I just bought a ticket for The Interview

I care about free speech, a lot. Recently, hackers successfully threatened Sony in order to cancel the movie The Interview. Consequently, I just went online and purchased tickets for the movie -- even though Sony has announced they are going to cancel the premier.

Free speech is only partly a government issue ("1st Amendment"). Throughout the world, speech is chilled more by thugs than by police. It could be youth gangs beating up journalists like in Russia, or Islamists killing cartoonists and movie makers. Even in America, we increasingly have a culture that seeks to silence debate, rather than countering bad speech with more speech.

There is action we can take, and it's this: when some are threatened, they should not stand alone. They can't kill, beat up, or dox all of us when we are many. We should draw pictures of Mohamed. We should criticize the despotic rule of Putin. We should buy tickets to The Interview and brag about it online.

What does “scale out” vs. “scale up” mean?

When researching data center network architectures, you will find the terms “scale out” and — rather less frequently — “scale up” used. What do these terms mean? I’m going to discuss these terms in a networking sense. If you search, you’ll find that applications and storage also have concepts of scaling out vs. […]

Ansible Automation on AWS: Webinar Recording

We were proud to have DualSpark join us for a great webinar this week on automation on AWS using Ansible. Presenting from Ansible was Dave Johnson and Patrick McClory handled the discussion from the DualSpark side. 

Ansible Automation on AWS: Best Practices by Battle-Hardened Experts

- Using Ansible to manage infrastructure in multi-tier deployments 
- Using CloudFormation and Ansible to manage configuration for more complicated scenarios 
- How Tower adds visibility to systems at runtime








Be sure to follow Ansible on Twitter to be informed of all our upcoming webinars.
Download a free trial of Ansible Tower here.

What they miss about Uber/Lyft pay

In this story, writer Timothy B. Lee (@binarybits) becomes a Lyft driver for a week. He focuses on the political questions, such as the controversially low pay. He makes the same mistakes that everyone else makes.

Lyft (and Uber) pay can be low for the same reason McDonalds is open at midnight. In absolute terms, McDonalds loses money staying open late. But, when you take into account all the sunk costs for operating during the day, they would lose even more money by not remaining open late. In other words, staying open late is marginally better.

The same is true of Lyft/Uber drivers. I take Uber/UberX on a regular basis and always interview the drivers. Without exception, it's a side business.

This one time, my UberX driver was a college student. He spent his time between pickups studying. When calculating wait-time plus drive-time, he may have been earning minimum wage. However, when calculating just drive-time, he was earning a great wage for a student -- better than other jobs open to students.

Without exception, all the Uber black-car drivers have their own business. They have fixed contracts with companies to drive employees/clients. Or, they have more personal relationships with Continue reading

Show 217 – IETF, YANG Proliferation and the Lack of Cooperation and Co-ordination

This week are talking about the IETF and it's inability to cope with massive change in networking around SDN and NFV. For example, there are more than 70 drafts on NETCONF models for common networking tasks that often overlap or repeat the same work. What does this means for standards development ?

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Show 217 – IETF, YANG Proliferation and the Lack of Cooperation and Co-ordination appeared first on Packet Pushers Podcast and was written by Greg Ferro.

I (don’t) like Big Buffers.

Recently Arista released a white paper surrounding the idea that having deeper buffers running within the network can help to alleviate the incast congestion patterns that can present when a large number of many-to-one connections are happening within a network. Also known as the TCP incast problem. They pointedly targeted Hadoop clusters, as the incast problem can rear its ugly head when utilizing the Hadoop Cluster for  MapReduce functions. The study used an example of 20 servers hanging off of a single ToR switch that has 40Gbps of uplink capacity within a Leaf/Spine network, presenting a 5:1 oversubscription ratio. This type of oversubscription was just seen in the recent release of the Facebook network that is used within their data centers. So its safe to assume that these types of oversubscription ratios are seen in the wild. I know I’ve run my fair share of oversubscribed networks in the past.

Treating the Symptom

This particular study actually prods at what is the achilles heel of the traditional leaf/spine network design. All nodes being within 3 switch hops, (ToR <-> Spine <-> ToR), does provide a predictable pathing within the minds of the network operators of today, but I posit that Continue reading

The four Mac security options everyone should know

As our lives increasingly go digital, security is a major concern not only for the various online services we use, but also for the devices on which we save our data. Chances are that if you’re reading this article, you own a Mac. And on your Mac, you’d like much of the work you do on it to be kept private.MORE ON NETWORK WORLD: Free security tools you should try While OS X is relatively secure by default, there are some additional steps you can take to ensure the data on your Mac is only accessible by you, even if your Mac is stolen. Take the following tips to heart to better protect your Mac and its data.To read this article in full or to leave a comment, please click here

IKEv2 VPN – ASA/IOS

In our next blog post, we will focus on configuring an IKEv2 VPN between the ASA and IOS.

Is there anything special about that configuration? Yes and no. It is still “just” IKEv2 that will take care of negotiating our tunnels, but there will definitely be a difference in how we configure one platform versus another. Remember – tunnel interfaces are not supported on the ASA, at least as of 8.6, and this generally means that we will not be able to use tunnels (FlexVPNs) on IOS, too (there is actually one small exception to this rule, but it will not be discussed in this article).

Let’s take a look at our simple network:
20141216_01

We’ll try to build a VPN tunnel between R10 and ASA3 that we will then use to protect traffic flowing between VLANs 10 and 8. I am going to start with the ASA configuration.

First and foremost – the Policy. Note that PRF must generally be the same as what you have selected for Integrity/Hashing:

crypto ikev2 policy 10
encryption aes-256
integrity sha384
prf sha384
group 14

We will authenticate the tunnel using pre-shared-keys, and since authentication method is no longer negotiated in IKEv2 we Continue reading

Python paths and Cron logging

I created two new twitter accounts yesterday and the amount of followers in such a short time is great to see. Feel free to follow them here – @bgp4_table and @bgp6_table The accounts get updated through Python, and that Python script is run via a cron job once every six hours. I noticed that when […]

VRF Lite on Nexus 5600

One of the networking engineers using my ExpertExpress to validate their network design had an interesting problem: he was building a multi-tenant VLAN-based private cloud architecture with each tenant having multiple subnets, and wanted to route within the tenant network as close to the VMs as possible (in the ToR switch).

He was using Nexus 5600 as the ToR switch, and although there’s conflicting information on the number of VRFs supported by that switch (verified topology: 25 VRFs, verified maximum: 1000 VRFs, configuration guide: 64 VRFs), he thought 25 VRFs (tenant routing domains) might be enough.

Read more ...

New CCIE RSv5 Workbook Labs & Enhancements

Foundation Lab 2 has now been added to the CCIE RSv5 Workbook.  This lab is great for working on your configuration speed and accuracy when combining multiple technologies together.  It also has a great redistribution section that I hope you’ll all enjoy ;)  More Full Scale, Troubleshooting, and Foundation labs are in progress and will be posted soon.  I’ll post another update about them when they are available.

In addition to this we’ve added some feature enhancements to the workbook in response to customer requests and feedback.  First, there is a new Table of Contents for the workbook that allows you to view all tasks, and to check off tasks that you’ve already completed.  This will help you track your progress as you’re going through the workbook.

You can additionally check off the progress of a task in the upper right hand portion of the individual lab page.

Multiple bookmarks are now supported, and will be added to a section under the Table of Contents.  When you open the workbook it will now also prompt you to load your latest bookmark.

Lastly, configuration solutions are now hidden by default when you open a lab.  This will help prevent “spoilers” in the Continue reading

IPsec VPN Mikrotik to Linux

After writing the Mikrotik IPsec VPN article and I got some questions about how Mikrotik will work with a Linux device to build an IPsec VPN. I did notice that the questions were more oriented for a copy / paste solution, so I’ll provide one that it’s working. If you need more details about why the solution is like it this, please let me know.
Also don’t forget to customize the solution as you need.

Read more on IPsec VPN Mikrotik to Linux…

DDoS flood protection


Denial of Service attacks represents a significant impact to on-going operations of many businesses. When most revenue is derived from on-line operation, a DDoS attack can put a company out of business. There are many flavors of DDoS attacks, but the objective is always the same: to saturate a resource, such as a router, switch, firewall or web server, with multiple simultaneous and bogus requests, from many different sources. These attacks generate large volumes of traffic, 100Gbit/s attacks are now common, making mitigation a challenge.

The 3 minute video demonstrates Flood Protect - a DDoS mitigation solution that leverages industry standard sFlow instrumentation in commodity data center switches to provide real-time detection and mitigation of DDoS attacks. Flood Protect is an application running on InMon's Switch Fabric Accelerator SDN controller. Other applications provide visibility and accelerate fabric performance applying controls reduce latency and increase throughput.
An early version of Flood Protect won the 2014 SDN Idol competition in a joint demonstration with Brocade Networks.
Visit sFlow.com to learn more, evaluate pre-release versions of these products, or discuss requirements.

Ansible Named a Top 10 Open Source Project by OpenSource.com

2014_Top_10_Open_Source_Project

We are pleased to announce that Ansible has been named a Top 10 Open Source Project for 2014 by Opensource.com. Be sure to watch Michael DeHaan's presentation on why your IT infrastructure should be boring, read his interview with Opensource.com's Jen Krieger and learn about one of his favorite Star Trek quotes.

View the full list here.

 

 

Business Drivers Talk at Interop 2015

interop-talk

This talk is a case study around some of the issues and solutions for TelePost Greenland. I’ll have to give credit to Denise Donohue and the folks there as I go along through the slides, but it’s a unique network with some extreme requirements — and therefore some interesting solutions.

1 3,664 3,665 3,666 3,667 3,668 3,844