Network Dictionary – Security Blanket Failure
Define "Security Blanket Failure"
The post Network Dictionary – Security Blanket Failure appeared first on EtherealMind.
The Autumn Cloud/SDN Roadtrip
One of my kids recently asked me whether I plan to travel somewhere during the autumn. The answer was “a bit” surprising: Boston (just got back), Zurich, Bern, Stockholm, Ljubljana, Heidelberg, Nuremberg, Rome, Miami, Ljubljana, Helsinki, and maybe Munich and/or another trip to Zurich… so I might not be able to blog as frequently as usual.
Most of those trips are public events (hyperlinked). If you’re anywhere close one of those cities, check them out and drop by.
Business Critical Apps & the DMVPN Underlay of IWAN’s Intelligent Path Control
Let’s assume we have a Branch with 1 Router and 2 WAN connections. We decide to use Intelligent Path Control with PfRv3 and design our policy such that the business critical traffic goes over one of the WAN clouds (MPLS, for example) and will use the other WAN cloud (Internet, for example) should a certain level of impairment (delay, loss, jitter) occur on the primary path.
But that business critical traffic is well….. critical to your business. So that probably isn’t really good enough. Let’s take this a couple steps further to make sure your business critical traffic is treated as such.
With Intelligent Path Control with PfRv3 what will actually happen is that while the business critical traffic is going over the primary channel, a backup channel will be created over the other WAN cloud. On top of that, PfRv3 will be checking the health of the path the backup channel is taking. Actually… let me be even more specific. PfRv3 will be checking the health of the exact path that business critical traffic would take if it were to be sent over the fallback WAN cloud.
“How is this accomplished?
Regardless of hashing algorithms Continue reading
The Changing Mobile World
Today’s Internet is undoubtedly the mobile Internet. Sales of all other forms of personal computers are in decline and the market focus is now squarely on tablets, “smart” phones and wearable peripherals. You might think that such significant volumes and major revenue streams would underpin a highly competitive and diverse industry base, but you’d be wrong. In 2014 84% of all of the new mobile smart devices were using Google’s Android platform, and a further 12% were using Apple’s iOS system. This consolidation of the platform supply into just two channels is a major change. Further changes are happening. In a world as seemlingly prodigious as the mobile Internet it’s scarcity that is driving much of these changes, but in this particular case it’s not the scarcity of IPv4 addresses. It’s access to useable radio spectrum.NFV MANO Mania Has Run its Course
NFV must move beyond that familiar, ubiquitous ETSI diagram.
DHCP AS A CONFIGURATION TOOL?
Original Post from John Bigboote in Solarwinds Thwack Community One of the hottest technologies in networking right now is SoftwareMainstream Cloud Networking with Flexible Ethernet
Networking vendors have long touted distinct routers and switches with different LAN and WAN interfaces. Remember IBM Token Ring versus Ethernet? Or ATM or Sonet versus Ethernet or more recently Fibre Channel SANs versus Ethernet? Ethernet truly addresses the present state and next generation of networking, usually obsoleting the alternatives. Ethernet has proven its evolution...Continue reading »
FireHost, Now Named Armor, Extends Security to Microsoft Azure
The hosting firm's security tools start reaching into Azure, with other clouds to follow.
Networking Heresy?
Software Defined Networking, and it’s latest incarnation SD-WAN seem to be all the rage at the moment. Having seen presentations from vendors large and small on the subject recently at Networking Field Day 10 I am still given to thinking there are a few things that get glossed-over by the vendors quite often. Foremost in my mind, is this (potentially heretical thought):
It is all very well creating virtual or ‘overlay’ networks which run over other networks to suit your purposes, but as someone famous once said, you can’t change the laws of physics. Packets must ultimately flow across a medium – wires, fibres or waves. The media doesn’t give a flying fart whether the packet is naked, or clothed in layers of MPLS or GRE headers – if that medium is congested and doesn’t support any form of packet prioritisation, your data is down the dunny.
There’s a trade-off here that perhaps not many people understand when they are shown smooth presentations by manufacturers. It seems to me that:
- Efficient use of network connectivity requires deep understanding from end to end. That’s why you employ network engineers.
- Efficient deployment of network connectivity requires abstraction and overlays to increase ease of deployment (which equals loss of understanding of lower layer protocols).
- Continue reading
Networking Heresy?
Software Defined Networking, and it’s latest incarnation SD-WAN seem to be all the rage at the moment. Having seen presentations from vendors large and small on the subject recently at Networking Field Day 10 I am still given to thinking there are a few things that get glossed-over by the vendors quite often. Foremost in my mind, is this (potentially heretical thought):
It is all very well creating virtual or ‘overlay’ networks which run over other networks to suit your purposes, but as someone famous once said, you can’t change the laws of physics. Packets must ultimately flow across a medium – wires, fibres or waves. The media doesn’t give a flying fart whether the packet is naked, or clothed in layers MPLS or GRE headers – if that medium is congested and doesn’t support any form of packet prioritisation, your data is down the dunny.
There’s a trade-off here that perhaps not many people understand when they are shown smooth presentations by manufacturers. It seems to me that:
- Efficient use of network connectivity requires deep understanding from end to end.
- Efficient deployment of network connectivity requires abstraction and overlays (which equals loss of understanding of lower layer protocols).
- Efficient operation of network connectivity… well… let’s hope it’ll be fine so long Continue reading
Just some quick points about DHCP
Okay, so everybody knows DHCP pretty well.I just want to point out a few little details as background for a future post:
DHCP Relays Can Change Things
The first point is about those times when the DHCP client and server aren't on the same segment.
In these cases, a DHCP relay (usually running on a router) scoops up the helpless client's broadcast packets and fires them at the far away DHCP server. The server's replies are sent back to the relay, and the relay transmits them onto the client subnet.
The DHCP relay can change several things when relaying these packets:
- It increments the bootp hop counter.
- It populates the relay agent field in the bootp header (The DHCP server uses this to identify the subnet where the client is looking for a lease).
- It can introduce additional DHCP options to the request.
The last one is particularly interesting. When a DHCP relay adds information to a client message, it can be used by the DHCP server for decision-making or logging purposes. Alternatively, the added information can be used by the DHCP relay itself: Because the relay's addition will be echoed back by the server, the relay can parse Continue reading
Microsoft’s New President Will Lead Security Policies
Brad Smith will be a big voice in the future of cloud security policies, globally.
Last Chance to Find Out How Brocade’s Services Director Help Drive Your Business. Register Today!
Come join Brocade for their DemoFriday on October 16th at 10:00am PT to discover a new and easy way to manage application growth that can significantly reduce your current cost structures.
Featured Article: Cisco ACI + Microsegmentation = Security
Cisco ACI offers an elegant new approach to microsegmentation that makes it a powerful tool for security or network administrators.
Avi Networks Hires Former NetApp Exec Pandey as CEO
Co-founder Umesh Mahajan takes the CSO role as the L4-7 startup braces for growth.
ONF-Sponsored Hot SDN Topics Panel Discussion: What’s Intent Driven Networking?
Join major industry thought leaders for an exciting conversation surrounding some of the hottest topics in SDN.
How Uber Scales Their Real-time Market Platform
Reportedly Uber has grown an astonishing 38 times bigger in just four years. Now, for what I think is the first time, Matt Ranney, Chief Systems Architect at Uber, in a very interesting and detailed talk--Scaling Uber's Real-time Market Platform---tells us a lot about how Uber’s software works.
If you are interested in Surge pricing, that’s not covered in the talk. We do learn about Uber’s dispatch system, how they implement geospatial indexing, how they scale their system, how they implement high availability, and how they handle failure, including the surprising way they handle datacenter failures using driver phones as an external distributed storage system for recovery.
The overall impression of the talk is one of very rapid growth. Many of the architectural choices they’ve made are a consequence of growing so fast and trying to empower recently assembled teams to move as quickly as possible. A lot of technology has been used on the backend because their major goal has been for teams to get the engineering velocity as high as possible.
After a understandably chaotic (and very successful) start it seems Uber has learned a lot about their business and what they really need to Continue reading