Control Plane Protection in Cisco IOS

How does Internet work - We know what is networking

CoPP – Control Plane Protection or better Control Plain Policing is the only option to make some sort of flood protection or QoS for traffic going to control plane. In the router normal operation the most important traffic is control plain traffic. Control plane traffic is traffic originated on router itself by protocol services running on it and destined to other router device on the network. In order to run properly, routers need to speak with each other. They speak with each other by rules defined in protocols and protocols are run in shape of router services. Examples for this

Control Plane Protection in Cisco IOS

SDN Myths Revisited

techunplugged-logo

I had a great time at TECHunplugged a couple of weeks ago. I learned a lot about emerging topics in technology, including a great talk about the death of disk from Chris Mellor of the Register. All in all, it was a great event. Even with a presentation from the token (ring) networking guy:

I had a great time talking about SDN myths and truths and doing some investigation behind the scenes. What we see and hear about SDN is only a small part of what people think about it.

SDN Myths

Myths emerge because people can’t understand or won’t understand something. Myths perpetuate because they are larger than life. Lumberjacks and blue oxen clearing forests. Cowboys roping tornadoes. That kind of thing. With technology, those myths exist because people don’t want to believe reality.

SDN is going to take the jobs of people that can’t face the reality that technology changes rapidly. There is a segment of the tech worker populace that just moves from new job to new job doing the same old things. We leave technology behind all the time without a care in the world. But we worry when people can’t work on that technology.

I Continue reading

McAfee plans to be elected president in a landslide on the backs of 40 million tatooed voters

It has been a whirlwind few years for John McAfee, the man noted for developing the first commercial anti-virus program. It was only a few years ago when rumors were frantically flying around in following an incredibly sensational story of McAfee as a murder suspect. With all of that seemingly behind him, he now turns his attention to taking up residency in the White House.McAfee, 70, who founded the McAfee security brand, which was later sold to Intel in 2010, recently filed papers as a candidate for president as a member of the Cyber Party. McAfee’s political views are likely to be viewed by many as out of the mainstream, and he believes that if the government is not working for the people, then the citizens have the right to abolish it. He believes that the government has gotten too big and unwieldy. He often cites how it would take 600 years to read all of the laws Congress has passed through the years.To read this article in full or to leave a comment, please click here

Apple’s new two-factor authentication bumps up security and ease of use

Apple has a new, easier-to-use, and more robust system to protect your login if you’re running the latest major OS release and the latest iTunes on every device connected to the same iCloud account. But you may have to wait for it: the system started rolling out in testing this summer for early public beta testers and developers, and started its full rollout a few days ago with the release of El Capitan.The new two-factor authentication (2FA) system requires that whenever you log in to a new device or browser, you have to enter not just your password but a confirmation code from another piece of equipment you’ve established is under your control. A second factor prevents someone from stealing or guessing your password and gaining access to your account, which can be done remotely or through a security breach. In addition, they have to have a token that can only be generated by or sent to equipment under your control, which means they typically need physical access to a computer, mobile device, or SIM.To read this article in full or to leave a comment, please click here

Get ipSpace.net Subscription while Attending the Rome SDN/NFV Event

Reiss Romoli, the fantastic organizers of my SDN/NFV event in Rome, Italy in late October are offering you a free personal ipSpace.net subscription – a saving of $299 or approximately EUR 270.

All you have to do to qualify is (A) download and fill in the registration form, (B) send it to Reiss Romoli and (C) pay before attending the webinar.

Yeah, I know the PDF form says “fax it back” – everyone has to use the tools that work best in their environment.

Hope we'll meet in warm and sunny Rome in a few weeks!

Right back at you tech vendors: OUR independent study of YOUR independent research

While not as useless as PR pitches about technology companies cracking some other publication's Top 10 list, "independent" research reports commissioned by vendors are right up there.  Why last week we even got a pitch about two vendors that "revealed the findings of a joint independent study." Reminded me of this line from Hermey the dentist/elf in the Rudolph the Red-Nosed Reindeer TV classic: I've lost count of how many times of late I've shot down pitches on such self-serving research, but in an attempt to try quantifying the scope of this issue I asked colleagues to forward me any such solicitations that they received last week, including for canned infographics. Some of my co-workers, unfortunately, had already jettisoned the pitches and emptied their trash before receiving my request, but the combined two dozen that they did send or that I received from publicity-hungry companies will at least give you a feel for this (I'm not including reports sent to us by research firms, not that I'm under any illusions of their work always being pure.)To read this article in full or to leave a comment, please click here

Digital Guardian buys Code Green to gain data-loss prevention tech

Endpoint security vendor Digital Guardian has bought Code Green Networks, which makes data loss prevention appliances for businesses.The purchase gives Digital Guardian a DLP offering that, rolled in with the company’s existing products, will provide endpoint, network and cloud data protection overseen by a single console, the company says. This will enable applying policies that will be enforced regardless of where the data is located and regardless of who accessed it and with what device.+ MORE MERGERS: 2015 Tech M&A Tracker +To read this article in full or to leave a comment, please click here

Cisco disrupts $60M ransomware biz

Cisco this week says it disabled a distributor of the Angler ransomware exploit kit, a program that holds victim machines hostage via encryption.The catch disrupted a global ransomware operation that netted $60 million annually for the perpetrators, Cisco states in a blog post.+MORE ON NETWORK WORLD: Jane Austen lets the boogie man in: Cisco report+To read this article in full or to leave a comment, please click here

GRE over IPSec Tunnel Between Cisco and VyOS

The previous tutorial shown GRE tunnel configuration between Cisco router and Linux Core. The big advantage of GRE protocol is that it encapsulates L3 and higher protocols inside the GRE tunnel so routing updates and other multicast traffic can be successfully transferred over the tunnel. The main drawback of GRE protocol is the lack of built-in security. Data are transferred in plain-text over the tunnel and peers are not authenticated (no confidentiality). Tunneled traffic can be changed by attacker (no integrity checking of  IP packets). For this reason GRE tunnel is very often used in conjunction with IPSec. Typically, GRE tunnel is encapsulated inside the IPSec tunnel and this model is called GRE over IPSec.

The tutorial shows configuration of OSPF routing protocol, GRE and IPSec tunnel on Cisco 7206 VXR router and appliance running VyOS network OS. Devices are running inside GNS3 lab an they are emulated by Dynamips (Cisco) and Qemu (VyOS).

Picture1-Topology

Picture 1 - Topology

Note: VyOS installation is described here. You can easily build your own VyOS Qemu appliance using the Expect and Bash script shared in the article.

1. R3 Configuration

R3(config)# interface gigabitEthernet 1/0
R3(config-if)# ip address 1.1.1.1 255.255.255.0
R3(config-if)# no shutdown

R3(config-if)# interface gigabitEthernet 0/0
R3(config-if)# ip Continue reading

Juniper NXTWork 2015

  Coming this November, Juniper has finally jumped into the Customer Summit bandwagon.  This is something that has been asked for for many years now, a way for Juniper customers and advocates to get together and talk Juniper.  This event will allow you to connect with your peers in the industry, meet current and potential […]

The post Juniper NXTWork 2015 appeared first on Fryguy's Blog.

Manchester, UK: CloudFlare’s 63rd data center

Our new point of presence in Manchester, UK brings the CloudFlare network to 63 points of presence across 33 countries. In other words, the sun never sets across the CloudFlare network. Our data center in Manchester also admits the United Kingdom into a small club of countries with more than one CloudFlare data center, including the US, China, Japan, Australia, Germany, and France.

As of yesterday, traffic from the majority of Internet users in Northern England is now mere milliseconds away. More importantly, our Manchester and London data centers allow for redundancy and content localization within the UK for all of our customers.

In homage

The city of Manchester has made more than its fair share of technical contributions over the years. It is the city where Rolls met Royce (their first car drove off the line of their Manchester factory in 1904), and is also home to the first modern computer. The computer, nicknamed "Baby", was built at The University of Manchester using technology developed for WWII communications equipment, and ran the world's first stored program at 11am on Monday 21st June, 1948.

It is fitting, then, that in the last three years there has been a concerted effort Continue reading

Arista launches new security feature to cover growing East-to-West data center traffic

Five years ago, almost all of the traffic in a data center moved in a North-South direction. Traffic moved from one server through the different tiers of a network, passed through the core, and then up to another server. Enabling security and application optimization services with this model was fairly simple. Put a big, honking firewall or ADC in the core of the network and all traffic would pass through these devices.However, the past few years have seen an explosion in East-West traffic, primarily driven by servers and virtual machines (VMs) talking to each other and to database systems, storage systems, and other applications in the data center. Typically, East-West traffic never passes through the core of the network, where it can have the benefit of security inspection. Also, the volume of East-West traffic is rapidly becoming a much higher percentage relative to North-South. This makes it easier for a piece of malware that may have breached an unpatched server to spread laterally. To read this article in full or to leave a comment, please click here

1 3,295 3,296 3,297 3,298 3,299 3,841