Routing Leak briefly takes down Google

This morning, users of Google around the world were unable to access many of the company’s services due to a routing leak in India. Beginning at 08:58 UTC Indian broadband provider Hathway (AS17488) incorrectly announced over 300 Google prefixes to its Indian transit provider Bharti Airtel (AS9498).

Bharti in turn announced these routes to the rest of the world, and a number of ISPs accepted these routes including US carriers Cogent (AS174), Level 3 (AS3549) as well as overseas incumbent carriers Orange (France Telecom, AS5511), Singapore Telecom (Singtel, AS7473) and Pakistan Telecom (PTCL, AS17557). Like many providers around the world, Hathway peers with Google so that their customers have more direct connectivity with Google services. But when that private relationship enters the public Internet the result can be accidental global traffic redirection.

Last fall, I wrote two blog posts here and here about the issues surrounding routing leaks such this one. Routing leaks happen regularly and can have the effect of misdirecting global traffic. Last month, I gave a talk in the NANOG 63 Peering Forum entitled “Hidden Risks of Peering” that went over some examples of routing leaks like this one.

Below is a graph showing the Continue reading

What the *, traceroute?

If you’ve ever done a traceroute from one IOS box to another, you’ve undoubtedly seen output like this:

R8# traceroute 192.168.100.7
Tracing the route to 192.168.100.7
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.0.1 4 msec 3 msec 4 msec
  2 192.168.100.7 4 msec *  0 msec

That “msec * msec” output. Why is the middle packet always lost?? And why only on the last hop??

This was always something curious to me but not something I ever bothered to learn about. Well it turns out that IOS has a rate limiter that meters the generation of ICMP Unreachable messages. The default setting for the rate limiter is 1 ICMP Unreach every 500ms. Since IOS’s traceroute doesn’t put a delay between its probe packets, the delay between when 192.168.100.7 receives the first and second probe packets is much less than 500ms. The second packet violates the rate limiter and so 192.168.100.7 drops it.

Why isn’t the third packet also dropped? Because the traceroute command waits for 3 seconds (by default) before deciding that a probe packet was lost and Continue reading

Intel lowers Q1 revenue outlook, citing sluggish PC sales

Intel lowered its revenue outlook for the first quarter and now expects to bring in about US$12.8 billion, down from its previous forecast of about $13.7 billion.Intel attributed the nearly $1 billion [b] downward revision to sluggish sales of business desktop PCs and lowered inventory levels across the PC supply chain. In particular, the “refresh rate” at which small and medium-size businesses are replacing Windows XP computers with newer ones has been slower than expected. Microsoft stopped supporting Windows XP last April.Intel also cited “challenging” macroeconomic and currency conditions, particularly in Europe, for the revised outlook. Intel will update other financial expectations on April 14 when it reports first quarter earnings, but for now those prior expectations should be disregarded since they “have been withdrawn,” the company said.To read this article in full or to leave a comment, please click here

VCE expands its converged infrastructure portfolio

Software and virtualization continues to evolve the data center faster than ever before. As in the case with everything in life, there's never a free lunch, and the price for this rapid evolution has been increased complexity. Historically, data center infrastructure was deployed in nice, neat silos where every application had its own servers, storage, and network resources. The obvious downside of this type of deployment model is poor resource utilization. Now we innovate in software and make everything virtual to maximize utilization, but we also drive up complexity.An argument can be made that no company has been more successful at simplifying this complexity than VCE, particularly for multi-vendor environments. Late last year, VCE was rolled into EMC's federation of companies to give it a single owner and enable it to roll out new products that address a broader set of needs than just its flagship product, VBlock.To read this article in full or to leave a comment, please click here

Scaling Congress

(This post was written by Tim Hinrichs, Shawn Hargan, and Alex Yip.)

Policy is a topic that we’ve touched on before here at Network Heresy. In fact, policy was the focus of a series of blog posts: first describing the policy problem and why policy is so important, then describing the range of potential solutions, followed by a comparison of policy efforts within OpenStack, and finally culminating in a detailed description of Congress: a project aimed at providing “policy as a service” to OpenStack clouds. (Check out the OpenStack wiki page on Congress for more details on the Congress project itself.)

Like other OpenStack projects, Congress is moving very quickly. Recently, one of the lead developers of Congress summarized some of the performance improvements that have been realized in recent builds of Congress. These performance improvements include things like much faster query performance, massive reductions in data import speeds, and significant reductions in memory overhead.

If you’re interested in the full details on the performance improvements that the Congress team is seeing, go read the full post on scaling the performance of Congress over at ruleyourcloud.com. (You can also subscribe to the RSS feed Continue reading

Networking Basics – Test 1

There are 10 basic questions below. Most of them relatively basic networking questions. This test can be taken only one time, so take your time, provide your Name and Email so you can be in Leaderboard. If you like this networking basics test,please leave a comment, so I continue to prepare similar tests. After solving this test… Read More »

The post Networking Basics – Test 1 appeared first on Network Design and Architecture.

When SSL Certificates Go Wild

Padlock

You’ve set up your website and secured it with an SSL certificate that you bought through your ISP. Everything works fine and the chain of trust is just fine in your browser, but when you try accessing your secured site using a command line tool, the connection fails. Why? There’s a good chance that you are not sending your intermediate certificate(s) along with the server certificate.

PKI Trust Review

As a quick reminder, the whole point of SSL certificates and the Public Key Infrastructure is to prove that the site you connected to is the one it says it is. How do we know? The server sends you a certificate with its name in it, digitally signed by an Issuer. If you choose to trust that Issuer’s honesty and believe that they made sure they issued to the right site, you implicitly trust that the end site is the right one; it’s a “Chain of Trust.”

In reality, we don’t typically trust many Issuers. Look in the Trusted Root certificates for your browser, or on a Mac, open Keychain Access and look in System Roots, and you’ll see that for Yosemite in this case, globally – to establish SSL Continue reading

EU law makers to discuss whether Facebook qualifies as critical infrastructure

European legislators are about to reopen a debate on whether Facebook and Twitter should be subject to the same rules as power grids and payment services for protecting critical IT infrastructure and the data it carries.The proposed rules require providers of essential energy, transport, banking and healthcare services to protect their communications networks from hacking and intrusion, and to disclose security breaches. “Key Internet enablers” such as e-commerce platforms and search engines might also have to comply with the rules.Which companies the new law will cover, though, is a focus of upcoming negotiations between the three European Union law-making bodies.To read this article in full or to leave a comment, please click here

Why is Apple avoiding wireless charging?

First, the iPhone 6 arrived last year without it. Now, comes the Apple Watch. Same story. Wireless charging seems to be something Apple's going to wait on even as major mobile manufacturers adopt it.Last week, Samsung announced that its Galaxy 6 and S6 Edge smartphones will have wireless charging. Two years ago, the Windows Phone 8-based Lumia 920 smartphone had wireless charging. So it's not as if it's not becoming a more mainstream technology.To read this article in full or to leave a comment, please click here

What caused the Google service interruption?

This morning people on twitter reported that they were unable to reach Google services. Businessinsider followed up with a story in which they mentioned that the Google service interruption primarily involved European and Indian users.

In this blog we’ll take a quick look at what exactly happened by looking at our BGP data. The first clue comes from David Roy and Franck Klopfenstein ‏on twitter who noticed traffic was re-routed towards AS9498 in India. Digging through our BGP data we are able to indeed confirm that routing paths for many google prefixes changed to a path that includes the Indian AS 9498 between 08:58 UTC and 09:14 UTC.

Let’s take a look at an example. In my case www.google.com resolves to the following addresses:
www.google.com has address 74.125.226.19 www.google.com has address 74.125.226.20 www.google.com has address 74.125.226.17 www.google.com has address 74.125.226.16 www.google.com has address 74.125.226.18 www.google.com has IPv6 address 2607:f8b0:4006:806::1014

The IPv4 addresses are all in the 74.125.226.0/24 range. If we now look at the BGP announcements for that Continue reading

10 common Android annoyances, solved

When you stop and think about it, smartphones are a lot like cars: They're fun, they're functional, and we always feel lost without them. But no matter how much we love 'em, they all occasionally do things that drive us crazy.As a certified Guy Who Writes About Android, I hear all about people's most pesky phone-related annoyances. From insufficient storage and wonky auto-brightness to less-than-stellar stamina, certain problems seem to pop up often. And nine times out of 10, there's a pretty easy fix -- or at least some steps that can help make things a little bit better.To read this article in full or to leave a comment, please click here

12 early Apple Watch apps for business

Apple Watch Apps for BusinessImage by Apple/Shutterstock On March 9, Apple at last revealed more specifics about the much-anticipated Apple Watch. CEO Tim Cook said that following the release of the company's WatchKit SDK in November, developers created "thousands of new apps," a few of which were showed off by Apple vice president of technology Kevin Lynch. (You can jump to the 68-minute mark of the presentation video to see Lynch demo Watch apps.) Apple also revealed the new Apple Watch software, which is part of iOS 8.2 (now available) and lets you browse, buy and download apps for the watch.To read this article in full or to leave a comment, please click here

Kitematic a Docker GUI joins the Docker family

We are thrilled to announce the acquisition of Kitematic, the fastest and easiest way to use Docker on the Mac. Because Docker is a tool for developers, we find that the developers in the ecosystem build the best tools for Docker. … Continued

Our one click upgrade from dorm room to Docker – the Kitematic story.

If you didn’t already know, Kitematic is the fastest and the easiest way to use Docker on your Mac We are super excited to announce Kitematic is going to be part of Docker family. We get to work alongside the … Continued

The Upload: Your tech news briefing for Thursday, March 12

High-end phones on the way with LG, Huawei next in lineIf you were disappointed with the shortage of new flagship smartphones at Mobile World Congress last week, just hang on until next month. LG Electronics is expected to announce the highly anticipated successor to its good-looking G3—the G4?—that may sport a 1620 x 2880 pixel display. Huawei has started to post teasers for an event on April 8 for its P8, likely to offer a screen that’s a bit larger than the Ascend P7’s 5 inches, better battery life and an improved camera. Even Sony, which badly needs a big hit, may jump in the fray, with the Xperia Z4.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, March 12

Juniper rewires the data center

Juniper Networks this week rolled out new data center switches to help customers address opportunities and challenges presented by cloud computing.The new switches are yet another line of data center spine switches that have virtually no integration with Juniper’s three-and-a-half year old QFabric portfolio.Juniper says there will be 7.6 billion Internet users with 50 billion connected devices by 2020, continually accessing data around the globe. This necessitates higher levels of network performance, automation and scale for both enterprises and service providers to address growing demands on their IT infrastructure.+ MORE ON NETWORK WORLD: Juniper unveils new fabric switch, architecture +To read this article in full or to leave a comment, please click here

Juniper rewires the data center

Reducing BGP SNMP Traps in DMVPN Networks

One of my readers decided to build a large DMVPN network with BGP as the WAN routing protocol (good choice!) and configured BGP SNMP traps with snmp-server enable traps bgp command on the hub router to detect spoke router failures. Turns out that’s not exactly a good idea.

What is your opinion about the new blog design ?

As you might notice I changed the blog design, and I want your feedback about the new design from all the points (speed, simplicity, look and feel,etc…). Your suggestion and feedback is highly appreciated to enhance the blog. Did you like it ? Was the old design better ? Based on the comments we will… Read More »

The post What is your opinion about the new blog design ? appeared first on Network Design and Architecture.

« Previous 1 … 3,598 3,599 3,600 3,601 3,602 … 3,853 Next »