Protocol Basics – The Network Time Protocol

These days we have become used to a world that operates on a consistent time standard, and we have become used to our computers operating at sub-second accuracy. But how do they do so? In this article I will look at how a consistent time standard is spread across the Internet, and examine the operation of the Network Time Protocol (NTP).

NTP for Evil

There was a story that was distributed around the newswire services at the start of February this year, reporting that we had just encountered the “biggest DDOS attack ever” from a NTP-based attack. What’s going on? Why are these supposedly innocuous, and conventionally all but invisible services suddenly turning into venomous daemons? How has the DNS and NTP been turned against us in such a manner? And why have these attacks managed to overwhelm our conventional cyber defences?

The Ideal Cloud Network: SDN Overlays, Underlays or Both?

Enterprises are still a complex mix of legacy and newer cloud applications, yet smart use of universal SDN-based cloud networks is the great equalizer in bringing enterprises and the new applications of the cloud together. Evolutionary migration strategies from a mainframe to a client-server architecture can also be applied to the next phase of cloud and virtual age networking. To appreciate how they apply, one must better understand the diverse definitions of SDN, and its true applicability in next generation networks. Let’s review some of the terminology often used and confused in our industry.

Overlay SDN: The most visibly promoted controller for SDN overlays today is VMware’s NSX (Microsoft System Center, Juniper Contrail and Nuage Networks may also fall into this category). Some networking features and functions are moved into overlays to control the data, flow or forwarding path. This includes:

1. Software overlays to shift management functions from the control plane of the network to servers

2. Specific use-cases such as server virtualization, L4-L7 load balancing, security, Openflow etc.

Functional controllers leverage existing physical networks and apply features and functions such as provisioning that can be used via abstraction, APIs, a CLI and limited scripting.


Underlay SDN: Controllers do Continue reading

Virtual machine (VM) security still a work in progress

Trying to protect your expanding virtual machine (VM) empire will require a security product that can enforce policies, prevent VMs from being terminated or infected, and deliver the virtual equivalents of firewalls, IPS and anti-virus solutions.We last looked at this product category nearly three years ago, testing five products. At that time, we said that no single product delivered all the features we desired. That’s still true today even though the market matured some. This time around we tested three vendors who were in our previous test -- Catbird, Hytrust and Trend Micro – plus a newcomer, Dome9.To read this article in full or to leave a comment, please click here(Insider Story)

Demo: Common Programmable Abstraction Layer

Over the past few weeks, I’ve written about the idea behind a common programmable abstraction layer.  Previous articles are here and here.  It’s worth stating that something like a CPAL can be used with or without SDN controllers and with or without cloud management platforms.  As can be seen from the previous write ups and the video/demo below, today its primary focus is data extraction and data visibility.  It can use device APIs or controller APIs.  It’s about accessing the data you need quicker.  It’s that simple.  No more jumping from device to device and having to manage text and excel files.  

Edit 3/15/2014:
Github repo for CPAL

If there is a controller in the environment, you can still view data around particular physical and virtual switches in the environments by creating the right modules.  Same can be said if there was a CMP/CMS deployed.  While a CPAL can easily make changes to the network, it’s about taking small steps that can have a larger impact on how we use new APIs on network devices and controllers.  And if we don’t strive for a common framework now, we will end Continue reading

SDN Management Challenges of Wireless Carriers

SDN Management Challenges of Wireless Carriers


by Steve Harriman, VP of Marketing - March 10, 2014

Our CTO Cengiz Alaettinoglu recently published an article in RCR Wireless’ Reality Check column titled “Stumbling Block: SDN Management Challenges.” He discusses three SDN applications that are particularly valuable for wireless carriers: bandwidth calendaring, demand placement, and rapid provisioning. In fact, Cengiz says that rapid provisioning “…is indeed surfacing as the killer SDN application for carriers beyond the data center.”

However, these applications cannot be used successfully in SDN environments until the industry solves numerous management challenges. Traditional, manual management methods and processes cannot keep up in a programmable, automated network environment. As a result, the human operator loses visibility and control, making it difficult to understand how to plan for the rollout of new applications and services. Lack of oversight creates a sort of wild west environment without anyone or anything governing whether or not these programmatic changes should be made.

Cengiz is currently working on a prototype of a Network Access Broker that will verify if the WAN can handle the traffic demands of SDN applications without impacting other applications adversely. You can read more about what he says Continue reading

Show 182 – The Future of Networking Part 1 As Inspired By #NFD7

At Networking Field Day 7, the delegates were treated to vendor demonstrations that challenged our thinking about the future of networking. Perhaps the industry is not agreed on just how we’ll implement and operate our networks in the coming years, but one thing is for certain. The landscape will be different. In this and the […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 182 – The Future of Networking Part 1 As Inspired By #NFD7 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

NAT saves the day!

Introduction NAT is bad, it breaks end to end connectivity. It’s misused as a security tool. Using NAT kills kittens. Yes yes, we all know that. That doesn’t mean that there aren’t valid use cases for NAT and when NAT can save the day. What was the problem? Imagine that you have a device that […]

Author information

ddib

Daniel Dib is a network engineer and CCIE #37149. He mainly works with enterprise networks and network design. You can find his original content at lostintransit.se and on Twitter @Danieldibswe

The post NAT saves the day! appeared first on Packet Pushers Podcast and was written by ddib.

Blogs of Interests 2014-03-14

Working from home? Thinking about VXLAN for your Datacenter? Or how about a DMVPN as WAN technology? Read on...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Coffee Break – Show 4

[player] This week Andrew & Greg are joined Howard Marks whose abundance of commentary leads to a surfeit of opinions on the lack of anything happening at Mobile World Congress. Show Notes MWC – Wearable computing on the rise? Netflix and Comcast: Is this the first Network Neutrality domino to fall? Frontier customer complaints drop... Read more »

Coffee Break – Show 4

[player] This week Andrew & Greg are joined Howard Marks whose abundance of commentary leads to a surfeit of opinions on the lack of anything happening at Mobile World Congress. Show Notes MWC – Wearable computing on the rise? Netflix and Comcast: Is this the first Network Neutrality domino to fall? Frontier customer complaints drop […]

The post Coffee Break – Show 4 appeared first on Packet Pushers.

Coffee Break – Show 4

This week Andrew & Greg are joined Howard Marks whose abundance of commentary leads to a surfeit of opinions on the lack of anything happening at Mobile World Congress. Show Notes MWC – Wearable computing on the rise? Netflix and Comcast: Is this the first Network Neutrality domino to fall? Frontier customer complaints drop nearly […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 4 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Network Syntax Highlighting in Sublime Text

Sublime Text 2/3 Syntax Definition for Cisco / Junos router/switch/firewall configurations. This package will highlight Cisco configuration and commands within Sublime Text 2/3. This package contains...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

INTER-AS VPNs and Carrier Supporting Carrier (CSC) Part-2

In the first article of this series I mentioned from Inter AS VPN Option A only. This article will be about Option B , C and Carrier Supporting Carrier VPNs. I assume from the readers basic knowledge of these VPNs.Only design points will be highlighted here since my intended audiences are the network designers and […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post INTER-AS VPNs and Carrier Supporting Carrier (CSC) Part-2 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

What’s the difference between SDN, NV, and NFV?

As many of you know, or newcomers to IT see, we love our acronyms.  For whatever reason, IT is littered with two, three or four letter acronyms.   SDN seems to have accelerated this phenomenon.   As this title suggests I will describe SDN, NV and NFV in this blog.  All of them in our opinion (at Pica8) are software driven schemes that will forever change the way we think about service and application delivery.  Each is a different approach to network programmability. Let’s look into the latest acronyms.

Network Virtualization (NV)

NV is for anybody who’s using virtual machine technology. One data center challenge is to move VMs across different logical domains. NV attacks this problem. NV creates logical segments in an existing network by dividing the network at the flow level (similar to partitioning a hard drive). The goal is to allow people to move VMs independently of their existing infrastructure and not have to reconfigure the network.

NV is an overlay. Rather than physically connecting two domains in a network, NV creates a tunnel through the existing network to connect two domains. NV saves administrators from having to physically wire up each new domain Continue reading

Utilizing LLDP instead of CDP

In the last years, many vendors of network devices made available in the market equipments with interesting prices and quality that ended transforming the network environment of companies on a scenario that share different models and devices. Despite the fact that there is a seducing cost, unfortunately some property protocols (despite being interesting)  create a barrier of integration among many services or replacement of Switches, Routers,etc.

In order to mapping and discovering neighbor devices in a network with controlled environment  and with IP telephony, the Cisco suggest the CDP utilization, but unfortunately the protocol is property of  Cisco, limiting its utilization with other models and equipment.

The LLDP protocol is an open standard to discovery devices that are neighbors, with similarly as CDP, including the utilization of features for the VLAN voice.

With the tests below, we activate the LLDP in a Cisco 3750 Switch and a HPN 12500 Switch.

LLDP-Cisco-x-HPN

Configuring

Cisco3750(config)# lldp run
!Run LLDP on Cisco Switch 

[HPN12K] lldp enable
! Run LLDP on HP Comware-based Switch

To visualize the mapping of neighbors with Cisco we can use:

Cisco3750#show lldp neighbors
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P)  Continue reading

Installing KVM, Libvirt and Open vSwitch on Fedora

In my NetOps to DevOps Training Plan I mentioned installing KVM, Libvirt and Open vSwitch. I did this a few weeks ago and documented it to produce this tutorial. My motivation was to replace my VMware environment at home with something Open Source. I am also a strong believer in "eat your own dog food" and as a lot of the work I am doing in the Open Source community centers around these 3 technologies, I should get used to using them every day...

Installing KVM, Libvirt and Open vSwitch on Fedora

In my NetOps to DevOps Training Plan I mentioned installing KVM, Libvirt and Open vSwitch. I did this a few weeks ago and documented it to produce this tutorial. My motivation was to replace my VMware environment at home with something Open Source. I am also a strong believer in "eat your own dog food" and as a lot of the work I am doing in the Open Source community centers around these 3 technologies, I should get used to using them every day...

Prerequsites

Before we get started, I'll assume that you already have a Fedora Minimal Installation that you are ready to work on...

Installing the packages

sudo yum install -y @standard @virtualization openvswitch

That was easy wasn't it!

@standard installs some useful utilities and @virtualization installs libvirt + KVM

I'm sure you can guess what openvswitch does.

Configuration

Now here comes the fun part!

Configure the services

# Disable NetworkManager
sudo systemctl stop NetworkManager.service
sudo systemctl disable NetworkManager.service

# Enable "Proper" Networking
sudo systemctl enable network.service
sudo systemctl start network.service

# Enable the Open vSwitch service
sudo systemctl enable openvswitch.service
sudo systemctl start openvswitch.service

Setting up Networking with Open vSwitch

Our Continue reading