Monitoring Our Network Infrastructure With Sensu

Cumulus Networks provides a service known as the Cumulus Workbench. This service is an infrastructure made of physical switches, virtual machines running in Google Compute Engine (GCE), virtual machines running on our own hardware and bare metal servers. It allows prospective customers and partners to prototype network topologies, test out different configuration management tools, and get a general feeling for open networking. The workbench is also utilized for our boot camp classes.

Right now, we are completely rewriting the workbench backend! Many of the changes that we’re making are to the technical plumbing, so they’re behind the scenes. Monitoring the various workbench components is critical, as any downtime can easily affect a prospective sale or even an in-progress training session. Since our infrastructure is a mix of virtual machines, physical servers and switches, I needed one place to help me monitor the health of the entire system.

We use Puppet for automating our internal infrastructure. I chose Puppet since it holds most of my operational experience, but I firmly believe that the best automation tool is the one that you choose to use! If you want more details on how we use Puppet for automation, I will be speaking in Continue reading

Savings that telecom expense management providers miss

If you use a Telecom Expense Management (TEM) provider to audit your telecommunications invoices, you may be in for a surprise. TEM providers claim to catch all supplier billing errors and overcharges. They don’t. In fact, often what they miss is bigger than what they find.

We’ve spent much of the past decade coming in behind the TEMs, finding the overcharges they’ve missed, and turning them into client refunds. We have found something in every post-TEM audit we’ve completed. After creating our master issues list, we were struck by the diverse nature of the errors the three of us have uncovered at one time or another. Here are some of our favorites:

To read this article in full or to leave a comment, please click here

BitTorrent patches flaw that could amplify distributed denial-of-service attacks

BitTorrent fixed a vulnerability that would have allowed attackers to hijack BitTorrent applications used by hundreds of millions of users in order to amplify distributed denial-of-service (DDoS) attacks.The vulnerability was located in libuTP, a reference implementation of the Micro Transport Protocol (uTP) that's used by many popular BitTorrent clients including uTorrent, Vuze, Transmission and the BitTorrent mainline client.The flaw was disclosed earlier this month in a paper presented at the 9th USENIX Workshop on Offensive Technologies by four researchers from City University London, Mittelhessen University of Applied Sciences in Friedberg, Germany and cloud networking firm PLUMgrid.To read this article in full or to leave a comment, please click here

Mombasa, Kenya: CloudFlare’s 43rd data center

Only two weeks after the announcement of our four new points of presence (PoPs) in the Middle East, it is with much hullabaloo that we announce our 43rd PoP, and second in Africa following Johannesburg, in Mombasa, Kenya (a.k.a. “The Castle”). In a challenge that vexed many of our readers, Mombasa is our first PoP to be located in a real life castle-turned-data center (see above). From this castle CloudFlare is already serving networks in every country across East Africa, with reach to many of the region's 30 million+ Internet users.

Building a better Internet in Eastern Africa

While today it feels as if Internet access is ubiquitous, this is most certainly not the case everywhere. The continent of Africa was connected relatively late to the Internet and, in the first years, access was limited to a small segment of the population due to lackluster investment and growth in underlying Infrastructure, and high access costs. Most Africans were also without access to broadband Internet, and were largely limited to viewing content created and hosted half a world away—for the same reason there was little access, there was also no local hosting industry to speak of. By Continue reading

Nagle’s algorithm

How does Internet work - We know what is networking

This article it’s not about mathematics, don’t be afraid. I’m running a networking blog and it’s not my intention to speak or write about anything related to mathematics. Biggest math problem that I’ve done in last few years is some simple subneting, EIGRP metric calculation and that is where I stopped with math for now. On the other hand I love the theory behind algorithms, specially if the algorithm is used in networking and if it is so simple and powerful as Nagle’s algorithm. You can guess, John Nagle is the name of the fellow who created the algorithm. He

Nagle’s algorithm

Some routers vulnerable to remote hacking due to hard-coded admin credentials

Several DSL routers from different manufacturers contain a guessable hard-coded password that allows accessing the devices with a hidden administrator account.According to an alert issued Tuesday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University, the affected device models are: ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN and ZTE ZXV10 W300.All of the devices have an admin password in the form "XXXXairocon" where XXXX are the last four characters of the device's physical MAC address, CERT/CC said.To read this article in full or to leave a comment, please click here

What is SD WAN?

Software Defined Wide Area Networking (SD WAN) –sometimes known as SD-WAN and occasionally as Hybrid WAN– is evidently still the flavor of the month in Silicon Valley. Much as it seemed that anything with the word “Cloud” in it a few years back would have money thrown at it indiscriminately by investors, the current favored (funded) feature surely has to be SD WAN. As there doesn’t seem to be one unifying definition of what constitutes “SD WAN” any more than there’s a precise definition of Software Defined Networking, I’m going to define it in the way that I believe best encompasses the intent behind the current flock of solutions.

SDN is a Solution Looking for a Problem

I’ve said before that SDN is a clever idea and eventually will change the way we do networking. However, many are hesitant to adopt SDN because it’s not always immediately obvious what the benefits are to the typical non-hyperscale datacenter other than having to do a lot of retraining. In other words SDN can potentially solve many problems, but it will most likely be necessary to find a ‘killer app’ that will encourage wider adoption, even in it’s only applicable to a limited Continue reading

Sunrise on Oak Island

DSC01589
One of the neat things about Oak Island is it’s a south facing beach. You don’t get the sun over the beach in the morning, but along the beach, and both sunrise and sunset are over the water at some time in the year. Some days, the sunrise and the sunset are both over the ocean.

LinkedInTwitterGoogle+FacebookPinterest

The post Sunrise on Oak Island appeared first on 'net work.

Flowgrammable as a Tool for Learning OpenFlow Concepts and Programming

At first glance, the Flowgrammable web site looks like a toolbox of tools you collected over time. All those tools have something to do with helping us all towards an SDN world. Two of those tools in particular can help you learn about SDN, particularly about how OpenFlow works, and that’s exactly the kind of topic I look to post about here – so today’s post takes a closer look at what’s available at the Flowgrammable site.

Quick Overview of Flowgrammable

The first sentence of the Flowgrammable web site’s About page both confirms why the content may appear to be a mash of topics, but why it all the topics have a common theme:

Flowgrammable.org is a coalition of researchers and industry engineers dedicated to improving adoption of software-defined networks and networking.

Basically, they’re trying to help us all get there, to an SDN world, in the ways that they can help.

I talked to 5-6 of the Flowgrammable team at ONS in June and learned about their site. As for the people, many are grad students that have worked together to develop the tools shown on the site.

For this post, I’ll mention two of their tools, and Continue reading

Make Your Life Easier by Creating Utilities and Delegating Playbooks

simplicity_blog

Last week we hosted our second session of the Tips & Tricks webinar series and focused on creating utilities and delegating playbooks. We want to make your life easier by helping you to automate tasks and then delegate the execution. Ansible is not a programming language, but you can use it as one. Here’s what you need to know…

#1 Create executables that someone else can use

Leverage the shebang (#!) and use ansible as you would any scripting language to create utilities that can reuse your existing playbooks, roles and task lists.

#2 Use permissions to segment access

Unix permissions (and ACLs) can be used to restrict access to inventory and to the users/keys needed to access the defined hosts. You can also restrict which utilities can be executed (sudo).

#3 Use Ansible to make ad-hoc systems

Ansible is a Unix tool, as such it can be combined with others (cron, incron, netcat, ucspi, etc) to create automated workflows.

Watch the entire webinar now.

If you missed Brian's first Tips & Tricks session on Live Systems, you can watch it here

Next up is Tips & Tricks: QA on September 17, at 3PM Eastern. Register now and Continue reading

More than 80% of healthcare IT leaders say their systems have been compromised

Eighty-one percent of healthcare executives say their organizations have been compromised by at least one malware, botnet or other kind of cyberattack during the past two years, according to a survey by KPMG.The KPMG report also states that only half of those executives feel that they are adequately prepared to prevent future attacks. The attacks place sensitive patient data at risk of exposure, KPMG said.The 2015 KPMG Healthcare Cybersecurity Survey polled 223 CIOs, CTOs, chief security officers and chief compliance officers at healthcare providers and health plans.To read this article in full or to leave a comment, please click here

Musing on Nerd Knobs

Henk left a wonderful comment on my SDN will not solve real-life enterprise problems blog post. He started with a bit of sarcasm:

SDN will give more control and flexibility over the network to the customer/user/network-admin. They will be able to program their equipment themselves, they will be able to tweak routing algorithms in the central controller. They get APIs to hook into the heart of the intelligence. They get more config-knobs. It's gonna be awesome.

However, he thinks (and I agree) that this vision doesn’t make sense:

Read more ...

Creating Templates for TextFSM and ntc_show_command

Less than two weeks ago I wrote a post about an Ansible module called ntc_show_command. For those that didn’t read that post, you should, but ntc_show_command is a multi-vendor module that can automate converting raw text from show commands into structured data, namely JSON.

We’ve already had several pull requests enhancing the architecture, so the community support is off to a great start! But in order to really make an impact, we (me, you, and fellow network engineers) need to continue to contribute templates to the project repository. Templates are key to converting the raw text into JSON.

This post will walk through how to create a template for two different commands. We’ll take a look at show version for Cisco NX-OS and display version for HP Comware 7.

The first thing that we’ll need to do is get the raw text output that we want to JSONify. We’ll start with show version.

Below is the sample output that we’ll work with and this file will be saved as tests/cisco_nxos/cisco_nxos_show_version.raw within our project directory.

Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2014, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain  Continue reading
1 3,300 3,301 3,302 3,303 3,304 3,798