What is route recursion

How does Internet work - We know what is networking

We are going back to networking basics with this post. In few lines below you will find most important theory that makes network gear do its job. The main router job is to making routing decisions to be able to route packets toward their destination. Sometimes that includes recursive lookup of routing table if the next-hop value is not available via connected interface. Routing decision on end device like PC, Tablet or Phone If one device wants to send a packet to another device, it first needs to find an answer to these questions: Is maybe the destination IP address chunk of local subnet

What is route recursion

Segment routing key points

Segment Routing  (SR) leverages the source paradigm. A node. steers a packet through an ordered list of instructions, called ‘ segment.State is kept in the packet header, not on the router, with Segment Routing.

Resources such as the CPU and Memory are saved.

If you have 100 Edge Routers in your network and if you enable MPLS Traffic Edge to Edge, you would have 100×99/2 = 4950 LSP states on your Midpoint LSR. This is prevalent in many MPLS TE enabled network.

If you enable Segment Routing and if you evaluate the same midpoint case (since you assign a Prefix/Node SID for every Edge router), Midpoint LSR would have 110 entries instead of 4500 entries.

As for the scalability, everything is perfect. However, there is a caveat.

Segment list can easily get big if you use explicit routing for the purpose of OAM. If you do that, you may end up with 7-8 segments. In that case, it is pertinent that you check the hardware support.

Cisco claims that they have performed the tests on a number of service provider networks and that their findings show that two or three segments would be enough for the most explicit Continue reading

Obama wants help from tech firms to fight terrorism

U.S. President Barack Obama is seeking the help of tech companies to combat terror threats, which he described as entering a new phase. Obama's remarks could put into sharp focus again the demand by law enforcement agencies for tech companies to provide ways for the government to be able to access encrypted communications. In an address late Sunday from the Oval Office, Obama said he "would urge hi-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice."To read this article in full or to leave a comment, please click here

Report: Over 80% mobile apps have crypto flaws, 4 of 5 web apps fail OWASP security

Veracode released a new report, State of Software Security: Focus on Application Development, which is a supplement to the original 2015 State of Software Security (SOSS) report that was released in June. The company’s fall 2015 SOSS edition looks at security flaws of apps written in mobile app development languages, compiled languages and traditional web app development languages.To read this article in full or to leave a comment, please click here

ansible + ec2 + tags

This post is a direct result of the insightful questions asked by attendees during Ansible Fest 2015 San Francisco during the "Ask an Expert". This was a great opportunity for the Ansible Tower team to engage with customers of both Ansible and Tower and to understand their use cases, frustration, and love when working with our products.

Ansible Fest 2015 San Francisco

*The "Ask an Expert" allowed attendees to sign-up for 15 minute slots to talk with Ansible employees about particular problems or use cases. This resulted in over 50 customer questions! Two Ansible employees were stationed at a heavy traffic area to engage attendees and listen to their initial questions or concerns to help choose from more than 15 experts to best engage with. Attendees then engaged with the expert, identifiable by the "Ask an Expert" picture included in their check-in packet, during their registered time.

* The "Ask an Expert" interaction was much more organic than the above description. Times often ran over when in-depth conversations were had and empty time slots were often filled with discussion from attendees in a more ad-hoc manor.

The feedback from the "Ask an Expert" from the attendees was overwhelmingly positive. I can say that the feeling Continue reading

ansible + ec2 + tags

ansible-amazon-blog-header.png

"How do I spin up multiple ec2 instances, all with differing tags?"

This question is one of the many insightful questions asked by attendees during AnsibleFest 2015 San Francisco at our "Ask an Expert" tables. AnsibleFest was a great opportunity for the Ansible team to engage with customers of both Ansible and Tower and to understand their use cases, frustration, and love when working with our products.

The "Ask an Expert" program allowed attendees to sign-up for 15 minute slots to talk with more than 15 Ansible experts, resulting in over 50 customer questions! 

Feedback from the attendees was overwhelmingly positive. I can say that the feeling is mutual from the Ansible team side! It was a joy to hear from so many users of Ansible and Tower.

 

Example AnsibleFest "Ask an Expert" sign-up sheet:

blog-ask-expert-sf15

 


Onto the Playbook

Now that we have the back story out of the way, let's get into the playbooks. Several attendees asked how to spin up multiple ec2 instances, all with differing tags.

Extrapolating from that question the user wants/concerns are:

  • The ec2 doesn't "count" (spins up multiple identical instances)
  • Run tasks/plays against spun up instances (obviously)
  • Assign different properties to each instance (i.e. tags)

From the above requirements I will demonstrate a general Continue reading

Internet Redundancy with ASA SLA and IPSec

I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats over to a secondary service provider in the event of a failure. I was recently challenged with how this interacted with IPSec. As a result I built out this configuration and performed some fairly extensive testing.

It is worth noting that this is not a substitute for a properly multi-homed Internet connection that utilizes BGP. It is, however, a method for overcoming the challenges often found in the SMB environments where connections are mostly outbound or can alternatively be handled without completely depending on either of the service provider owned address spaces.

In this article, we will start out with a typical ASA redundant Internet connection using IP SLA. Then we will overlay a IPSec Site to Site configuration and test the failover process.

ASA_IPSec_Redundant

The base configuration for this lab is as follows. Continue reading

What is Internet Goverance and Why Does it Matter?

Last month, CloudFlare participated the tenth annual Internet Governance Forum (IGF) in Joao Pessoa, Brazil. Since it was launched at the United Nations’ World Summit on the Information Society (WSIS) in 2005, the IGF has provided valuable opportunities for thousands of representatives of non-profit groups, businesses, governments, and others to debate decisions that will affect the future of the Internet. While the Forum does not negotiate any treaties or other agreements, what participants learn there can influence corporate strategies, standards proposals, and national government policies. Even more importantly, discussions in the hallways (or in the bar or on the beach) can lead to new projects, new thinking, and new collaborations.

The range of issues and the diversity of speakers on panels and at the podium was even greater this year than at previous IGFs. Issues ranged from the need for strong encryption to whether net neutrality regulations are needed—from countering the abuse of women online to how to foster deployment of IPv6 and Internet Exchange Points. You can watch all 167 IGF sessions, which were webcast and archived. I represent CloudFlare as a member of the Multistakeholder Advisory Group (MAG), which organizes the IGF program. Together with the other MAG Continue reading

The FTC’s next chief technologist is on a quest for better passwords

Privacy issues will likely stay at the forefront of the FTC's focus next year thanks to the commission's appointment of Lorrie Cranor as its new chief technologist.Cranor, who is currently a professor of computer science and engineering and public policy at Carnegie Mellon University, directs the CyLab Usable Privacy and Security Laboratory. She will succeed Ashkan Soltani, the privacy expert who assumed the role in November 2014, the U.S. Federal Trade Commission announced on Thursday.Cranor will join the FTC in January.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sensors designed to detect overloaded cables, prevent fires

Flickering lights, tripping breakers, and discolored outlets are among the ways one can guess that wiring is overloaded. Add visual access, and you can tell if the sheathing may appear discolored.But some of us who've been around electricity for a while have also developed an acute sense of smell for wiring trouble. There's a distinctive acrid odor that can be caused by melting components on a PCB, the plastic around a part, or the polyvinyl chloride (PVC) covering on the wire emitting vapor.That odor on its own, even without visible smoke, is a heads-up to troubleshoot the wiring.Nasal range? There are, however, flaws in the sniffing method of overloading detection. What happens if the overloading occurs in an overhead crawl space, for example? Or at a remote, non-staffed installation?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sensors designed to detect overloaded cables, prevent fires

Flickering lights, tripping breakers, and discolored outlets are among the ways one can guess that wiring is overloaded. Add visual access, and you can tell if the sheathing may appear discolored.But some of us who've been around electricity for a while have also developed an acute sense of smell for wiring trouble. There's a distinctive acrid odor that can be caused by melting components on a PCB, the plastic around a part, or the polyvinyl chloride (PVC) covering on the wire emitting vapor.That odor on its own, even without visible smoke, is a heads-up to troubleshoot the wiring.Nasal range? There are, however, flaws in the sniffing method of overloading detection. What happens if the overloading occurs in an overhead crawl space, for example? Or at a remote, non-staffed installation?To read this article in full or to leave a comment, please click here

Russian spy group adopts new tools to hack defense contractor networks

A Russian cyberespionage group known as Pawn Storm has adopted new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.Pawn Storm, also known as Sofacy, after its primary malware tool, has been active since at least 2007 and has targeted governmental, security and military organizations from NATO member countries, as well as media organizations, Ukrainian political activists and Kremlin critics.Since August, the group has been engaged in an ongoing attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.To read this article in full or to leave a comment, please click here

PlexxiPulse—Networking in Boston

Our CEO, Rich Napolitano, has been hitting the road to share the Plexxi message! Just before Thanksgiving, he sat down with Paul Gillin and Dave Vellante of SiliconANGLE to discuss our most recent product launch and modernizing network infrastructure. Take a look at the video below!

Earlier this week, Rich participated in the Enterprise Tech Strikes Back event in Boston hosted by Xconomy. Rich was a member of the “Building the Next Great Infrastructure Company” panel with Andy Ory of 128 Technology, Ellen Rubin of ClearSky Data and moderator Jody Rose of the New England Venture Capital Association. The group discussed networking, storage and cloud, and what it will take to create Boston’s next big enterprise IT infrastructure company. We enjoyed meeting and networking with likeminded startups that are taking on the challenges associated with the Third Era of IT. It is always fun to have a group of brilliant minds in one room!

Captureticnplexxi1(Photo credit: Bob Brown, Network World)

Below please find a few of our top picks for our favorite news articles of the week. Enjoy.

BetaNews.com: Is your network ready for IoT devices?
By Manish Sablok
The stats are here: investment bank Goldman Sachs cites Continue reading

Stuff The Internet Says On Scalability For December 4th, 2015

Hey, it's HighScalability time:


Change: Elliott $800,000 in 1960, 8K RAM, 2kHz CPU vs Raspberry Pi Zero, $5, 1Ghz, 512MB

 

If you like Stuff The Internet Says On Scalability then please consider supporting me on Patreon.

  • 434,000: square-feet in Facebook's new office;  $62.5 billion: Uber's valuation; 11: DigitalOcean datacenters; $4.45 billion: black Friday online sales; 2MPH: speed news traveled in 1500; 95: percent of world covered by mobile broadband; 86%: items Amazon delivers that weigh less than five pounds.

  • Quotable Quotes:
    • Jeremy Hsu: Is anybody thinking about how we’ll have to code differently to accommodate the jump from a 1-exaflop supercomputer to 10 exaflops? There is not enough attention being paid to this issue.
    • @kml: “Process drives away talent” - @adrianco at #yow15
    • capkutay: Seems like a lot of the momentum behind containers is driven by the Silicon Valley investment community.
    • @taotetek: IoT is turning homes into datacenters with no system administrators and no security team.
    • @asymco: On Thursday and early Friday, mobile traffic accounted for nearly 60% of all online shopping traffic, and 40% of all online sales
    • Mobile App Developers are Suffering: It’s Continue reading
1 3,237 3,238 3,239 3,240 3,241 3,854