What network technology is going to shake up your WAN?

Few areas of the enterprise are as ripe for change as the wide area network. And there are plenty of technologies – from hybrid WAN services and software defined networking to better management tools -- lining up to push such a makeover closer to reality. “There is about as much turmoil in the WAN arena as possible,” said Steve Taylor, senior research fellow with Webtorials.com. You can get the sense of the tumult by taking a look at the vendor activity in all aspects of the WAN. A ton of startups including vendors such as CloudGenix, Glue Networks, Viptela and Velocloud are offering new WAN services and products. Established vendors such as Cisco, Avaya, Alcatel-Lucent and Riverbed are also scrambling to address WAN issues with new software and hardware.To read this article in full or to leave a comment, please click here

What network technology is going to shake up your WAN?

Few areas of the enterprise are as ripe for change as the wide area network. And there are plenty of technologies – from hybrid WAN services and software defined networking to better management tools -- lining up to push such a makeover closer to reality. “There is about as much turmoil in the WAN arena as possible,” said Steve Taylor, senior research fellow with Webtorials.com. You can get the sense of the tumult by taking a look at the vendor activity in all aspects of the WAN. A ton of startups including vendors such as CloudGenix, Glue Networks, Viptela and Velocloud are offering new WAN services and products. Established vendors such as Cisco, Avaya, Alcatel-Lucent and Riverbed are also scrambling to address WAN issues with new software and hardware.To read this article in full or to leave a comment, please click here

Interactions between QoS and IPSec on IOS and the ASA

Quality of Service configuration for the traffic entering/leaving a VPN tunnel may require some special considerations. In this article, I am going to focus on interactions between QoS and IPSec on IOS and the ASA.

There are two methods of deploying QoS for VPNs – you can match the original (Clear-text/ unencrypted) traffic flows or the actual VPN (Aggregate traffic). This second option can be useful when you want to apply a single QoS policy to all packets leaving a tunnel, no matter what are the original sources and destinations protected by the VPN.

We have got a VPN tunnel built between R1 and ASA. R6 and 10.1.1.0/24 are protected networksQosipsecG1

Let’s start on IOS (R1). The VPN tunnel is already up – we will configure a basic QoS Policy to enable LLQ for delay-sensitive traffic, such as Voice (I assume these are all packets with DSCP of EF). Note that this configuration would normally match all EF-colored packets (including non-VPN EF traffic), but since we won’t have any clear-text EF flows in this network we don’t really care:

class-map match-all VOICE
match dscp ef
policy-map QOS
class VOICE
priority

int f0/0
service-policy output QOS

Voice traffic Continue reading

Time To Get More Advanced :: FCIP Pt. 2!

Part 1 of this blog series created a topology, much like you see below, where we configured a single vE (virtual expansion) port from MDS1 to MDS2 across an IP network.  We merged VSAN 10 across this FCIP tunnel and verified it by looking into the FCNS database and ensuring that we saw entries from both sides.  Today we are going to build upon this topology, and get into some more advanced features like changing the default TCP port, setting DSCP values for the two TCP streams, and controlling who initiates the tunnel!

FCIPpt2g1

So first things first…the default port for FCIP is TCP port 3225. We will terminate both of our TCP streams on this port (we have 1 stream for control and another for data traffic). Essentially 1 of the MDS’s will initiate the connection to the other, and their destination port will be TCP/3225. Their source port will be some high-number ephemeral port by default (usually over 65000). We can look at the output of a ‘show int fcip #’ to find out who initiated, and on which ports!

MDS1-6(config-if)# show int fcip1
fcip1 is trunking
Hardware is GigabitEthernet
Port WWN is 20:10:00:0d:ec:1f:a4:00
Peer port WWN is Continue reading

Lawmakers target data brokers in privacy bill

Four U.S. senators have resurrected legislation that would allow consumers to see and correct personal information held by data brokers and tell those businesses to stop sharing or selling it for marketing purposes.The Data Broker Accountability and Transparency Act, introduced by four Democratic senators Thursday, also would require the U.S. Federal Trade Commission to craft rules for a centralized website for consumers to view a list of data brokers covered by the bill.Data brokers collect personal information about consumers, often without their knowledge, and resell it to other businesses.To read this article in full or to leave a comment, please click here

Lawmakers target data brokers in privacy bill

Four U.S. senators have resurrected legislation that would allow consumers to see and correct personal information held by data brokers and tell those businesses to stop sharing or selling it for marketing purposes.The Data Broker Accountability and Transparency Act, introduced by four Democratic senators Thursday, also would require the U.S. Federal Trade Commission to craft rules for a centralized website for consumers to view a list of data brokers covered by the bill.Data brokers collect personal information about consumers, often without their knowledge, and resell it to other businesses.To read this article in full or to leave a comment, please click here

Endpoint Security Meets the Cybersecurity Skills Shortage

Just about every cyber-attack follows a similar pattern:  An end-user is fooled into clicking on a malicious link, downloading malware, or opening an infected file.  This is one of the early stages of the famous Lockheed Martin “kill chain.”Given this pedestrian malware workflow, endpoint security is absolutely key – catch an attack early when it compromises a few endpoints and you can avoid the more ominous phases of the kill chain including data exfiltration. To pull off today’s endpoint security requirements, you can’t assume that you can block all attacks using AV or patching software vulnerabilities.  Rather, you need smart security analysts skilled at detecting and responding to attacks on endpoint devices.To read this article in full or to leave a comment, please click here

Red Hat strips down for Docker

Reacting to the surging popularity of the Docker virtualization technology, Red Hat has customized a version of its Linux distribution to run Docker containers.The Red Hat Enterprise Linux 7 Atomic Host strips away all the utilities residing in the stock distribution of Red Hat Enterprise Linux (RHEL) that aren’t needed to run Docker containers.Removing unneeded components saves on storage space, and reduces the time needed for updating and booting up. It also provides fewer potential entry points for attackers.Containers are valuable for organizations in that they cleanly separate the application from the underlying infrastructure, explained Lars Herrmann, Red Hat senior director of product strategy.To read this article in full or to leave a comment, please click here

ASA File Operation Tips

I’ve been working on Cisco’s ASA firewall platform for years, and I continue to work on a variety of environments with multiple generations of the ASA for clients at H.A. Storage. One of my favorite features of the ASA platform has been the quality of the high-availability failover mechanism, which is generally very reliable, fast, and seamless.
The ASA operates in an Active/Standby high-availability model (don’t believe that the ASA is *truly* Active/Active — that’s a marketing feature). However, one sore spot that has frustrated me as long as I’ve been working on the fact that the filesystem has no synchronization between failover mates and requires manual efforts to keep files in sync. Other configuration aspects of the ASAs including some XML customization files that are not stored in the running config all get automatically sync’d to the standby unit, but for actual files that show up on the flash filesystem, this does not happen.
This has certainly caused me some frustration and occasional embarrassment over the years, but one thing I’ve learned along the way is that when doing file operations either from the CLI or the ASDM, it’s important to follow one simple rule:
Delete from the active, upload to the Continue reading

Docker buys SDN start-up for container networking

Linux container company Docker this week said it would acquire SDN start-up SocketPlane, a developer of a native networking stack for Docker software.Terms of the acquisition were not disclosed. SocketPlane SocketPlane was founded last fall by former Cisco, Red Hat, HP, OpenDaylight and Dell officials. The company is looking to bring enterprise-grade networking to the Docker ecosystem by developing software designed to address the performance, availability and scale requirements of networking in large, container-based cloud deployments.To read this article in full or to leave a comment, please click here

SCALE13x – My talk: Switch as a Server

This past weekend, I had the opportunity to speak at SCALE13x in Los Angeles, on the Switch as a Server — treating your network switches in the same way you treat your servers.  It’s a topic I feel very strongly about!

As strong as my feelings are about open networking, I also love non-automotive forms of transportation!  So I decided to bike to the airport.  SFO has a lot of bicycle facilities so it was no problem to find parking.

Loaded Bike
My bike loaded up for the trip down

 

Leslie Airport
Slighty tired me at the airport after biking

 

Got to LA on the plane and then Rocket Turtle enjoyed the view by the airport!

Rocket Turtle LAX
Rocket Turtle loves watching the plane contrails

 

… and met some of our great customers!

Rocket Turtle meets Jonathan from Dreamhost
Rocket Turtle meets Jonathan from Dreamhost

Scale is a unique conference in that they encourage canine attendance  — doggies!

 

I met Simba. Picture and Simba courtesy of @spazm
I meet Simba. Picture and Simba courtesy of @spazm

 Friday night I helped out with a birds of a feather (BOF) event, giving advice to job hunters.  Did I mention we’re hiring?

On Saturday evening I won the Weakest Geek — a Weakest Link-style geek-themed trivia contest, run this Continue reading

Avi Networks’ analytics tools can be a network engineer’s best ally

In late 2014, Avi Networks came out of stealth mode with a product aimed at disrupting the application delivery controlled (ADC) market. Network World's Jon Gold did an excellent job covering the launch and the way Avi is attempting to differentiate itself, so I won't rehash what he has already covered.In the right environment, the value proposition of what Avi is doing should be obvious to anyone covering the software defined networking (SDN) or network functions virtualization (NFV) market. Avi brings a high level of agility to the ADC, enabling customers to deploy ADC resources anywhere they need to in the exact quantity required. The pay-as-you-grow model means organizations are no longer required to overpay for resources they won't need 90% of the time. Instead, they can provision for normal utilization and then purchase more capacity when the workloads require it.To read this article in full or to leave a comment, please click here

SDN, NFV and Skill Development for Network Engineers

I came to Cisco Brussels 14 years ago to take my first CCIE lab. I didn’t pass that time. I went to Tokyo a month later and got my number there. Several years later I kept coming back to Brussels to pass my two other CCIEs.


Many people say there is no value anymore in taking CCIE these days. With SDN and NFV, everything will be done "auto-magically". We don’t even need network engineers anymore! Yeah, right. Last week I went back in Brussels to work on Network Control System, multi-vendor network device management tool from Tail-F that was acquired by Cisco June last year. NCS is the corner store of Cisco Network Service Orchestration framework for Cisco SDN and NFV solution offering. And I’m here to tell you that the world still need lots of network engineers, and CCIEs, or those who have CCIE-level skill set.

But first, let me talk more about NCS, a service orchestration for real-time service provisioning across multivendor networks.

Network devices were, and are still, configured using CLI. Then SNMP was created to help. Soon, we realized SNMP is great to monitor the network but it fails to become configuration management, as stated Continue reading

Unser neuer 31er Datacenter: Düsseldorf

Hallo Düsseldorf. Nestled in the center of the Lower Rhine basin lies the bustling city of Düsseldorf, capital of Germany’s most populous state, Northern Rhine-Westphalia. Provided its status as an international business and telecommunications hub, and serving a population larger than the Netherlands, our data center in Düsseldorf is an important addition to our European network. This means not only better performance in Germany and Northern Europe, but additional redundancy for our 10 other data centers throughout Europe, including our first German data center in Frankfurt.

For the local audience: Liebe Freunde in Düsseldorf, euer Internetanschluss ist schneller geworden und ihr könnt jetzt sicher surfen. Viel Spaß.

Not just any data center

Dusseldorf comes to life.

Our Düsseldorf data center holds a special place in the heart of our legal counsel Ken Carter. When he’s not helping to build a better Internet, he is likely to be found regaling the office with tales of his adventures in the quaint medieval town of Bad Honnef am Rhein, just south of our new data center. Ban Honnef, most famously known as the world-wide headquarters for Birkenstock, can now add one more tale of note. Equidistant between Frankfurt and Dusseldorf, it is Continue reading

Adobe invites help hunting vulnerabilities in its online services

Adobe Systems launched a new program that encourages security researchers to find and report vulnerabilities in the company’s websites and other online services.Unlike companies like Google, Mozilla, Facebook or Twitter that pay monetary rewards for vulnerabilities found in their Web properties, Adobe’s program only promises public recognition for such contributions.“Bug hunters who identify a web application vulnerability in an Adobe online service or web property can now privately disclose the issue to Adobe while boosting their HackerOne reputation score,” said Pieter Ockers, the security program manager at Adobe, in a blog post Wednesday.To read this article in full or to leave a comment, please click here

MWC: Israeli startup Waze reveals what life is like under the Google umbrella

Waze, the fast growing urban navigation app, has revealed what life has been like after it was acquired by Google nearly two years ago.The Israeli firm was snapped up by the Silicon Valley internet giant for a reported $1.3 billion (£850 million) in June 2013 in what was one of Google's biggest ever acquisitions.Following the deal, each of Waze's 100 employees at the time received an average of $1.2 million (£780,000) but beyond that the Google acquisition hasn't had much impact on the way Waze operates, according to Di-Ann Eisnor, head of growth at Waze.+ SHOW COVERAGE See all the news out of MWC 2015 +To read this article in full or to leave a comment, please click here

MWC 2015: Microsoft partners with AT&T, Deutsche Telekom for SMB Office

Microsoft announced two Office-related partnerships for small- to medium-size business (SMB), with AT&T and Deutsche Telekom, at the Mobile World Congress event in Barcelona this week.The AT&T Mobile Office Suite deal with the second-largest mobile carrier involves Microsoft's Office 365 apps, along with unified access to voice calls, email, calendars, messaging, HD video conferencing, and file sharing, on almost any mobile device.The Microsoft Office 365 suite includes the usual apps – Word, Excel, and PowerPoint – plus Lync, Exchange, Outlook, and OneDrive, all usable from a desktop, laptop, smartphone or tablet. Lync allows for domestic or international voice calls while in the United States.To read this article in full or to leave a comment, please click here

OpenDNS trials system that quickly detects computer crime

A security system undergoing testing by a San-Francisco-based company aims to speed up the detection of websites and domains used for cybercrime.The technology is being developed by OpenDNS, which specializes in performing DNS (Domain Name System) lookups. The DNS translates domain names such as idg.com into an IP address that can be called into a browserOpenDNS offers a secure DNS service for ISPs and organizations that blocks requests from Web browsers to sites that may be associated with cybercrime or spoof a company such as PayPal.The company, which was founded in 2005, has grown so much that its systems respond to some 71 billion DNS requests per day. That’s just 2 percent of global DNS traffic but is enough of a sample to pick up on many cybercrime campaigns.To read this article in full or to leave a comment, please click here

Android tune-up: How to boost performance while you wait for Lollipop

Android 5.0 Lollipop has been heralded as the operating system’s biggest step forward to date. Improved battery life and performance through changes to Android’s core runtime and power management systems are among the most anticipated enhancements among users, given their promise of a faster, more efficient experience.At least that’s the theory. Unfortunately, for the 98 percent of Android devices eagerly awaiting their Lollipop update, there’s no way of knowing whether Lollipop will breathe new life into their devices. That’s where third-party developers can fill the performance gap, as they have been since Android’s earliest days.To read this article in full or to leave a comment, please click here

1 3,591 3,592 3,593 3,594 3,595 3,836