SLAAC May Save Your Life

Flatline

A chance dinner conversation at Wireless Field Day 7 with George Stefanick (@WirelesssGuru) and Stewart Goumans (@WirelessStew) made me think about the implications of IPv6 in healthcare.  IPv6 adoption hasn’t been very widespread, thanks in part to the large number of embedded devices that have basic connectivity.  Basic in this case means “connected with an IPv4 address”.  But that address can lead to some complications if you aren’t careful.

In a hospital environment, the units that handle medicine dosing are connected to the network.  This allows the staff to program them to properly dispense medications to patients.  Given an IP address in a room, staff can ensure that a patient is getting just the right amount of painkillers and not an overdose.  Ensuring a device gets the same IP each time is critical to making this process work.  According to George, he has recommended that the staff stop using DHCP to automatically assign addresses and instead move to static IP configuration to ensure there isn’t a situation where a patient inadvertently receives a fatal megadose of medication, such as when an adult med unit is accidentally used in a pediatric application.

This static policy does lead Continue reading

Windows ISATAP Client, Part 3

In Part 2 we did the initial ISATAP configuration for our Cisco router. Here we’ll show the config we use on our Windows clients and server. netsh interface isatap set router 203.0.113.30 netsh interface isatap set state enabled Normally I tell system admins to never hard-code IP addresses into their application; always use DNS names! […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post Windows ISATAP Client, Part 3 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

Debian/Ubuntu PMTUD & uRPF

I originally started my PMTUD posts using Ubuntu 14.04. Halfway through the post I simply could not get Ubuntu to change it’s MTU on receipt of ICMP fragmentation needed messages. I then tried Debian and it worked. Windows also had no issues changing it’s MTU. Wanting to finish off the post I switched to Debian […]

Network Infrastructure as Database

A while ago I wrote about the idea of treating network infrastructure (and all other infrastructure) as code, and using the same processes application developers are using to write, test and deploy code to design and implement networks.

That approach clearly works well if you can virtualize (and clone ad infinitum) everything. We can virtualize appliances or even routers, but installed equipment and high-speed physical infrastructure remain somewhat resistant to that idea. We need a different paradigm, and the best analogy I could come up with is a database.

Read more ...

Q and A with Neela Jacques, OpenDaylight Executive Director

Q&A with Neela Jacques, OpenDaylight Executive Director


by Matt Sherrod, VP of Product Management - September 2, 2014

As OpenDaylight makes progress towards spurring adoption of SDN and NFV via an open platform, we asked Executive Director Neela Jacques his latest thoughts on the project’s current status, the state of SDN management, and what’s next.   

1. For people who may not be familiar with OpenDaylight, what is your mission?
OpenDaylight is an open source project that is creating a common, open platform for SDN and NFV. We’re a community of developers uniting competitors to work collaboratively to overcome networking’s toughest challenge -- technology fragmentation and duplication. By creating an open codebase for SDN and NFV, OpenDaylight is a vehicle for vendors to build their unique products, service and support offerings on top of a common, core set of technologies.   

2. Do you feel like the move toward open SDN has reached a critical mass? When and how do you see that happening?
In less than 15 months since we formed, OpenDaylight has grown to include 39 member companies and more than 220 developers that are working to unify the networking industry around a common, open, standard code base. Continue reading

Steve Jobs Thinks All Network Engineers Should Learn to Code

With some downtime this weekend, I was able to watch a few documentaries on NetFlix.  There were a few great ones on Mark Zuckerberg, Warren Buffet, Mark Cuban, and Steve Jobs.  Many of them came from the Bloomberg Game Changers series, but for Steve Jobs, I watched the Steve Jobs: The Lost Interview that was filmed in 1995, lost for almost two decades and then was released in 2012.  I highly recommend all of them, but for this post, I want to highlight something Jobs said nearly 20 years ago.
What does this have to do with Networking?

There have been numerous articles over the past few months, some by me, that either advocate that network engineers should learn how to program, that there is no need for them to learn how to program, or they should simply learn to think like programmers.

Now check out what Steve Jobs said in the following video back in 1995:
…I think everybody in this country should learn how to program a computer – [they] should learn a computer language, because it teaches you how to think.  It’s like going to law school.  I don’t think anybody should be Continue reading

Let People Choose Their Own Tools

Why is it that people will pay a lot of money for a consultant’s time and expertise, but then hobble them by limiting the tools they can use?

Chris Wahl has written about learning to cope with the default tools and settings:

It’s almost a given that anything I own – personally or via my employer – will not be allowed to touch any piece of software or hardware in the average client environment. It causes too many headaches with compliance rule sets like Sarbanes-Oxley (SOX)…

This means that I’ve come to rely on whatever tools are universally available. Let’s take PowerShell for example. I have an entire library of scripts that I’ve written over the past several years. More often than not I end up using the vSphere Client or ESXi Shell instead because I can’t get to my scripts. If it’s a highly repetitious task I may just re-create a script by hand, but more often than not, it’s not worth the effort.

I’ve posted similar things to IEOC about the use of aliases on network gear:

I’m a consultant, so I work on a variety of different systems, and can’t rely on having a large list of aliases Continue reading

Fundamentals – PMTUD – IPv4 vs IPv6 – Part 2 of 2

This is a continuation of a post I started back here. Please read it first before starting below. RFC 4821 Another workaround we can use is Packetization Layer Path MTU Discovery – RFC 4821. The RFC enables a host to mainly acts in one of two ways: Use regular PMTUD. If no acknowledgments are received […]

New GNS3 1.0 Beta 1

It appears that there are some significant changes ongoing with GNS3:     As mentioned by the GNS3 CEO and co-founder Stephen Guppy on 11th of August 2014, the new GNS3 will be more polished and will migrate to a multi-vendor emulation platform. For those using this tool, it’s a well known fact that GNS3 […]

SXSW Interactive 2015: Vote for CloudFlare’s Submissions

Has your Twitter feed been flooded with “vote for my SXSW panel” tweets? With so much buzz all over the place, we wanted to keep it simple and share all of the presentations and panels affiliated with CloudFlare, in one place. Check out CloudFlare's presentations and panels below. If our topics interest you, casting a vote will take just a few minutes!

How to vote:

  1. To sign up go to this link
  2. Enter your name & email address, then confirm your account
  3. Log in with your new account and go to the “PanelPicker”
  4. Click “search/vote” and search for your panel by title
  5. VOTE

Please note: Voting ends on September 6th!

PanelPicker voting counts for 30% of a sessions acceptance to SXSW. Our panels cover a variety of topics from a tell-all that reveals the real story behind the male/female co-founder dynamic to exploring ways to protect human rights online. There’s something for everyone so check them out and vote for your favorite! Every vote counts!

Help CloudFlare get to SXSW!

Presentations:

“Lean On” is the New “Lean In”
Matthew Prince, co-founder and CEO of CloudFlare will sit down with Michelle Zatlyn, co-founder and Head of User Experience at CloudFlare for Continue reading

Show 203 – SDN Policy + Congress with Martin Casado & Tim Hinrichs

This week, the Packet Pushers chat with Martin Casado & Tim Hinrichs about policy. What's policy, you ask? In the context of the software defined data center, policy is the big idea that what an IT system needs to do can be expressed in an abstract policy language. The need for abstraction exists because human beings aren't easily able to tell machines explicitly what they need to do build a system that conforms to a given policy.

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 203 – SDN Policy + Congress with Martin Casado & Tim Hinrichs appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Jack of All Trades

“Jack of all trades, master of none…”

How many times have you heard that in your life? In your career as an engineer? I’ve probably heard it hundreds of times, if not thousands, from working on RADAR and various sorts of radio and other electronics in the US Air Force to as recently as last week. There seems to be a feeling that if you can’t know one thing really well unless you somehow give up on knowing a lot of other things — perhaps there is some sort of limiter in our brains that keeps us from learning more than a certain amount of “stuff” in a single lifetime, or some such nonsense. We’ve all seen the Sherlock Holmes moment, for instance, when Sherlock says something about not remembering something because he has so much other stuff to remember.

And we come back to this idea: Jack of all trades, master of none.

Now I’ll readily admit that I only have so much time to read, and therefore to learn new things. I have four or five wish lists on Amazon, each of which has more than 100 books on it. I have a reading list in Logos Bible Continue reading

Rant: Just stop it with the TFTP

TFTP was first defined in 1980. That is a very long time ago in IT, and while it’s s had a good run, it’s time for network engineers to stop using TFTP. It’s slow, insecure, and there are better options available.

TFTP is an unauthenticated, plain-text file transfer protocol. It is commonly used by network engineers to transfer switch configs, or IOS images. No passwords required, just a straight “Get this file ” or “Put this file ”. It uses UDP to transfer data. It is designed to be very simple, and light-weight. This is a large part of why it was popular – TFTP servers or clients could be implemented in low-powered devices, such as switches, VoIP phones, etc. Some systems also use it as part of an initial boot, where TFTP is used to retrieve the initial boot environment.

The main complaints I hear from engineers are “How do I get a TFTP server set up?”, and “Why is this taking so long to transfer?” Server configuration is just a Google exercise, but let’s look at file transfer speed.

Speedy? Not so much

For this test, I have a CentOS 6.x VM running on my laptop. I’m downloading Continue reading

Fundamentals – PMTUD – IPv4 & IPv6 – Part 1 of 2

One of IPv6′s features is the fact that routers are no longer supposed to fragment packets. Rather it’s up to the hosts on either end to work out the path MTU. This is different in IPv4 in which the routers along the path could fragment the packet. Both IPv4 and IPv6 have a mechanism to […]

Ethane Changed Everything – DevOps for Networking Could be Next

It’s an interesting time in networking, isn’t it?  I can probably quote myself saying that for as long as I’ve been blogging and about a year before that.  Supposedly 2015 is the year of POCs, bakeoffs, and seeing which startups continue to get funding, and which ones slowly dissolve.  As we start to see who the winners and losers may be, I thought it would be good to highlight the last 7 years and where the major focuses areas have been and see what could be next.
Hello OpenFlow!

By now, many of us know who Martin Casado is and what he’s done.  His PhD work, Ethane, at Stanford with Nick McKeown and team led to the pre 1.0 work of OpenFlow.  For the first several years of the network (r)evolution, it was all about OpenFlow.  By 2009, the phrase Software Defined Networking had emerged and referred to OpenFlow enabled architectures.  It was easy to understand.

  • As the industry chatter increased on OpenFlow architectures, hardware commoditization, and the de-coupling of the control plane and data plane, Casado had already started Nicira with McKeown and Shenker.
  • When limitations were seen on what Continue reading

Is Data Center Trilogy Package the Right Fit to Understand Long Distance vMotion Challenges?

A reader sent me this question:

My company will have 10GE dark fiber across our DCs with possibly OTV as the DCI. The VM team has also expressed interest in DC-to-DC vMotion (<4ms). Based on your blogs it looks like overall you don't recommend long-distance vMotion across DCI. Will the "Data Center trilogy" package be the right fit to help me better understand why?

Unfortunately, long-distance vMotion seems to be a persistent craze that peaks with a predicable period of approximately 12 months, and while it seems nothing can inoculate your peers against it, having technical arguments might help.

Read more ...

The Cost of DNNSEC

If you’re playing in the DNS game, and you haven’t done so already, then you really should be considering turning on security in your part of the DNS by enabling DNSSEC. There are various forms of insidious attack that start with perverting the DNS, and end with the misdirection of an unsuspecting user. DNSSEC certainly allows a DNS resolver to tell the difference between valid intention and misdirection. But there's no such thing as a free lunch, and the decision to turn on DNSSEC is not without some additional cost in terms of traffic load and resolution time. In this article, I'll take our observations from running a large scale DNSSEC adoption measurement experiment and apply them to the question: What’s the incremental cost when turning on DNSSEC?