30 – VxLAN/EVPN and Integrated Routing Bridging

VxLAN/EVPN and Integrated Routing Bridging

Summary

As I mentioned in the post  28 – Is VxLAN Control Plane a DCI solution for LAN extension, VxLAN/EVPN is taking a big step forward with its Control Plane and could be used potentially for extending Layer 2 segments across multiple sites. However it is still crucial that we keep in mind some weaknesses and lacks related to DCI purposes.

DCI is not just a layer 2 extension between two or multiple sites. DCI/LAN extension is aiming to offer business continuity and elasticity for the cloud (hybrid cloud). It offers disaster recovery and disaster avoidances services for Enterprise business applications, consequently it must be very robust and efficient. As it concerns on Layer 2 broadcast domain, it is really important to understand the requirement for a solid DCI/LAN extension and how we can leverage the right tools and network services to address some of the shortcomings that rely on the current implementation of VxLAN/EVPN offering a solid DCI solution.

In this article we will examine the integrated anycast L3 gateway available with VxLAN/EVPN MP-BGP control plane, which is one of the key DCI requirements.

Integrated Routing and Bridging

One of the needs for an efficient DCI deployment is the Continue reading

Most Android phones can be hacked with a simple MMS message or multimedia file

The vast majority of Android phones can be hacked by sending them a specially crafted multimedia message (MMS), a security researcher has found.The scary exploit, which only requires knowing the victim’s phone number, was developed by Joshua Drake, vice president of platform research and exploitation at mobile security firm Zimperium.Drake found multiple vulnerabilities in a core Android component called Stagefright that’s used to process, play and record multimedia files. Some of the flaws allow for remote code execution and can be triggered when receiving an MMS message, downloading a specially crafted video file through the browser or opening a Web page with embedded multimedia content.To read this article in full or to leave a comment, please click here

Predicting winners and losers in the EMV rollout

We're just a couple months shy of the big EMV liability shift. That’s when companies that don't accept chip-enabled debit and credit cards take on financial responsibility for hacks and fraud.But who's ready? Who's not? And who will come out ahead when that October 1 deadline rolls around?"We operate a very large, diversified, complex payments ecosystem in the U.S.," says Randy Vanderhoof, director of the EMV Migration Forum. "We have thousands of issuers of payment cards. We have millions of merchant retailers and tens of millions of point of sale devices that all need to be upgraded and changed to support EMV."To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, July 27

Facebook prevails in shareholder lawsuit over IPOYou have to own stock to participate in a shareholder class action lawsuit, an appeals court has ruled, confirming an earlier Manhattan district court ruling. The case brought by Facebook shareholders accused the company of withholding key financial information from the public until after its IPO. Circuit Judge Dennis Jacobs said that because the shareholders weren’t owners of Facebook stock at the time the sales information wasn’t disclosed, they had no legal standing to sue.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, July 27

Facebook prevails in shareholder lawsuit over IPOYou have to own stock to participate in a shareholder class action lawsuit, an appeals court has ruled, confirming an earlier Manhattan district court ruling. The case brought by Facebook shareholders accused the company of withholding key financial information from the public until after its IPO. Circuit Judge Dennis Jacobs said that because the shareholders weren’t owners of Facebook stock at the time the sales information wasn’t disclosed, they had no legal standing to sue.To read this article in full or to leave a comment, please click here

New products of the week 07.27.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CudaLaunchKey features – CudaLaunch is designed for both mobile workers and IT administrators, with simple end-user features for productivity and easy-to-use management features for administrators. More info.  To read this article in full or to leave a comment, please click here

How much do CIOs really make? Pay packages of 25 Fortune 500 execs revealed

Inside CIO paychecksCIO salaries in the U.S. average between $157,000 and $262,500, according to Robert Half Technology. But salary is just the beginning. Cash bonuses and equity awards can propel pay packages into the millions. To find out how much CIOs at giant global companies really earn, we scoured the proxy statements of the 500 largest U.S. companies (according to Fortune's ranking) and found 25 that disclosed CIO pay. Here are the details on their pay packages, organized from lowest to highest paid. If available, compensation for these individuals in prior years is included.To read this article in full or to leave a comment, please click here

Security – Just Another Risk

I made a conscious decision to move away from full-time information security work. I retain an interest, and try to keep up with developments, but I don’t want to be “the security guy.” There are several reasons for it, but a large part is due to the hype, the bullshit, and general inability for the security industry to act like grown-ups.

The most frustrating part was the inability to properly classify risk. Robert Graham put this eloquently here:

Infosec isn’t a real profession. Among the things missing is proper “risk analysis”. Instead of quantifying risk, we treat it as an absolute. Risk is binary, either there is risk or there isn’t. We respond to risk emotionally rather than rationally, claiming all risk needs to be removed. This is why nobody listens to us. Business leaders quantify and prioritize risk, but we don’t, so our useless advice is ignored.

Security folk often forget that they are just another risk. Yes, it’s a risk shipping the product with that bug. But not shipping at all might be a larger risk to the business. Even complete data breach may or may not be catastrophic to the business – RSA is still Continue reading

US Census Bureau says breach didn’t expose household data

The U.S. Census Bureau said a data breach early last week did not expose survey data it collects on households and businesses.The leak came from a database belonging to the Federal Audit Clearinghouse, which collects audit reports from government agencies and other organizations spending federal grants, wrote John H. Thompson, the Census Bureau’s director, on Friday.The exposed information included the names of people who submitted information, addresses, phone numbers, user names and other data, he wrote.A group calling itself Anonymous Operations posted a link on Twitter leading to four files. The cyberattack was allegedly in protest of the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership, two pending trade agreements that have been widely criticized.To read this article in full or to leave a comment, please click here

Security holes in the 3 most popular smart home hubs and Honeywell Tuxedo Touch

At the 2015 Intelligent Defense European Technical Research Conference in June, Tripwire security researcher Craig Young presented Smart Home Invasion and revealed zero-day flaws in the “brains” of Internet of Things platform hubs such as SmartThings hubs, Wink hubs and MiOS Vera. The Wink and Vera products “contained critical remotely exploitable flaws.” Young warned that “if not addressed, smart home flaws can give rise to a new type of ‘smart criminal' able to case victims without being seen. Once a target is chosen, it is possible to unlock doors and disable security monitoring.”To read this article in full or to leave a comment, please click here

Citizens of Tech 011 – Prosthetic Phone Diving

In today’s show, we acknowledge our software overlords, let the cars do the driving, investigate Lego prosthetics, deep dive on diving, and more.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Citizens of Tech 011 – Prosthetic Phone Diving appeared first on Packet Pushers Podcast and was written by Ethan Banks.

EARLY ACCESS Q&A: New Cisco CEO Chuck Robbins heads into “hyper-connected” mode

When Cisco Systems employees head into work Monday they’ll encounter something they haven’t seen in two decades: A new boss. Chuck Robbins – formerly senior vice president of worldwide operations – takes over as CEO from John Chambers, one of the most visible and quotable figures in business.In this early-access interview with John Gallant, chief content officer of IDG US Media, Robbins sets out his priorities for Cisco and his new management team, and talks about the opportunities and challenges facing the network giant. Robbins dissects the competitive landscape and explains why so-called ‘white box’ data center gear and software-defined networks are not the threats to Cisco that some pundits contend. He also describes his vision for the “hyper-connected architecture” that will speed customer digitization efforts and help IT capture the value in the Internet of Things. Finally, Robbins talks about life at Cisco under a leader not named John.To read this article in full or to leave a comment, please click here

MikroTik CCR1072-1G-8S+ Review (Part 2) – BGP Performance

 

[adrotate banner=”4″]

 

Here is Part 1 of the CCR1072-1G-8S+ review in case you missed it!

CCR1072-1G-8S+ Ultimate BGP Performance test

After many days of testing, Part 2 is finally here! Welcome to the stubarea51.net BGP gauntlet. We subjected the CCR1072 to different types of network torture stress testing. Continuing on from our initial review, we chose BGP as the first way to test the limits and capacity of the CCR1072-1G-8S+.

Here is an overview of our lab environment to test the new CCR

  • CCR1072-1G-8S+
  • CCR1009-8G-1S-1S+
  • CRS-125-24G-1S+
  • x86 VMs on ESXi 6.0 for upstream BGP peering
  • (2) ESXi 6.0 Hosts with 20 Gb (4×10) connectivity
  • Multimode 10 gig SFP+ using 50/125 OM3 fiber

All RouterOS devices were loaded with the latest stable code (6.30.1 at the time of testing)

Network Design of the StubArea51 LAB setup for BGP testing

For this series of testing, we took our two ESXi 6.0 hosts and built a number of VMs using RouterOS and Ubuntu to supply the 1.21 Gigawatts 3.6 Million routes we would need to beat up on the CCR1072 for a few days. If you’re not familiar with the RIPE Routing Information Service Continue reading

/bin/sh – checking for bash vs dash incompatibilities

I have been investigating a problem where an application would install on RHEL/CentOS, but not on Ubuntu. I tracked it down to a problem with shell scripts that assumed that /bin/sh was bash. Ubuntu uses dash by default, so some ‘bashisms‘ don’t work. This will be old news to Ubuntu types that migrated to dash a while back, but I normally use CentOS/RHEL systems, and/or well-behaved cross-platform scripts. Luckily ‘checkbashisms‘ can help with figuring out what changes are needed.

I don’t want to go into the history of Unix shells, but there are probably more shell variants than there are *nix variants. Some are very different, and completely incompatible. But others are only different in subtle ways, and most things works without modification. If your script explicitly calls the required shell with “#!/bin/zsh” or “#!/bin/csh”, all will be fine. The problem comes when your script starts with “#!/bin/sh”. That will call the system shell, which can vary across different systems. If you’re using that, your script should be portable, and only implement a subset of possible functionality. People get in the habit of using “/bin/sh”,  but using shell-specific features. That’s when things get ugly when you run Continue reading

1 3,325 3,326 3,327 3,328 3,329 3,783