0

Lab: iBGP and OSPF Traffic Engineering

Here’s the scenario: An enterprise network with an MPLS core and two branch locations connected to their own Provider Edge (PE) router. In addition to the MPLS link, the PEs are also connected via a DMVPN tunnel. The PEs are peering via iBGP (of course) and are also OSPF neighbors on the DMVPN. Both Customer Edge (CE) routers at the branch are OSPF neighbors with their local PE.

Task: Use the high speed MPLS network as the primary path between the CE routers and only use the DMVPN network if the MPLS network becomes unavailable.

Question: Is the solution as simple as adjusting the Admin Distance (AD) so that the iBGP routes are more preferred?

Default State

The obvious first issue is the default AD for iBGP (200) is higher than the default AD of OSPF (110) which means the OSPF path over the DMVPN is going to be preferred. This is confirmed if we do a traceroute from R5 to R6:

R5#traceroute 6.6.6.6 source lo5
 1 10.0.45.4 2 msec 0 msec 1 msec
 2 10.10.10.7 17 msec 17 msec 17 msec
 3 10.0.67.6 18  Continue reading

0

Here are the components that will power your next smartphone

The last couple of months haven seen the launch of a clutch of new smartphones—and also new chipsets that aim to make the next generation of smartphones more powerful and simpler to recharge.Competition between chip makers is increasing, with companies spurring each other to improve smartphone performance. Here are some of the components and technologies that will help make it happen:Qualcomm’s next-generation processorsThe Snapdragon 820 will be the first processor to use Qualcomm’s homegrown ARM-based Kryo architecture—and also the first to use the company’s new Zeroth platform for adding machine learning capabilities. The company plans to make samples available to phone manufacturers in the second half of the year. Qualcomm will need to have the chips ready for mass production in the first half of 2016 to catch the next wave of high-end smartphone launches, or manufacturers may look elsewhere—as Samsung Electronics did this year, choosing to use one of its own Exynos processors for its Galaxy S6.To read this article in full or to leave a comment, please click here

0

The Problem with Peanuts

I was hungry. Perhaps that’s a good excuse, or perhaps not. Either way, I sat down after ordering, took a peanut, broke the nuts out of the shell, and ate them.

After eating the peanut, I felt less hungry. So I picked up another one and ate it, as well. Soon enough, long before I order came out in fact, I wasn’t really hungry any longer. I still ate, of course, because I’d bought the burger, and it was a good burger. The fries were pretty good, too. The sweet tea wasn’t shabby, either.

But I thought about the peanut it all started with as I ate the burger. You see, a peanut solved my hunger problem. So it one peanut solves my hunger, why couldn’t a pile of peanuts solve world hunger? So I took a pile of peanuts and put them on the table, considering something I’d never thought about before — I could solve world hunger. Right here, right now, in this place, I could actually solve a major problem the world has been struggling with for thousands of years.

Okay, but then where would I get these peanuts? The place I was in had boxes stacked Continue reading

0

Retiring the Rockstar: A Counterpoint

“You’re a rockstar!” Chances are, you’ve either a) been told this as a compliment for some work you’d done; b) heard this told to someone else for some work they’d done; or c) told someone this for some work they’d done. If you said this to someone else—I just told someone this quite recently—chances are also very likely that you had nothing but positive intentions behind this statement and your goal was to compliment them on what you saw as outstanding work. But is “rockstar” the wrong term to use? And if so, what is the right term?

Recently, Tyler Britten (a very talented professional and a former colleague when I worked as an EMC vSpecialist) posted an article titled “Time to Retire the Rockstar,” in which he draws a connection between the use of terms like “rockstar,” “superstar,” “genius,” or “guru” and the myth of the lone genius. I see his point, and don’t necessarily disagree with it. Something can be said that calling someone a rockstar (or any of the other terms listed) isn’t automatically encouraging them to “eschew teams and communities and to work alone”, but that isn’t the point of this post. Here I’d rather Continue reading

0

The Upload: Your tech news briefing for Monday, March 23

EMC pools enterprise smarts to create data lakesEMC is pulling assets from its conglomeration of businesses to help customers build data lakes using EMC storage, VMware virtualization and Pivotal big-data smarts. The Federation Business Data Lake debuting Monday will ingest and analyze data from diverse sources—and may also show how EMC can make the diverse businesses it owns add up to more than the sum of their parts.New US bill aims to limit use of student dataA new bill to be introduced in Congress on Monday aims to place checks on the collection and possible misuse of student data by tech companies that supply services to schools. The Student Digital Privacy and Parental Rights Act prohibits companies such as online homework portals or email services from using or disclosing students’ personal information for advertisement purposes, according to The New York Times.To read this article in full or to leave a comment, please click here

0

The Upload: Your tech news briefing for Monday, March 23

EMC pools enterprise smarts to create data lakesEMC is pulling assets from its conglomeration of businesses to help customers build data lakes using EMC storage, VMware virtualization and Pivotal big-data smarts. The Federation Business Data Lake debuting Monday will ingest and analyze data from diverse sources—and may also show how EMC can make the diverse businesses it owns add up to more than the sum of their parts.New US bill aims to limit use of student dataA new bill to be introduced in Congress on Monday aims to place checks on the collection and possible misuse of student data by tech companies that supply services to schools. The Student Digital Privacy and Parental Rights Act prohibits companies such as online homework portals or email services from using or disclosing students’ personal information for advertisement purposes, according to The New York Times.To read this article in full or to leave a comment, please click here

0

Foxconn partners with China’s Tencent on smart electric cars

As rumors swirl that Apple might be developing an electric car one of its major suppliers, Foxconn Technology Group, is moving ahead with its own plans to bring an electric-powered vehicle to China.On Monday, the electronics manufacturer struck a partnership with Chinese Internet giant Tencent and luxury car dealership China Harmony Auto to develop smart electric cars. All three companies are together establishing a special team for the project, Foxconn said.Foxconn, which is based in Taiwan, is perhaps best known for assembling Apple’s iPhone.To read this article in full or to leave a comment, please click here

0

EMC pools enterprise smarts to create data ‘lakes’

EMC is drawing on its “federation” of companies to help customers build data lakes using EMC storage, VMware virtualization and Pivotal big-data smarts.The Federation Business Data Lake will ingest and analyze data from diverse sources to give enterprises new insights that can help them make better decisions, EMC says. It can tie together existing EMC assets with new software to run the data lake, and the whole package can be built and started up in as little as seven days, according to the company.EMC’s aim is to help enterprises of all sizes make better use of information they collect, including both structured and unstructured data. Building the data lakes may also show how EMC can make the diverse businesses it owns add up to more than the sum of their parts.To read this article in full or to leave a comment, please click here

0

New products of the week 03.23.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CartoDB WordPressKey features: For WordPress users looking to add custom maps to webpages. CartoDB is the easiest tool for adding maps to a WordPress site for users to share maps with their posts. More info.To read this article in full or to leave a comment, please click here

0

New products of the week 03.23.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CartoDB WordPressKey features: For WordPress users looking to add custom maps to webpages. CartoDB is the easiest tool for adding maps to a WordPress site for users to share maps with their posts. More info.To read this article in full or to leave a comment, please click here

0

Cisco small business phones open to remote eavesdropping, calling

You don’t need to be the NSA to tap calls on Cisco’s SPA 300 and 500 IP phones: An authentication flaw allows potential attackers to do that by default.An unpatched vulnerability in the firmware of the SPA 300 and 500 series IP phones, typically used by small businesses, could allow eavesdropping on calls.“The vulnerability is due to improper authentication settings in the default configuration,” Cisco Systems said in a security advisory.Unauthenticated remote attackers could send crafted XML requests to affected devices in order to exploit the flaw and remotely listen to audio streams or make phone calls through them, the company warned.To read this article in full or to leave a comment, please click here

0

SElinux policy for icmp checks

Many issues reported with scanning subnets and updating host statuses are related to SElinux being enabled. So far the solution was to completely disable SElinux, but this was more workaround than anything else. Robert was kind enough to share SElinux policy that should be used with phpipam if SElinux is enabled on your server.

 

Basically it permits the opening of raw IP sockets for non-root users, that are required for executing ping command.

 

1) Create the file http_ping.tt and add the following to it:

module http_ping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

 

2) Run the following commands (as root user):

checkmodule -M -m -o http_ping.mod http_ping.tt
semodule_package -o http_ping.pp -m http_ping.mod
semodule -i http_ping.pp

brm

0

You Must Understand the Fundamentals to Be Successful

I was speaking with a participant of an SDN event in Zurich after the presentations, and he made an interesting comment: whenever he experienced serious troubleshooting problems in his career, it was due to lack of understanding of networking fundamentals.

Let me give you a few examples: Do you know how ARP works? What is proxy ARP? How does TCP offload work and why is it useful? What is an Ethernet collision and when would you see one? Why do we need MLD in IPv6 neighbor discovery?

0

You must understand the fundamentals to be successful

I was speaking with a participant of the recent SDN event in Zurich after the presentations, and he made an interesting comment: whenever he experienced serious troubleshooting problems in his career, it was due to lack of understanding of networking fundamentals.

Read more ...

0

Netvisor Analytics: Secure the Network/Infrastructure

We recently heard President Obama declare cyber security as one of his top priorities and we saw in recent time major corporations suffer tremendously from breaches and attacks. The most notable one is the breach at Anthem. For those who are still unaware, Anthem is the umbrella company that runs Blue Shield and Blue Cross Insurance as well. The attackers had access to people details, social security, home addresses, and email address for a period of month. What was taken and extent of the damage is still guesswork because network is a black hole that needs extensive tools to figure out what is happening or what happened. This also means the my family is impacted and since we use Blue Shield at Pluribus Networks, every employee and their family is also impacted prompting me to write this blog and a open invitation to the Anthem people and the government to pay attention to the new architecture that makes network play a role similar to NSA in helping protect the infrastructure. It all starts with converting the network from a black hole to something we can measure and monitor. To make this meaningful, lets look at state of the art today Continue reading

0

Fake patient data could have been uploaded through SAP medical app

SAP has fixed two flaws in a mobile medical app, one of which could have allowed an attacker to upload fake patient data.The issues were found in SAP’s Electronic Medical Records (EMR) Unwired, which stores clinical data about patients including lab results and images, said Alexander Polyakov, CTO of ERPScan, a company based in Palo Alto, California, that specializes in enterprise application security.Researchers with ERPScan found a local SQL injection flaw that could allow other applications on a mobile device to get access to an EMR Unwired database. That’s not supposed to happen, as mobile applications are usually sandboxed to prevent other applications from accessing their data.To read this article in full or to leave a comment, please click here

0

Lab: iBGP and OSPF Traffic Engineering

Here's the scenario: An enterprise network with an MPLS core and two branch locations connected to their own Provider Edge (PE) router. In addition to the MPLS link, the PEs are also connected via a DMVPN tunnel. The PEs are peering via iBGP (of course) and are also OSPF neighbors on the DMVPN. Both Customer Edge (CE) routers at the branch are OSPF neighbors with their local PE.

Task: Use the high speed MPLS network as the primary path between the CE routers and only use the DMVPN network if the MPLS network becomes unavailable.

Question: Is the solution as simple as adjusting the Admin Distance (AD) so that the iBGP routes are more preferred?

0

SElinux policy for icmp checks

0

VMWare Player and VM Networking

VMWare Player is the Virtualization software/hypervisor provided free of charge by VMWare. Player is for personal use. Paid versions are available as VMWare Player Pro or VMWare Workstation. Following link covers the differences between different editions. I have used Virtualbox for most of my VM needs. There were few recent scenarios where I had to use … Continue reading VMWare Player and VM Networking →

0

DNSSEC – Moving the Needle

The New Zealand ISP market is dominated by Spark, Vodafone & CallPus/Orcon. A side effect of this is that if one player does the Right Thing™, it really moves the needle. Recently, Spark has done the Right Thing with DNSSEC.

DNSSEC takeup has been low with New Zealand ISPs. The APNIC stats indicated that around 5% of users were using DNS resolvers that had DNSSEC validation capabilities. But in December 2014, that number jumped to ~15%:

It turns out this is because Spark has enabled DNSSEC validation on some of their resolvers. NZRS have done some analysis, and found that Spark turned on 4 new resolvers that do DNSSEC validation:

They’re still running their old resolvers, so right now it’s hit & miss for their customers. But it’s a great start, and presumably they’ll upgrade the remaining systems soon.

So Vodafone, CallPlus, Snap, Trustpower…when are you going to take customer security seriously too? And Spark…how long until DNSSEC is enabled for all your resolvers?

And please, no arguments about “we’re not sure if it will work.” Google has been doing it since March 2013…who do you think processes more DNS requests per day? Google, or your ISP?