ONUG Spring 2015

I’ll continue to update this throughout the next two days. Feel free to issue a pull request if you’re also here at the conference and want to add to this post.

General

Location: Open Networking User Group (ONUG) at Columbia University

ONUG currently has 6 working groups:

• NSV
• SD-WAN
• Virtual Network Overlays
• Common Management tools across network, compute, and storage
• Network State Collection, correlation, and analytics
• Traffic Monitoring and Visibility

It is interesting and awesome to see that half of the working groups are all about Day 2 operations and management of networks. This is exactly what’s needed in the industry.

Sessions

Creating Business Value with Cloud Infrastructure

Speaker: Adrian Cockcroft

• Developers don’t need any of that referring to NSV/NFV.
• 2009 developed the Cloudicorn, took knowledge gained to Battery
• Docker wasn’t on anyone’s roadmap for 2014. It’s on everyone’s roadmap for 2015
• 2014 was the year that Enterpises finally embraced cloud and DevOps
• Optimizing from IT cost to delivery and speed - Nordstrom - ended up yielding lower costs
• Product IT reports into the business
• Director is the highest Corp IT title
• Immutable microservice deployments scales
• If your QA team is saying there are too many bugs in a release, Continue reading

Greenpeace fingers YouTube, Netflix as threat to greener Internet

The next time you watch “House of Cards” on Netflix, think about the impact you might be having on the environment.As the Internet powers ever more services, from digital video to on-demand food delivery, energy use in data centers will rise. To reduce their impact on the environment, companies like Apple, Google and Facebook have taken big steps to power their operations with renewable energy sources like hydro, geothermal and solar.But despite those efforts, the growth of streaming video from the likes of Netflix, Hulu and Google’s YouTube presents a pesky challenge to the companies’ efforts to go green, according to a report Tuesday from Greenpeace.To read this article in full or to leave a comment, please click here

Salesforce teams with Sage, spawns new cloud platform for SMBs

There’s been a flurry of speculation that Salesforce.com could be up for sale, but an alternative line of thinking points to a deal with Sage Group as the explanation for the team of lawyers Salesforce recently hired.On Tuesday, Sage and Salesforce revealed the proof in the proverbial pudding. The two companies have announced a broad global partnership along with a new service from Sage that’s built on the Salesforce1 platform-as-a-service designed to help small businesses move to the cloud.To read this article in full or to leave a comment, please click here

Ansible Tower Now Available with Vagrant

Ansible is about simple, yet powerful automation. We want to make automation easy for everyone to learn, use, and deploy, for developers, system administrators, and operators of every skill level.

Every day we hear the success stories of people who have been able to take Ansible’s powerful automation and use it to cut their IT costs, stabilize their deployments, and allow them to get back to their focus of their job rather than continually grinding through manual tasks.

On top of that, we’ve built Ansible Tower, a web interface and API that brings those same simple principles to applying command, control, and delegation to an Ansible deployment. Customers like Nike, Splunk, Grainger, and others use Tower to centralize their Ansible deployment, delegate credentials and tasks to users in a controlled manner, and allow easy self-service access to users without them knowing the specifics of those automation.

We’re always interested in making things simpler for our users, and this extends to deploying and trying Tower as well. That’s why we’ve decided to make Tower available for use with Vagrant - what’s simpler than that?

You can try out Ansible Tower in Vagrant with just a few commands.

F5 APM, SRX and DTLS NAT Timeout

I have been having issues using the F5 APM client behind a Juniper SRX-110 using hide NAT. I believe I’ve tracked it down to the default timeout settings used for UDP services. Here’s what I did to resolve it.

Constant Connection Timeouts

The laptop client was behind the SRX-110, using hide NAT. The initial client connection would work, and things would look good for a while. The the client would stop receiving packets. Traffic graphs would show a little bit of outbound traffic, and nothing inbound. Eventually, the client might decide it needed to reconnect. But usually, it would sit there for a few minutes doing nothing. Then I would force a disconnect, which would take a while, and then reconnect. Exceedingly frustrating.

Connecting the client to a different network – e.g. using a phone hotspot – worked fine. No dropouts. Using a wired connection behind the SRX had the same issue. So clearly the problem was related to the SRX.

TLS & DTLS

I dug into the traffic flows to better understand what was going on. This SSL VPN solution makes an initial TLS connection using TCP 443. It then switches over to DTLS using UDP 4433 for ongoing encrypted Continue reading

Digging Deeper into the Cisco ASA Firewall REST API

Security orchestration methods, and of course SDN, are driving the need for programmable interfaces in  security products. The Cisco ASA Firewall added a REST API back in December with the 9.3(2) code release. I've asked Mason Harris from Cisco to write up a quick how-to primer on the ASA API capabilities. Thank you Mason for the great information.Author: Mason Harris CCIE #5916, Solutions Architect, Global EnterpriseOver the years I've seen many different custom methods used to manage ASA firewalls. Most of them involve some version of command line interface (CLI) scripting since nearly all ASA features and functions are available in this manner. Perl and Expect scripts are the common scripting languages in use today for managing ASAs.To read this article in full or to leave a comment, please click here

Digging Deeper into the Cisco ASA Firewall REST API

Security orchestration methods and of course SDN is driving the need for programmable interfaces in  security products.  The Cisco ASA Firewall added a REST API back in December with the 9.3(2) code release.  I've asked Mason Harris, from Cisco, to write up a quick how-to primer on the ASA API capabilities.  Thank you Mason for the great information.Author: Mason Harris CCIE #5916Solutions Architect, Global EnterpriseOver the years I’ve seen many different custom methods used to manage ASA firewalls. Most of them involve some version of command line interface (CLI) scripting since nearly all ASA features and functions are available in this manner. Perl and Expect scripts are the common scripting languages in use today for managing ASAs.To read this article in full or to leave a comment, please click here

Broadcom hardware platform gains support for Apple’s HomeKit

Apple’s efforts to allow people to control household appliances from their iPhones through the company’s HomeKit framework are gaining momentum.Chip maker Broadcom announced Tuesday that the SDK for its WICED hardware platform, which allows manufacturers to build so-called smart devices that can connect to the Internet, is fully compliant with HomeKit. The HomeKit protocols from Apple allow manufacturers to create products that can be controlled from an iOS device.For example, if a smart lock was integrated with HomeKit, people could use an app on their iPhones or speak a command to Siri, Apple’s voice-controlled virtual assistant, to unlock a door. Using Siri to handle voice commands when a person isn’t in his house requires an Apple TV, which works as a gateway to a home network.To read this article in full or to leave a comment, please click here

Intel looking to boost horsepower on server chips with ASIC integration

Intel is expanding its custom server chip program by integrating a special processing unit that could speed up specific applications in cloud computing environments.The chip maker said it will integrate ASICs (application-specific integrated circuits) in future Xeon chips, which will speed up cloud, security and big data applications. The ASIC designs will be provided by eASIC, a fabless semiconductor company based in Santa Clara, California.Intel declined to comment on the type of ASICs being integrated, or when they will be integrated in Xeon chips. But the integrated ASICs will be reprogrammable, and customers will be able to add more flexibility to their servers to handle specific types of tasks.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Internet-over-voice a solution for developing countries

Here's a question: who remembers the pre-broadband days of web? You'd use a voice line, acoustic coupler, and a modem, right?Well, believe it or not, huge swaths of the global population might be about to revert back to this old method for sending data. Only this time it will be over mobile 2G networks instead of dial-up copper twisted-pair—and you won't have to wrap your acoustic coupler in a pillow to prevent stray noise corrupting the data transmission.Modulated sound wave Startup Pangea Communications, presenting at Disrupt NY, reckons that the answer to a lack of data infrastructure for consumers in places such as Africa is to simply convert data into a modulated sound wave and then send the audio down existing 2G pipes to and from mobile devices. Any mobile device would work.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Internet-over-voice a solution for developing countries

Here's a question: who remembers the pre-broadband days of web? You'd use a voice line, acoustic coupler, and a modem, right?Well, believe it or not, huge swaths of the global population might be about to revert back to this old method for sending data. Only this time it will be over mobile 2G networks instead of dial-up copper twisted-pair—and you won't have to wrap your acoustic coupler in a pillow to prevent stray noise corrupting the data transmission.Modulated sound wave Startup Pangea Communications, presenting at Disrupt NY, reckons that the answer to a lack of data infrastructure for consumers in places such as Africa is to simply convert data into a modulated sound wave and then send the audio down existing 2G pipes to and from mobile devices. Any mobile device would work.To read this article in full or to leave a comment, please click here

BGP Listen Range Command

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
BGP Dynamic Neighbors are a way to bring up  BGP neighbors without specifically defining the neighbors remote IP address. Using the BGP Listen Range command you specify a range of IP addresses typically on your Hub site (maybe in a DMVPN environment) that you trust to become BGP neigbors with you. When a TCP request... [Read More]

Post taken from CCIE Blog

Original post BGP Listen Range Command

Law firm challenges net neutrality rules, saying they’re too weak

The U.S. Federal Communications Commission is facing a new, novel challenge to its recent net neutrality rules: a communications law firm is arguing the regulations aren’t strong enough.The petition from Washington, D.C., law firm Smithwick and Belendiuk is a new wrinkle for the FCC, after a spate of lawsuits from broadband providers and trade groups challenging the rules for creating too many regulations.The FCC’s net neutrality rules, passed Feb. 26, fall short in several ways, firm partner Arthur Belendiuk said. The shortcomings are largely related to the agency’s decision to forbear from applying traditional telecommunication regulations to broadband even though it reclassified broadband as a regulated telecom service, he said.To read this article in full or to leave a comment, please click here

Citrix launches Workspace Cloud with BYOD flexibility

Life today is vastly more complicated for IT managers than it used to be, thanks in large part to two key trends: bring-your-own-device computing and the growing prevalence of mixed-infrastructure IT environments.Aiming to ease some of the pressure on both ends, Citrix on Tuesday unveiled a new cloud offering designed to give enterprises maximum flexibility.The Citrix Workspace Cloud is built on the notion of a personal “work space” that includes all the desktop, Web and mobile apps a user needs, along with data, documents and collaboration tools. Essentially, the software lets IT administrators put all that together in a unified package and deliver it securely to users wherever they are, no matter what device or network they’re using.To read this article in full or to leave a comment, please click here

iPhone 6s to feature 2GB of RAM, Force Touch, sturdier aluminum frame and much more

The iPhone 6 and 6 Plus incorporated what were arguably the most significant upgrades Apple's smartphone had ever seen. In addition to much larger screens, the iPhone 6 models also introduced to Apple Pay, Cupertino's take on mobile payments.Not surprisingly, iPhone 6 sales have been record-setting, which of course leads one to wonder what Apple has planned in order keep its iPhone sales momentum going strong.Well, thanks to KGI Securities analyst Ming-Chi Kuo, we now know a whole lot more about what type of new features we can expect to see in Apple's next-gen iPhone models.One of the more exciting things about Apple's upcoming iPhones, according to Kuo, and originally relayed by GforGames, is that they will finally come with 2GB of RAM. With more RAM in tow, next-gen iPhones will likely run a bit smoother, a bit faster, and will be able to handle more intensive apps.To read this article in full or to leave a comment, please click here

BGP PIC – Prefix Independent Convergence

BGP PIC ( Prefix Independent Convergence )  is a BGP Fast reroute mechanism which can provides sub second convergence even for the 500K internet prefixes by taking help of IGP convergence. BGP PIC uses hierarchical data plane in contrast to flat FIB design which is used by Cisco CEF and many legacy platforms. In a hierarchical… Read More »

The post BGP PIC – Prefix Independent Convergence appeared first on Network Design and Architecture.

Russian cyber group seen preparing to attack banks

A security firm is warning that a group of Russian hackers known for targeting military, government and media organizations is now preparing to attack banks in the U.S. and elsewhere.The group’s preparations, which have included writing new malware, registering domain names similar to those of intended targets, and setting up command-and-control servers, were discovered by analysts from security firm Root9B.The group has been active since at least 2007 and is known by various names including APT28 and Pawn Storm. Several security vendors believe it operates out of Russia and has possible ties to that country’s intelligence agencies.To read this article in full or to leave a comment, please click here

Verizon and Sprint to pay a total of $158M for unauthorized text billing

Mobile carriers Verizon Wireless and Sprint will pay a combined US$158 million[m] to settle complaints by two U.S. government agencies that they billed millions[m] of customers for unauthorized, third-pay text messaging services.Verizon will pay $90 million[m] and Sprint $68 million[m] to settle the so-called bill cramming complaints brought by the Federal Communications Commission and the Consumer Financial Protection Bureau.Along with other recent federal and state actions targeting bill cramming, the nation’s four largest mobile phone carriers have agreed to pay $353 million[m] in penalties and restitution in recent months, with more than $267 million[m] set aside to be returned to affected customers, the FCC said on Tuesday.To read this article in full or to leave a comment, please click here

Verizon and Sprint to pay a total of $158M for unauthorized text billing

Mobile carriers Verizon Wireless and Sprint will pay a combined US$158 million[m] to settle complaints by two U.S. government agencies that they billed millions[m] of customers for unauthorized, third-pay text messaging services.Verizon will pay $90 million[m] and Sprint $68 million[m] to settle the so-called bill cramming complaints brought by the Federal Communications Commission and the Consumer Financial Protection Bureau.Along with other recent federal and state actions targeting bill cramming, the nation’s four largest mobile phone carriers have agreed to pay $353 million[m] in penalties and restitution in recent months, with more than $267 million[m] set aside to be returned to affected customers, the FCC said on Tuesday.To read this article in full or to leave a comment, please click here

Comcast Joins OpenDaylight as First User Member

Cable giant touts ODL's potential.