Coffee Break – Show 10

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Show Links   Cisco Q1 Slump Drops Ethernet Switch Market HP Links SDN, OpenStack […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 10 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Network Automation or SDN?

With all of the activity going on in the networking industry right now, and all of the new terminology (as well as old re-invented terminology), it’s quite easy to get messages mixed up. After all, there’s no centralized dictionary for all of this stuff. I’d like to address something that has bugged me for a while.

I’ve now heard from quite a few folks that SDN to them means the ability to automate network tasks. This almost totally misses the point, in my opinion. Network automation should literally be thought of a prerequisite for what we’ll likely be doing on our networks in 10 years; call it SDN if you want. My logic involved with coming to this conclusion is almost 100% about the people involved. Allow me to elaborate.

 

What’s Missing?

In my experience the main thing that’s missing from 90% of enterprise networks today is that networking teams have not properly defined their workflows, and/or have not formalized a service catalog to other parts of the business. As a result, everything is fire-fighting, or one-off requests.

Tracking changes historically, and pinning them to business processes is totally impossible (if it’s even attempted), and garbage collection does not occur. Continue reading

IP Subnetting Part 1: What is a Subnet?

We cover all sorts of different topics on this site. Today, we are starting a multipart series on subnetting. These concepts are fundamental building blocks for network administrators, engineers and architects. The subnetting topics outlined in this series should be well understood prior to moving into advanced design or configuration topics. Moreover, the underlying technical concepts of this subject should be understood prior to utilizing any shortcuts to calculate subnet addresses and useable address space.

So the question I ask today is–

What is a Subnet?

If I asked this as a multiple choice question, which one of the possible answers would you choose?

  1. In OSI terms, the layer under the network layer–also known as the data link layer.
  2. A subset of a Classful Network
  3. 255.255.255.192
  4. 192.168.1.0

If you chose answer B, you are correct. A subnet is a subset of a Classful Network. So the next logical question is, “What is a Classful Network?”

As we answer these questions, we will use “Classful Network” and Network interchangeable. As we move to discussions about subnets, we will explicitly address them as such.

Classful Networks, in TCP/IP terminology are outline in RFC791. It specifically states the following–

Addresses are fixed length of Continue reading

The Citadel and Gameover Campaigns of 5CB682C10440B2EBAF9F28C1FE438468

As the infosec community waits for the researchers involved to present their Zeus Gameover take down spoils at the next big conference; ASERT wanted to profile a threat actor that uses both Citadel, “a particularly sophisticated and destructive botnet”, and Gameover, “one of the most sophisticated computer viruses in operation today”, to steal banking credentials.

Citadel Campaign

When a threat actor decides that they would like to start a Citadel campaign they: buy the builder software, build the malware, distribute it to the wild, and then, unfortunately, usually profit. A “login key” in Citadel parlance identifies a specific copy of the builder. This key is also copied into the generated binaries so a link between malware builder and malware is formed. Login keys are supposed to be unique, but due to builders being leaked to the public, some aren’t. For all intents and purposes though, malware researchers use login keys to distinguish between distinct Citadel campaigns.

On October 29, 2013, security researcher Xylitol tweeted that login key 5CB682C10440B2EBAF9F28C1FE438468 was not associated with any of the defendants in Microsoft’s Citadel botnet lawsuit:

tweet

ASERT has the following command and control (C2) URLs linked with that campaign. Most Continue reading

SDN/NFV Management & Orchestration

SDN/NFV Management and Orchestration


by Steve Harriman, VP of Marketing - June 24, 2014

At last week’s Big Telecom Event in Chicago, Caroline Chappell, senior analyst with Heavy Reading (the sister organization of Light Reading) moderated a panel discussion on SDN/NFV Management and Orchestration. Readers of this blog will know that’s a subject near and dear to us at Packet Design, and Cengiz Alaettinoglu, our CTO, was a member of the panel. He was joined by speakers from Infoblox, Overture, UBIqube, and NTT America. 


Packet Design CTO, Cengiz Alaettinoglu, speaks at the BTE Conference

Ms. Chappell opened the discussion by posing the question, “How real is SDN/NFV, and how quickly will network operators move from proofs of concept to production deployments?” In keeping with what we had heard in earlier conference keynotes and panel sessions, Doug Junkins with NTT America, the only operator on this panel, stated they are already implementing SDN/NFV in 50 data centers globally. He said the primary business drivers are: (1) driving down the cost of provisioning services and (2) new services creation. When asked how NTT views SDN in the context of NFV, he explained that they use the term network automation in Continue reading

Network Automation or SDN?

With all of the activity going on in the networking industry right now, and all of the new terminology (as well as old re-invented terminology), it’s quite easy to get messages mixed up. After all, there’s no centralized dictionary for all of this stuff. I’d like to address something that has bugged me for a while. I’ve now heard from quite a few folks that SDN to them means the ability to automate network tasks.

Network Automation or SDN?

With all of the activity going on in the networking industry right now, and all of the new terminology (as well as old re-invented terminology), it’s quite easy to get messages mixed up. After all, there’s no centralized dictionary for all of this stuff. I’d like to address something that has bugged me for a while. I’ve now heard from quite a few folks that SDN to them means the ability to automate network tasks.

Docker essentials – More work with images

Images – Messing with the stack
So we’ve had some time to digest what containers and images are.  Now let’s talk in a little greater detail about images and how they layer.  A key piece of docker is how the images stack.  For instance, let’s quickly build a container that has 3 user image layers in it.  Recall, images are the read-only pieces of the container so having 3 user layers implies that I have done 3 commits and any changes after that will be in the 4th read/write layer that lives in the container itself…

Note: Im using the term ‘user images’ to distinguish between base images and the ones that I create.  We’ll see in a minute that a base image can even have multiple images as part of the base.  I’m also going to use the term ‘image stack’ to refer to all of the images that are linked together to make a running image or container. 

image

I’ve highlighted each user image creation to break it out.  Essentially this is what happened…

-Ran the base CentOS image creating a container called stacking
-Created a file in the container called Continue reading

Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored

Global telecom giant Huawei continues to grow their substantial networking footprint by pushing into the enterprise and data center spaces with competitive products. In this podcast, Ian Foo, Director for Data Center Products & Solutions Enterprise Global Marketing at Huawei, joins co-hosts Ethan Banks and Greg Ferro in a discussion focused on Huawei’s CloudEngine switches […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cisco IOS – Understanding IGP Network Statements

One of the things that I find both counterintuitive and often misunderstood is the role of the network command in interior gateway protocols. This command is used in the router configuration mode on Cisco devices. While there are some protocol specifics that should be understood, it behaves similarly between RIP, EIGRP and OSPF. The common misconception is that the network statement determines what will be advertised. While it can affect what is being advertised, that is not the direct purpose of this command.

If you have mistakenly thought the network command determines what is being advertised, you’re certainly not alone. We can even find verbiage in the output of “show ip protocols” that lends credibility to this position. Let’s take a look at the following configuration.

R1toR2NetworkStatement

In the above example, I have enable EIGRP on all of the interfaces.

R1 Configuration

interface Loopback0
 ip address 1.1.1.1 255.255.255.0
interface Loopback1
 ip address 2.2.2.1 255.255.255.0
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
router eigrp 1
 network 1.1.1.1 0.0.0.0
 network 2.2.2.1 0.0.0.0
 network 192. Continue reading

How to simulate an IPv6 network using the cloonix network simulator

As we work through this tutorial, we will learn how to use the cloonix graph interface to build a simulation scenario that includes two small IPv6 networks connected to each other by two routers via static routes. We will also learn how cloonix saves network topologies and guest virtual machine root filesystems.

Cloonix IPv6 linux network simulation

Linux IPv6 network simulation running on the cloonix open-source network simulator

The cloonix open-source network simulator uses KVM virtual machines in the simulated network so, in this tutorial, we will demonstrate real Linux router and host configuration procedures.

Procedure summary

First, let’s review the high-level steps we will execute to set up and configure a simulated IPv6 network and then save a network topology and node configurations.

  1. Create root filesystems, one for each virtual machine we plan to create in the simulation
  2. Create static guest virtual machines with the previously-created root filesystems
  3. Connect nodes to create a network topology
  4. Configure each node in the simulated network
  5. Save the network simulation scenario for future use
  6. (Optional) Make changes and save another version of the topology
  7. (Optional) Load a saved network simulation scenario

Step 1: Create root filesystems

We intend to create a scenario made up of static root filesystems Continue reading

VXLAN MTU vs IP MTU Consideration

 

Audience

This post is for anyone who’s thought about deploying VXLAN on their network and who like me thinks deeply about stuff, to the point of utter confusion, which hit me on a very hot sunny afternoon. The good news with confusion is, once you’ve cracked the issue (normally one’s correct understanding), the clouds clear and the birds sing.

VXLAN

Virtual Extensible Local Area Network functionality is beginning to hit a wide range of vendor devices. VXLAN provides 16 million (and then some) segments for Layer 2 networks. Some organisations, especially those providing cloud infrastructure currently have or will have problems with the number of VLANs available in 12 bits, which is 4096. In that 4096 number, some are not usable either are reserved for certain things like token-ring and platform specific internal communication.

VXLAN_Block

VXLAN is a simple encapsulation method or a tunnel. It encapsulates the original payload in to UDP packets for transit across an IP network and adds another 50 bytes on to the header tax. At a very high level, VXLAN can be deployed in multicast mode and with unicast. Virtual Network IDs (VNIDs) represent VXLAN segment identifiers. In order to gain connectivity, a network construct Continue reading

Book Recommendations — Jeff Aiken Series by Mark Russinovich

BookSmallLast week, I spent a the majority of my commute time listening to a cybercrime novel by Mark Russinovich. This book, Trojan Horse, is the second of three books in the Jeff Aiken Novel series and didn’t disappoint in any way. In the past I read the electronic version of the first book, Zero Day. Whether or not you work in information security, you’ll likely find these books enjoyable. Having some grasp of the reach and dependance on information systems, I find these books are reasonably plausible. I plan to listen to the final installment in the series during my travels this week.

Links

Disclaimer: I have nothing to disclaim about this article. The links shared are not affiliate links and PacketU receives no compensation from Mark Russinovich or the vendors distributing his work.

Readers of this article may also enjoy:

  1. Success, the Path to Failure

The post Book Recommendations — Jeff Aiken Series by Mark Russinovich appeared first on PacketU.

Reading a Certification Blueprint

Those studying for certification exams should know what they’re studying for. This is typically found on some sort of syllabus or blueprint. In Cisco parlance, we simply call this the exam blueprint. So those taking ICND1 in hopes of achieving CCENT, would typically research the ICND1 exam blueprint. This is found selecting the link in the Exam Topics section of the exam overview page.

While reading through this type of document, it is important to keep a few things in mind. For example, it is beneficial to continually think about how a vendor may validate knowledge of a particular competency.  It is also important to pay attention to keywords like describe, configure and troubleshoot. The keyword describe would typically indicate only a conceptual understanding is required. Configure or troubleshoot might be used to indicate working proficiency with a technology is expected.

As a candidate assesses a given blueprint, they should think about how they could assess someone else’s knowledge. For example, one might consider the task of hiring a network administrator. How could the understanding of collision domains and broadcast domains be assessed? By thinking in these terms, the challenges that networking vendors face in assessing candidates begins to surface

Looking at a blueprint Continue reading

The Open Internet?

I hear the virtues of the “open Internet” being extolled so much these days that I can’t help but wonder what exactly we are referring to. So let’s ask the question. What is an “open” Internet?

Python Sets: Handy for Network Data

My Python-related posts seem to get the most reads, so here's another one!

A problem that comes up fairly often in networking is finding the number of occurrences of unique items in a large collection of data: let's say you want to find all of the unique IP addresses that accessed a website, traversed a firewall, got denied by an ACL, or whatever. Maybe you've extracted the following list from a log file:

1.1.1.1
2.2.2.2
3.3.3.3
1.1.1.1
5.5.5.5
5.5.5.5
1.1.1.1
2.2.2.2
...

and you need to reduce this to:

1.1.1.1
2.2.2.2
3.3.3.3
5.5.5.5

In other words, we're removing the duplicates. In low-level programming languages, removing duplicates is a bit of a pain: generally you need to implement an efficient way to sort an array of items, then traverse the sorted array to check for adjacent duplicates and remove them. In a language that has dictionaries (also known as hash tables or associative arrays), you can do it by adding each item as a key in Continue reading

Python Sets: Handy for Network Data

My Python-related posts seem to get the most reads, so here's another one!

A problem that comes up fairly often in networking is finding the number of occurrences of unique items in a large collection of data: let's say you want to find all of the unique IP addresses that accessed a website, traversed a firewall, got denied by an ACL, or whatever. Maybe you've extracted the following list from a log file:

1.1.1.1
2.2.2.2
3.3.3.3
1.1.1.1
5.5.5.5
5.5.5.5
1.1.1.1
2.2.2.2
...

and you need to reduce this to:

1.1.1.1
2.2.2.2
3.3.3.3
5.5.5.5

In other words, we're removing the duplicates. In low-level programming languages, removing duplicates is a bit of a pain: generally you need to implement an efficient way to sort an array of items, then traverse the sorted array to check for adjacent duplicates and remove them. In a language that has dictionaries (also known as hash tables or associative arrays), you can do it by adding each item as a key in Continue reading