0

Anycast For DMVPN Hubs

Dynamic assignment of DMVPN spoke tunnel addresses isn't just a matter of convenience. It provided the foundation for a recent design which included the following fun requirements:

• There are many hub sites.
• Spokes will be network-near exactly one hub site.
• Latency between hub sites is high.
• Bandwidth between hub sites is low.
• Spoke routers don't know where they are in the network.
• Spoke routers must connect only to the nearest hub.

The underlay topology in this environment¹ made it safe for me to anycast the DMVPN hubs, so that's what I did. This made the "connect to the nearest hub" problem easy to solve, but introduced some new complexity.

Hub Anycast Interface
Each DMVPN router has a loopback interface with address 192.0.2.0/32 assigned to the front-door VRF. It's configured something like this:

 interface loopback 192020
  description DMVPN hub anycast target  
  ip vrf forwarding LTE_TRANSIT  
  ip address 192.0.2.0 255.255.255.255  

The 192.0.2.0 /32 prefix was redistributed into the IP backbone. If this device were to fail, then the next-nearest instance of 192.0.2.0 would be selected by the IGP.

Spoke Configuration
Spokes look pretty much exactly like Continue reading

0

Worth Reading: Net Neutrality

The core conceit and fallacy of ‘neutrality’ has been to create a doctrine of fairness to packets at the local mechanism level. I hate to have to tell you this, but packets don’t have feelings. They don’t get irate when they are in a queue too long and other packets jump ahead of them. via circleid

Continue reading

0

CCIE Three Months Later

A short take on my journey to becoming CCIE #49800. This wouldn't be possible without the so very important people in my life. Thank You!...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

0

Patch Tuesday November 2015: Microsoft releases 12 fixes, 4 rated critical

For Patch Tuesday November 2015, Microsoft released 12 security bulletins, four rated as critical and the remaining 8 rated as important.Rated CriticalMS15-112 is the cumulative fix for remote code execution flaws in Internet Explorer. Microsoft lists 25 CVEs, most of which are IE memory corruption vulnerabilities. 19 are called Internet Explorer memory corruption vulnerabilities, with three CVEs labeled slightly different as Microsoft browser memory corruption vulnerabilities. Of the remaining CVEs, one involves Microsoft browser ASLR bypass, one is for an IE information disclosure flaw, and one is a scripting engine memory corruption vulnerability. You should deploy this as soon as possible.To read this article in full or to leave a comment, please click here

0

The NCM Connector for Cisco Devices

post by: matt.raio   Greetings fellow GNS3ers and SolarWinds Gurus!   This guide is to present to you a new feature that utilizes

0

Startup Radar: Niara Uses Machine Learning To Spot Malicious Activity

Startup Niara applies machine learning to security logs and network packets and flows to find anomalous behavior that may indicate malicious activity.

The post Startup Radar: Niara Uses Machine Learning To Spot Malicious Activity appeared first on Packet Pushers.

0

Nerd Knobs Are Career Limiting

Redefining the term Nerd Knobs as Wanker Knobs

The post Nerd Knobs Are Career Limiting appeared first on EtherealMind.

0

Deploy and Manage Any Cluster Manager with Docker Swarm

written by Sam Alba, Sr. Director of Engineering at Docker, Inc. and Andrea Luzzardi, Software Engineer at Docker, Inc. As you have seen, last week Docker Swarm reached 1.0, and now is ready for production use. Swarm is native clustering … Continued

0

Three indicted in JPMorgan hacking case

On Tuesday, Manhattan US Attorney Preet Bharara's office unsealed an indictment against three individuals charged with hacking several financial institutions, financial news publishers, and other companies.In a statement to Reuters, JPMorgan confirmed that the recently unsealed indictment is connected to last year's hack, which impacted 83 million households.Monday's indictment focuses on Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein.In court documents shared with CSO Online, the prosecutors say that between 2012 and 2015, the three pulled off "the largest theft of customer data from a U.S. financial institution in history" by stealing the personal information of more than 100 million people.To read this article in full or to leave a comment, please click here

0

ARM is bringing some much needed security to the Internet of Things

If you believe what the tech industry tells us, everything is coming online. From pacemakers to washing machines to street lights, all will be networked together and feeding data into the cloud. If this Internet of Things comes to pass, we're going to need a lot more security than we have today.Chip design company ARM announced plans Tuesday for a new line of chips intended to help secure those devices. ARM is best known for designing the microprocessors in smartphones and tablets, but it also designs smaller chips, called microcontrollers, that feature heavily in IoT. Some four billion ARM microcontrollers were shipped by ARM licensees last year.To read this article in full or to leave a comment, please click here

0

Sponsored Post: StatusPage.io, Digit, iStreamPlanet, Instrumental, Redis Labs, Jut.io, SignalFx, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

• Senior Devops Engineer - StatusPage.io is looking for a senior devops engineer to help us in making the internet more transparent around downtime. Your mission: help us create a fast, scalable infrastructure that can be deployed to quickly and reliably.


• Digit Game Studios, Irish’s largest game development studio, is looking for game server engineers to work on existing and new mobile 3D MMO games. Our most recent project in development is based on an iconic AAA-IP and therefore we expect very high DAU & CCU numbers. If you are passionate about games and if you are experienced in creating low-latency architectures and/or highly scalable but consistent solutions then talk to us and apply here.


• As a Networking & Systems Software Engineer at iStreamPlanet you’ll be driving the design and implementation of a high-throughput video distribution system. Our cloud-based approach to video streaming requires terabytes of high-definition video routed throughout the world. You will work in a highly-collaborative, agile environment that thrives on success and eats big challenges for lunch. Please apply here.


• As a Scalable Storage Software Engineer at iStreamPlanet you’ll be driving the design and implementation of numerous storage systems including software services, analytics and video Continue reading

0

HL: The Art of Network Architecture

The post HL: The Art of Network Architecture appeared first on 'net work.

0

IDG Contributor Network: How magnetic ID cards are becoming indestructable

One of the problems with traditional magnetic storage has always been that, because it's written with magnetic fields, it can be wiped by those fields too.That makes for a pretty unstable medium—though convenient and more efficient than many.Magnetic storage is used in ID and credit cards too, but the environments that the cards encounter are brutal on the media.So is space travel, and indeed the residential living rooms with magnet-containing home theatre speakers, for example. Remember the mysteriously deteriorating cassette tape?Yet magnetic media has its favorable qualities—it's more secure than Radio Frequency (RF) chips, for example.To read this article in full or to leave a comment, please click here

0

Stay tuned for important news in December!!

I’ve got some important news which I will reveal in the beginning of December!

So stay tuned

 

0

Gathering No MOS

If you work in the voice or video world, you’ve undoubtedly heard about Mean Opinion Scores (MOS). MOS is a rough way of ranking the quality of the sound on a call. It’s widely used to determine the over experience for the user on the other end of the phone. MOS represents something important in the grand scheme of communications. However, MOS is quickly becoming a crutch that needs some explanation.

That’s Just Like Your Opinion

The first think to keep in mind when you look at MOS data is that the second word in the term is opinion. Originally, MOS was derived by having selected people listen to calls and rank them on a scale of 1 (I can’t hear you) to 5 (We’re sitting next to each other). The idea was to see if listeners could distinguish when certain aspects of the call were changed, such as pathing or exchange equipment. It was an all-or-nothing ranking. Good calls got a 4 or even rarely a 5. Most terrible calls got 2 or 3. You take the average of all your subjects and that gives your the overall MOS for your system.

When digital systems came along, MOS took Continue reading

0

Five Functional Facts about TACACS+ in ISE 2.0

The oft-requested and long awaited arrival of TACACS+ support in Cisco’s Identity Services Engine (ISE) is finally here starting in version 2.0. I’ve been able to play with this feature in the lab and wanted to blog about it so that existing ISE and ACS (Cisco’s Access Control Server, the long-time defacto TACACS+ server) users know what to expect.

Below are five facts about how TACACS+ works in ISE 2.0.

Continue reading

0

Announcing Universal DNSSEC: Secure DNS for Every Domain

CloudFlare launched just five years ago with the goal of building a better Internet. That’s why we are excited to announce that beginning today, anyone on CloudFlare can secure their traffic with DNSSEC in just one simple step.

This follows one year after we made SSL available for free, and in one week, more than doubled the size of the encrypted web. Today we will do the same with DNSSEC, and this year, we’ll double the size of the DNSSEC-enabled web, bringing DNSSEC to millions of websites, for free.

If DNS is the phone book of the Internet, DNSSEC is the unspoofable caller ID. DNSSEC ensures that a website’s traffic is safely directed to the correct servers, so that a connection to a website is not intercepted by a man-in-the-middle.

Solving A Decades-Old Vulnerability In DNS

Every website visit begins with a DNS query. When I visit cloudflare.com, my browser first needs to find the IP address:

cloudflare.com. 272 IN A 198.41.215.163

When DNS was invented in 1983, the Internet was used by only a handful of professors and researchers, and no one imagined that there could be foul play. Thus, DNS relies on Continue reading

0

Versa Decouples Hardware from Software for SD-WAN, vCPE, & Security

Decoupling like Juniper? No comparison, say Versa's founders.

0

How to avoid a data center overrun with idle servers

You've undoubtedly read, or at least seen the articles talking about "comatose" servers, servers in data centers that don't do any work and just sit idle. A study from Stanford University professor Jonathan Koomey and Jon Taylor, a partner at the consulting firm Athensis Group found that up to 30% of all physical servers in data centers do nothing all day long and no one notices.This is not a new discovery; it has been around for several years. In 2008, McKinsey & Co. released a similar study, finding that up to 30% of servers in data centers were as they put it "functionally dead." The Uptime Institute issued a similar report in 2012, finding around 30% of servers to be idle and not working.To read this article in full or to leave a comment, please click here

0

First Linux ransomware program cracked, for now

Administrators of Web servers that were infected with a recently released ransomware program for Linux are in luck: There's now a free tool that can decrypt their files.The tool was created by malware researchers from antivirus firm Bitdefender, who found a major flaw in how the Linux.Encoder.1 ransomware uses encryption.The program makes files unreadable by using the Advanced Encryption Standard (AES), which uses the same key for both the encryption and decryption operations. The AES key is then encrypted too by using RSA, an asymmetric encryption algorithm.To read this article in full or to leave a comment, please click here