IPv6 Performance

Every so often I hear the claim that some service or other does not support IPv6 not because of some technical issue, or some cost or business issue, but simply because the service operator is of the view that IPv6 offers an inferior level service as compared to IPv4, and by offering the service over IPv6 they would be exposing their clients to an inferior level of performance of the service. But is this really the case? Is IPv6 an inferior cousin of IPv4 in terms of service performance? In this article I'll report on the results of a large scale measurement of IPv4 and IPv6 performance, looking at the relativities of IPv6 and IPv4 performance.

Many embedded devices ship without adequate security tests, analysis shows

An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them, pointing to poor security testing by manufactuers.The study was performed by researchers from the Eurecom research center in France and Ruhr-University Bochum in Germany, who built an automated platform capable of unpacking firmware images, running them in an emulated environment and starting the embedded Web servers that host their management interfaces.The researchers started out with a collection of 1,925 Linux-based firmware images for embedded devices from 54 manufacturers, but they only managed to start the Web server on 246 of them. They believe that with additional work and tweaks to their platform that number could increase.To read this article in full or to leave a comment, please click here

FlexVPN configuration

In this post we’ll have a look at the process of configuring a FlexVPN network (unofficially known as DMVPN phase 4). I’ll show what components are involved in configuration and how they all tie together. For most patient readers there’s a bonus at the end of this post. FlexVPN network topology The network we’ll be looking at is […]

The post FlexVPN configuration appeared first on Packet Pushers.

OVN service injection demonstration

Enabling extensibility in OVN, by Gal Sagie, Huawei and Liran Schour, IBM, Open vSwitch 2015 Fall Conference describes a method for composing actions from an external application with actions installed by the Open Network Virtualization (OVN) controller.


An API allows services to be attached to logical topology elements in the OVN logical topology, resulting in a table in the OVN logical flow table that is under the controller of the external service. Changes to the logical table are then automatically instantiated as concrete flows in the Open vSwitch instances responsible for handling the packets in the flow.

The demo presented involves detecting large "Elephant" flows using sFlow instrumentation embedded in Open vSwitch. Once a large flow is detected, logical flows are instantiated in the OVN controller to mark the packets. The concrete marking rules are inserted in the Open vSwitch packet processing pipelines handling the logical flow's packets. In the demo, the marked packets are then diverted by the physical network to a dedicated optical circuit.

There are a number of interesting traffic control use cases described on this blog that could leverage the capabilities of Open vSwitch using this approach:

The ‘need’ to control encryption and The Big Lie

Within hours of the recent Paris terrorist attacks, various politicians and current- and ex-government officials used it as an opportunity to push ther agendas. For example, in multiple interviews James Woolsey, former Director of the CIA, blamed Edward Snowden, the National Security Agency whistleblower: I think the blood of a lot of these French young people is on his hands ... I would give him the death sentence, and I would prefer to see him hanged by the neck until he’s dead, rather than merely electrocuted. He even went so far as to claim that the Obama administration’s changes to government surveillance policies were responsible for the inability of the US and French intelligence services to prevent the Paris attacks. Talk about a partisan viewpoint.To read this article in full or to leave a comment, please click here

Using an SSH Bastion Host

Secure Shell, or SSH, is something of a “Swiss Army knife” when it comes to administering and managing Linux (and other UNIX-like) workloads. In this post, I’m going to explore a very specific use of SSH: the SSH bastion host. In this sort of arrangement, SSH traffic to servers that are not directly accessible via SSH is instead directed through a bastion host, which proxies the connection between the SSH client and the remote servers.

At first, it may sound like the use of an SSH bastion host is a pretty specialized use case. In reality, though, I believe this is a design pattern that can actually be useful in a variety of situations. I plan to explore the use cases for an SSH bastion host in a future blog post.

This diagram illustrates the concept of using an SSH bastion host to provide access to Linux instances running inside some sort of cloud network (like an OpenStack Neutron tenant network or an AWS VPC):

SSH bastion host diagram

Let’s take a closer look at the nuts and bolts of actually setting up an SSH bastion host.

First, you’ll want to ensure you have public key authentication properly configured, both on the bastion host Continue reading

Open vSwitch 2015 Fall Conference

Open vSwitch is an open source software virtual switch that is popular in cloud environments such as OpenStack. Open vSwitch is a standard Linux component that forms the basis of a number of commercial and open source solutions for network virtualization, tenant isolation, and network function virtualization (NFV) - implementing distributed virtual firewalls and routers.

The recent Open vSwitch 2015 Fall Conference agenda included a wide variety speakers addressing a range of topics, including: Open Network Virtualization (OVN), containers, service chaining,  and network function virtualization (NFV).

The video above is a recording of the following sFlow related talk from the conference:
New OVS instrumentation features aimed at real-time monitoring of virtual networks (Peter Phaal, InMon)
The talk will describe the recently added packet-sampling mechanism that returns the full list of OVS actions from the kernel. A demonstration will show how the OVS sFlow agent uses this mechanism to provide real-time tunnel visibility. The motivation for this visibility will be discussed, using examples such as end-to-end troubleshooting across physical and virtual networks, and tuning network packet paths by influencing workload placement in a VM/Container environment.
This talk is a follow up to an Open vSwitch 2014 Fall Conference talk on the Continue reading

NASA: Crayons and cereal help test set baseline for jet engine tests

One of the most destructive and dangerous materials a commercial or military jet engine can ingest is volcanic ash and one of the least would be crayons and cereal.But those two substances were a key part of testing NASA has been conducting on smart engine sensors that could detect and help pilots avoid a volcanic plume. The new sensors are expected to detect the degradation caused by the volcanic ash, quantify the significance of the event, and aid in identifying which components might require maintenance, NASA stated. NASA The ash plume (the brown streak) from the big 2010 volcanic eruption of Eyjafjallajökull in Iceland contributed to airline disruptions in Europe for almost a week.To read this article in full or to leave a comment, please click here

PlexxiPulse—Networking for Cloud Builders

As the industry transitions into the next era of IT, the flood of data and application growth is forcing cloud-based network architectures to change radically. This week, we announced two new products (Plexxi 2.2 Software Suite and Plexxi Switch 3) that combine to provide cloud builders unprecedented capabilities to bring public cloud flexibility and efficiency to the private cloud. The cloud builder generation needs to make the private cloud as easy to consume as the public cloud—and Plexxi’s solutions do just that. These new solutions expand Plexxi’s go-to-market opportunities in content distribution, high frequency trading, enterprise and government market segments. Take a look at this blog post from our CEO that defines cloud builders and outlines how these new products can help cloud builders construct agile, scalable and reliable networks for the Third Era of IT.

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

SDX Central: New Plexxi Software Targets the ‘Cloud Builders’
By Mike Robuck
Plexxi CEO Rich Napolitano says Tuesday’s announcement of the company’s new Plexxi 2.2 Software Suite for cloud builders and a new switch are major milestones for the company. As a corollary to the Continue reading

4 simple ways to secure your Internet-connected car

Chances are you heard about the pair of clever guys who earlier this year hacked into a Jeep Cherokee's onboard system over the Internet and turned off the engine while the car was on the highway. Although the hack was a controlled demonstration, it proved that such actions are possible, and that scared a lot of people. Arxan Technologies Click for full size connected car security infographicTo read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For November 20th, 2015

Hey, it's HighScalability time:


100 years ago people saw this as our future. We will be so laughably wrong about the future.
  • $24 billion: amount telcos make selling data about you; $500,000: cost of iOS zero day exploit; 50%: a year's growth of internet users in India; 72: number of cores in Intel's new chip; 30,000: Docker containers started on 1,000 nodes; 1962: when the first Cathode Ray Tube entered interplanetary space; 2x: cognitive improvement with better indoor air quality; 1 million: Kubernetes request per second; 

  • Quotable Quotes:
    • Zuckerberg: One of our goals for the next five to 10 years is to basically get better than human level at all of the primary human senses: vision, hearing, language, general cognition. 
    • Sawyer Hollenshead: I decided to do what any sane programmer would do: Devise an overly complex solution on AWS for a seemingly simple problem.
    • Marvin Minsky: Big companies and bad ideas don't mix very well.
    • @mathiasverraes: Events != hooks. Hooks allow you to reach into a procedure, change its state. Events communicate state change. Hooks couple, events decouple
    • @neil_conway: Lamport, trolling distributed systems engineers since 1998. Continue reading
1 3,229 3,230 3,231 3,232 3,233 3,832