NetworkingNexus.net

Improving compression with a preset DEFLATE dictionary

A few years ago Google made a proposal for a new HTTP compression method, called SDCH (SanDwiCH). The idea behind the method is to create a dictionary of long strings that appear throughout many pages of the same domain (or popular search results). The compression is then simply searching for the appearance of the long strings in a dictionary and replacing them with references to the aforementioned dictionary. Afterwards the output is further compressed with DEFLATE.

CC BY SA 2.0 image by Quinn Dombrowski

With the right dictionary for the right page the savings can be spectacular, even 70% smaller than gzip alone. In theory, a whole file can be replaced by a single token.

The drawbacks of the method are twofold: first - the dictionary that is created is fairly large and must be distributed as a separate file, in fact the dictionary is often larger than the individual pages it compresses; second - the dictionary is usually absolutely useless for another set of pages.

For large domains that are visited repeatedly the advantage is huge: at a cost of single dictionary download, all the following page views can be compressed with much higher efficiency. Currently we aware Continue reading

Review: Portnox, Extreme lead NAC pack

Remember when network access control (NAC) was all the rage? Remember the competing standards from Microsoft, Cisco, and the Trusted Computing Group? Back around 2006, there were dozens of NAC products, many of which turned out to be buggy and difficult to implement. Over time, other network-based security products – mobile device management (MDM), intrusion prevention systems (IPS) and next-generation firewalls – came along and squeezed NAC into a narrower part of the market. But NAC hasn’t disappeared. In fact, NAC products have evolved and improved as well. For this review, we were able to bring the following five vendors together: Enterasys/Extreme Networks Mobile IAM, Hexis Cyber Solutions NetBeat NAC, Impulse Point SafeConnect NAC, Pulse Policy Secure, and Portnox NAC. (Cisco, ForeScout, Auconet, and Aruba declined our invitation.)To read this article in full or to leave a comment, please click here(Insider Story)

Will open source save the Internet of Things?

To some degree, open source is already present throughout the Internet of Things value chain. Cloud apps that collect and analyze data are heavily dependent on open source software and standards, for example.To read this article in full or to leave a comment, please click here(Insider Story)

British Airways notifies frequent flyers of possible breach of their accounts

Over the last few days, a large number of British Airways customers have found that reward points they accumulated for flights, called Avios, have disappeared from their accounts. Others have been locked out of their accounts completely.Affected users have gathered on the flyertalk.com forum to share their experiences after calling the company’s call center, which according to reports, has been giving out “contradictory” information at times.It seems that the incident is the result of hackers gaining access to a large number of accounts.To read this article in full or to leave a comment, please click here

Cisco Live US – 2015

I will be attending this year’s Cisco Live US in San Diego!

This is my first Cisco Live, so I dont really know what to expect. There are alot of great sessions that I want to attend (if they are not already full), and I will be posting my week here when i have my sessions down.

If you want to connect for a coffee or a chat, feel free to drop me a mail/tweet, and im sure we can figure something out!

See you in San Diego!

Too Many Details Can Hurt You (or Why You Need the Fundamentals First)

The IPv6 Security Summit at the Troopers conference always has a few awesome IPv6 presentations (many people claim Troopers is the conference to attend if you’re serious about IPv6), and this year was no exception. A day after the MLD bashing, Enno Rey delivered a great in-depth presentation on DHCPv6 features and shortcomings.

It seems the DHCPv6 intricacies presented in that talk were too much for some of the attendees – that afternoon I accidentally stumbled upon a visibly distressed gentleman who started our chat with “How could anyone expect us to deploy IPv6 in a production environment?”

GitHub recovering from massive DDoS attacks

Software development platform GitHub said Sunday it was still experiencing intermittent outages from the largest cyberattack in its history but had halted most of the attack traffic.Starting on Thursday, GitHub was hit by distributed denial-of-service (DDoS) attacks that sent large volumes of Web traffic to the site, particularly towards two Chinese anti-censorship projects hosted there.Over the next few days, the attackers changed their DDoS tactics as GitHub defended the site, but as of Sunday, it appears the site was mostly working.A GitHub service called Gists, which lets people post bits of code, was still affected, it said. On Twitter, GitHub said it continued to adapt its defenses.To read this article in full or to leave a comment, please click here

[SDN Protocols] Part 5 – NETCONF

For those that followed my SDN Protocols series last summer, you might have noticed a missing entry: NETCONF. This protocol has actually existed for some time (the original now-outdated specification was published in 2006), but is appearing more often, especially in discussions pertaining to network automation. The current, updated specification - RFC6241 - covers a fairly large amount of material, so I will attempt to condense here. NETCONF operates at the management layer of the network, and therefore plays a role similar to that of OVSDB.

[SDN Protocols] Part 5 – NETCONF

OS X – Outlook Search “No Results”

The worst feeling for a geek:

Courtesy of xkcd (http://xkcd.com/979/)

This has happened to me twice now: upgrading Mac OS X from one release to another and after the dust settles, the search function in Outlook 2011 totally breaks and always returns “no results”. As we all know, email sucks and being able to deftly search through that mound of crap in your mail client is the only thing that makes it somewhat bearable.

When I upgraded from 10.8 to 10.9, I was the guy in the cartoon above. I had to resort to uninstalling and reinstalling all of Office to get this repaired. Urgh.

Well, I just upgraded from 10.9 to 10.10 and lo, the same problem with Outlook search. However this time my karma must be right topped off because I found the solution buried in a message board after an hour or so of searching.

Sweet, merciful help!

The post is from the macrumors.com forum and exactly described the issue and how to fix it on my machine. As stated, the permissions on my Microsoft Office 2011 directory allowed only my account to open the directory:

jknight@mac:~% ls -ld /Applications/Microsoft Office  Continue reading

2016 CCDE Practical Exam Dates

Cisco announced 2016 CCDE Practical exam dates. CCDE practical exam is organised only in every 3 months. Prerequisite for the exam is CCDE Written Qualification exam. You can attend the exam 4 times a year in a Professional Pearson Centers. I am planning to start my CCDE trainings 2 months before an announced exam date… Read More »

The post 2016 CCDE Practical Exam Dates appeared first on Network Design and Architecture.

Common Misconceptions about SDN

Andrew Lerner, my favorite Gartner blogger, published a great article documenting common SDN misconceptions. Not surprisingly, they're pretty much in line with what I've been ranting about for the last few years (including Whitebox Switching Is not SDN). Enjoy!

OS X — Outlook Search “No Results”

The worst feeling for a geek:

CUCM 10.5 Upgrade issue

Hey everyone. I have just finished my upgrade to CUCM 10.5.2 and I faced an issue at the end of the ugprade. Of course this always happen after you spent some hours waiting for the upgrade to be successful According to the very good Cisco DocWiki, VMware Tools are specialized drivers for virtual hardware that […]

Check Point – Upgrade Without Dropping Connections

Check Point firewall upgrades have always been painful. The loss of connection state is a big part of this. Existing connections stop working, and many applications need restart. It looks like there is a way of minimising this pain on upgrade.

Stateful firewalls record the current ‘state’ of traffic passing through, so they can recognise and allow reply or related traffic. If you have a firewall cluster, they need to synchronise state between the cluster members. This is so that if there is a failover, the new Active node will be aware of all connections currently in flight.

If you have a failover, and the standby member is NOT aware of current connection state, it will drop all currently open sessions. Any packet that isn’t a SYN packet will get dropped, and the applications need to establish new connections. Some applications handle this well – especially those that use many short-lived connections such as HTTP or DNS. But other applications that have long-running connections – e.g. DB connections – may struggle with this. They think the connection is still open, and take a long time to figure out it’s broken. They may eventually recover on their own, or they may Continue reading

CCIE sponsorship proposal example

Departing the lovely, sterile, electronic testing center after passing the final CCNP Route/Switch exam, and I’m on the way to the local pub to celebrate. You know what I’m already thinking about: gotta ride that wave, right? Stoke the flames, feet off the pedals down the hill, ride the momentum up the next, and all […]

Author information

quingenerd

Network Engineer at Healthcare Specialty Benefits Management company

Quentin Demmon is network engineer, hobbyist weightlifter (the type you see at the Olympics), and wannabe philosopher. He is excited to be blogging about his CCIE journey in gory, melodramatic detail. Follow him on twitter, facebook, and instagram.

The post CCIE sponsorship proposal example appeared first on Packet Pushers Podcast and was written by quingenerd.

HP IMC Silent Installation

HP IMC installation is normally a manual process, with plenty of clickey clickey clickey. This is OK for production systems, as most sites will only have one or maybe two IMC servers. But for my lab, I wanted to automate the install, so I can quickly spin up a new lab system. I have now found an undocumented, unsupported way of doing this.

There’s two parts to this – preparing the underlying OS & DB, and installing IMC. I am writing Ansible playbooks to handle the OS + DB setup. That’s working, but it needs a bit of cleanup. Once that’s done, I’ll integrate it with Vagrant. Then I should be able to completely automate the install of a lab IMC system. I will write another post on that once it’s complete.

To install IMC silently, create an “install.cfg” file to define your settings. Then tweak the installation script to call the silent installer, not the interactive install.

Note: I am using CentOS 6.x plus MySQL 5.6. With a few tweaks, this will probably work with Windows and/or other DBs. Also remember that this does not seem to be publicly documented anywhere. I’ve figured out how to do it through a bit Continue reading

FCC will vote next month on plan to share valuable 3.5GHz spectrum

The U.S. Federal Communications Commission will vote April 17 on a spectrum-sharing plan for a band that could serve the military, mobile service providers and individuals.The CBRS (Citizens Broadband Radio Service) would open up frequencies from 3550-3700MHz to three classes of users, including owners of new mobile devices who could use the service like they do Wi-Fi. The FCC vote comes after several rounds of study and public comment on the proposal for more than two years.In that time, growing demand for wireless spectrum has boosted pressure on the government to share or auction off some of the many frequencies it exclusively controls. Bandwidth-hungry services like streaming video and audio, plus wireless links for a growing array of connected devices, are expected to eventually place strains on the spectrum currently allocated to wireless data.To read this article in full or to leave a comment, please click here

Scraping data from a BT home hub 5

If you have BT broadband and want to graph the synced speed and actual use of your broadband connection, and you use the BT provided router (Home Hub), then you can’t use SNMP to get these counters. But you can get the data over HTTP without too much trouble. Here’s some ugly one-liners for doing that.

Current byte counters on the Internet interface (down/up)

curl -s 192.168.42.1/nonAuth/wan_conn.xml \
    | sed -r '/wan_conn_volume_list/{N;s/.*\[.//;s/[^0-9]\],$//;s/%3B/ /g;s/^[0-9]+ ([0-9]+) ([0-9]+)$/\1 \2/g;p};d'

Current synced up speeds in bps (down / up)

curl -s 192.168.42.1/nonAuth/wan_conn.xml \
    | sed -r '/status_rate/{N;s/.*\[.//;s/[^0-9]\],$//;s/%3B/ /g;s/^([0-9]+) ([0-9]+) [0-9]+ [0-9]+/\2 \1/g;p};d'

Misc note

First I tried this. And it appeared to work. But only if someone had logged in to the web UI recently.

curl -s 192.168.42.1/cgi/cgi_ad_B_Internet.js \
    | sed -r '/wan_conn_volume_list/{N;s/.*\[.//;s/[^0-9]\],$//;s/%3B/ /g;s/.* ([0-9]+) ([0-9]+)$/\1 \2/g;p};d'

But then I try it on a different machine and… Oh… oh no. Oh say it ain’t so. Don’t tell me the BT home hub security is based on IP address? Oh… oh it is.

In conclusion

Yet another reason these routers are completely retarded. Other examples:

Internal Continue reading

« Previous 1 … 3,540 3,541 3,542 3,543 3,544 … 3,819 Next »