Education for SDN from the ONF

After an incredibly busy week at the Layer 123 SDN World Congress in Düsseldorf, questions of how education is delivered and how it should be delivered in to the field are churning in my aching brain. After a (really) high number of conversations, it’s pretty clear that education for SDN, NfV and network automation is on the mind of professionals and current students alike.

With an almost cocky and over-confident certainty, it’s easy to guess that most network engineers and architects have taken the Cisco road to gain skill sets. Some invest in more neutral options like CBT Nuggets and IPSpace.net, which bring a rich variety of additional content. Cisco have almost certainly set in concrete the way traditional network engineers ‘have’ to learn and as the corporate ladder is ascended year by year, every freshly minted manager believes that his or her staff must follow the same road and ‘earn their spurs’. Not to say there was anything wrong with it, but times change and so must education and learning.

The traditional path to education and certification goes something like this:

NetEng: I need to learn and validate my learning for my employer, or partnership status Continue reading

LTE flaws risk security and privacy of all Android smartphones on Verizon and AT&T

The Computer Emergency Response Team (CERT) at Carnegie Mellon University posted a vulnerability note about multiple vulnerabilities in voice-over-LTE implementations that could potentially compromise the security and privacy of Android users on LTE networks of major U.S. wireless carriers. All Android versions—reportedly even Marshmallow, Google’s newest Android 6.0 – are vulnerable when being used on Verizon Wireless and AT&T; T-Mobile claimed to have “resolved” the issue.To read this article in full or to leave a comment, please click here

LTE flaws risk security and privacy of all Androids on Verizon and AT&T

The Computer Emergency Response Team (CERT) at Carnegie Mellon University posted a vulnerability note about multiple vulnerabilities in voice over LTE implementations that could potentially compromise the security and privacy of Android users on LTE networks of major U.S. wireless carriers. All Android versions—reportedly even Marshmallow, Google’s newest Android 6.0 – are vulnerable when being used on Verizon Wireless and AT&T; T-Mobile claimed to have “resolved” the issue.To read this article in full or to leave a comment, please click here

More Features, Improved Lock-In

Found an interesting article on High Scalability blog (another must-read web site) on how PostgreSQL improves locking behavior in high-volume transaction environment.

Needless to say, the feature is totally proprietaryrather unique and not available in most other database products. Improved locking behavior ⇒ improved lock-in.

Moral of the story: Stop yammering. Networking is no different from any other field of IT.

Update: Yep, I goofed up on the proprietary bit (it was one of those “I don’t think this word means what you think it means” gotchas). However, if you think open source product can't have proprietary features or you can’t get locked into an open-source product, I congratulate you on your rosy perspective. Reality smudged mine years ago.

Ansible inventory, role variables and facts

I’ve been struggling a bit to understand how to use inventory, role variables and facts in the playbooks i’ve been working on (mostly around provisioning opencontrail on top of kubernetes/openshift-origin). I finally came up with a model that made sense to me. This is probably well understood by everyone else but i couldn’t quite grok it until i worked out the following example.

User configuration options should be set:
– In group_vars/all.yml for settings that affect all hosts;
– In the inventory file, for host and group variables;

As in this example:

It is useful to establish a convention for variables that are specific to the deployment (e.g. user settable variables). In this case i’m using flag_<var> as a convention for deployment specific variables.

Most of these would have defaults. In order to set the defaults, the playbook defines a role variable (flag_user_<var> in this example). The playbook role then uses flag_user_<var> rather than the original flag_<var>.

Role variables can use jinja template logic operations as well as filters. The most common operation is to use a <code>default</code> filter as in the example playbook bellow. But more complex logic can be built using {%if <expression> %}{% endif Continue reading

CCDE – Optical Design Considerations

Introduction

As a network architect you should not have to know all the details of the physical and data link layer. What you need to know though is how different transports can support the topology that you are looking to build. If you buy a circuit from an ISP, what protocols can you run over it? Is running MPLS over the circuit supported? What’s the maximum MTU? Is it possible to run STP over the link? This may be important when connecting data centers together through a Data Center Interconnect (DCI).

To be able to connect two data centers together, you will need to either connect via fibre or over a wavelength or buy circuits from an ISP. Renting a fibre will likely be more expensive but also more flexible if you have the need to run protocols such as MPLS over the link. For a pure DCI, just running IP may be enough so there could be cost savings if buying a circuit from an ISP instead.

For a big enough player it may also be feasible to build it all yourself. This post will look at the difference between Coarse Wave Division Multiplexing (CWDM) and Dense Wave Division Continue reading

Capture data on open-source router interfaces in GNS3

In this post, I will show how to set up data capture in the GNS3 network simulator when using network devices that are emulated by VirtualBox or QEMU virtual machines.

The GNS3 network simulator makes it easy for users to capture and view data passing across the interfaces of devices running in a GNS3 network simulation. The GNS3 documentation covers how to capture data from devices running on Dynamips in GNS3 but the procedures for capturing data from devices running in other hypervisors, such as VirtualBox or QEMU/KVM, are not well documented.

cap-cover-shot-2b2

While GNS3 users may start and stop data capture on Dynamips VM interfaces any time they wish, they must plan ahead when they intend to capture data on open-source routers and hosts running on VirtualBox or QEMU virtual machines.

Continue reading

10 Gbps of Layer 2 throughput is possible using MikroTik’s EoIP tunnel.

 

[adrotate banner=”5″]

 

[metaslider id=282]

Getting to 10 Gbps using EoIP

The EoIP tunnel protocol is one of the more popular features we see deployed in MikroTik routers.  It is useful anywhere a Layer 2 extension over a Layer 3 network is needed and can be done with very little effort / complexity.  One of the questions that seems to come up on the forums frequently is how much traffic can an EoIP tunnel handle which is typically followed by questions about performance with IPSEC turned on. Answers given by MikroTik and others on forums.mikrotik.com typically fall into the 1 to 3 Gbps range with some hints that more is possible. We searched to see if anyone had done 10 Gbps over EoIP with or without IPSEC and came up empty handed. That prompted us to dive into the StubArea51 lab and set up a test network so we could get some hard data and definitive answers.

The EoIP protocol and recent enhancements

Ethernet over IP or EoIP is a protocol that started as an IETF  draft somewhere around 2002 and MikroTik developed a proprietary implementation of it that has been in RouterOS for quite a while. Continue reading

PlexxiPulse—Forrester Tech Mixer Recap & A New PlexxiTube Video

Earlier this week our team was in Cambridge at the Forrester Tech Mixer. We had engaging conversations with Forrester analystsand emerging technology companies in the area. We always enjoy attending these events to hear about industry trends and innovative new technologies. It was a great time had by all!

Plexxi 1

Plexxi 2

We’ve also uploaded a new PlexxiTube video on Plexxi’s automated network. Take a look!

Below are a few of our top picks for our favorite news articles of the week. Have a great weekend.

FierceEnterpriseCommunications: Plexxi CEO: The future of networking is photonic underlays
By Chris Talbot
As he approaches his first anniversary as CEO of next-generation networking vendor Plexxi, Rich Napolitano is talking about the future of networks, and they’re not going to be focused on software-defined networking technology. SDN will play a huge role, of course, but it’s an overlay technology. Plexxi is focused on redefining the underlay, and it’s using photonic technology to do it.

Network Computing: SDN’s Northbound Interface Evolves
By Dr. Jim Metzler
Software defined networking requires both northbound and southbound interfaces to facilitate communication between physical devices, the SDN software and applications running on the network. On the southbound side, standards such as OpenFlow define Continue reading

Misguided House bill could make cars less safe

Car owners could face more danger from hackers if a draft bill (pdf) by the House Energy and Commerce Committee (HECC) becomes law. The law would make independent oversight of the electronic safety of motor vehicles a crime subjecting well intentioned security researchers to a $100,000 fine per instance. Today’s cars have 200 – 400 microcontrollers and microprocessors in them making the access of each an individual offense subject to fines that could add up to millions.The security flaws of the Jeep Grand Cherokee were exposed this summer by security researchers Charlie Miller and Chris Valasek who were able to shut down the vehicle during operation by cracking the Wi-Fi password. The risks of huge fines would stop researchers from exposing critical motor vehicle vulnerabilities but it would not stop hackers with malicious intentions from invading vehicle control systems.To read this article in full or to leave a comment, please click here

Getting Started with Packet Pushers Community Podcasting

We wrote this introductory guide to help those considering Packet Pushers community podcasting understand what is required. This is not a detailed list of everything you will need to know. Rather, this guide shares enough information to get you started. You'll still have to do a bit of Googling, research, and decision making of your own. We hope this helps. Happy podcasting!

The post Getting Started with Packet Pushers Community Podcasting appeared first on Packet Pushers.

A Look at the New WordPress Brute Force Amplification Attack

Recently, a new brute force attack method for WordPress instances was identified by Sucuri. This latest technique allows attackers to try a large number of WordPress username and password login combinations in a single HTTP request.

The vulnerability can easily be abused by a simple script to try a significant number of username and password combinations with a relatively small number of HTTP requests. The following diagram shows a 4-fold increase in login attempts to HTTP requests, but this can trivially be expanded to a thousand logins.

WordPress XML-RPC Brute Force Amplification Attack

This form of brute force attack is harder to detect, since you won’t necessarily see a flood of requests. Fortunately, all CloudFlare paid customers have the option to enable a Web Application Firewall ruleset to stop this new attack method.

What is XML-RPC?

To understand the vulnerability, it’s important to understand the basics of the XML remote procedure protocol (XML-RPC).

XML-RPC uses XML encoding over HTTP to provide a remote procedure call protocol. It’s commonly used to execute various functions in a WordPress instance for APIs and other automated tasks. Requests that modify, manipulate, or view data using XML-RPC require user credentials with sufficient permissions.

Here is an example that requests a list Continue reading

1 3,282 3,283 3,284 3,285 3,286 3,842