Expiring The Internet

An article came out this week that really made me sigh.  The title was “Six Aging Protocols That Could Cripple The Internet“.  I dove right in, expecting to see how things like Finger were old and needed to be disabled and removed.  Imagine my surprise when I saw things like BGP4 and SMTP on the list.  I really tried not to smack my own forehead as I flipped through the slideshow of how the foundation of the Internet is old and is at risk of meltdown.

If It Ain’t Broke

Engineers love the old adage “If it ain’t broke, don’t fix it!”.  We spend our careers planning and implementing.  We also spend a lot of time not touching things afterwards in order to prevent it from collapsing in a big heap.  Once something is put in place, it tends to stay that way until something necessitates a change.

BGP is a perfect example.  The basics of BGP remain largely the same from when it was first implemented years ago.  BGP4 has been in use since 1994 even though RFC 4271 didn’t officially formalize it until 2006.  It remains a critical part of how the Continue reading

Happy Holidays from Packet Design

Happy Holidays from Packet Design


by Patrick Kilgore, Interactive Marketing Manager - December 23, 2014

It is that time of year again… and what a difference a year makes! We grew leaps and bounds in 2014, increasing our headcount as an organization and working hard to provide our customers with the best in route analytics technology.

To give back for all our good fortune in 2014, we adopted two families in the Austin area and provided additional "cheer" to make their holidays bright. Everyone at Packet Design came together to donate gifts and their time, and we could not have been happier at the participation in such a worthy endeavor. Packet Design would like to extend a special thanks to Angela Reyna, a key member of our marketing team, for putting it all together. It is moments like these that give us pause to remember that people, working as a team, make our organization a success. So from our Packet Design family to yours, we wish you Happy Holidays and a spirited New Year!

Below are photos from our wrapping party, where the Packet Design elves showed off their gift-wrapping and logistics skills:

Automating Cisco Nexus Switches with Ansible

In previous posts, I’ve written about using Ansible for network automation.  Few of them can be found here, here, here, and here.  In one of the posts, I had a video that was automating Cisco routers with Ansible, and was using onePK as the API to communicate to the device.  In this post, I’ll be focusing on automating Nexus switches – this means each of the Ansible modules will be using NX-API to communicate with the device.  This also eliminates the need for the users of these modules to know Python as they’ll be using the Ansible platform for their specific automation needs.
While the demo below is for configuration automation and shows what can be done in just a few seconds, it needs to be understood that automation is much more than pushing configurations.  I hope to show some of this first hand by doing more interesting things as it pertains to data gathering, verification, troubleshooting, that do increase speed and agility, but also predictability.

The following video shows how Ansible can be used to automate interfaces and VLANs on Nexus switches.   This will be the first in a Continue reading

PQ Show 38 – HP Networking, Helion, OpenStack and Cloud Networking

HP Helion is the cloud platform HP is bringing to Enterprise for private cloud and used by HP to build their Helion public cloud. In this show, recorded at HP Discover as part of our show coverege, we talk about Virtual Cloud Network (VCN) for OpenStack that uses OpenFlow and OVSDB as a basis for implementing features in the physical network in OpenStack and Helion.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post PQ Show 38 – HP Networking, Helion, OpenStack and Cloud Networking appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Merry Christmas to the PacketU Community

I wanted to take a moment to wish all PacketU readers a Merry Christmas and a Happy New Year. With that, I leave you with a short video clip of my son playing Silent Night at a church program last week. Longtime friends know that we had a pretty serious health scare with him 5 years ago and we count ourselves very blessed to have him in our lives.

No related content found.

The post Merry Christmas to the PacketU Community appeared first on PacketU.

Someone Disconnects North Korea – Who?

dii-pyongyang

North Korea went off the Internet Monday, 22 December 2014, at 16:15 UTC (01:15 UTC Tuesday in Pyongyang) after more than 24 hours of sustained weekend instability. Dyn continually measures the connectivity and performance of more than 510,000 individual networks worldwide, identifying impairments to Internet commerce. It’s a rare event these days when an entire country leaves the Internet (as Egypt did, or Syria). Even so, when North Korea’s four networks went dark, we were not entirely surprised, based on the fragility of their national connectivity to the global Internet.


dii-pyongyang

Who caused this, and how? A long pattern of up-and-down connectivity, followed by a total outage, seems consistent with a fragile network under external attack. But it’s also consistent with more common causes, such as power problems. Point causes such as breaks in fiberoptic cables, or deliberate upstream provider disconnections, seem less likely because they don’t generate prolonged instability before a total failure. We can only guess. The data themselves don’t speak to motivations, or distinguish human factors from physical infrastructure problems.

As the sun rises in Pyongyang, the national Internet disconnection continues. An outage of this duration is not without precedent for North Korea. As we’ve written before, Continue reading

Automating Cisco Nexus Switches with Ansible

For the past several years, the open source [network] community has been rallying around Ansible as a platform for network automation. Just over a year ago, Ansible recognized the importance of embracing the network community and since then, has made significant additions to offer network automation out of the box. In this post, we’ll look at two distinct models you can use when automating network devices with Ansible, specifically focusing on Cisco Nexus switches. I’ll refer to these models as CLI-Driven and Abstraction-Driven Automation.

Note: We’ll see in later posts how we can use these models and a third model to accomplish intent-driven automation as well.

For this post, we’ve chosen to highlight Nexus as there are more Nexus Ansible modules than any other network operating system as of Ansible 2.2 making it extremely easy to highlight these two models.

CLI-Driven Automation

The first way to manage network devices with Ansible is to use the Ansible modules that are supported by a diverse number of operating systems including NX-OS, EOS, Junos, IOS, IOS-XR, and many more. These modules can be considered the lowest common denominator as they work the same way across operating systems requiring you to define the Continue reading

North Korea Goes Offline

It was reported earlier today that North Korea was having Internet connectivity issues.

Now obviously given recent events with Sony, this sort of report is far more fascinating than it normally would be. The first question when you see this type of report is whether it’s purely a connectivity issue or whether an attack is behind it. While visibility into North Korean Internet is quite difficult, we are able to see quite a few attacks over the last few days.

nkorea

 

1.) All targets are in this netblock:

inetnum:       175.45.176.0 – 175.45.179.255
netname:       STAR-KP
descr:         Ryugyong-dong
descr:         Potong-gang District
country:       KP
admin-c:       SJVC1-AP
tech-c:         SJVC1-AP
status:         ALLOCATED PORTABLE

2.) pDNS Data on the specific targets

175.45.176.8 – This appears to be primary DNS
175.45.176.9 – This appears to be secondary DNS
175.45.176.10 – smtp.star-co.net.kp
175.45.176.67 – naenara.com.kp
175.45.176.77 – Unknown
175.45.176.79 –  www.ryongnamsan.edu.kp

3.) Port Analysis

– All attacks on the 18th, 19th and 20th target port 80
– All attacks (except for one) on the 21st Continue reading

iPexpert Introduces Jarrod Mills, as CTO and Sr. Routing and Switching Product Portfolio Director / Instructor

As a former attorney, I often found myself drawn to the comfort and familiarity of my office computer. While the thought of spending countless hours toiling over legal briefs caused me much discomfort, spending that same amount of time on a computer was therapeutic. Now, many years later, I can see how my transition into IT was a natural progression, but at the time it seemed crazy to those close to me.

From my formative years on the competitive math team in middle school and high school, to attending college, graduate school and law school on full academic scholarships, I have always striven to excel. What I lacked in career path clarity, I made up for in sheer determination.

Over the past 20 years, I have been fortunate enough to pursue my passion in networking, designing and building world-class networks for Fortune 50 companies throughout the world. Through hard work and perseverance, I have been able to attain 4 CCIE’s (Routing and Switching, Security, Service Provider, Data Center – AND – Wayne has already given me a deadline for #5! ;-). I’ve also been able to amass countless other IT certifications, while simultaneously mentoring and teaching numerous friends and colleagues in Continue reading

Kyoto Tycoon Secure Replication

Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon uses timestamp-based replication to ensure eventual consistency and guarantee ordering. Kyoto Tycoon is an open source project, and in the spirit of the holidays, we’re contributing our internal changes back to the open source project.

CC BY-ND 2.0 image by Moyan BrennCC BY-ND 2.0 image by Moyan Brenn

CloudFlare uses Kyoto Tycoon to replicate data from a Postgres Database to our 30 data centers around the world. In practice, it takes around 3 seconds for full propagation in normal conditions. This is our pipeline for distributing sensitive data like our session ticket keys and DNS data to the CloudFlare edge.

Protecting data in transit

If the Internet is not a dangerous place, it at least has dangerous neighborhoods. To move from one datacenter to another, data has to pass through the public Internet. Data could end up going though some network with a wire-tap in place, or through a network with an unscrupulous network operator.

Datacenter-to-datacenter encryption has been brought into the international spotlight since the surveillance revelations. One of the leaked slides contained the expression “SSL added Continue reading

Fabric visibility with Cumulus Linux

A leaf and spine fabric is challenging to monitor. The fabric spreads traffic across all the switches and links in order to maximize bandwidth. Unlike traditional hierarchical network designs, where a small number of links can be monitored to provide visibility, a leaf and spine network has no special links or switches where running CLI commands or attaching a probe would provide visibility. Even if it were possible to attach probes, the effective bandwidth of a leaf and spine network can be as high as a Petabit/second, well beyond the capabilities of current generation monitoring tools.

The 2 minute video provides an overview of some of the performance challenges with leaf and spine fabrics and demonstrates Fabric View - a monitoring solution that leverages industry standard sFlow instrumentation in commodity data center switches to provide real-time visibility into fabric performance.

Fabric View is free to try, just register at http://www.myinmon.com/ and request an evaluation. The software requires an accurate network topology in order to characterize performance and this article will describe how to obtain the topology from a Cumulus Networks fabric.

Complex Topology and Wiring Validation in Data Centers describes how Cumulus Networks' prescriptive topology manager (PTM) provides Continue reading

SDN in 2014: A year of non-stop action

The past year was a frantic one in the SDN industry as many players made strategic and tactical moves to either get out ahead of the curve on software-defined networking, or try to offset its momentum. Here’s a rundown of what transpired in 2014 as a place setter for the year ahead in SDN. + ALSO ON NETWORK WORLD See a list of all our 2014 wrap ups + December Juniper unveils a version of its Junos operating system for Open Compute Platform switches, commencing a disaggregation strategy that’s expected to be followed by at least a handful of other major data center switching players in an effort to appeal to white box customers.To read this article in full or to leave a comment, please click here

Automation Isn’t Just About Speed

In talking with folks about automation, the conversation almost always come around to “speed, speed, speed”. It’s easy to see why this is the first benefit that pops into mind – we’ve all spent gratuitous amounts of time doing repetitive, time-consuming tasks. It’s obvious why the prospect of automating these tasks and getting the time back is such an attractive one, even though most of us that have tried know that this is an absolute reality:

automation Automation Isnt Just About Speed

 

All kidding (but some…..seriousing?) aside, is speed the only benefit? In the realm of IT infrastructure, should we pursue automation only when this other piece of brilliance tells us it’s worth it?

Consider a small deployment of a few switches, a router, maybe some servers. Using manual methods to configure the relatively small amount of infrastructure isn’t really sexy, but it’s also not a huge time suck either. There’s just not a lot of infrastructure in these small deployments, and manual configuration doesn’t really impact the rate of change.

As a result, when discussing automation concepts with small, and even medium-size shops, I’m usually met with understandable skepticism. There’s a huge part of IT industry that assumes that all of our Continue reading

Check your Control Plane

Here it's a short post to explain how you can monitor the control plane activity with ddos-protection's statistics and a simple op-script. ddos-protection is a default feature only available on MPC cards which allows to secure the linecard's CPU and the...

Check your Control Plane

Here it's a short post to explain how you can monitor the control plane activity with ddos-protection's statistics and a simple op-script. ddos-protection is a default feature only available on MPC cards which allows to secure the linecard's CPU and the...

Automation Isn’t Just About Speed

In talking with folks about automation, the conversation almost always come around to “speed, speed, speed”. It’s easy to see why this is the first benefit that pops into mind - we’ve all spent gratuitous amounts of time doing repetitive, time-consuming tasks. It’s obvious why the prospect of automating these tasks and getting the time back is such an attractive one, even though most of us that have tried know that this is an absolute reality:

Automation Isn’t Just About Speed

In talking with folks about automation, the conversation almost always come around to “speed, speed, speed”. It’s easy to see why this is the first benefit that pops into mind - we’ve all spent gratuitous amounts of time doing repetitive, time-consuming tasks. It’s obvious why the prospect of automating these tasks and getting the time back is such an attractive one, even though most of us that have tried know that this is an absolute reality:

Ask a nerd

One should probably consult a lawyer on legal questions. Likewise, lawyers should probably consult nerds on technical questions. I point this out because of this crappy Lawfare post. It's on the right side of the debate (FBI's evidence pointing to North Korea is bad), but it's still crap.

For example, it says: "One hears a lot in cybersecurity circles that the government has “solved” the attribution problem". That's not true, you hear the opposite among cybersecurity experts. I suspect he gets this wrong because he's not talking about technical experts, but government circles. What government types in Washington D.C. say about cybersecurity is wholly divorced from reality -- you really ought to consult technical people.

He then says: "it is at least possible that some other nation is spoofing a North Korean attack". This is moronic, accepting most of the FBI's premise that a nation state sponsored the attack, and that we are only looking for which nation state this might be. In reality, the Sony hack is well within the capabilities of teenagers. The evidence is solid that Sony had essentially no internal security -- it required no special sophistication by the hacker. Anybody Continue reading