Wanted: OpenFlow Switch With ofp_action To Modify The Destination L3 Address

This article is meant to serve in part as an appendix to my previous post on PacketPushers.net. Therefore, please take a moment to read this introduction of Sakura Internet’s DDoS detection and mitigation app if you haven’t already. At Sakura, we are in the process of implementing source-and-destination-based DDoS packet filtering that should be effective and […]

Author information

Tamihiro Yuzawa

Tamihiro Yuzawa

Tamihiro Yuzawa is a network engineer at Sakura Internet, one of Japan's major data center service providers. Before he joined Sakura in 2007, he spent five years at a busy CRM service provider. Both companies have allowed him to stay mostly within the intersection of these circles, and he is pretty much determined to remain in a serious relationship with both Dev and Ops.

The post Wanted: OpenFlow Switch With ofp_action To Modify The Destination L3 Address appeared first on Packet Pushers Podcast and was written by Tamihiro Yuzawa.

Come to ONS 2013 April 15-17 & Plug-in to SDN

Software Defined Networking (SDN) is the buzzword on the mind of every player in the networking and telecom ecosystem; promises to revolutionize networking as we know it and will affect service provider networks, cloud networks and enterprise networks. Open Networking Summit (ONS) 2013 is the premier conference for SDN and Open Flow and has established […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post Come to ONS 2013 April 15-17 & Plug-in to SDN appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

Nuage Networks VSP – Delivers SDN in a Big Way – White Paper – Sponsored

Nuage Networks announces their Virtualised Services Platform and shows that SDN Networking is closer than you think. VSP is a multi-layer solution with a SDN app, controller & network agent with some technical chops. It's derived from Alcatel-Lucent's Service Routers and offers multi-data centre networking that's fully integrated with your MPLS WAN ? Find out more in the very first Packet Pushers Sponsored White Paper where we scratch it's technical under belly.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Nuage Networks VSP – Delivers SDN in a Big Way – White Paper – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Translators wanted

Translation support will be available on next phpipam release, code is being redone and final checks ongoing. I have decided to go with gettext, it seems to be the most suitable for phpipam.

Translating is straight-forward, by providing translations for strings, for example:

#: functions/functions-mail.php:176
msgid “your domain username”
msgstr “translated text”

There are many tools available to help with translation, like poedit and others.

If anyone is interested in providing translation, please contact me on email. I have already received some requests in the past, I will try to dig up old emails…

brm

The Future of F5 Networks: SDN, iRules & Node.js

Unlike some others in the network industry (until lately at least), those dealing with F5 Networks’ products are probably well accustomed to change – significant and fast paced change at that. F5 are not a company to shy away from rapid change and replacing old technology and tools with newer, better ones. The change from the […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

TwitterLinkedIn

The post The Future of F5 Networks: SDN, iRules & Node.js appeared first on Packet Pushers Podcast and was written by Steven Iveson.

Why is there a “Wrong Way” to Interconnect Datacenters?

There's certainly a lot of focus on data center interconnection (DCI) right now. And understandably so since there are many trends in the industry that are making IT organizations look at data center redundancy. Among these trends are:

  1. The business is saying to IT that they require their IT services to be available at all times. In effect the business is saying that they want to be shielded from technology issues, maintenance windows, and unplanned downtime because the IT services they consume (not all of them mind you, but certainly some of them) are so critical to running the business that they cannot be without them (or, they cannot be without them for whatever period of time it would take IT to recover the service).
  2. The technical ability to move workloads between sites thanks to the near ubiquity of features like vMotion and Live Migration. The ability to pick up an application and swing it over to another location makes item #1 above far less daunting to IT shops and lowers the barrier to adoption.

In this post I'm going to talk about how IT can address item #1 above — the business need — in a manner Continue reading

Which IPv6 source address to choose

In the good old days of IPv4, an interface on a host could have only one IPv4 IP address. Things were very simple, every IP host would use that one address as the source IP for all communication. When we get into IPv6, each interface can have multiple IPv6 addresses. These addresses have different scopes such as global, unique-local and link-local. If an IPv6 enabled host would like to send a packets to another host, which source IPv6 address does it choose? What if it has four addresses: 2001:10::3/64 (Global from ISP A), 2001:23::3/64 (Global from ISP B), fc00:23::3/64 (Unique-Local) and fe80:23::3 (Link-Local)?

As with almost everything there is a nice RFC written on this topic. RFC6724 Default Address Selection for Internet Protocol Version 6 (IPv6) defines how to select a source IPv6 address. It mentions eight rules for source selection, here is the summary and translation:

Rule 1: Prefer same address
Rule 2: Prefer appropriate scope
Rule 3: Avoid deprecated addresses
Rule 4: Prefer home addresses
Rule 5: Prefer outgoing interface
Rule 6: Prefer matching label
Rule 7: Prefer temporary addresses
Rule 8: Use longest matching prefix

In the remainder of Continue reading

OpenFlow 1.0 Actual Use-Case: RTBH of DDoS Traffic While Keeping the Target Online

Sakura Internet operates several data centers across Japan, including this one, and my team is in charge of building and taking care of our IP backbones. In this article, I will introduce the ongoing process of upgrading our DDoS mitigation solution, which happens to be a down-to-earth, if not widely applicable, use case for OpenFlow. […]

Author information

Tamihiro Yuzawa

Tamihiro Yuzawa

Tamihiro Yuzawa is a network engineer at Sakura Internet, one of Japan's major data center service providers. Before he joined Sakura in 2007, he spent five years at a busy CRM service provider. Both companies have allowed him to stay mostly within the intersection of these circles, and he is pretty much determined to remain in a serious relationship with both Dev and Ops.

The post OpenFlow 1.0 Actual Use-Case: RTBH of DDoS Traffic While Keeping the Target Online appeared first on Packet Pushers Podcast and was written by Tamihiro Yuzawa.

SDN and Virtualization Utilizing IP over Avian Carrier Networks

Network Virtualization has been a hot button topic for the last few years, particularly in the data center. With trends like SDN, cloud, and unicorns taking off, it’s incredibly important to move towards technologies that improve scalability while preserving proper multi-tenancy. You may be wondering that all this vendor-supplied, marketing-fueled magic and fairydust is too good to be true. You wouldn’t be too far off - the fact is that none of the solutions provided thus far have addressed the implementation and operation of network virtualization in cases such as a remote datacenter where traditional connectivity like satellite and long-haul fiber is unavailable.

Call for IPv6 Papers

I am working on an IPv6-related project, and though I think I have enough content to at least get started, I’d like to submit a request to the community at large. This project is aimed at providing additional awareness around IPv6 in general, but will be geared towards the entire networking community, ranging from those familiar with the protocol, to those that barely know what an 128-bit address is. This material will be publicly available and organized towards the goal of learning and becoming more aware of the new protocol.

SDN and Virtualization Utilizing IP over Avian Carrier Networks

Network Virtualization has been a hot button topic for the last few years, particularly in the data center. With trends like SDN, cloud, and unicorns taking off, it’s incredibly important to move towards technologies that improve scalability while preserving proper multi-tenancy. You may be wondering that all this vendor-supplied, marketing-fueled magic and fairydust is too good to be true. You wouldn’t be too far off - the fact is that none of the solutions provided thus far have addressed the implementation and operation of network virtualization in cases such as a remote datacenter where traditional connectivity like satellite and long-haul fiber is unavailable.

Call for IPv6 Papers

I am working on an IPv6-related project, and though I think I have enough content to at least get started, I’d like to submit a request to the community at large. This project is aimed at providing additional awareness around IPv6 in general, but will be geared towards the entire networking community, ranging from those familiar with the protocol, to those that barely know what an 128-bit address is. This material will be publicly available and organized towards the goal of learning and becoming more aware of the new protocol.

my Cisco Live 2013 US program

Once again I'll be attending Cisco Live 2013 in the United States. This year it's in Orlando, Florida. Below is my tentative schedule although there were some overlap with a few other session that I would have liked to attend. Hope to see a lot of the people I've met at previous Networkers and Lives there too :-)

 This is my schedule. There are many like it but this one is mine.

Monday
  • BRKOPT-2106 DWDM 101
  • BRKNMS-2517 Operations Architecture
  • BRKCOM-3003 UCS Ethernet Troubleshooting of the uplinks to the Data Center LAN Switches

Tuesday


  • BRKOPT-2117 High Speed WAN Interconnections - Evaluating existing and emerging technologies
  • GENKEY-1295 KEYNOTE: Tomorrow Starts Here
  • BRKARC-3470 Cisco Nexus 7000 Switch Architecture
  • BRKRST-3321 Scaling BGP


 Wednesday


  • BRKARC-3472 NX-OS Routing & Layer 3 Switching
  • GENKEY-1296 KEYNOTE: Unlocking the Value of Innovation
  • BRKSPG-2904 ASR-9000/IOS-XR hardware Architecture, QOS, EVC, IOS-XR Configuration and Troubleshooting
  • BRKARC-3453 Nexus 6000  - Architecture of the next-generation Switch for


 Thursday


  • BRKRST-3371 Advances in BGP
  • BRKOPT-2116 High Speed Data Networks - 40G, 100G & Beyond
  • BRKSPG-2333 Securing Cisco ASR 9000 Routers
  • GENKEY-1297 Celebrity Closing Keynote
  • BRKSPG-2905 ISSU on high-end routers




Show 142 – Huawei – End to End SDN Strategy – Sponsored

SDN innovation has been primarily focused on the data center where centralized network programmability has been shown to be capable of providing many benefits to the complex and dynamic (on-demand) data center environment. Service provider networks will also benefit from SDN. Traversing a service provider network involves crossing different network types, technologies, layers and administrative domains. SDN solutions, including OpenFlow’s programmatic control, will provide capabilities unique to these service provider technologies. Huawei presents an architecture that expands SDN into multiple, task specific, controllers and domains and extends networking control across all of the service provider network dimensions.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Show 142 – Huawei – End to End SDN Strategy – Sponsored appeared first on Continue reading

Looking at the spamhaus DDOS from a BGP perspective

It’s been a busy week for network engineers world wide, rerouting around broken optical links and of course the 300Gb/s DDOS attack towards Spamhaus and Cloudflare. This DDOS has been classified as the largest DDOS attack ever recorded and has been written about quite a bit in mainstream media.

There’s been a bit of discussion about how much this DDOS actually slowed down the Internet globally. Fact is that the Internet didn’t come to a halt but the large amount of new traffic that had to be handled by some of the carriers did result in congestion and significant packet loss by some of the Tier1 carriers last weekend. In this blog post we’ll look at this event from the routing perspective, what effects did this have on the Internet Exchanges and we’ll also look at some BGP hijacks related to this attack.

BGP hijack affecting Spamhause
The majority of the attack towards SpamHaus and cloudflare was a brute-force DDOS of attack. But in an attempt to affect spamhause services different techniques were used, one of them was a BGP hijack by the alleged initiator of the attack. Greenhost.nl has a great description on their blog about how AS34109 Continue reading

Complete wipe of a cisco switch configuration


Anyone who learns how to use Cisco IOS CLI knows how to erase a switch to delete the configuration. So this blog will not teach how to erase a switch. What I intend to do is share two screen shots that can help make network admins more cautious when deleting the switch configs, to adhere to security best practice policies. 

Consider a scenario when you need to decommission your switches. You don't want to keep the config on the switch, including the VLANs, so you do a write erase and reload the switch, thinking you've deleted everything. This is not always true. You must check the onboard nvram flash on the switch to look for configuration files. If you find a configuration file (a .text file), check that file content with a 'more flash:filename.text' command. 

When you do a 'wr er' on a switch you think you've deleted all configs. Look at the following screenshot.


Notice how the private-config.text.backup and config.text.backup files still exist. A 'wr er' will only delete the 'private-config.text' and 'config.text' files. If these files are renamed, the 'wr er' does not delete the renamed files. 

1 3,655 3,656 3,657 3,658 3,659 3,694