NetworkingNexus.net

Securing BFD now possible!

Confession Time.

I am guilty of committing several sins. One that egregiously stands out is writing two IETF specs for BFD security (here and here) without considering the impact on the routers and switches implementing those specs. Bear in mind that Bi-directional Forwarding Detection (BFD) is a hard protocol to implement well. Its hard to get into a conversation with engineers working on BFD without a few of them shedding copious quantities of tears on what it took them to avoid those dreaded BFD flaps in scaled setups. They will tell you how they resorted to clever tricks (hacks, if you will) to process BFD packets as fast as they could (plucking them out of order from a shared queue, dedicated tasks picking up BFD packets in the ISR contexts, etc) . In a candid conversation, an ex-employee of a reputed vendor revealed how they stage managed their BFD during a demo to a major customer since they didnt want their BFD to flap while the show (completely scripted) was on. So, long story short — BFD is hard when you start scaling. It just becomes a LOT worse, when you add security on top of it.

The reason BFD is hard is because of Continue reading

News Analysis: CloudGenix, LightCyber, VMware, Meru

This week, Greg and I decided to do a review of some of the briefings we received via an audio recording. We published the audio on the Packet Pushers Community Show feed, which you can subscribe to specifically on iTunes or access via the Packet Pushers Fat Pipe iTunes feed. Here's a summary of my take on these briefings.

Exporting NetFlow from Linux to a collector over IPv6

There is another project out there in the ether that I have a hand in providing input for. One of the features that I felt was necessary for it is exporting NetFlow information from traffic the Linux machine handled, to a collector. This is dual-stack traffic, but I have the collector listening on IPv6.

Firstly, I needed something that would gather and export the data, so I found softflowd. My ubuntu server had it in the repo, so a quick apt install got it onto the machine easily enough. You need to edit /etc/default/softflowd and set what interface(s) you want it capturing & generating flow data from, and what options to feed to the daemon, like what server:port to export that data to:

INTERFACE="eth#" OPTIONS="-v 9 -n [x:x:x:x::x]:9995"

Fill in the correct interface name you want to gather data from. The -v 9 option tells it to use Netflow v9, which has IPv6 support The -n option is used for specifying the collector machine’s IP and port, and fill in for the correct IPv6 address of that collector. Above is the format for specifying an IPv6 host running a collector, like nfcapd. Then you can fire up the softflowd daemon, Continue reading

CLUS Keynote Speaker – It’s a Dirty Job but Somebody’s Gotta Do It

Did you guess by the title who will be the celebrity keynote speaker for CLUS San Diego? It’s none other than Mike Rowe, also known as the dirtiest man on TV.

Mike is the man behind “Dirty Jobs” on the Discovery Channel. Little did he know when pitching the idea to Discovery that they would order 39 episodes of it. Mike traveled through 50 states and completed 300 different jobs going through swamps, sewers, oil derricks, lumberjack camps and what not.

Mike is also a narrator and can be heard in “American Chopper”, “American Hot Rod”, “Deadliest Catch”, “How the Universe Works” and other TV shows.

He is also a public speaker and often hired by Fortune 500 companies to tell their employees frightening stories of maggot farmers and sheep castrators.

Mike also believes in skilled trades and in working smart AND hard. He has written extensively on the country’s relationship with work and the skill gap.

I’m sure Mike’s speach will be very interesting…and maybe a bit gross…

The following two links take you to Cisco Live main page and the registration packages:

Cisco Live
Cisco Live registration packages

Install the CORE Network Emulator on Amazon AWS

Having set up an Ubuntu Linux server running on a free micro-instance in Amazon’s Web Services EC2 service, I’d like to see how some of the open-source network simulation tools I’ve been using work in the cloud.

First, I will install the CORE Network Emulator on my Amazon AWS EC2 virtual private server. Please read the rest of this post to see how it works.

I expect that the CORE Network Emulator will install and run on an Amazon EC2 instance because it uses Linux Containers (LXC) as its virtualization technology. I have already observed that LXC containers work when run inside a virtual machine on my Laptop computer. It should work the same when running in a virtual machine in Amazon’s EC2 cloud computing service.

Install CORE

I’ve already described how to install the CORE network emulator in previous posts so I will list the installation steps below without any explanation. For details, please see my post on how to install the CORE Network Emulator from source code.

Install prerequisite software

$ sudo apt-get update
$ sudo apt-get install bash bridge-utils ebtables 
  iproute libev-dev python tcl8.5 tk8.5 libtk-img 
  autoconf automake gcc libev-dev make python-dev 
   Continue reading

Networking Field Day 9: Brief Recap

I’m sitting in the San Francisco airport with nothing better to do than writing blog posts, so let’s see what we’ve seen and learned during the Networking Field Day 9.

Most videos recorded during the week are already online. You’ll find links to them in the Presentation Calendar section.

Yelp sues positive review provider Revleap

Yelp has filed a lawsuit against Revleap, a company that says it can help businesses improve their ratings, though Yelp says it actually spams them and cons them out of money.Revleap, based in Los Angeles, operates a paid service that it says can “create a large constant flow of positive reviews that stay on top of your profile, and remove fake reviews,” according to its website.These sorts of messages are knowingly false, Yelp contends in a lawsuit filed Friday, because Revleap has no way of removing bad reviews or getting good ones to appear more prominently.To read this article in full or to leave a comment, please click here

Yelp sues positive review provider Revleap

Cisco Live 2015 – Mike Rowe Announced as Keynote Speaker

Cisco just announced to the Cisco Champion community that the guest speaker for the keynote is going to be none other than …… Mike Rowe!! In case you don’t know, Mike Rowe is an American TV host, narrator, actor, and former opera singer. He is best-known for his extensive work on the Discovery Channel. He has starred on the shows Dirty Jobs, and narrated many shows including Deadliest Catch, American Hot Rod, and Ghost Hunters. He also did a quick stint on the QVC Shopping Network where he was hired after talking about a pencil for nearly eight minutes. According to his bio, he worked the graveyard shift for just three years, until he was ultimately fired for making fun of products and belittling viewers. I’ve included one of my favorite videos from his time at QVC down below, be sure to check out some of the other ones if you haven’t seen them.

Mike also founded the mikeroweWORKS Foundation, which promotes hard work. Mike has long been a supporter of the skilled trades and his foundation works hard at awarding scholarships to men and women who demonstrate an aptitude for doing the work that America needs. He is also Continue reading

Vint Cerf worries about a ‘digital dark age,’ and your data could be at risk

In this era of the all-pervasive cloud, it’s easy to assume that the data we store will somehow be preserved forever. The only thing to fret about from a posterity perspective, we might think, is the analog information from days gone by—all the stuff on papers, tapes and other pre-digital formats that haven’t been explicitly converted.Vinton Cerf, often called “the father of the Internet,” has other ideas.Now chief Internet evangelist at Google, Cerf spoke this week at the annual meeting of the American Association for the Advancement of Science, and he painted a very different picture.Rather than a world where longevity is a given, Cerf fears a “digital dark age” in which the rapid evolution of technology quickly makes storage formats obsolete thanks to a phenomenon he calls “bit rot.”To read this article in full or to leave a comment, please click here

Vint Cerf worries about a ‘digital dark age,’ and your data could be at risk

Cisco Live 2015 – Guest Keynote Speaker

The time has come to announce the guest closing Keynote speaker for Thursday! This information is hot off the press so be prepared for some serious excitement! The closing Keynote speaker is going to be just AWESOME. I have been asking, as well as have others, for a few years to get this man for the closing […]

The post Cisco Live 2015 – Guest Keynote Speaker appeared first on Fryguy's Blog.

Huawei faces outcry over telecom towers in Zambia

China’s Huawei Technologies is facing a growing backlash in Zambia, following revelations that the company is erecting telecom towers that do not adhere to technical specifications.Lawmakers and consumer rights groups have urged the Zambian government to withhold payments to the company until it brings the towers up to the required standard.The Zambian Information and Communication Technology Authority (ZICTA), awarded Huawei a contract to construct 169 telecom towers in rural areas of the country, at a cost of over $13.5 million. It has been established, however, that the coverage of the towers extends to a radius of 1.65 km (one mile) as opposed to the 5 km specification in the contract.To read this article in full or to leave a comment, please click here

IRS Banner Fail

So I go to the IRS Page that allows taxpayers to check status of a refund. This is under the number “3” at the following URL–

http://www.irs.gov/Refunds

The following banner pops up prior to setting a browser cookie.

I’m not a lawyer, so I have some questions regarding how to interpret this–

Should this be read as–
1. Use of this system constitutes consent to monitoring, interception, recording, reading, copying or capturing by authorized personnel of all activities. (or)
2. Use of this system constitutes consent to monitoring, interception, recording, reading, copying or capturing by authorized personnel of all activities.
And what does authorized personnel of all activities mean. If I use the system, I have to be authorized, or I’m breaking the law (as identified two sentences later–Unauthorized use is prohibited).
So based on #2 above (authorized user). When I use that definition of authorized user in #1, the IRS isn’t accepting responsibility if I somehow happened to perform the following on another user’s information – monitoring, interception, recording, reading, copying or capturing. (doesn’t exclude my accountability, but it certainly alleviates the IRS accountability)
“There is no right to privacy in this system“?
1. Continue reading

Apple is said to recruit engineers for car development project

Apple’s automotive ambitions may extend beyond CarPlay, its vehicle dashboard software.Managers from the company’s iPhone unit are leading employees in automotive research projects at a secret Silicon Valley lab, according to a report in the Financial Times Friday.Apple designers have met with executives and engineers at auto makers and in some cases recruited them, including the head of Mercedes-Benz’s Silicon Valley research and development division, the report says.If Apple is indeed building a car it will quickly run into one of its biggest rivals—Google, which is far along in its development of an autonomous vehicle. Traditional automakers are also getting smarter about incorporating technology in their vehicles. Chevrolet’s cars can come with built-in LTE hotspots, and in January Audi ferried journalists from Silicon Valley to Las Vegas in a self-driving car.To read this article in full or to leave a comment, please click here

Democratic Republic of Congo restores Internet throughout country

Internet connectivity and mobile communications throughout the Democratic Republic of Congo (DRC) have been fully restored, but the country’s political turmoil is far from over.The government had moved to block communications in an attempt to quell public protests sparked by President Joseph Kabila’s political maneuvers to extend his tenure in office.The DRC government shut down Internet, social media and mobile phone communications on Jan. 19, restoring Internet service only to banks, government agencies and other corporate bodies 10 days later.People had been using text messages and social media networks to coordinate rallies to protest Kabila’s attempts to introduce an electoral bill and change the country’s constitution in order to continue his stay in office. The DRC government admitted that the debate over the bill would likely delay the next presidential election by at least one year.To read this article in full or to leave a comment, please click here

Obama pushes for more cyberthreat information sharing

U.S. businesses and government agencies need to work more closely together to combat the growing threat of cyberattacks, President Barack Obama said Friday.Calling on U.S. agencies and businesses to share more cyberthreat information, Obama said he had signed an executive order intended to encourage more cooperation.Protecting against cyberattacks “has to be a shared mission,” Obama said during a speech at Stanford University. “Government cannot do this alone, but the fact is, the private sector cannot do this alone either.”To read this article in full or to leave a comment, please click here

Apple’s Tim Cook warns that sacrificing privacy ‘risks our way of life’

Apple CEO Tim Cook has warned of “dire consequences” if tech companies can’t protect the privacy of those who use their products.Giving up our privacy to digital technologies exposes us to greater risks than just identity theft and financial losses—serious though those things are, Cook said in a brief speech at a cybersecurity summit in Silicon Valley on Friday.“History has shown us that sacrificing our right to privacy can have dire consequences,” Cook said.“We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion or express their opinion or love who they choose—or love who they choose,” he repeated for emphasis, “in a world in which that information can make the difference between life or death.”To read this article in full or to leave a comment, please click here

US government courts Silicon Valley on cybersecurity

Senior U.S. government officials came to Silicon Valley on Friday to deliver a direct appeal to executives from major companies and the cybersecurity industry: work with us so the nation will be better protected from cyberattacks.The charm offensive, which includes a speech by President Barack Obama, comes as a new government agency is being formed to oversee preventive and reactive response to cyberattacks: the U.S. Cyber Threat Intelligence Integration Center. That’s part of the government’s response to the growing number of cyberattacks on large corporations, like Target and Sony Pictures, but the cooperation of industry is not guaranteed.Lisa Monaco, a senior advisor to President Obama on homeland security and counterterrorism, said she worried that the type of cyberattack that targeted Sony could become the norm in the future if more isn’t done.To read this article in full or to leave a comment, please click here

AnsibleFest London Recaps

We posted our recap of AnsibleFest last week which has all of the links to the presentations, but we also wanted to provide you with a few recaps by AnsibleFest attendees.

elsaticsearch: Highlights from configuration management camp & Ansiblefest London

DevOpsGuys: #ANSIBLEFEST2015

Silpion: #ANSIBLEFEST London 2015

« Previous 1 … 3,483 3,484 3,485 3,486 3,487 … 3,694 Next »