New to Openstack and worried about networking pre-setup? Try VXLAN or GRE first!

As an avid developer/coder I tend to try out various languages. I do have my favorites but when I embark on a new tool or language the first experience definitely leaves behind a mark. Failing at  getting something to work in the very first try is fine as long as you don't end up hating the technology. I guess I've iterated this over and over again on other posts but networking is complex and hard. Getting it right does require some (not really, it's actually a lot :-) ) amount of experimentation. With technologies changing every so often it's imperative to at least give them a try if not jump the train and adopt them.

Openstack being an opensource project as massive as the linux kernel it does have a ton of features. The neutron component that facilitates networking is quite a handful for beginners and it gets even messier when you will need to configure neutron to work with the network architecture that is already present in your datacenter. Getting a production ready neutron setup with say VLAN backed networks is a handful. After working with Neutron for some time now, i've realized that it isn't as bad Continue reading

CCDE – DMVPN Crypto Design Considerations

This post will describe some of the crypto design considerations for DMVPN.

DMVPN Overview and Crypto Overhead

First let’s have a quick recap of what Dynamic Multipoint VPN (DMVPN) is. DMVPN is an overlay technology where multi point GRE tunnels are used to form an overlay where a routing protocol will run across the overlay. DMVPN is a hub and spoke technology where the DMVPN hub acts as a centralized control plane. DMVPN uses Next Hop Resolution Protocol (NHRP) to register the IP addresses of the spokes with the hub. When a router looks in its routing table, the next-hop will be the IP address of the tunnel, not the real outside IP which must be used for the GRE encapsulation. To find the outside IP of the spoke, NHRP is used to resolve the next-hop to the real outside IP.

DMVPN runs over public transport. This means that it’s possible to snoop the traffic while in transit. To prevent this from happening, DMVPN is often combined with IPSec to encrypt the packets. IPSec can run in two modes, transport mode and tunnel mode. In transport mode, the original IP header is not encrypted and there is no additional IP Continue reading

Meet the Engineering Team at Citrix NetScaler

We had some great vendor presentations at Networking Field Day 11 and in the face of some pretty stiff competition, Citrix won my inaugural Best surprise award, which I have just invented.

Citrix NetScaler

It’s not that the Citrix NetScaler Application Delivery Controller (ADC) is a particularly unique product; after all, I could as easily implement load balancing with the open source HAProxy, and there are impressive ADC hardware vendors in the commercial space, including the ubiquitously expensive F5 Networks and disruptive challenger A10 Networks. What grabbed my interest me however were the performance statistics of the NetScaler appliances, and specifically the process through which the performance was achieved by the Citrix engineering team.

Intel DPDK

If I might side track for a moment, at Networking Field Day 10, Intel discussed their DPDK (Data Plane Development Kit) designed to optimize soft-switched packet performance on their CPUs. Intel had noted that the performance of Open vSwitch (OVS) was nowhere near the native ability of the CPU, and consequently they invested time analyzing in scary detail exactly how packets flowed in order to find out where the bottlenecks were, and to see whether those could be eliminated or optimized in Continue reading

10 IT Organizations To Help Your Career

IDG Contributor Network: Why companies are becoming more likely to pay when struck by ransomware

A quarter of companies have made their mind up when it comes to a ransomware attack. They're paying the ransom, according to a new study.Twenty-four percent of companies say they would pay. And not only would they cough-up the money, but 14% of the polled would pay $1 million or more to prevent the attack, according to findings by the Cloud Security Alliance (CSA) and Skyhigh, who have compiled the study. The CSA is a non-profit promoting best-practices in cloud use; Skyhigh is a cloud security company.The CSA surveyed 200 IT and security professionals across sectors worldwide. The researchers have been examining cloud take-up along with risk. They think that cyberattacks overall are a concern for enterprises "when it comes to moving their systems of record to the cloud," CSA and Skyhigh say in their report.To read this article in full or to leave a comment, please click here

Russian cyberspy group uses simple yet effective Linux Trojan

A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.Pawn Storm, also known as APT28, Sofacy or Sednit, is a group of attackers that has been active since at least 2007. Over the years, the group has targeted governmental, security and military organizations from NATO member countries, as well as defense contractors and media organizations, Ukrainian political activists and Kremlin critics.The group is known for using zero-day exploits -- exploits for previously unknown vulnerabilities -- as well as other infection techniques like spear-phishing emails with malicious attachments. Its primary tool is a Windows backdoor program called Sednit, but the group also uses malware programs for Mac OS X, Linux and even mobile operating systems.To read this article in full or to leave a comment, please click here

The Case for ARM in the Data Center

ARM's 64-bit push is underway, but will the data center be interested?

Channel Bonding In WiFi: Use Cases

New products of the week 2.15.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.VMware Workspace ONEKey features: Workspace ONE delivers a digital workspace that integrates device management, application delivery and identity management technologies to offer combined benefits on a single secure mobile platform to enable management and delivery of business critical resources.To read this article in full or to leave a comment, please click here

New products of the week 2.15.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.VMware Workspace ONEKey features: Workspace ONE delivers a digital workspace that integrates device management, application delivery and identity management technologies to offer combined benefits on a single secure mobile platform to enable management and delivery of business critical resources.To read this article in full or to leave a comment, please click here

Inside the strategy team at Cisco

When your company is known for innovation, the role of Chief Strategy Officer is a pretty daunting job.  Hilton Romanski was elevated to that position right before Chuck Robbins took over as CEO last July.  Network World Editor in Chief John Dix recently caught up with Romanski to get an inside view of how the Cisco strategy engine runs. Different companies seem to define strategy jobs differently, so let’s start with how it works at Cisco. CISCO Cisco Chief Strategy Officer Hilton RomanskiTo read this article in full or to leave a comment, please click here

Eye-opening optical research projects that could supercharge the Internet

Nikola Alic, a photonics research scientist at the University of California’s Qualcomm Institute in San Diego, argues that optical research offers the best hope for helping the Internet accommodate the ever growing flow of multimedia services.To read this article in full or to leave a comment, please click here(Insider Story)

Eye-opening optical research projects that could supercharge the Internet

Nikola Alic, a photonics research scientist at the University of California’s Qualcomm Institute in San Diego, argues that optical research offers the best hope for helping the Internet accommodate the ever growing flow of multimedia services.To read this article in full or to leave a comment, please click here(Insider Story)

802.11ah Goes The Distance

Dear $Vendor Reps, Align Your SDN Story with Reality

A while ago someone posted a link to an article that links to LinkedIn’s blog post describing their switch-building efforts to the LinkedIn SDN group (how’s that for a circular reference?), and a consultant from Brocade felt compelled to share his wisdom with the world. Unfortunately he got most of the facts wrong.

Malware targets all Android phones — except those in Russia

A malware program for Android seen advertised on Russian underground forums in the last few months appears to have made its first big debut.MazarBOT can take full control of a phone and appears to be targeting online banking customers, wrote Peter Kruse, an IT security expert and founder of CSIS Security Group, based in Copenhagen, which does deep investigations into online crime for financial services companies."Until now, MazarBOT has been advertised for sale on several websites on the Dark Web, but this is the first time we’ve seen this code to be deployed in active attacks," Kruse wrote.To read this article in full or to leave a comment, please click here

Attackers try to compromise Magento with a fake patch

Attackers are still trying to find Magento installations that haven't patched a particularly bad vulnerability, this time trying to trick people into downloading a fake patch.The bogus patch purports to fix a flaw known as the Shoplift Bug, or SUPEE-5344, wrote Denis Sinegubko, a senior malware researcher with Sucuri."While the patch was released February 2015, many sites unfortunately did not update," he wrote. "This gave hackers an opportunity to compromise thousands of Magento powered online stores."To read this article in full or to leave a comment, please click here

Cross Browser Compatible

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth.

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli, but the Little Blind Text didn’t listen.

She packed her seven versalia, put her initial into the belt and made herself on the way. When she reached the first hills of the Italic Mountains, she had a last view back on the skyline of her hometown Bookmarksgrove, the headline of Alphabet Village and the subline of her own road, the Line Lane. Pityful a rethoric question ran over her cheek, then Continue reading

Gallery Post Example

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth.

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli, but the Little Blind Text didn’t listen.

She packed her seven versalia, put her initial into the belt and made herself on the way. When she reached the first hills of the Italic Mountains, she had a last view back on the skyline of her hometown Bookmarksgrove, the headline of Alphabet Village and the subline of her own road, the Line Lane. Pityful a rethoric question ran over her cheek, then Continue reading

Video Post Example

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth.

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli, but the Little Blind Text didn’t listen.

She packed her seven versalia, put her initial into the belt and made herself on the way. When she reached the first hills of the Italic Mountains, she had a last view back on the skyline of her hometown Bookmarksgrove, the headline of Alphabet Village and the subline of her own road, the Line Lane. Pityful a rethoric question ran over her cheek, then Continue reading