OpenStack Summit Tokyo: Learn Open Networking with OpenStack

Meet us at OpenStack Summit Tokyo and learn how to build fast, scalable, secure OpenStack networking.

Mark McClain (CTO, Akanda Inc) and I will be presenting at the OpenStack Summit in Tokyo about the next-generation physical and virtual network that DreamHost is deploying for their DreamCompute cloud.

Screen Shot 2015-10-23 at 10.11.24 AM

The design marries Cumulus Networks Dynamic LNV (Lightweight Network Virtualization) with Akanda’s Astara L3-7 services, all being orchestrated by the OpenStack Neutron.

We’ll be expanding on the talk we gave at the last OpenStack summit in Vancouver.  That talk was about the design and why we should deploy it. In this one, we will be discussing in depth about our experiences deploying it in production.

If you can’t make it to Tokyo, don’t worry, the talk will be recorded.

Watch out for this space for updates on the talk!

The post OpenStack Summit Tokyo: Learn Open Networking with OpenStack appeared first on Cumulus Networks Blog.

OpenStack Summit Tokyo: Learn Open Networking with OpenStack

Meet us at OpenStack Summit Tokyo and learn how to build fast, scalable, secure OpenStack networking.

Mark McClain (CTO, Akanda Inc) and I will be presenting at the OpenStack Summit in Tokyo about the next-generation physical and virtual network that DreamHost is deploying for their DreamCompute cloud.

Screen Shot 2015-10-23 at 10.11.24 AM

The design marries Cumulus Networks Dynamic LNV (Lightweight Network Virtualization) with Akanda’s Astara L3-7 services, all being orchestrated by the OpenStack Neutron.

We’ll be expanding on the talk we gave at the last OpenStack summit in Vancouver.  That talk was about the design and why we should deploy it. In this one, we will be discussing in depth about our experiences deploying it in production.

If you can’t make it to Tokyo, don’t worry, the talk will be recorded.

Watch out for this space for updates on the talk!

The post OpenStack Summit Tokyo: Learn Open Networking with OpenStack appeared first on Cumulus Networks Blog.

Germany probes Regin-powered cyberespionage

It looks like Chancellor Angela Merkel is not the only German official who might have been spied on by the nation's allies. The head of a German Federal Chancellery unit reportedly had his laptop infected with Regin, a cyberespionage program believed to be used by the U.S. National Security Agency and its closest intelligence partners. The German federal prosecutor's office has opened an investigation into the breach, which came to light in 2014, German news magazine Der Spiegel reported Friday. The Chancellery is the federal agency that serves Merkel's office.To read this article in full or to leave a comment, please click here

Worth Reading: Diffie-Hellman Case Study

So, as we approach the second anniversary of the discussion that led to RFC 7258, the IETF community has done considerable work to strengthen trust in the Internet, in line with its mission of “making Internet work better”. But, a lot of work also remains – in deploying the better versions, in building defences to new attacks, and in understanding the issues and possible improvements. via the ietf

The post Worth Reading: Diffie-Hellman Case Study appeared first on 'net work.

TalkTalk had ‘no legal obligation’ to encrypt customers’ sensitive data

Potentially as many as 4 million customers were affected by the cyberattack on UK telecoms provider TalkTalk, yet the company's CEO Dido Harding admitted that TalkTalk was "not legally required" to encrypt customer data. Harding told the Sunday Times "[Our data] wasn't encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information."While that may be true, such a statement provides little comfort to TalkTalk customers who are targets of high-level social engineering attacks meant to empty their bank accounts.To read this article in full or to leave a comment, please click here

The Odd Hours Solution

For many years, when I worked out in the center of the triangle of runways and taxiways, I would get up at around 4, swim a mile in the indoor poor (36 laps), shower, grab breakfast, run by base weather just to check the bigger pieces of equipment out (mostly the RADAR system), and then I’d head out to the shop. We could mostly only get downtime on the airfield equipment (particularly the VOR, TACAN, and glideslopes) in the early morning hours — unless, of course, there was a war on. Then we couldn’t get downtime at all. By 2:30 I was done with my work day, and I headed home to get whatever else done.

When I left the USAF, after being trapped in some 9–5 jobs, I joined the cisco TAC. Our shift started at 8 or 8:30, when we took over the 1–800 number from Brussels, and our shift lasted until around 2 in the afternoon (it varied over time, as the caseloads and TACs were moved around). Freed from 9–5, I started getting to work at around 5:30 again. I could spend the first two or three hours following up on cases (did you know that Continue reading

Ben Fathi: Why I Joined CloudFlare

I’m sure some of you are scratching your head right about now wondering why I would join an Internet security and optimization company. But, Ben, this is not even close to your passion: operating systems.

I had the same reaction when I first saw the CloudFlare website. I wasn’t even sure it made sense for me to go interview here. After taking a closer look, however, I realized that it would be the perfect new home for me. Take a look at this page for a brief introduction to what CloudFlare does and how we do it.

Interviewing at CloudFlare

If you know me, you know that I'm a sucker for distributed systems. I fall for a hard computer science problem every time. So, it shouldn’t be a surprise to you that CloudFlare’s John Graham-Cumming, had me at “hello” when he nonchalantly described one of the company's projects: a globally distributed key value store with sub-second consistency guarantees! Ho hum! No big deal.

As the interview process progressed, the team graciously spent several hours walking me through the architecture as well as future plans and product roadmaps. These discussions and email exchanges were frequently interrupted by my cries of protest: Continue reading

New products of the week 10.26.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.DeceptionGrid version 5Key features: DeceptionGrid version 5 brings expanded forensic and analytics capabilities to reduce the time-to-breach detection of attackers that have penetrated a network. New real-time automation provides a broad view of an attacker’s activities with detailed event forensics, allowing the entire attacker Kill Chain to be analyzed and presented in a timeline that provides a visual overlay of the attack. More info.To read this article in full or to leave a comment, please click here

New products of the week 10.26.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.DeceptionGrid version 5Key features: DeceptionGrid version 5 brings expanded forensic and analytics capabilities to reduce the time-to-breach detection of attackers that have penetrated a network. New real-time automation provides a broad view of an attacker’s activities with detailed event forensics, allowing the entire attacker Kill Chain to be analyzed and presented in a timeline that provides a visual overlay of the attack. More info.To read this article in full or to leave a comment, please click here

It’s time to pull the trigger on security automation

It’s likely that you already have a variety of security tools -- intrusion prevention, network access control, endpoint security, mobile device management – that come with automation capabilities designed to quickly find and stop attacks. But for a variety of perfectly good reasons, you’ve been reluctant to turn these features on. You may be worried about blocking legitimate business transactions by mistake, keeping employees from getting work done because their devices have been temporarily quarantined or risking the wrath of users when wiping remote devices. Or maybe you’ve been so swamped that you haven’t had the time to set up these automation capabilities. “It takes time and skills to tune these products effectively in order to take advantage of their automation capabilities,” says Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “Furthermore, automation usually depends upon integrating several security technologies together, which can be difficult,” Oltsik adds.To read this article in full or to leave a comment, please click here(Insider Story)

7 steps to IoT data security

As Internet of Things invades the enterprise, companies need to revamp their approach to protecting data because the old ways aren’t going to get the job done. Not in a world of 25 billion or more IoT devices connected to the Internet by 2020, as Gartner predicts. So, what are the new challenges that IoT will present? Basil Hashem, VMware The biggest change IoT brings is a new scale to an organization's data protection strategy, both in terms of diversity of devices and volume of data that is generated, according to Basil Hashem, senior director of mobile strategy at VMware.To read this article in full or to leave a comment, please click here(Insider Story)

Is Anyone Using Long-Distance VM Mobility in Production?

I had fun times participating in a discussion focused on whether it makes sense to deploy OTV+LISP in a new data center deployment. Someone quickly pointed out the elephant in the room:

How many LISP VM mobility installs has anyone on this list been involved with or heard of being successfully deployed? How many VM mobility installs in general, where the VMs go at least 1,000 miles? I'm curious as to what the success rate for that stuff is.

I think we got one semi-qualifying response, so I made it even simpler ;)

Read more ...

CCDE – Load Balancer Designs

Introduction

This post will describe different load balancer designs, the pros and cons of the designs and how they affect the forwarding of packets.

Load Sharing Vs Load Balancing

The terms load sharing and load balancing often get intermixed. An algorithm such as Cisco Express Forwarding (CEF) does load sharing of packets meaning that packets get sent on a link based on parameters such as source and destination MAC address or source and destination IP address or in some cases also the layer 4 ports in the IP packet. The CEF algorithm does not take into consideration the utilization of the link or how many flows have been assigned to each link. Load balancing on the other hand tries to utilize the links more evenly by tracking the bandwidth of the flows and assigning flows based on this information to the different links. The goal is to distribute the traffic across the links as evenly as possible. However load balancing is mostly used to distribute traffic to different servers to share the load among them.

Why Load Balancing?

What warrants the use of a load balancer? Think of a web site such as facebook.com. Imagine the number of users Continue reading

Using InfluxDB + Grafana to Display Network Statistics

I loathe MRTG graphs. They were cool in 2000, but now they’re showing their age. We have much better visualisation tools available, and we don’t need to be so aggressive with aggregating old data. I’ve been working with InfluxDB + Grafana recently. Much cooler, much more flexible. Here’s a walk-through on setting up InfluxDB + Grafana, collecting network throughput data, and displaying it.

Background – InfluxDB + Grafana

There’s three parts to this:

  • Grafana: This is our main UI. Grafana is a “…graph and dashboard builder for visualizing time series metrics.” It makes it easy to create dashboards for displaying time-series data. It works with several different data sources such as Graphite, Elasticsearch, InfluxDB, and OpenTSDB.
  • InfluxDB: This is where we store the data that Grafana displays. InfluxDB is “…an open-source distributed time series database with no external dependencies.” It’s a relatively new project, and is not quite at 1.0 yet, but it shows a lot of promise. It can be used in place of Graphite. It is very flexible, and can store events as well as time series data.
  • Influxsnmp: We need to get data from the network into InfluxDB. There are a few options for Continue reading
1 3,212 3,213 3,214 3,215 3,216 3,780