Experimenting with the CSR1000v REST API

This all started because we occasionally want to block traffic from an IP address or two for a short time. Our firewall is a pain to configure for this sort of thing: adding a drop for a single IP address literally takes 10 minutes. You have to open a fat client, create an object, add the object to a group, save the config, verify the config, push the config, etc.

I thought that SRTBH (Source-based Real-Time Black Hole) implemented by BGP would be the ticket: fast, easy, and theoretically easy to automate with the REST API in the Cisco Cloud Services Router 1000v. SRTBH is a simple and elegant way of dropping selected traffic on BGP speaking routers. In a nutshell:
  1. You configure a "trigger router" that speaks iBGP with the rest of your BGP-speaking routers (usually your Internet edge or transit routers), but doesn't participate in traffic forwarding.
  2. On each edge/transit router you configure a static route to null0 for an unused /32, usually 192.0.2.1: ip route 192.0.2.1 255.255.255.255 null0
  3. On each edge/transit router you configure loose-mode unicast RPF filtering on your outside interfaces: ip verify source reachable-via any. Continue reading

Cisco’s Nexus 9000, ACI customers grow

Cisco now has 1,700 customers for its Nexus 9000 switch and over 300 for its APIC controller, the central element of its Application Centric Infrastructure (ACI) programmable networking and SDN strategy. This is up from 970 and 200+, respectively, in the company’s fiscal first quarter.The number of ACI/APIC customers compared to the number of Nexus 9000 customers – Nexus 9000 is the hardware underlay or foundation for ACI – might seem underwhelming at first blush: only 20% were ACI customers in Q1 and less than 20% in Q2. But APIC just started shipping August 1, Cisco says, while the Nexus 9000 has been shipping for almost a year.To read this article in full or to leave a comment, please click here

Gartner: Makers of things for Internet of Things undervalue security

As the Internet of Things develops, most vendors that are making these things don’t make security their top priority, allowing business considerations to take precedent, according to a Gartner expert.“Some of the leading vendors that are developing products are making some effort to address security concerns, but Gartner believes the majority aren’t at this stage — convenience, user friendliness, time-to-market all win out over security at this point,” says Earl Perkins, a research vice president at Gartner.+ ALSO ON NETWORK WORLD The security implications of IoT: A roundtable discussion with four experts +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Major phone network exploring drone and balloon masts

UK mobile network operator (MNO) EE said this week that it is exploring the use of small aerial cells positioned in the sky over hard-to-reach, patchy signal areas.It calls the technology "air masts," and says the system uses either "tethered balloons or unmanned craft." Unmanned craft are more commonly called drones.Air mastsThe phone company reckons it's going to be able to implement the masts in the sky in part because it's been banking on what it calls a "unique" micro-network technology. The base stations that it has been using consist of smaller elements than are commonly utilized in an MNO installation.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Major phone network exploring drone and balloon masts

UK mobile network operator (MNO) EE said this week that it is exploring the use of small aerial cells positioned in the sky over hard-to-reach, patchy signal areas.It calls the technology "air masts," and says the system uses either "tethered balloons or unmanned craft." Unmanned craft are more commonly called drones.Air mastsThe phone company reckons it's going to be able to implement the masts in the sky in part because it's been banking on what it calls a "unique" micro-network technology. The base stations that it has been using consist of smaller elements than are commonly utilized in an MNO installation.To read this article in full or to leave a comment, please click here

Five Next-Gen Networker Skills

With all the flux that is going on in the networking space, it’s hard to figure out what to do next. You may want to add to your skillset, but you’re not sure where to throw your effort. I’d like to focus on five different areas you can focus on, without talking about a specific product - at the end of the day, that’s just implementation details. These areas are going to be increasingly more valuable and will help you be more marketable when added to your existing network knowledge and experience.

This isn’t meant to say that all of these skills are required to move your career forward; indeed, everyone’s situation is unique. These are just ideas - the way you implement these skillsets in your own life is up to you.

1. Software Skills

Here, I’m not necessarily talking about full-fledged code knowledge. This section isn’t about going and getting a 4 year CS degree. This is mostly about tools, methodologies, and workflows. For some, this will include some kind of interpreted language like Python, but will vary in degree greatly from person to person.

I_am_a_Programmer

To help get more detailed with this point, I’d like to drill down on four very Continue reading

Five Next-Gen Networker Skills

With all the flux that is going on in the networking space, it’s hard to figure out what to do next. You may want to add to your skillset, but you’re not sure where to throw your effort. I’d like to focus on five different areas you can focus on, without talking about a specific product – at the end of the day, that’s just implementation details. These areas are going to be increasingly more valuable and will help you be more marketable when added to your existing network knowledge and experience.

This isn’t meant to say that all of these skills are required to move your career forward; indeed, everyone’s situation is unique. These are just ideas – the way you implement these skillsets in your own life is up to you.

1. Software Skills

Here, I’m not necessarily talking about full-fledged code knowledge. This section isn’t about going and getting a 4 year CS degree. This is mostly about tools, methodologies, and workflows. For some, this will include some kind of interpreted language like Python, but will vary in degree greatly from person to person.

I_am_a_Programmer

To help get more detailed with this point, I’d like to drill down on four very Continue reading

Testing Cumulus Linux with Serverspec

As configuration management software has matured, engineers have recognized the importance of testing and validation. A comprehensive set of tools has been been developed around configuration management software such as Chef, Puppet, Ansible and others that allow you to test your configuration management scripts.

One of these tools is Serverspec, which is an RSpec testing framework for checking that servers are configured correctly by testing their actual state.

Serverspec can execute its tests on a remote host (such as a Cumulus Linux switch) via. SSH. The tests express how the system should be configured and Serverspec will test that the current system configuration meets those expectations.

Using Serverspec to validate your switch configuration means that you can make changes to your configuration management scripts and be confident that the changes have been applied correctly and worked as intended.

Getting started

Because Serverspec natively supports Cumulus Linux, all you have to do is install Serverspec and create your tests. If you’ve never used Serverspec before, the serverspec-init command will create an example called sample_spec.rb. Adding your own files is very simple; just make sure the filename ends in _spec.rb and the first line of the file is require 'spec_helper'

Writing tests

Individual Serverspec tests are Continue reading

Expedia to buy Orbitz for $1.6 billion

Cheaper air travel is making the world seem smaller—and that’s increasingly the case for the online booking market too, with Expedia planning to swallow up rival Orbitz Worldwide barely a month after buying the smaller Travelocity.Expedia operates online booking services for flights, car rentals and hotels, including the Hotels.com brand, while Orbitz offers similar services under its own brand and at Ebookers.com and Hotelclub.com.For Expedia, the acquisition is primarily about growing its customer base: The companies offer similar services in overlapping markets. Orbitz also operates “white label” travel booking services for airlines and bank loyalty programs through its Orbitz Partner Network.To read this article in full or to leave a comment, please click here

Expedia to buy Orbitz for $1.6 billion

Cheaper air travel is making the world seem smaller—and that’s increasingly the case for the online booking market too, with Expedia planning to swallow up rival Orbitz Worldwide barely a month after buying the smaller Travelocity.Expedia operates online booking services for flights, car rentals and hotels, including the Hotels.com brand, while Orbitz offers similar services under its own brand and at Ebookers.com and Hotelclub.com.For Expedia, the acquisition is primarily about growing its customer base: The companies offer similar services in overlapping markets. Orbitz also operates “white label” travel booking services for airlines and bank loyalty programs through its Orbitz Partner Network.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, February 12

Restrictive governments getting better at censoring the InternetAuthoritarian government are censoring the Internet more aggressively and using more sophisticated technology, according to the annual World Press Freedom Index being released Thursday by Reporters Without Borders. China is judged “a pioneer” in the field, after blocking access to all Google services during the last year and stamping out domestic coverage of protests in Hong Kong and the 25th anniversary of the Tiananmen Square Massacre. Iran is also high on the list, as it works on a national intranet that will keep citizens off the global Internet.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, February 12

Restrictive governments getting better at censoring the InternetAuthoritarian government are censoring the Internet more aggressively and using more sophisticated technology, according to the annual World Press Freedom Index being released Thursday by Reporters Without Borders. China is judged “a pioneer” in the field, after blocking access to all Google services during the last year and stamping out domestic coverage of protests in Hong Kong and the 25th anniversary of the Tiananmen Square Massacre. Iran is also high on the list, as it works on a national intranet that will keep citizens off the global Internet.To read this article in full or to leave a comment, please click here

Quick ACL Entry Comparison Script

The ACL_compare function takes two lists of strings and compares the first to the second and returns a list comprising strings that are present in the first that are not in the second.

The listconvert function converts a file read into memory into a list of strings. Handy for when you use filenames as arguments when you run the script.

Essentially it’s all just string comparison really.


def ACL_compare(fwsm_ACL,asa_ACL):
comparison=[]
for line in fwsm_ACL:
if line in asa_ACL:
pass
else:
comparison.append(line)
return comparison

def listconvert(file):
newlist=file.readlines()
return newlist


Network Design Webinar With Yours Truly at CLN

I’m hosting a network design webinar at the Cisco Learning Network on Feb 19th, 20.00 UTC+1.

As you may know, I am studying for the CCDE so I’m focusing on design right now but my other reason for hosting this is to remind people that with all the buzzwords around SDN and NfV going around, the networking fundamentals still hold true. TCP/IP is as important as ever, building a properly designed network is a must if you want to have overlays running on it. If you build a house and do a sloppy job with the foundation, what will happen? The same holds true in networking.

I will introduce the concepts of network design. What does a network designer do? What tools are used? What is CAPEX? What is OPEX? What certifications are available? What is important in network design? We will also look at a couple of design scenarios and reason about the impact of our choices. There is always a tradeoff!

If you are interested in network design or just want to tune in to yours truly, follow this link to CLN.

I hope to see you there!


Apple ends system of recruitment fees that tied labor to contractors

Apple has forced its suppliers to end a form of “bonded labor” that saddled assembly line workers with unnecessary hiring fees, and put them in debt to third-party recruiters.The requirement went into effect starting this year, the company said on Wednesday in its latest supplier responsibility report, which examines the labor conditions at factories that produce Apple products.Many of these factories are based in mainland China, where suppliers are hiring thousands of local workers. But in periods of labor shortages, Apple suppliers have at times relied on third-party recruitment agencies to bring in more temporary workers.To read this article in full or to leave a comment, please click here

More online censorship coming to closed countries, says report

Authoritarian governments are doubling down on press censorship and becoming more adept at blocking Internet access to uncensored news sources, according to the annual World Press Freedom Index that will be published on Thursday.The report, from Paris-based Reporters Without Borders, saw many countries lose points this year as threats against reporters and press freedom increased. They included governments using national security as an excuse to track reporters and their sources; threats from para-military, organized crime and terrorist groups; government interference in the media, and reporters being targeted for covering demonstrations.To read this article in full or to leave a comment, please click here

Kubernetes 101 – Networking

image One of the reasons that I’m so interested in docker and it’s associated technologies is because of the new networking paradigm it brings along with it.  Kubernetes has a unique (and pretty awesome) way of dealing with these networking challenges but it can be hard to understand at first glance.  My goal in this post is to walk you through deploying a couple of Kubernetes constructs and analyze what Kubernetes is doing at the network layer to make it happen.  That being said, let’s start with the basics of deploying a pod.  We’ll be using the lab we created in the first post and some of the config file examples we created in the second post.

Note: I should point out here again that this lab is built with bare metal hardware.  The network model in this type of lab is likely slightly different that what you’d see with a cloud provider.  However, the mechanics behind what Kubernetes is doing from a network perspective should be identical. 

So just to level set, here is what our lab looks like…

 

image
We touched on the topic of pod IP addressing before, but let’s provide Continue reading

Cisco posts revenue gains, vows to beat VMware’s network software

Cisco Systems posted quarterly revenue and profit gains that included growth for its software-defined networking products, and Chairman and CEO John Chambers used the occasion to lay down the gauntlet to SDN rival VMware.The company’s revenue hit $11.9 billion in the fiscal quarter ended Jan. 24, up 7 percent from a year earlier. SDN, a new market that might imperil Cisco’s traditional network hardware business, was a strong point: Sales of the company’s recently introduced Nexus 3000 and 9000 data-center switches, key to its SDN architecture, grew 350 percent.Cisco claimed 1,700 total customers for its SDN architecture, called ACI (Application Centric Infrastructure), up from 970 the previous quarter.To read this article in full or to leave a comment, please click here

1 3,570 3,571 3,572 3,573 3,574 3,779