SDN: Integration over Manipulation

I’d like to briefly express a sentiment that I pondered after listening to another one of Ivan’s great podcasts, specifically regarding the true value of a software-defined network approach. The statement was made that ACLs are terrible representations of business policy. This is not inaccurate, but the fact remains that ACLs are currently the de facto representation of business policy on a network device. The “network team” gets a request from an application team to “fix the firewall”, and the policy that is applied to enable that application typically results in an ACL change.

If you’ve ever been in this situation, you likely realize this entire process probably takes some time. Either the application team doesn’t know what exactly needs to be changed, or the network team is too busy, or both. Clearly, there’s a problem. And more often than not, this discussion becomes all about the forwarding architecture.

Oh yes, with old-school ACLs we could only match on a few things - IP subnets, TCP ports, that's about it. But now with OpenFlow - we can match on **EtherType**!! We're saved!!

Don’t be misled - the value of an SDN architecture does not lie in the fact that we can do Continue reading

SDN: Integration over Manipulation

I’d like to briefly express a sentiment that I pondered after listening to another one of Ivan’s great podcasts, specifically regarding the true value of a software-defined network approach. The statement was made that ACLs are terrible representations of business policy. This is not inaccurate, but the fact remains that ACLs are currently the de facto representation of business policy on a network device. The “network team” gets a request from an application team to “fix the firewall”, and the policy that is applied to enable that application typically results in an ACL change.

If you’ve ever been in this situation, you likely realize this entire process probably takes some time. Either the application team doesn’t know what exactly needs to be changed, or the network team is too busy, or both. Clearly, there’s a problem. And more often than not, this discussion becomes all about the forwarding architecture.

Oh yes, with old-school ACLs we could only match on a few things – IP subnets, TCP ports, that’s about it. But now with OpenFlow – we can match on EtherType!! We’re saved!!

Don’t be misled – the value of an SDN architecture does not lie in the fact that we can do Continue reading

SDN Terminology from Layered Models

Even though we don’t build networks with OSI products, we still use terms from the OSI model. What terms will we end up using for SDN, once the dust settles?

The previous post introduced one document that attempts to define terms and architecture, and today’s post introduces another: the ITU-T Y.3300 document. But how do these documents fit in with our fast-changing networking landscape – and what words should we use? Today’s post looks at the Y.3300 doc, and explores a few of the terms.

Other posts in this series:

 

Big Picture First: ITU-T Y-Series

Most of us don’t have a reason to read docs from standards bodies unless we’re looking for a particular standard or fact. But as long as we’re talking about one doc from the ITU-T Y-series, it’s worth a minute to set the context of what these documents are.

First off, the topic area for the Y-series is broad, but it’s all networking! The title for the ITU-T’s Y-series of documents spells out the big items:

Global information infrastructure, Internet protocol aspects and next-generation networks

Great, so the topic is global network, IP, including next-generation networks. It’s networking! Continue reading

Better than best effort — reliability and the Internet.

Metcalfe’s law states that the value of a telecommunications network is proportional to the square of the number of connected users of the system.

Networks prior to the Internet were largely closed systems, and the cost of communicating was extraordinarily high.   In those days, the free exchange of ideas at all levels was held back by cost.  On the Internet, for a cost proportional to a desired amount of access bandwidth, one can communicate with a billion others.  This has propelled human achievement forward over the last 20 years.  By way of Metcalfe’s law, the Internet’s value is immeasurably larger than any private network ever will be.

So why do large private service delivery networks still exist?

The answer lies primarily in one word: reliability.  What Metcalfe’s law doesn’t cover is the reliability of communication of connected users, and the implications of a lack of reliability on the value of services delivered.  Although Internet reliability is improving, much like the highway system, it still faces certain challenges inherent with open and unbiased systems.

On a well run private network, bandwidth and communications are regulated to deliver an optimal experience, and network issues are addressed more rapidly as all components Continue reading

On a Journey with VMware NSX Customers

Playing a part in the transformation of the networking industry has been one of the most rewarding opportunities of Unstoppable Momentummy career. On top of that I get the privilege of leading a team that continues to amaze me in their ability to execute. You’ve heard us talk about the more than 400 VMware NSX customers we have to date, 70+ of which are in production. You can safely assume that number is even higher today. Even more impressive is the fact that customers are making significant financial commitments to the architectural changes they are embarking on. In fact, as of last quarter we counted more than 50 organizations that have invested more than $1 million in NSX.

Now, it’s never easy for IT organizations to talk publicly about technologies they’ve purchased or deployed. This is all the more reason why I’m very grateful that VMware NSX customers have made time to speak publicly about the value they are deriving from VMware NSX to the financial community, at events such as RSA Conference, Palo Alto Networks Ignite and OpenStack Summit, and of course, to the press. No other vendor can claim more customers that are publicly discussing their Continue reading

Liveblog from ONUG!

ONUG Logo

We’re going to try out a new thing today – liveblogging from the ONUG Spring 2015 presentations here in NYC. If it doesn’t work, I apologize – but it’ll be fun trying!

If you liked this post, please do click through to the source at Liveblog from ONUG! and give me a share/like. Thank you!

Facebook wants to become your news destination of choice with Instant Articles

Facebook aims to speed up the delivery of news on the companys mobile apps with Instant Articles. The New York Times, National Geographic and others will use it to publish interactive articles directly on Facebooks iPhone app.People already share a lot of articles on Facebook, particularly on its mobile apps. To date, however, they take an average of eight seconds to load, by far the slowest content type on Facebook, the company said in a blog post on Tuesday. Instant Articles promises to change that with much better responsiveness.Users will be able to watch auto-play videos as they scroll through a story. They will also be able to view interactive maps, zoom in on high-resolution images, listen to audio captions, and comment on individual parts of an article in-line, as long as publishers have to added the necessary content.To read this article in full or to leave a comment, please click here

Vendor Neutral

And then Bilbo held the router up to the light and wondered aloud… Whatever is, vendor neutral?

Vendor neutral certainly receives a lot of play in the world of network engineering. You might have even heard the words come out of my mouth during my case study on the Telepost Greenland network at Interop a couple of weeks ago. Maybe even more than once.

But what does vendor neutral actually mean?

Does it really mean, “Can I buy my next piece of equipment from any vendor I like, and not worry about it working in my network?” Or, perhaps, “Can I buy my next piece of equipment from any vendor I like, and not worry about it disrupting my network management and operations?” The second question is the harder, in the real world — and one we’re not likely to get an answer to any time soon.

What about an open API into every piece of equipment in your network? That would be nice — but how do we get from where we are today to that nirvana? We’ve had the drive towards a MIB based interface, a common set of command line configuration constructs, several API driven Continue reading

The Upload: Your tech news briefing for Wednesday, May 13

First smartphone with iris unlocking bows in JapanForget fingerprints: Japanese carrier NTT DoCoMo has just unveiled the first smartphone that looks deep into your eyes to recognize you and let you access your device. The Arrows NX F-04G is made by Fujitsu. Its iris authentication technology can also be used to authorize mobile payments via specifications set by the FIDO (Fast IDentity Online) Alliance, which is backed by Microsoft, Google, PayPal and others.Russian cybergroup is said to be planning bank attacksTo read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, May 13

First smartphone with iris unlocking bows in JapanForget fingerprints: Japanese carrier NTT DoCoMo has just unveiled the first smartphone that looks deep into your eyes to recognize you and let you access your device. The Arrows NX F-04G is made by Fujitsu. Its iris authentication technology can also be used to authorize mobile payments via specifications set by the FIDO (Fast IDentity Online) Alliance, which is backed by Microsoft, Google, PayPal and others.Russian cybergroup is said to be planning bank attacksTo read this article in full or to leave a comment, please click here

Microsoft fixes 46 flaws in Windows, IE, Office, other products

Fourteen critical vulnerabilities in Internet Explorer were among the targets of Microsoft’s monthly batch of security patches released Tuesday. In all, it fixed 46 vulnerabilities across products including Windows, Internet Explorer and Office.The patches were organized in 13 security bulletins, three flagged as critical and ten as important. The critical bulletins, MS15-043, MS15-044 and MS15-045, cover remote code execution vulnerabilities in Windows, IE, Office, Microsoft .NET Framework, Microsoft Lync and Silverlight.To read this article in full or to leave a comment, please click here

NTT DoCoMo launches smartphone with iris unlock feature

Japanese mobile carrier NTT DoCoMo has released a smartphone that can be unlocked with a mere glance.The Arrows NX F-04G, unveiled Wednesday in Tokyo, is billed as the first commercialized smartphone with iris authentication technology, which can also be used to authorize mobile payments.Iris scanners make it easier to unlock phones than keying in a PIN, which can be forgotten or stolen. Authentication takes a second or two, a bit slower than fingerprint authentication, and is based on patterns in the iris that are unique to each individual.The device works with authentication specifications set by the FIDO (Fast IDentity Online) Alliance, which is supported by Microsoft, Google, PayPal and others.To read this article in full or to leave a comment, please click here

NTT DoCoMo launches smartphone with iris unlock feature

Japanese mobile carrier NTT DoCoMo has released a smartphone that can be unlocked with a mere glance.The Arrows NX F-04G, unveiled Wednesday in Tokyo, is billed as the first commercialized smartphone with iris authentication technology, which can also be used to authorize mobile payments.Iris scanners make it easier to unlock phones than keying in a PIN, which can be forgotten or stolen. Authentication takes a second or two, a bit slower than fingerprint authentication, and is based on patterns in the iris that are unique to each individual.The device works with authentication specifications set by the FIDO (Fast IDentity Online) Alliance, which is supported by Microsoft, Google, PayPal and others.To read this article in full or to leave a comment, please click here

SDN Terminology from Layered Models

Even though we don’t build networks with OSI products, we still use terms from the OSI model. What terms will we end up using for SDN, once the dust settles?

The previous post introduced one document that attempts to define terms and architecture, and today’s post introduces another: the ITU-T Y.3300 document. But how do these documents fit in with our fast-changing networking landscape – and what words should we use? Today’s post looks at the Y.3300 doc, and explores a few of the terms.

Other posts in this series:

 

Big Picture First: ITU-T Y-Series

Most of us don’t have a reason to read docs from standards bodies unless we’re looking for a particular standard or fact. But as long as we’re talking about one doc from the ITU-T Y-series, it’s worth a minute to set the context of what these documents are.

First off, the topic area for the Y-series is broad, but it’s all networking! The title for the ITU-T’s Y-series of documents spells out the big items:

Global information infrastructure, Internet protocol aspects and next-generation networks

Great, so the topic is global network, IP, including next-generation networks. It’s networking! Continue reading

Diving into the DNS

The turning of the DNS from a distributed database query tool into a malicious weapon in the cyber warfare arena has had profound impacts on the thinking about the DNS. I remember hearing the rallying cry some years back: “Lets all work together to find all these open resolvers and shut them down!” These days I don't hear that any more. It seems that, like SPAM in email, we’ve quietly given up on eradication, and are now focusing on how to preserve service in a toxic world. I suppose that this is yet another clear case of markets in action – there is no money in eradication, but there is money in meeting a customer’s requirement to allow their service to work under any circumstances. We’ve changed our self-perception from being the public DNS police to private mercenaries who work diligently to protect the interests of our paying customers. We are being paid to care about the victim, not to catch the attacker or even to prevent the attack.

Fujitsu pushes wearable IoT tags that detect falls, heat stress

Fujitsu has developed stamp-sized wearable sensor tags that can detect whether users have changed their location or posture, fallen down or are experiencing high heat.The tags transmit data via Bluetooth Low Energy and can be worn as wristbands or location badges on lapels or breast pockets. They could be used by people including hospital patients and infrastructure workers to relay data to supervisors.The tags can also be attached to objects such as shopping carts or walkers for the elderly. They’re part of a cloud-based Internet of Things (IoT) platform from Fujitsu called Ubiquitousware that’s aimed at making IoT applications easier for businesses.To read this article in full or to leave a comment, please click here

1 3,490 3,491 3,492 3,493 3,494 3,841