NetworkingNexus.net

Overview: Unified Threat Management user interfaces

Video

BGPSEC: Signatures and Performance

BGPSEC is a set of BGP extensions being developed by the SIDR working group of the IETF to improve the security of the Internet’s routing infrastructure. So far in this series, we’ve looked at the basic operation of BGPSEC, the protections offered, and then the first set of performance issues — how do we prevent […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.

The post BGPSEC: Signatures and Performance appeared first on Packet Pushers Podcast and was written by Russ White.

BGP Deaggregation with Conditional Route Injection

Whenever there’s a weird request to do something totally illogical with BGP, there’s a knob in Cisco IOS to get it done (and increase the heartburn of CCIE candidates). Conditional Route Injection (the ability to insert more specific prefixes into BGP without having them in the IP routing table) is one of them.

Keep in mind: being a MacGyver is not a long-term strategy. Just because you can doesn’t mean that you should.

Software-Defined Cloud Networking Reflections

Every year I reflect upon how my predictions compare to actual outcomes. Once again, that time has come, so let’s take a walk together down 2014’s memory lane, while also looking forward to exciting industry developments in 2015. Clearly innovation in networking is returning as we are seeing venture capitalists once again investing in networking innovation!

Prediction #1: The rise in server virtualization is driving network virtualization deployments.

Evaluation #1: Half True.

One can transcend network boundaries at both L2 and L3, building seamless virtual and physical networks with VXLAN as the key L2 over L3 foundation. The VXLAN specification co-authored by Arista and VMware, and in a similar vein the NVGRE specification co-authored by Arista and Microsoft, were key turning points for network virtualization. Arista’s strategic partnership announced in August 2014 with VMware (NSX, vSphere and vCloud Director) and multivendor interoperability with other controllers from Nuage Networks, OpenStack and the OpenFlow community were key milestones in 2014. New protocols take time to be adopted – usually 3-5 years. VXLAN is at that tipping point for broader implementations in place of the proprietary, vendor-specific options we have seen.

Prediction #2: “SDN” is no more “Still Don’t Know”.

Evaluation #2: Continue reading

Continuous Integration Pipeline for Networking

Popular development methodologies like Continuous Integration are usually accompanied by some kind of automated workflow, where a developer checks in some source code, which kicks off automated review, testing, and deployment jobs. I believe the same workflows can be adopted by network engineers. Let’s say you are the Senior Network Engineer for your entire company, which boasts a huge network. You don’t have time to touch every device, so you have a team of junior-level network engineers that help you out.

Continuous Integration Pipeline for Networking

Blog Migration Complete

The blog migration is finally complete! It’s taken quite a while, but I’ve finally managed to migrate the over 1,600 posts from my original WordPress installation over to Jekyll hosted on GitHub Pages. I’ll have another post later that goes into more detail on the process that I followed (and why) as well as some of the tools that I used in the migration.

As of right now, there are 2 outstanding issues:

While all the content is here, what’s not here is the comments (yet). I’m still working through some issues with Disqus, but I hope to have the issues resolved soon.
Also, depending on when you read this, my original domain (“blog.scottlowe.org”) may or may not be working with the new content.

I appreciate your patience as I work through these issues.

I’d also appreciate it if you could let me know if you find anything that’s not working, such as links to other blog posts, code listings, images, etc. Because this entire site is a GitHub repo, if you’re so inclined you’re welcome to clone the repo, fix the problems, and submit a pull request. If you don’t feel like doing that, just drop me Continue reading

Docker Orchestration

This blog is part of my ongoing series on Docker containers. Orchestrating Containers is a pretty complex task and there is a lot of work ongoing to solve this particular problem. There are big companies, startups as well as Opensource projects involved with this work. There are many different technologies and projects ongoing that got … Continue reading →

13 reasons why your newsletter sucks

Newsletters are a crucial tool of online marketing; get yours right and your audience will pay attention to you and whatever you’re trying to promote. Get it wrong and if you’re lucky people will just route your newsletter straight to the trash. If you really goof up, you’ll be swamped with abuse and unsubscribe requests. So, to help keep you on the path of digital righteousness here's a selection of the best ways for you to screw up your newsletter:

#1. Be boring. This is the simplest path to a failed newsletter. To really be boring ensure that your newsletter is in plain text, short, minimally formatted, and contains absolutely no graphics.

To read this article in full or to leave a comment, please click here

Hybrid OpenFlow ECMP testbed

SDN fabric controller for commodity data center switches describes how the real-time visibility and hybrid control capabilities of commodity data center switches can be used to automatically adapt the network to changing traffic patterns and optimize performance. The article identifies hybrid OpenFlow as a critical component of the solution, allowing SDN to be combined with proven distributed routing protocols (e.g. BGP, ISIS, OSPF, etc) to deliver scaleable, production ready solutions that fully leverage the capabilities of commodity hardware.

This article will take the example of large flow marking that has been demonstrated using physical switches and show how Mininet can be used to emulate hybrid control of data center networks and deliver realistic results.

The article Elephant Detection in Virtual Switches & Mitigation in Hardware describes a demonstration by VMware and Cumulus Networks that shows how real-time detection and marking of large "Elephant" flows can dramatically improve application response time for small latency sensitive "Mouse" flows without impacting the throughput of the Elephants - see Marking large flows for additional background.

Performance optimizing hybrid OpenFlow controller demonstrated how hybrid OpenFlow can be used to mark Elephant flows on a top of rack switch. However, building test networks with physical Continue reading

Show 219 – Open vSwitch Obtains Ludicrous Speed

Ben Pfaff, Justin Pettit, and Ethan Jackson are core contributors to the Open vSwitch (OVS) project. What’s OVS? OVS is a virtual switch that’s growing in popularity as an open source vSwitch. The more you dig into open source networking projects, the more you see OVS showing up. One of the OVS gotchas in the past has […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 219 – Open vSwitch Obtains Ludicrous Speed appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Manually calculating MST digests

Switches sharing an MST region must agree on three things:

The region name
The region revision level
The region's mapping of VLANs to STP instances

The first two are exchanged directly inside BPDUs, so they are easy to validate. The third item is about 6KB of data at a minimum. It doesn't fit in a BPDU.

Rather than exchange the table directly, MST switches calculate a 128-bit hash of the table and exchange that instead. If the hashes match, the VLAN-to-stp-instance mapping database is assumed to match.

Most platforms will show you the calculated digest.

Catalyst:

 lab-catalyst#show spanning-tree mst configuration  
 Name   [lab]  
 Revision 3   Instances configured 4  
 Instance Vlans mapped  
 -------- ---------------------------------------------------------------------  
 0     4-9,40-99,101-199,201-299,301-4094  
 1     1,10-19,100  
 2     2,20-29,200  
 3     3,30-39,300  
 -------------------------------------------------------------------------------  
 lab-catalyst#show spanning-tree mst configuration digest  
 Name   [lab]  
 Revision 3   Instances configured 4  
 Digest     0x37D94E0098E3418C046F217A71077FB1  
 Pre-std Digest 0xFC2190275BBB19CD9A6F1BB116DB10E7  
 lab-catalyst#

Procurve:

 lab-procurve# show spanning-tree mst-config  
  MST Configuration Identifier Information  
  MST Configuration Name : different              
  MST Configuration Revision : 4    
  MST Configuration Digest : 0x37D94E0098E3418C046F217A71077FB1  
  IST Mapped VLANs : 4-9,40-99,101-199,201-299,301-4094  
  Instance ID Mapped VLANs  
  ----------- ---------------------------------------------------------  
  1      1,10-19,100  
  2      2,20-29,200  
  3      3,30-39,300  
 lab-procurve#

Because their VLAN-to-instance mapping is the same, both switches arrived at the same digest value. Note that Continue reading

My Network Toolkit

A while back, Chris Marget of Fragmentation Needed posted a run-down of his comprehensive and extremely clever network toolkit. Because I'm something of a weight weenie, mine is a lot more slimmed down. I thought I'd post it here:

The contents:

Two random USB drives (in case I need to leave one with somebody).
Single-mode and multi-mode LC fiber loopback plugs.
Rack PDU plug adapter.
Awesome PicQuic compact screwdriver (thanks to Chris's post).
T1 loopback plug (red) (because we still have T1s out here in the boonies).
Cat-6 pass-through plug (white).
Crossover adapter (orange).
Sharpie.
Console setup:

USB-to-DB9 adapter.
DB9-to-RJ45 adapter.
Flat Cat-6 cable.
Rollover adapter.
Velcro tie
Flat Cat-6 cable with velcro tie.

The console setup could probably be improved by adding a DB9 null-modem adapter. The coolest thing (IMO) that I'm missing from Chris's setup is the Bluetooth console adapter -- maybe one day.

The Fenix AA light and Leatherman Skeletool CX almost always live in a pocket rather than the kit and go with me everywhere. The kit all fits into a small zippered case that used to hold a Dell laptop power supply.

My main goal here was to have all the hard-to-find professional stuff in Continue reading

My Network Toolkit

The contents:

Two random USB drives (in case I need to leave one with somebody).
Single-mode and multi-mode LC fiber loopback plugs.
Rack PDU plug adapter.
Awesome PicQuic compact screwdriver (thanks to Chris's post).
T1 loopback plug (red) (because we still have T1s out here in the boonies).
Cat-6 pass-through plug (white).
Crossover adapter (orange).
Sharpie.
Console setup:

USB-to-DB9 adapter.
DB9-to-RJ45 adapter.
Flat Cat-6 cable.
Rollover adapter.
Velcro tie
Flat Cat-6 cable with velcro tie.

Friday News Analysis: “Size Matters” Tech Podcast for SMB’s Launching

I noticed a tweet about a new tech podcast that will be starting soon focused on the SMB space. I used to consult for SMBs, and I know the needs to be unique. SMBs often have many of the same technical needs of large organizations, but lack the scale requirements. Technology purchases are expensive, and business […]

Greg DeKoenigsberg’s Blog: A Good Year for Ansible

Ansible's VP of Community, Greg DeKoenigsberg, compiled a nice statistical look back at our 2014.

Here is a nice example of Ansible's growth on GitHub:

github-ansible

Read the full post on Greg's blog.

Using the Junos Space REST API

Automation is going to be fundamental in all networking products. I’ve been working a lot on integrating Juniper products in existing and standard software. There are many different ways to automate something on a network running Junos. Using REST (or RESTful) APIs is one way of doing this. The reason I’m using REST is that it’s fairly easy to understand, but the best thing is that a large amount of existing products supports REST to integrate with it.

The goal of this blog is to explain how Junos products support REST, compatibility with older versions and how it scales.

What is REST?

REST (REpresentational State Transfer) is a simple stateless architecture that generally runs over HTTP. There are 4 commonly supported commands. When you issue a command your input data consists of a URL, HTTP headers and a body holding the data.

HTTP Headers are used for things like Authentication and a Content Type to let the application know what data format the body will contain.
The URL specifies which data you want to receive from the application or you want to change.
The body is empty in a request for data, when you want to change some data this Continue reading

Networking FAQ 1: Breaking into the Field

This post is the first in a series I plan to publish over the next few months regarding frequently asked questions in networking. Each post will cover a different subject, roughly following the outline I shared last summer. I hope people find this useful!

Continue reading · 2 comments

The Most Important Skill to learn for 2015

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
In this ever advancing world of technology there has never been a better time to be able to get things done anywhere, but there has also never been so many distractions stopping you getting things done. With the constant connectivity to the internet, facebook, twitter, etc etc we are now absorbing more information every hour... [Read More]

Other pages of interest:

Post taken from CCIE Blog

Original post The Most Important Skill to learn for 2015

Anybody can take North Korea offline

A couple days after the FBI blamed the Sony hack on North Korea, that country went offline. Many suspected the U.S. government, but the reality is that anybody can do it -- even you. I mention this because of a Vox.com story that claims "There is no way that Anonymous pulled off this scale of an attack on North Korea". That's laughably wrong, overestimating the scale of North Korea's Internet connection, and underestimating the scale of Anonymous's capabilities.

North Korea has a roughly ~10-gbps link to the Internet for it's IP addresses. That's only about ten times what Google fiber provides. In other words, 10 American households can have as much bandwidth as the entire country. Anonymous's capabilities exceed this, scaling past 1-terabit/second, or a hundred times more than needed to take down North Korea.

Attacks are made easier due to amplifiers on the Internet, which can increase the level of traffic by about 100 times. Thus, in order to overload a 10-gbps link of your target, you only need a 100-mbps link yourself. This is well within the capabilities of a single person.

Such attacks are difficult to do from your home, because your network Continue reading

« Previous 1 … 3,496 3,497 3,498 3,499 3,500 … 3,681 Next »