OSPF Design Considerations

Introduction

Open Shortest Path First (OSPF) is a link state protocol that has been around for a long time. It is geneally well understood, but design considerations often focus on the maximum number of routers in an area. What other design considerations are important for OSPF? What can we do to build a scalable network with OSPF as the Interior Gateway Protocol (IGP)?

Prefix Suppression

The main goal of any IGP is to be stable, converge quickly and to provide loop free connectivity. OSPF is a link state protocol and all routers within an area maintain an identical Link State Data Base (LSDB). How the LSDB is built it out of scope for this post but one relevant factor is that OSPF by default advertises stub links for all the OSPF enabled interfaces. This means that every router running OSPF installs these transit links into the routing table. In most networks these routes are not needed, only connectivity between loopbacks is needed because peering is setup between the loopbacks. What is the drawback of this default behavior?

  • Larger LSDB
  • SPF run time increased
  • Growth of the routing table

To change this behavior, there is a feature called prefix suppression. When Continue reading

IoT’s dark side: Hundreds of unsecured devices open to attack

ATLANTA -- A self-described security "amateur" discovered hundreds of Internet-connected devices ranging from cameras to industrial control systems that were connected to the Internet without even basic password protection -- meaning they could be easily turned on and off or otherwise manipulated with a single click of a mouse."You would be amazed [what] you could find," Espen Sandli, a journalist at the Norwegian newspaper Dagbladet, told the Computer Assisted Reporting conference Thursday. "The project was made from people who had no idea about data security at the start."MORE ON NETWORK WORLD: 12 most powerful Internet of Things companies They began by searching for basic security cameras, such as finding and taking control of a surveillance camera inside a nightclub. After that, they graduated to finding compromised control systems at military installations and railroads. In one case, they found a security company's list of clients and passwords in the clear online. In another, they could have accessed who was allowed to enter or leave a military building. Another device on the open Internet could have allowed them to switch off a railway fire-alarm system.To read this article in full or to leave a comment, please click here

Five takeaways for CIOs from this year’s MWC

A broad range of companies at Mobile World Congress this week have teamed up to improve smartphone security and offer better software integration for Internet-of-things deployments.The conference in Barcelona covered a wide range of topics, but for enterprises the most important issues were IoT and how enterprise resources can be made available on smartphones without sacrificing security.Here are some of the trends and announcements from this year that will have an impact on enterprise mobility:IoT can be more tightly integrated with business processesTo make data from connected sensors more useful, IoT platform vendors are joining forces with software companies to open the door for better integration.To read this article in full or to leave a comment, please click here

IBM Internet of Things boss takes new job at Internet2

Florence Hudson, Twitter Florence Hudson, Internet2 CINO Florence Hudson, most recently IBM's director of Internet of Things Business, has been named Senior VP and Chief Innovation Officer for computer network consortium Internet2. Internet2 had been on the hunt for a CINO since October.To read this article in full or to leave a comment, please click here

PlexxiPulse—What Does a Third Era Network Look Like?

You may have noticed that we’ve been spending some time out west demonstrating our big data fabrics and sharing our vision for the third era of networking. You’ll be seeing more meet-ups and live demonstrations in the near future, so keep an eye on the blog and on Twitter to see where we are headed next. In the meantime, can you name the 5 main characteristics of a third era network? Hint: the answer is somewhere on the Plexxi website. Tweet us your answers for the chance to win some Plexxi swag. We can’t wait to hear from you!

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

InformationWeek: 8 Ways IoT Will Change IT Forever
By Andrew Froehlich
There has been a great deal of discussion lately surrounding the concept of how the Internet of Things (IoT) will change everything. But very little of it really dives into the nuts and bolts of how IoT could dramatically change the roles and opportunities for those of us who work within IT. Here are eight ways we think IT will change in an IoT world. We’re focusing on areas of IT that Continue reading

Visa, MasterCard partner with mobile money providers in Africa

Visa and MasterCard are jumping on the mobile payments bandwagon in Africa, a region where consumers are ahead of their counterparts in other parts of the world.Both financial powerhouses announced their expansion plans, which include partnerships with mobile money service providers, at Mobile World Congress this week in Barcelona.The African mobile money market is very attractive. The continent has a large population of people who do not have traditional bank accounts, especially in rural areas. It has also has experienced an explosion of mobile money services as operators and banks compete for customers.The increase in mobile money services has also been fueled by the rapid uptake of mobile phones on the continent, which for many people are their only Internet access devices.To read this article in full or to leave a comment, please click here

Visa, MasterCard partner with mobile money providers in Africa

Visa and MasterCard are jumping on the mobile payments bandwagon in Africa, a region where consumers are ahead of their counterparts in other parts of the world.Both financial powerhouses announced their expansion plans, which include partnerships with mobile money service providers, at Mobile World Congress this week in Barcelona.The African mobile money market is very attractive. The continent has a large population of people who do not have traditional bank accounts, especially in rural areas. It has also has experienced an explosion of mobile money services as operators and banks compete for customers.The increase in mobile money services has also been fueled by the rapid uptake of mobile phones on the continent, which for many people are their only Internet access devices.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Apple Watch will reinforce tech as luxury style

Rolex, Louis Vuitton, and other heritage luxury brands had better be quaking in their boots at the news that Apple will likely be launching a smartwatch next week. Apple has become their competitor, according to luxury marketing experts. Young millennials are no longer eyeing brands for their superficial status. The affluent buyers out there are now beginning to look at products for what they do instead. This is good for us in the tech industry, but not so fine if you're sitting in the Louis Vuitton boardroom right now. Status Creative-class consumers want symbols that "proclaim a new style of status." Status is now based on who the individual is and what they value, not how much money they have to spend, says affluent consumer analyst Pam Danziger of Unity Marketing, in her blog.To read this article in full or to leave a comment, please click here

Running a Small Docker Swarm Cluster

In this post, I’m going to show you how to set up and run your own Docker Swarm cluster. Docker Swarm is a relatively new orchestration tool from Docker (the company) that allows you to create a cluster of hosts running Docker (the open source project) and schedule containers across the cluster. However, just scheduling and running containers across a cluster isn’t enough, so I’ll show you how to add service registration and service discovery to this environment using Consul.

In the event you’re interested in following along, I’ve created a set of files that will allow you to use Vagrant to run this Docker Swarm cluster (on your laptop, if so desired). You can find all these files in the “docker-swarm” folder of my GitHub learning-tools repository.

The Docker Swarm cluster I’m going to show you how to build has 3 major components:

  • A cluster of systems running Consul. In this case, Consul serves a dual purpose. First, it’s used as the discovery service for the Docker Swarm cluster itself. Second, it provides service registration and service discovery functionality for the Docker containers launched on the Swarm cluster.
  • A set of hosts running the Docker daemon (version 1.4. Continue reading

Network Break 30

Over-opinionated analysis on data network and IT Infrastructure. And virtual doughnuts.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Network Break 30 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

iPexpert’s Newest “CCIE Wall of Fame” Additions 3/6/2015

Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Valentin Zamy, CCIE #47202 (Routing & Switching)
  • Freddy Morales, CCIE #47273 (Routing & Switching)
  • Joel Knight, CCIE #47321 (Routing & Switching)
  • Shahid Ansari, CCIE #20017 (Data Center)
  • George Milad Elhamy, CCIE #45875 (Collaboration)
  • Earl Granger, CCIE #45875 (Routing & Switching)

This Week’s CCIE Testimonials

Freddy Morales, CCIE #47273
“I wanted to share my success in obtaining the CCIE Routing and Switching certification. I took the exam in RTP and at approximately 8 pm I received the good news, I am now CCIE #47273.

I want to thank iPexpert because they’ve been my best friend in the past year; when it comes to my studies with their videos and Proctor Labs. With the ups and downs there may have been along the way, I definitively recommend iPexpert to anyone that is serious about becoming an expert. I know that if I decide to go for a different track, iPexpert will be my main resource.”

Shahid Ansari, CCIE #20017
“I have successfully passed my CCIE (DATA CENTER) exam on 25th FEB by using iPexpert training material. Continue reading

Police arrest man in UK over US Defense Department network intrusion

British law enforcement agencies arrested a 23-year-old man suspected of being involved in a hacking attack last year against a satellite communications system operated by the U.S. Department of Defense.The network intrusion occurred on June 15 and resulted in data being stolen from Enhanced Mobile Satellite Services (EMSS), a system operated by the U.S. Defense Information Systems Agency (DISA) that provides U.S. troops and other DoD employees with global communication capabilities, including data transfers and voice calls.The stolen data included contact information for about 800 people, like names, titles, email addresses and phone numbers, as well as the identifying numbers (IMEIs) for 34,400 devices, the U.K. National Crime Agency (NCA) said Friday in a press release.To read this article in full or to leave a comment, please click here

Deprecating the DNS ANY meta-query type

DNS, one of the oldest technologies running the Internet, keeps evolving. There is a constant stream of new developments, from DNSSEC, through DNS-over-TLS, to a plentiful supply of fresh EDNS extensions.

penguins

CC BY-ND 2.0 image by Antarctica Bound

New DNS Resource Records types are being added all the time. As the Internet evolves, new RR’s gain traction while the usage of some old record types decreases. Did you know you can use DNS to express the location of your server on the planet's surface?

Today, we are announcing that we are deprecating the DNS ANY meta-query. In a few weeks we'll be responding to those queries with rcode 4 / Not Implemented.

“ANY” is one of the special “magic” types in DNS. Instead of being a query for a single type like A , AAAA or MX, ANY retrieves all the available types for a given name. Over the years there have been many arguments over the semantics of ANY with some people arguing it really means ALL. Answers to ANY queries are among the biggest that DNS servers give out. The original reason for adding the ANY to DNS was to aid in debugging and testing Continue reading

Windows systems are also vulnerable to FREAK attacks

A cryptographic library used in all Windows versions is affected by a recently disclosed vulnerability in SSL/TLS implementations that allows man-in-the-middle attackers to force clients and servers to use weak encryption. Internet Explorer and other programs using the library are affected.The FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability stems from a decision made in the 1990s to limit the strength of RSA encryption keys to 512 bits in SSL (Secure Sockets Layer) implementations intended for export in order to meet U.S. government rules on exports of encryption systems.Those “export” cipher suites are no longer used today, but a team of researchers recently discovered that many servers still support them and some SSL/TLS clients, including Web browsers, can be forced to accept them because of bugs in the crypto libraries they rely on.To read this article in full or to leave a comment, please click here

Uber suspends ride-sharing platform in Seoul

Uber Technologies suspended its ride-sharing service in Seoul on Friday, bowing to local authorities after more than a year of struggle over its ride-hailing services.The decision comes only nine days after Uber made uberX free for riders there in response to a crackdown by city authorities, who offered a reward of up to 1 million won (US$910) to residents who reported drivers accepting payments for rides without a permit.“This is the strongest show of our willingness to change the Uber business model in order to create a regulated solution, as we believe that changing our business model is the right thing to do,” Uber said in a statement. The suspension takes effect Friday, it said.To read this article in full or to leave a comment, please click here

VMware NSX Webcast – Creating Agile Networks

You may have seen Joey Logano speed to his first Daytona 500 win this week. Keeping your network in racing shape takes a similar level of NSX: Wanna Go Fastpatience, stamina, and quick reflexes.

Using VMware NSX network virtualization means that you can unlock the full potential of a Software-Defined Data Center, to create and run entire networks on top of existing network hardware, resulting in faster deployment of workloads, as well as greater agility in the face of increasingly dynamic data centers. Watch this overview to learn how VMware NSX reduces the time to provision multi-tier networking and security services from weeks to seconds to win your race.

This one-hour overview of VMware NSX outlines how you can bring virtualization to your existing network, transforming both its operations and economics. You’ll learn how several of the largest service providers, global financial, and enterprise data centers in the world are using NSX to reduce costs and provisioning times to improve agility and establish a new model of network security.

Click here to watch this webcast and find out:

  • What the NSX architecture looks like
  • How switching, routing, firewalling, load-balancing and other services are managed with NSX
  • How overlay networks and logical networks all Continue reading

Mandarin Oriental removes malware after payment card breach

Luxury hotelier Mandarin Oriental has removed malicious software that was used to steal credit card data from some of its hotels in the U.S. and Europe, the company said Thursday.The security codes for the cards were not compromised, it said, although it wasn't clear if that referred to the cards' PIN (personal identification number) or the three-digit CVV code on the back. No other personal information was taken, the company said in a statement.An investigation is underway by law enforcement and forensic specialists. An "isolated number of hotels in the U.S. and Europe were affected," but none in Asia, the company said.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Friday, March 6

Bill targeting data brokers rises from the deadTheir last try failed to pass in 2014, but four U.S. senators have brought back legislation to rein in the data broker business. The law would allow consumers to see and correct personal information held by data brokers, and let them put a halt to having their information shared or sold for marketing purposes. The Data Broker Accountability and Transparency Act, introduced Thursday, is needed because data brokers are a “shadow industry of surreptitious data collection that has amassed covert dossiers on hundreds of millions of Americans,” Sen. Edward Markey said.To read this article in full or to leave a comment, please click here

1 3,562 3,563 3,564 3,565 3,566 3,809