IWAN’s “Intelligent Path Control” & Using Your Backup Link

The blog I was going to post today was a blog about how PfRv3 (IWAN’s “Intelligent Path Control”) utilizes the GRE tunnel of the DMVPN underlay in order to make intelligent decisions about where to send business critical traffic based on knowledge of the health of the path that business critical traffic would take.  …… But then I started realizing that while I have dug into a lot of DMVPN stuff recently on “Networking With Fish”…. I have not even really touched “Intelligent Path Control”. So……. let’s take a giant step backward.

“Intelligent Path Control” at the WAN – what can it do for you and why do you want it?   In this blog I’m not going to try to be the definitive all encompassing guide of what all “Intelligent Path Control” is…. just enough to get us a little on the same page before we start “playing in the lab together” with it in future blogs.

primary_backup

 

 

 

 

 

 

The picture above is of a typical 1 router branch location with 2 WAN connections. One WAN connection is the primary and the other one sits there, unused, as just a backup … doing nothing Continue reading

Busting Myths – IPv6 Link Local Next Hop into BGP

In some publications it is mentioned that a link local next-hop can’t be used when redistributing routes into BGP because routers receiving the route will not know what to do with the next-hop. That is one of the reason why HSRPv2 got support for global IPv6 addresses. One such scenario is described in this link.

The topology used for this post is the following.

Topo1

I have just setup enough of the topology to prove that it works with the next-hop, so I won’t be running any pings and so on. The routers R1 and R2 have a static route for the network behind R3 and R4.

ipv6 route 2001:DB8:100::/48 GigabitEthernet0/1 FE80::5:73FF:FEA0:1

When routing towards a link local address, the exit interface must be specified. R1 then runs BGP towards R5, notice that I’m not using next-hop-self.

router bgp 100
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2001:DB8:1::5 remote-as 100
!
address-family ipv6
redistribute static
neighbor 2001:DB8:1::5 activate
exit-address-family

If we look in the BGP RIB, we can see that the route is installed with a link local next-hop.

R1#sh bgp ipv6 uni
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed,  Continue reading

Don’t Optimize the Last 5%

Robin Harris described an interesting problem in his latest blog post: while you can reduce the storage access time from milliseconds to microseconds, the whole software stack riding on top still takes over 100 milliseconds to respond. Sometimes we’re optimizing the wrong part of the stack.

Any resemblance to SDN in enterprises or the magical cost-reduction properties of multi-vendor data center fabrics is obviously purely coincidental.

No, this isn’t good code

I saw this tweet go by. No, I don't think it's good code:




What this code is trying to solve is the "integer overflow" vulnerability. I don't think it solves the problem well.

The first problem is that the result is undefined. Some programmers will call safemulti_size_t() without checking the result. When they do, the code will behave differently depending on the previous value of *res. Instead, the code should return a defined value in this case, such as zero or SIZE_MAX. Knowing that this sort of thing will usually be used for memory allocations, which you want to have fail, then a good choice would be SIZE_MAX.

The worse problem is integer division. On today's Intel processors, integer multiplication takes a single clock cycle, but integer division takes between 40 and 100 clock cycles. Since you'll be usually dividing by small numbers, it's likely to be closer to 40 clock cycles rather than 100, but that's still really bad. If your solution to security problems is by imposing unacceptable tradeoffs, then you are doing security wrong. If you introduced this level of performance Continue reading

Yet Another new BGP NLRI: BGP-LS

Yes, that’s right, we have another new BGP NLRI: BGP-LS. In this post we will be looking at BGP with Link State (LS) extension which is an integral part of the Carrier SDN strategy. We will look at why we need BGP-LS, its internals and its applications. What I won’t cover is things like do we need SDN?, […]

The post Yet Another new BGP NLRI: BGP-LS appeared first on Packet Pushers.

Microsoft may offer some Windows 10 patch notes to enterprises

IT administrators may get more information than originally planned about Windows 10 patches, as Microsoft ponders how much to tell business customers about modifications to the new OS."We've heard that feedback from enterprise customers so we're actively working on how we provide them with information about what's changing and what new capabilities and new value they're getting," Jim Alkove, a vice president in the Windows group, said during a press briefing. It's a change in tone for the company, which previously said that it wouldn't provide detailed information about most Windows 10 patches. That original plan was bad news for IT managers and users who want to know what an update does before they install it. This is more of an issue now that Microsoft is supposed to release more frequent updates over the lifetime of Windows 10, as part of its "Windows as a service" plans, than it did for previous editions of Windows.To read this article in full or to leave a comment, please click here

On science literacy…

In this WIRED article, a scientifically illiterate writer explains "science literacy". It's as horrid as you'd expect. He preaches the Aristotelian version of science that Galileo proved wrong centuries ago. His thesis is that science isn't about knowing scientific facts, but being able to think scientifically. He then claims that thinking scientifically is all about building models of how the world works.

This is profoundly wrong. Science is about observation and experimental testing of theories.

For example, consider the following question. If you had two balls of the same size, one made of lead and the other made of wood, and you dropped them at the same time, which would hit the ground first (ignoring air resistance)? For thousands of years Aristotelian scientists claimed that heavier objects fell faster, purely by reasoning about the problem. It wasn't until the time of Galileo that scientists conducted the experiment and observed that these balls hit the ground at the same time. In other words, all objects fall at the same speed, regardless or size or weight (ignoring air resistance). Feathers fall as fast as lead on the moon. If you don't believe me, drop different objects from a building and observe for yourself.

The point here is Continue reading

US agency to seek consensus on divisive, volatile topic of security vulnerability disclosures

A U.S. agency hopes to gather security researchers, software vendors and other interested people to reach consensus on the sticky topic of how to disclose cybersecurity vulnerabilities.Beginning in September, the U.S. National Telecommunications and Information Administration (NTIA) will host a series of meetings intended to improve collaboration among security researchers, software vendors and IT system operators on the disclosure of, and response to, vulnerabilities.The first NTIA-hosted meeting will be Sept. 29 at the University of California, Berkeley, School of Law. Registration is open to all who want to participate, and the meeting will also be webcast, NTIA said.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Anatomy of an IoT hack

With Internet of Things penetration set for a trillion devices by 2025, according to recent McKinsey numbers, our thoughts are, or should be, turning to security.One question that could be posed is: Just how could a future IoT attack play out? What route could it take?A security company reckons it has an answer.'Terror in the kitchen' One World Labs, a security outfit that specializes in penetration testing, forensics, and security code review, presented a session at San Francisco's RSA Conference in April, where it attempted to address the question.To read this article in full or to leave a comment, please click here

Grsecurity will stop issuing patches citing trademark abuse

A major corporation is misusing grsecurity’s trademarks and tarnishing its brand – and as a consequence, the leader of the project said Wednesday, grsecurity will stop making its stable patches available to the general public.In an official announcement, grsecurity project leader Brad Spengler said that it was unfair to the project’s sponsors to allow the companies in the embedded Linux industry – which he declined to name, citing legal advice – to dilute grsecurity’s trademarks.+ALSO ON NETWORK WORLD: Massachusetts boarding school sued over Wi-Fi sickness + Access points with 802.11ac are taking over enterprise WLANsTo read this article in full or to leave a comment, please click here

iPexpert’s Newest “CCIE Wall of Fame” Additions 8/28/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Mohan Mayilraj, CCIE #49942 (Data Center)
  • Zahari Georgiev, CCIE #49996 (Wireless)
  • Mohamed Enassiri, CCIE #46237 (Collaboration)

This Week’s Testimonial

Mohan Mayilraj CCIE #49942 (Data Center)
Thank you very much for help reach my goal. Your video and training and Boot camp helped lot and your proctor lab is gem and very much useful and I used your lab most of time and workbook.This is my first attempt on CCIE. I got through it .

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Apple rewards CEO Tim Cook with $58M for bang-up job on Wall Street

Apple CEO Tim Cook earlier this week was awarded 560,000 shares, worth approximately $57.7 million, receiving the full amount of a grant due him because of Apple's performance on Wall Street over the last two years. As it did in 2014, Apple withheld just over half of the total shares -- 290,836, worth about $30 million on Monday -- for tax purposes. The half-million shares were this year's allotment under a revised schedule designed at Cook's request in 2013. Then, Apple's board modified the executive's vesting plan, which had set two large stock handouts for a massive 1 million-share grant -- after last year's stock split, equal to 7 million -- when Cook assumed the lead role at the Cupertino, Calif. company just weeks before co-founder Steve Jobs' death.To read this article in full or to leave a comment, please click here

PlexxiPulse—What are your VMworld Predictions?

If you caught our webinar on Thursday, you know that we believe the success of future networks will be a combination of hardware and software to form a dynamic, application aware, converged network fabric. We covered the evolution of the network as well as a few of our predictions for the future. If you missed it, don’t worry—there will be more to come. In the meantime, I will be at VMworld in San Francisco next week from August 30—September 3. I’m always open to chat about networking at large and how we’re disrupting the networking norm here at Plexxi. Let me know if you’ll be there! Do you have any predictions for VMworld this year?

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

No Jitter: Network Change: Evolutions and Revolutions
By Tom Noelle
Networking, and its transformation, is more than just technology. Broadband Internet came along during an unfortunate shift in the politics of networking. In the ’80s and ’90s we were moving from a global vision of communications as a regulated monopoly or even a government agency to one of a free market. The Internet exploded on the scene Continue reading

Attention whitehats, The FTC wants you to lead new privacy, security push

FTC The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates.The FTC’s PrivacyCon will include brief privacy and security research presentations, along with expert panel discussions on the latest privacy and security challenges facing consumers. Whitehat researchers and academics will discuss the latest security vulnerabilities, explain how they can be exploited to harm consumers, and highlight research affecting consumer privacy and data security. During panel discussions, participants will discuss the research presentations and the latest policy initiatives to address consumer privacy and security, develop suggestions for further collaboration between researchers and policymakers, and highlight steps that companies and consumers can and should take to protect themselves and their data, the FTC stated.To read this article in full or to leave a comment, please click here

1 3,318 3,319 3,320 3,321 3,322 3,819