Docker for NetOps

I have been spending this week in Silicon Valley at Network Field Day 10. One of the announcements struck a chord with me, as this year has marked some significant career changes for me: specifically an uptake in involvement with containers and software development.

My good friend Brent Salisbury once wrote about the idea of using Golang for Network Operations tooling. While I’ve continued (and will continue) to build my Python skillset, I’ve also been getting more and more experience with Golang and with some of the great software projects created by it, such as Docker, and Kubernetes.

Fundamentally, the concept of application of containers is not that new, and admittedly, network engineers have not been required to think of them. I mean network operations is only now getting accustomed to delivering network services in form factors like virtual machines. It’s important to remember that solutions like Docker have provided application developers with an consistent format for packaging what they produce. In network operations, we can take advantage of this same tooling - instead of asking our network vendors to make sure Python is installed on our switches, we need them only to support Docker.

“Docker is in the Network! Continue reading

A lesson in BitTorrent

Hackers have now posted a second dump of Ashley-Madison, this time 20-gigabytes worth of data. Many, mostly journalists, are eagerly downloading this next dump. However, at the time of this writing, nobody has finished downloading it yet. None of the journalists have a complete copy, so you aren't seeing any new stories about the contents. It promises the full email spool of the CEO in the file name, but no journalist has yet looked into that mail spool and reported a story. Currently, the most any journalist has is 85% of the dump, slowly downloading the rest at 37-kilobytes/second.

Why is that? Is AshMad doing some sort of counter-attack to stop the downloaded (like Sony did)? Or is it overloaded because too many people are trying to download?

No, it's because it hasn't finished seeding.

BitTorrent is p2p (peer-to-peer). You download chunks from the peers, aka. the swarm, not the original source (the tracker). Instead of slowing down as more people join the swarm to download the file(s), BitTorrent downloads become faster -- the more people you can download from, the faster it goes.

But 9 women can't make a baby in 1 month. The same goes for BitTorrent. Continue reading

Mesophere assembles a software stack to analyze streaming data

Today, organizations need to analyze data from multiple sources and, to stay competitive, they need to do it when the data is fresh off the wire. But installing the software to take on this task can be onerous.Open source software vendor Mesosphere plans to release a stack of integrated open source software that would make it easy for enterprises to capture data in real time and analyze it on the fly.The stack, called Mesosphere Infinity,  is based on Apache Mesos open source software for managing clusters of servers. Mesosphere offers a commercial edition of this open source software called the Mesosphere Data Center Operating System, which is used in this package.To read this article in full or to leave a comment, please click here

AshMad is prostitution not adultery

The Ashley-Madison website advertises adultery, but that's a lie. I've talked to a lot of users of the site, and none of them used it to cheat on their spouse. Instead, they used it as just a "dating" site -- and even that is a misnomer, since "dating" often just means a legal way to meet prostitutes. According to several users, prostitutes are really the only females they'd consistently meet on Ashley-Madison.

In other words, Ashley-Madison is a prostitution website, not an adultery website. "Cheating" is just the hook, to communicate to the users that they should expect sex, but not a future spouse. And the website is upfront about charging for it.

I point this out because a lot of people have gone over-the-top on the adultery angle, such as this The Intercept piece. That's rather silly since Ashley-Madison wasn't really about adultery in the first place.







Cisco CCDE Practical Self Study Materials

CCDE Practical Self Study Materials are available now ! This material is newly created by Orhan Ergun and will help with preparation on your certification journey. The material is applicable for the CCDE Practical but would also be of use for candidates pursuing their CCDE Written and / or CCIE exams. Advanced Technologies Workbook Design… Read More »

The post Cisco CCDE Practical Self Study Materials appeared first on Network Design and Architecture.

Hiring an information security vendor? Use these best practices.

The exponential rise in security incidents has caused many businesses to look hard at getting their own houses in order before they become the next headline. As part of those efforts, businesses are turning to security consultants to perform audits, penetration testing and other assessments of their systems. These are admirable activities, worthy of consideration by any prudent organization. But these engagements should be entered into with all the care that a business would use in any other transaction in which a third party is granted access to the company’s most sensitive systems and data. Unfortunately, this is seldom the case. All too often, in their rush to move forward with these assessments, businesses fail to adequately address the most fundamental of contract terms. Cost overruns are common. In some instances, security consultants create more risk than they resolve.To read this article in full or to leave a comment, please click here(Insider Story)

BGP in an Arista Data Center



The following is a practical analysis of the use of BGP in the DC on Arista platforms based largely on Petr Lapukhov's work with BGP in hyperscale DCs

Why Layer 3 (L3)?


There are several reasons to run a L3 routing protocol over legacy layer 2 (L2) designs in the data center. Leveraging standards-based routing protocols to avoid vendor lock-in, provide for faster convergence, minimize L2 fault domains, and provide for better traffic engineering.

Extension of L2


Naturally something that comes into question in a L3 switch fabric is, “What if I need L2 adjacency between hosts?” For Arista, the extension of L2 services across a L3 switch fabric is provided by Virtual eXtensible LAN (VXLAN). While closely related, in-depth discussion of the “network overlay” provided by VXLAN is outside the scope.

Why BGP?


Some might question the use of BGP within the data center due to it being designed for, and in the past primarily leveraged as, an EGP. However, BGP provides several benefits in a data center switch fabric, such as:
  • Less complexity in protocol design
  • Relies on TCP rather than adjacency formation/maintenance and/or flow control
  • Less “chatty”
  • Supports third-party (recursively-resolved) next-hops
  • With proper ASN usage, built-in Continue reading

Building an OpenStack Practice

In Q4 2013 at Dasher, we began our journey to create an OpenStack ecosystem that helps our clients as they transform their business and IT infrastructure. For years, Dasher has been helping clients move from physical to virtual environments. As business and IT needs evolved, more customers started evaluating moving from virtual to cloud environments and building their own private cloud. Dasher saw OpenStack becoming the de facto standard for private cloud, but proprietary black box network switches remained a misfit, giving rise to open networking — the disaggregation of network hardware from software.

A couple of our clients along with one of our senior solution architects, Ryan Day, suggested we explore Cumulus Networks® and learn about their Cumulus® Linux® offering. The results are highlighted below and we will attempt to answer: Why do we think the Cumulus Linux OS is a logical step in the evolution of network operating systems?

Cumulus Linux enables software-defined everything (SDE). SDE may be the cool new fad of 2015, but adopting SDE because it is what all the cool kids are doing is certainly not a reason to move to a new technology. Let’s explore Dasher’s reasons for recommending Cumulus Continue reading

Deploy to Metal? No sweat with RackN new Ansible Dynamic Inventory API

Untitled_designAt Ansible, we’ve been talking quite a bit with our friends at RackN about the work they’ve been doing to make things easier to stand up complex system configurations from bare metal. We’re happy to share some of what they’ve accomplished.

Deploy to Metal? No sweat with RackN new Ansible Dynamic Inventory API: by Greg DeK + Dan Choquette

The RackN team takes our already super easy Ansible integration to a new level with added SSH Key control and dynamic inventory with the recent OpenCrowbar v2.3 (Drill) release. These two items make full metal control more accessible than ever for Ansible users.

The platform offers full key management.  You can add keys at the system, deployment (group of machines) and machine levels. These keys are operator settable and can be added and removed after provisioning has been completed.  If you want to control access to groups on a servers or group of server basis, OpenCrowbar provides that control via our API, CLI and UI.

We also provide a API path for Ansible dynamic inventory.  Using the simple Python client script (reference example), you can instantly a complete upgraded node inventory of your system.  The inventory data includes items Continue reading

Performing Ping Sweeps with IOS TclSh

It’s been a while since I’ve gotten a blog post up, but with my CCIE recertification out of the way I’m hoping to ramp some volume back up. We’re talking about some sexy stuff today… Ping sweeps! First off, let’s cover why you’d need to sweep up your pings. Some people use the ping sweep as a means to “find” hosts on the network. The problem with this is, devices with host-based firewalls active may not respond to an ICMP ping. If you’re pinging from off the local subnet, there are other reasons you might not get a response back as well, like a host having a mis-programmed default gateway or subnet mask, or an interface ACL on the routing device. That said, ping sweeps are still incredibly useful for helping to find vacant IP addresses on a LAN. Or, at least, IP addresses that are not currently active. Always consult your properly maintained IP documentation to find IPs you can safely use for new deployments (yes, I’m laughing at that one too…).

Anyway, how do ping sweeps help identify active IPs if we can’t trust the ping responses? Well, just because a device may not respond to the ICMP Continue reading

Big Data for Social Engineering

First, it integrates with corporate directories such as Active Directory and social media sites like LinkedIn to map the connections between employees, as well as important outside contacts. Bell calls this the “real org chart.” Hackers can use such information to choose people they ought to impersonate while trying to scam employees. From there, AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. via wired

This is a white hat tool, of course, a form of social engineering penetration testing. Two points of interest, though.

First, you can be pretty certain hackers are already using this sort of tool today to find the right person to contact, how to contact them, and to discover the things they know people will respond to. The rule of thumb you should keep in mind is — at least 80% of the time, hackers are already using the tools researchers come up with to do penetration testing. Remember all those fake people inhabiting the world of twitter, facebok, and the like? Some of them might not be just another click farm — some of them might be clickbait for hackers to find out who you Continue reading

Vulnerability in enterprise-managed iOS devices puts business data at risk

A vulnerability in the iOS sandbox for third party applications, like those installed by companies on their employees' devices, can expose sensitive configuration settings and credentials. The flaw was discovered by researchers from mobile security firm Appthority and impacts apps deployed on iOS devices through mobile device management (MDM) or enterprise mobility management (EEM) products. These products allow administrators to automatically push applications, configuration settings and data access rules to enterprise mobile devices. Before a new iOS device is brought inside the network of a company that uses a mobile management system, an MDM account is created for it and a client application is installed. The MDM client is used to install corporate apps and to enforce access policies for corporate data and email.To read this article in full or to leave a comment, please click here

1 3,347 3,348 3,349 3,350 3,351 3,839