Network Firefighters or Fire Marshals?

FireMarshal

Throughout my career as a network engineer, I’ve heard lots of comparisons to emergency responders thrown around to describe what the networking team does. Sometimes we’re the network police that bust offenders of bandwidth polices. Other times there is the Network SWAT Team that fixes things that get broken when no one else can get the job done. But over and over again I hear network admins and engineers called “fire fighters”. I think it’s time to change how we look at the job of fires on the network.

Fight The Network

The president of my old company used to try to motivate us to think beyond our current job roles by saying, “We need to stop being firefighters.” It was absolutely true. However, the sentiment lacked some of the important details of what exactly a modern network professional actually does.

Think about your job. You spend most of your time implementing change requests and trying to fix things that don’t go according to plan. Or figuring out why a change six months ago suddenly decided today to create a routing loop. And every problem you encounter is a huge one that requires an “all hands on deck” mentality Continue reading

Attackers install highly persistent malware implants on Cisco routers

Replacing router firmware with poisoned versions is no longer just a theoretical risk. Researchers from Mandiant have detected a real-world attack that has installed rogue firmware on business routers in four countries.The router implant, dubbed SYNful Knock, provides attackers with highly privileged backdoor access to the affected devices and persists even across reboots. This is different than the typical malware found on consumer routers, which gets wiped from memory when the device is restarted.SYNful Knock is a modification of the IOS operating system that runs on professional routers and switches made by Cisco Systems. So far it was found by Mandiant researchers on Cisco 1841, 8211 and 3825 "integrated services routers," which are typically used by businesses in their branch offices or by providers of managed network services.To read this article in full or to leave a comment, please click here

The Dangers Of SDN Failure

The concepts of software-defined networking and hybrid cloud challenge the traditional boundaries of the enterprise network. Nathan Pearce, Principal Technologist at F5 Networks, examines the ownership issues surrounding SDN and cloud, and who must be responsible for an inevitable outage.

Technology that predicts your next security fail

In 2013, the IRS paid out $5.8 billion in refunds for tax filings it later realized were fraudulent, according to a 2015 report by the Government Accountability Office. This news comes as no surprise to the Kentucky Department of Revenue, which is stepping up its own war against rising fraud cases with predictive analytics.Predictive analytics uses publicly available and privately sourced data to try to determine future actions. By analyzing what has already happened, organizations can detect what is likely to happen before anything affects the security of the organization's physical infrastructure, human capital or intellectual property.To read this article in full or to leave a comment, please click here

10 Websites To Visit If You Want to be a CCIE

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
During my CCIE journey I have used many online resources from paid to free, the list below shows my top 10 ccie related websites that I used on a regular basis to to get information and study material. These range from Cisco to training providers and personal blogs. All which provided benefits to my study. […]

Other pages of interest:

Post taken from CCIE Blog

Original post 10 Websites To Visit If You Want to be a CCIE

The Autumn Cloud/SDN Roadtrip

One of my kids recently asked me whether I plan to travel somewhere during the autumn. The answer was “a bit” surprising: Boston (just got back), Zurich, Bern, Stockholm, Ljubljana, Heidelberg, Nuremberg, Rome, Miami, Ljubljana, Helsinki, and maybe Munich and/or another trip to Zurich… so I might not be able to blog as frequently as usual.

Most of those trips are public events (hyperlinked). If you’re anywhere close one of those cities, check them out and drop by.

Business Critical Apps & the DMVPN Underlay of IWAN’s Intelligent Path Control

Let’s assume we have a Branch with 1 Router and 2 WAN connections.  We decide to use Intelligent Path Control with PfRv3 and design our policy such that the business critical traffic goes over one of the WAN clouds (MPLS, for example) and will use the other WAN cloud (Internet, for example) should a certain level of impairment (delay, loss, jitter) occur on the primary path.

But that business critical traffic is well….. critical to your business.  So that probably isn’t really good enough. Let’s take this a couple steps further to make sure your business critical traffic is treated as such.

With Intelligent Path Control with PfRv3 what will actually happen is that while the business critical traffic is going over the primary channel, a backup channel will be created over the other WAN cloud. On top of that, PfRv3 will be checking the health of the path the backup channel is taking.  Actually… let me be even more specific.  PfRv3 will be checking the health of the exact path that business critical traffic would take if it were to be sent over the fallback WAN cloud.

“How is this accomplished?

Regardless of hashing algorithms Continue reading

The Changing Mobile World

Today’s Internet is undoubtedly the mobile Internet. Sales of all other forms of personal computers are in decline and the market focus is now squarely on tablets, “smart” phones and wearable peripherals. You might think that such significant volumes and major revenue streams would underpin a highly competitive and diverse industry base, but you’d be wrong. In 2014 84% of all of the new mobile smart devices were using Google’s Android platform, and a further 12% were using Apple’s iOS system. This consolidation of the platform supply into just two channels is a major change. Further changes are happening. In a world as seemlingly prodigious as the mobile Internet it’s scarcity that is driving much of these changes, but in this particular case it’s not the scarcity of IPv4 addresses. It’s access to useable radio spectrum.

Arista joins Cisco, Dell at 25G

Arista Networks this week became the latest major vendor to roll data center switches that support 25G, 50G and 100Gbps Ethernet.Arista also upgraded its operating system software to support the new switches and give them a number of new features to enhance uptime, and avoid resets and reloads.The new Arista 7060X, 7260X and 7320X fixed-leaf and modular spineswitches are based on Broadcom’s Tomahawk chipset. Tomahawk silicon delivers 3.2Tbps switching capacity – 32 100G ports -- and SDN-optimized engines in a single chip, and features all-25G per-lane interconnect, enabling transformation to 25G and 50G Ethernet networks and eventually up to 100G.To read this article in full or to leave a comment, please click here

Mainstream Cloud Networking with Flexible Ethernet

Networking vendors have long touted distinct routers and switches with different LAN and WAN interfaces. Remember IBM Token Ring versus Ethernet? Or ATM or Sonet versus Ethernet or more recently Fibre Channel SANs versus Ethernet? Ethernet truly addresses the present state and next generation of networking, usually obsoleting the alternatives. Ethernet has proven its evolution...
Continue reading »

Networking Heresy?

Software Defined Networking, and it’s latest incarnation SD-WAN seem to be all the rage at the moment.  Having seen presentations from vendors large and small on the subject recently at Networking Field Day 10 I am still given to thinking there are a few things that get glossed-over by the vendors quite often.  Foremost in my mind, is this (potentially heretical thought):

It is all very well creating virtual or ‘overlay’ networks which run over other networks to suit your purposes, but as someone famous once said, you can’t change the laws of physics.   Packets must ultimately flow across a medium – wires, fibres or waves.  The media doesn’t give a flying fart whether the packet is naked, or clothed in layers of MPLS or GRE headers – if that medium is congested and doesn’t support any form of packet prioritisation, your data is down the dunny.

There’s a trade-off here that perhaps not many people understand when they are shown smooth presentations by manufacturers.  It seems to me that:

  1. Efficient use of network connectivity requires deep understanding from end to end. That’s why you employ network engineers.
  2. Efficient deployment of network connectivity requires abstraction and overlays to increase ease of deployment (which equals loss of understanding of lower layer protocols).
  3. Continue reading

Networking Heresy?

Software Defined Networking, and it’s latest incarnation SD-WAN seem to be all the rage at the moment.  Having seen presentations from vendors large and small on the subject recently at Networking Field Day 10 I am still given to thinking there are a few things that get glossed-over by the vendors quite often.  Foremost in my mind, is this (potentially heretical thought):

It is all very well creating virtual or ‘overlay’ networks which run over other networks to suit your purposes, but as someone famous once said, you can’t change the laws of physics.   Packets must ultimately flow across a medium – wires, fibres or waves.  The media doesn’t give a flying fart whether the packet is naked, or clothed in layers MPLS or GRE headers – if that medium is congested and doesn’t support any form of packet prioritisation, your data is down the dunny.

There’s a trade-off here that perhaps not many people understand when they are shown smooth presentations by manufacturers.  It seems to me that:

  1. Efficient use of network connectivity requires deep understanding from end to end.
  2. Efficient deployment of network connectivity requires abstraction and overlays (which equals loss of understanding of lower layer protocols).
  3. Efficient operation of network connectivity…  well… let’s hope it’ll be fine so long Continue reading

White House won’t say if it’s hoping for a cybersecurity deal with China

With the visit of Chinese premier Xi Jinping just a week away, the White House won't say whether one of its goals is to reach an agreement with China over cybersecurity.Hacking has been one of the issues at the forefront of U.S.-China relations over the last couple of years, particularly after the U.S. accused China of hacking into sensitive federal government systems, something that China denies."We've been pretty blunt in describing the concerns that we have with China's behavior in cyberspace," White House press secretary Josh Earnest told reporters on board Air Force One on Monday, according to a pool report.But Earnest wouldn't comment on any measures that might be taken ahead of the visit.To read this article in full or to leave a comment, please click here

1 3,237 3,238 3,239 3,240 3,241 3,756