want to intentionally focus on the data plane and then transfer these questions to the control plane (BGP). This is the crucial point to remember: If I Continue reading

Forget about LTE hurting Wi-Fi and think about using it in your business

Controversial technology that lets LTE networks use unlicensed spectrum could become a trusted part of the enterprise IT toolkit in a few years.So-called unlicensed LTE has come under fire ever since the news about it first broke more than a year ago. The charge: If mobile operators adapt their LTE networks to use frequencies that Wi-Fi depends on, Wi-Fi users will get squeezed out.ALSO ON NETWORK WORLD U.S. carriers stay tight-lipped on LTE-U deployments The two sides are now working together on standard tests to tell if a given unlicensed LTE radio unfairly interferes with Wi-Fi. Meanwhile, Qualcomm, the biggest cheerleader for the new technology, just got permission to try it out at Verizon Wireless facilities in Oklahoma City and Raleigh, North Carolina, the Federal Communications Commission said Friday. The industry group Wi-Fi Forward promptly declared the FCC should closely monitor the experiments.To read this article in full or to leave a comment, please click here

Why your network admins are nervous

This past summer, the White Rose Academies Trust in Leeds, England, kicked off a project that represented the first step on a journey to a software-defined networking platform -- and the move precipitated some career changes, both positive and negative, for the IT staff.To read this article in full or to leave a comment, please click here(Insider Story)

As Retirement Approaches…

Software-Defined Storage: The 2016 Outlook

New products of the week 2.1.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Appcito Application Delivery System (ADS) Key features: New self-service provider-tenant portal for Enterprise Infrastructure and Application teams delivering application performance, security, visibility and analytics. Service adapters for F5 Big-IP LTM and HAProxy devices – per-application visibility and analytics. More info.To read this article in full or to leave a comment, please click here

Automating Firewall Administration

10 of today’s really cool network & IT research projects

New enterprise and consumer network technologies are coming fast and furious these days via well-heeled startups, and yes, even more established tech players. But further back in the pipeline, in the research labs of universities and colleges around the world, that's where the really cool stuff is happening. Take a peek at some of the more intriguing projects in areas ranging from wireless to security to open source to robotics and cloud computing.UNDERWATER WIRELESS University at Buffalo and Northeastern University researchers are developing hardware and software to enable underwater telecommunications to catch up with over-the-air networks. This advancement could be a boon for search-and-rescue operations, tsunami detection, environmental monitoring and more.To read this article in full or to leave a comment, please click here

Inspecting East-West Traffic in vSphere Environments

Harry Taluja asked an interesting question in his comment to one of my virtualization blog posts:

If vShield API is no longer supported, how does a small install (6-8 ESXi hosts) take care of east/west IPS without investing in NSX?

Short answer: It depends, but it probably won’t be cheap ;) Now for the details…

Getting Back to Basics with SDN

Typically when things start to get complicated, we talk about getting ‘back to basics’. The premise, of course, is to better compartmentalize, keep things in simple, digestible chunks, and not lose sight of the fundamentals.

For instance, if you’re not hitting the golf ball straight, it’s because you’ve incorporated too much variance into your swing. A good golf instructor will break the swing down into its components, and help you work on the basics.

We’re pretty far into the software-defined networking (SDN) hype cycle now. Every networking company (or even network service company) has an SDN story. In a lot of cases, SDN is still vapor-ware or marketecture. And for customers, there’s plenty of ‘SDN fatigue’ – which story should you believe?

In short, things have gotten a little complicated.

So what does getting back to basics mean in an SDN context? It’s means understanding the fundamentals components of an SDN solution. Fortunately, we can draw from real data and learn what’s working from customers that have already deployed.

Recently, EMA published research on the impact of SDN on network management. The report featured survey data from over 226 early adopters of SDN – both in the service roviders and Continue reading

SDxCentral’s Top 10 Articles — January 2016

VMware, Huawei & EMC make the Top 3.

What Are SAI And Switchdev And Why Do We Need Them To Succeed?

Howdy. In my last post I discussed the need for an open source framework to drive merchant switching silicon. Towards the end of that long post, I mentioned a future post talking about the Switch Abstraction Interface (SAI) and switchdev in depth. Welcome to that post. There’s been a lot of synergy between both projects, […]

The post What Are SAI And Switchdev And Why Do We Need Them To Succeed? appeared first on Packet Pushers.

What Are SAI And Switchdev And Why Do We Need Them To Succeed?

Howdy. In my last post I discussed the need for an open source framework to drive merchant switching silicon. Towards the end of that long post, I mentioned a future post talking about the Switch Abstraction Interface (SAI) and switchdev in depth. Welcome to that post. There’s been a lot of synergy between both projects, […]

The post What Are SAI And Switchdev And Why Do We Need Them To Succeed? appeared first on Packet Pushers.

Microsoft tests underwater data center

Companies are finding some of the oddest locations for data centers these days.Facebook, for example, built a data center in Lulea in Sweden because the icy cold temperatures there would help cut the energy required for cooling. A proposed Facebook data center in Clonee, Ireland, will rely heavily on wind energy locally available. Google's data center in Hamina in Finland uses sea water from the Bay of Finland for cooling.Now, Microsoft is looking at locating data centers under the sea.To read this article in full or to leave a comment, please click here

Microsoft tests underwater data center

Companies are finding some of the oddest locations for data centers these days.Facebook, for example, built a data center in Lulea in Sweden because the icy cold temperatures there would help cut the energy required for cooling. A proposed Facebook data center in Clonee, Ireland, will rely heavily on wind energy locally available. Google's data center in Hamina in Finland uses sea water from the Bay of Finland for cooling.MORE ON NETWORK WORLD: 10 (FREE!) Microsoft tools to make admins happier Now, Microsoft is looking at locating data centers under the sea.To read this article in full or to leave a comment, please click here

Harvard study refutes ‘going dark’ argument against encryption

A study from Harvard released Monday largely refutes claims that wider use of encryption in software products will hamper investigations into terrorism and crime.It predicts that the continued expansion of Internet-connected devices -- such as smart TVs and vehicles, IP video cameras and more -- will offer fresh opportunities for tracking targets. "Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target," it said. "These are real products now."To read this article in full or to leave a comment, please click here

Harvard study refutes ‘going dark’ argument against encryption

A study from Harvard released Monday largely refutes claims that wider use of encryption in software products will hamper investigations into terrorism and crime.It predicts that the continued expansion of Internet-connected devices -- such as smart TVs and vehicles, IP video cameras and more -- will offer fresh opportunities for tracking targets. "Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target," it said. "These are real products now."To read this article in full or to leave a comment, please click here

Understanding BGP Table Version – Part 1: Intro to BGP Table Version

Diving into the BGP Table First a Look at the Local BGP Table Before we begin… let’s take a look at the BGP table. One would assume (rightly so) that anything called the “BGP table version” probably is tied somehow... Read More ›

The post Understanding BGP Table Version – Part 1: Intro to BGP Table Version appeared first on Networking with FISH.

Clearing Up Some Misinformation RE: eBGP Multihop and TTL

Myth: You have to set ttl to 2 because it is decremented on the way to the loopback.

**This blog is a formatting cleanup and update to a previous blog I posted in 2013 on NetworkWorld.

Years and years ago I was trying to learn more about BGP and I was reading some book with a chapter on the topic.  Back then I pretty much believed that if it made it into a book it must be true and my knowledge had to be in error.    So to say I was confused back then would be an understatement.

Why? Well ya see… they basically said that the reason one must set the TTL to 2 for eBGP peers that are directly connected, but peering with their loopbacks, was cause “the TTL gets decremented on the way to the loopback”

When I try to help someone deprogram this brain washing, I find pictures help.  So for those who’d like to get deprogrammed and learn the truth… Let’s go play in the lab!!!

In the picture above we have 3 Routers in 3 different BGP ASes.  We all probably know that if we peer R1 and R2 Continue reading

Quick link: User-Space Network I/O on x86 Servers

Robert Graham published another great blog post explaining why you need user-space handling of network traffic for multigigabit performance on x86 servers. A must-read if you’re interested in performance of software-based packet forwarding.

Want more? Listen to Snabb Switch Deep Dive and PF_RING Deep Dive podcasts.

Need product details? I collected some performance data points in the NFV webinar.