Whatever Happened to “Do No Harm”?

A long time ago in a podcast far, far away one of the hosts saddled his pony unicorn and started explaining how stateful firewalls work:

Stateful firewall is a way to imply trust… because it’s possible to hijack somebody’s flows […] and if the application changes its port numbers… my source port changes when I’m communicating with my web server - even though I’m connected to port 80, my source port might change from X to Y. Once I let the first one through, I need to track those port changes […]

WAIT, WHAT? Was that guy really trying to say “someone can change a source port number of an established TCP session”?

Facebook to set up second data center in Europe

Facebook is setting up a data center in Clonee, Ireland, which will be its sixth in the world and its second outside the U.S.The new data center will be equipped with servers and storage from the Open Compute Project, a Facebook initiative that shares designs as open source with other data center operators to standardize and drive down the costs of equipment."We will outfit this data center with the latest OCP server and storage hardware, including Yosemite for compute," Facebook's Vice President of Engineering, Jay Parikh said in a post on the social networking website. Yosemite is an open source modular chassis for high-powered microservers, designed by Facebook.To read this article in full or to leave a comment, please click here

What is open networking?

Saying ‘open networking’ is a little like saying ‘SDN’. Without context, it can mean almost anything. Some argue it’s more around options on platforms while others believe it’s more to do with software. When I think about open networking, I think about these main points…

Generic Platforms – White box switches are all the rage these days and for good reason. A white box switch gives you the option to run a variety of different software platforms on generic hardware. This means you don’t need to buy a piece of proprietary hardware to run your proprietary software on. The net result here is that vendor lock in goes away. It also means that you don’t need to wait years and years to buy new hardware to get new software.

Linux – Linux is used EVERYWHERE. As it turns out, it’s already used quite extensively in networking platforms, but not how you might imagine. Most networking vendors use a highly customized version of Linux and the Linux kernel. The reason for this is simple – Linux wasn’t built for networking. Long story short, traditional network vendors had to modify the Continue reading

Learning to Love Codenames

One of the things I struggled with when starting at a vendor was dealing with project codenames. There is no secret decoder ring – you have to learn the names the hard way. I couldn’t understand why descriptive names weren’t used. It took a while, but I’ve come to understand the reasoning behind the obscure names now. It’s still a stretch to say I ‘love’ them, but I can at least understand them now.

Naming Standards & Bikeshedding

When I started my professional career, it was common to name servers using things like Greek & Roman Gods, or Star Wars characters. Billing might run on Apollo, while Medusa was used for third-party connections.

This is fine for 5-10 servers, but clearly doesn’t scale. I’ve wasted many long and pointless hours in server naming “bikeshedding” discussions. Grumpy old sysadmins would argue that it was far easier to remember names like Bert & Ernie than web01/web02. The Young Turks saw that as a way of hoarding knowledge. It seemed to deliberately make it more difficult for newcomers/outsiders. They preferred descriptive names that gave some indication of what the system was doing, where it was located, etc.

Arguments went back and forth, then virtualisation came Continue reading

Single group of hackers targets Uyghur, Tibetan activists

A years-long campaign of seemingly disparate cyberattacks against Tibetan and Uyghur activists likely comes from a single group of hackers, according to a seven-month study by Palo Alto Networks.The computer security company also concluded that the information stolen by the group, nicknamed Scarlet Mimic, would be of little interest to entities other than a nation-state."The majority of attacks we identified were targeting Uyghurs or Tibetans or advocates thereof," Olson said.Several other security companies, including Kaspersky Lab and Trend Micro, and Citizen Lab, part of the University of Toronto, have studied attacks against the activist groups, which have long been at odds with the Chinese government. Palo Alto's report noted, however, that it did not have direct evidence linking the attacks to China.To read this article in full or to leave a comment, please click here

SDN and Network Automation: Splitting Hairs?

At the recent Network Field Day 11, there were several discussions at the Cisco offices after the Cisco folks left the room. One of these discussions, led by Terry Slattery, was centered around SDN, and I think it’s worth a listen/watch (only about 20 minutes):

In this video, I made the argument that SDN should be limited to a very specific definition, which eliminates the management plane from the conversation entirely (around 5:40).

I am in full agreement that the term SDN, or “software-defined __ “ is at this point totally meaningless. It means so many things to so many different people, and predictably, this conversation ended with just as much confusion about SDN as when we started. So, to try to “define” SDN seems pointless, and smells of hair-splitting, but I do this for a very specific reason.

Splitting Hairs

To me, SDN and network automation are two totally different things, yet they almost always get lumped together in conversations. Normally I wouldn’t try to remedy this, but since one of these things is a practical thing to do for many organizations, I want to offer up a different way of thinking about this.

First off, you Continue reading

BGP Design Case Study

Below BGP design case study is taken from the Orhan Ergun’s CCDE Practical Workbook.In the new version of the workbook there are more than 50 case studies are shared for many technologies. If you are in the network design field or want to learn about it,don’t miss the book. Scenario : Network A is a customer […]

The post BGP Design Case Study appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

BGP Design Case Study

The post BGP Design Case Study appeared first on Orhanergun.

Put a password on your webcam or end up featured on Shodan’s vulnerable cam feed

Don't you hate it when people want to kill the messenger instead of address the problems highlighted in the message?This time the messenger is Shodan, as the IoT search engine added a new section featuring vulnerable webcams. Ars Technica reported, "The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores."To read this article in full or to leave a comment, please click here

Put a password on your webcam or end up featured on Shodan’s vulnerable cam feed

Don’t you hate it when people want to kill the messenger instead of address the problems highlighted in the message?This time the messenger is Shodan as the IoT search engine added a new section featuring vulnerable webcams. Ars Technica reported, “The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores.”To read this article in full or to leave a comment, please click here

Response: Anomaly Detection For Monitoring

We manage a distributed system of autonomous elements where the operation, performance and stability is determined by external factors that are out of our operational control.

The post Response: Anomaly Detection For Monitoring appeared first on EtherealMind.

Fragmentation

One of the more difficult design exercises in packet switched network architectures is that of the design of packet fragmentation. In this article I’d like to examine IP packet fragmentation in detail and look at the design choices made by IP version 4, and then compare that with the design choices made by IP version 6.

Preview launch of my book “Mastering CoreOS”

Last 6 months, I have been blogging very little since I was busy writing a book on CoreOS. The book is available for pre-ordering now from the publisher website as well as in Amazon. The tentative publishing date is late Feb/early March. Why I wrote the book other than the fact that I can make some … Continue reading →

Gopaddle Meetup Bangalore – CI, CD Presentation

Following link captures the slides on CI, CD with Docker, Jenkins and Tutum that I presented at GoPaddle meetup, Bangalore on January 23, 2015. You can find more details on the meetup here. In this presentation, I cover the following: Overview of Continuous Integration(CI), Continuous deployment(CD) Tutum Overview Jenkins with Docker Integration CI, CD Use cases … Continue reading →

CI, CD with Docker, Jenkins and Tutum

In this blog, I will give an overview of Continuous Integration (CI) and Continuous Deployment (CD) and cover few CI, CD Use cases with Docker, Jenkins and Tutum. Docker provides Container runtime and tools around Containers to create a Container platform. Jenkins is a CI/CD application to build, test and deploy applications. Tutum is a SaaS … Continue reading →

Tutum Introduction

Tutum is a SaaS Container platform that can be used to build, deploy and manage Docker Containers. Docker acquired Tutum in October 2015. I have been playing with Tutum for the past few weeks and I will share some basics of Tutum and my experiences with Tutum in this blog. Advantages Very easy to get … Continue reading →

Syncing IOS Clock from Cellular Provider

I recently had a request to enable time synchronization from a Cellular provider to a 3G model of the Cisco 819. Looking through several documentation sources, I found an example of EEM policy utilizing GPS data in this manner.

LTE GPS Antenna Guide Cisco Integrated Services Router (ISR G2) and Connected Grid Router

After looking at the TCL script outlined in the above document, I thought it would be an easy modification to achieve this result with the cellular network data. After fighting with the script and EEM policy for a couple of hours, I stepped back and looked at the options for creating an EEM Applet. My goal was to achieve similar results but utilizing the time provided by the cellular carrier. This article outlines my process and the final configuration.

The source of the data that I wanted to use was derived from the show cell 0 network command.

CiscoRTR#show cell 0 network
Current Service = 1xEV-DO (Rev A) and 1xRTT
Current Roaming Status(1xRTT) = HOME, (HDR) = HOME
Current Idle Digital Mode = HDR
Current System Identifier (SID) = DDDD
Current Network Identifier (NID) = DDD
Current Call Setup Mode = Mobile IP only
Serving Base Station Longitude =  Continue reading

Defining Software Defined Networking

Can you define what is a Software Defined Network ? Here is my take.

The post Defining Software Defined Networking appeared first on EtherealMind.

Pop Up Tech Talks: Denise Fishburne

Earlier today I saw a tweet that @PopUpTechTalks had uploaded their interview of me up to their YouTube Channel. I was super stoked! Just had to share it with y’all!

SolidFire’s Amy Lewis speaks with Cisco’s Denise Fishburne aka Fish about embracing your inner network detective at Cisco Live 2015. Filmed June, 2015 in San Diego.

Click on the pic below to see watch the interview.

VMware Reportedly Prepping Layoffs in vSphere

A source says vSphere, not NSX, is the target.

« Previous 1 … 3,185 3,186 3,187 3,188 3,189 … 3,856 Next »