NetworkingNexus.net

Scaling Overlay Networks: Scale-Out Control Plane

A week or so ago I described why a properly implemented hypervisor-based overlay virtual networking data plane is not a scalability challenge; even though the performance might decrease slightly as the total number of forwarding entries grow, modern implementations easily saturate 10GE server uplinks.

Scalability of the central controller or orchestration system is a totally different can of worms. As I explained in the Scaling Overlay Networks, the only approach that avoids single failure domain and guarantees scalability is scale-out control plane architecture.

Watch the video

Google’s new Android for Work locks down business data on your personal phone

Almost a year after tipping its hand at Google I/O 2014, Google announced Android for Work, a way to lock down sensitive business data on personal Android phones owned by employees—using versions of Android either old or new.Google said it would deploy Android for Work in not one but two ways: as a native work profile that can be enabled within the latest Android 5.0 (Lollipop) devices, as well as a separate app for devices runninng Android 4.0 (Ice Cream Sandwich) through Android 4.4 (KitKat). Google also said that it had crafted a special business apps store, known as Google Play for Work, and brought its Docs, Sheets, and Slides business apps into the walled-off Android Work partition, plus versions of its browser, contacts and calendar apps. All of the information stored in Android for Work will be encrypted.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, February 26

Lenovo’s defaced website points to weakness in Net domain name systemSome hackers took Lenovo’s corporate web address for a joyride on Wednesday, redirecting traffic to a video stream showing an apparently bored teen sitting in his bedroom. The prank, like the hijacking of Google’s Vietnam site recently, highlights continued weakness in the Internet’s Domain Name System, which translates website names into IP addresses.Samsung gets more woe over eavesdropping TVsThe fuss over data collected by voice-operated TVs made by Samsung Electronics is not going away, despite its efforts to minimize the issue. Now the Electronic Privacy Information center is asking the U.S. Federal Trade Commission to investigate, in a complaint that says Samsung has violated federal law.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, February 26

So. Cal. Edison’s IT layoffs are ‘heartless,’ says Sen. Grassley

Southern California Edison (SCE) IT workers replaced by H-1B contractors have become the latest Exhibit A in Congress for reformers of the visa program.Sen. Chuck Grassley (R-Iowa), who has long advocated for changes to the H-1B program to protect U.S. workers, said the Edison layoffs illustrate how some employers "are potentially using legal avenues to import foreign workers, lay-off qualified Americans, and then export jobs overseas."I was shocked by the heartless manner in which U.S. workers were injured," said Grassley in a Senate floor speech Wednesday.To read this article in full or to leave a comment, please click here

How enterprises can use artificial intelligence

Enterprise IT shops are finding that artificial intelligence isn't just for robotics anymore.To read this article in full or to leave a comment, please click here(Insider Story)

A Quick Look at Cisco FabricPath

Cisco FabricPath is a proprietary protocol that uses ISIS to populate a “routing table” that is used for layer 2 forwarding.

Whether we like or not, there is often a need for layer 2 in the Datacenter for the following reasons:

Some applications or protocols require to be layer 2 adjacent
It allows for virtual machine/workload mobility
Systems administrators are more familiar with switching than routing

A traditional network with layer 2 and Spanning Tree (STP) has a lot of limitations that makes it less than optimal for a Datacenter:

Local problems have a network-wide impact
The tree topology provides limited bandwidth
The tree topology also introduces suboptimal paths
MAC address tables don’t scale

In the traditional network, because STP is running, a tree topology is built. This works better for for flows that are North to South, meaning that traffic passes from the Access layer, up to Distribution, to the Core and then down to Distribution and to the Access layer again. This puts a lot of strain on Core interconnects and is not well suited for East-West traffic which is the name for server to server traffic.

A traditional Datacenter design will look something like this:

If we Continue reading

HP Buying Aruba?

Two things happened today. First, Twitter blew up at some point with rumors of HP in talks to buy Aruba. Second, my shares of Aruba stock shot up about 20%. I was disappointed with the first and pleased with the second. Of course, they were directly related.

In Case You Weren’t Aware…..

HP has had some issues over the past several years. Not so much issues with their technology, which has always been good, but more so with execution. The latest attempt to right the ship has been to split the company into two distinct entities. Trim the fat off of the corporate monster so to speak. Or, maybe a better way to put it is that HP wants to become less of an “all things to all customers” type of company, and more of a “some things to some customers” type of company. Some customers will be served by one of the two HP companies, and some customers will be served by the other, or both. This allows more focus in certain areas, and focus is never a bad thing.

Why Does It Matter If HP Buys Aruba?

Although this is all speculation, allow me to continue down this Continue reading

The Mobile Internet

It has been observed that the most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it, and are notable only by their absence. So how should we regard the Internet? Is it like large scale electricity power generators: a technology feat that is quickly taken for granted and largely ignored? Are we increasingly seeing the Internet in terms of the applications and services that sit upon it and just ignoring how the underlying systems are constructed? To what extent is the mobile Internet driving this change in perception of the Internet as a technology we simply assume is always available, anytime and anywhere? What is happening in the mobile world?

Like Google in Vietnam, Lenovo tripped up by a DNS attack

The redirection of both Lenovo’s website and Google’s main search page for Vietnam this week highlights weaknesses with the Internet’s addressing system.On Wednesday, visitors to lenovo.com were greeted with what appeared to be webcam images of a bored young man sitting in a bedroom, and the song “Breaking Free” from an old Disney movie. On Monday, Google’s site for Vietnam also briefly redirected people to another website.Both Google and Lenovo were victims of “domain hijacking,” a type of attack against the Domain Name System (DNS), which translates domain names into IP addresses that can be called into a browser.To read this article in full or to leave a comment, please click here

Enforce Web Policy with HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS, RFC 6797) is a web security policy technology designed to help secure HTTPS web servers against downgrade attacks. HSTS is a powerful technology which is not yet widely adopted. CloudFlare aims to change this.

Downgrade attacks (also known as SSL stripping attacks) are a serious threat to web applications. This type of attack is a form of man-in-the-middle attack in which an attacker can redirect web browsers from a correctly configured HTTPS web server to an attacker controlled server. Once the attacker has successfully redirected a user, user data, including cookies, can be compromised. Unfortunately, this attack is outside the realm of pure SSL to prevent. This is why HSTS was created.

These attacks are very real: many major websites have been attacked through SSL stripping. They are a particularly powerful attack against otherwise well secured sites, as they bypass the protections of SSL.

HSTS headers consists of an HTTP header with several parameters -- including a configurable duration for client web browsers to cache and continue to enforce policy even if the site itself changes. Through CloudFlare, it is easy to configure on a per-domain basis with standard settings.

HSTS causes compliant browsers Continue reading

Zuckerberg to hold public Facebook Q&A in Barcelona

Facebook CEO Mark Zuckerberg is likely to reveal more of the company’s plans to bring underserved parts of the world online when he holds Facebook’s fourth public Q&A next Wednesday in Barcelona.The event will be held 6 p.m. Barcelona time (that’s 9 a.m. Pacific time in the U.S.), during the Mobile World Congress tech trade show in the same city. Zuckerberg is set to share updates about Facebook’s Internet.org project for connecting more of the world during an appearance at the show on Monday. He may expand on those comments in Wednesday’s Q&A.In addition to fielding questions from a live audience, Zuckerberg will answer some of the most popular questions posted online. Questions can be submitted online in the lead-up to the event, which will be streamed live.To read this article in full or to leave a comment, please click here

Initial Post with GitHub and Jekyll

Over the past several months, I’ve found myself holding back on writing posts simply because my blog platform does not support the ability to embed code or even change fonts to resemble code, CLI, or working on a terminal. Screen shots are good, but offering the ability to copy and paste is nice, plus it just looks cleaner. This is unacceptable.
Read More

Programmatic Access to CLI Devices with TextFSM

One of the harder things to do when it comes to network automation is work with the majority of the install base that exists out there. This is true even if we focus purely on data extraction, i.e. issuing show commands and getting the results in an automated fashion. The reason for this is that most devices do not support returning structured data in formats such as JSON or XML, and this often times makes automation a non-starter for network engineers.

Traditionally, SSH is used to connect to a network device, issue a command, and dump plain text results back to the user. This leaves the user with the task of parsing through raw text and probably working with a library built for working with regular expressions, e.g. re for Python. If you make it this far, you become an expert in using expressions like this: ([A-Z])w+. And that’s not even a hard one! Regex party, anyone? I’ll pass.

TextFSM to the Rescue

What if there was a way to simplify the process of getting structured data out of the raw text a network device responds with? As luck would have it, there is definitely a better way. Continue reading

Hyperglance: Visualising ALL of your IT infrastructure

In this modern world where the whole IT industry is pondering what the next steps, trends and operational requirements will be, one thing is sure, we’re in an era of collaboration and integration.
We’ve been through learning curves around converged network fabrics, traditional silo based approaches encroaching on each other and managerial headaches of rapidly deploying new enterprise and webscale applications. Cloud is now a domestic term and the IT industry seeks new cooler ways of delivering technology. Container popularity is rapidly rising and the ‘Internet of Things (IoT)’ is now becoming a real world thing as opposed to a ‘it will happen folks!’ statement.
Winding back to the opening statements, with a system comprised of physical tin, hypervisors, container providers, microservices, machine-to-machine communication, mobile end points, block and blob storage, even if this sat with one vendor it’s a complex set of mush. Throw in ten different vendors, a mashup of APIs and operational territory problems, we have a real problem.

I’m a human – not a machine!

All the recent Hollywood blockbusters focus on human efforts to generate realistic and complex AI (artificial intelligence), but how about humans trying to manage already complex systems? Every vendor and Continue reading

Lenovo website hacked in wake of Superfish debacle

Lenovo’s website appeared to have been hacked Wednesday, possibly in retaliation for a piece of adware it installed on PCs that was found to have opened up a security hole.Early Wednesday afternoon Pacific time, some visitors to lenovo.com were greeted what looked like webcam images of a bored teenager sitting in a bedroom, and the song “Breaking Free” from an old Disney movie.The source code for the webpage includes the line: “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey,” who have reportedly been connected to the hacker group Lizard Squad.Lenovo didn’t immediately respond to a request for comment.To read this article in full or to leave a comment, please click here

Report: HP to buy Aruba for wireless tech

REUTERS/Stephen Lam HP's Meg Whitman HP is in talks to purchase Aruba Networks, with an eye toward acquiring that company’s wireless networking infrastructure technology, according to a report published today by Bloomberg News.Citing anonymous sources, Bloomberg said the deal could be announced as early as next week, though neither HP nor Aruba would comment on the record. The news agency said that analysts’ estimates suggested that Aruba’s sales are growing fast – with the company poised to break the $1 billion-a-year barrier by 2017.To read this article in full or to leave a comment, please click here

Google pushes Android devices into the enterprise

Google is working to push more Android-based devices into the enterprise.The company today announced a new program called Android for Work, which is designed to encourage and enable businesses to bring more devices onboard by adding security and more manageability to the Android platform."For many, these phones have become essential tools to help us complete important work tasks like checking email, editing documents, reviewing sales pipelines and approving deals," wrote Rajen Sheth, Google's director of product management for Android and Chrome for Work, in a blog post . "But for the majority of workers, smartphones and tablets are underutilized in the workplace. Their business and innovation potential remain largely untapped."To read this article in full or to leave a comment, please click here

Share your Expertise – Become an INE Instructor!

Do you think you have what it takes to become a featured instructor at INE? We are looking for talented individuals to propose and execute new courses across multiple domains including: networking, programming, systems administration, and security. If you’re an expert in any of these domains, or related topics, then it’s time to share your knowledge with the world! Speak a language other than English? That’s great! We’re open to ideas for courses in different languages.

Click here for more information and to submit an application.

Not interested in becoming an instructor but have some ideas for content you’d like to see us cover? Drop us a line at [email protected].

DARPA wants advanced sensors to watch over growing hot spot: The Artic

The Artic Circle pretty much has been a damn cold, desolate place but no so anymore what with the military’s increased attention and commercial growing prospects.Those are the main reasons the Defense Advanced Research Projects Agency cites for wanting to build an advanced generation of sensors capable of transmitting data on air, surface and/or undersea activities above the Arctic Circle for at least 30 days.+More on Network World: World’s coolest gas stations+To read this article in full or to leave a comment, please click here

« Previous 1 … 3,566 3,567 3,568 3,569 3,570 … 3,795 Next »