0

Use Protection if Peering Promiscuously

Last week, I wrote a blog post discussing the dangers of BGP routing leaks between peers, illustrating the problem using examples of recent snafus between China Telecom and Russia’s Vimpelcom.  This follow-up blog post provides three additional examples of misbehaving peers and further demonstrates the impact unmonitored routes can have on Internet performance and security.  Without monitoring, you are essentially trusting everyone on the Internet to route your traffic appropriately.

In the first two cases, an ISP globally announced routes from one of its peers, effectively inserting itself into the path of the peer’s international communications (i.e., becoming a transit provider rather than remaining a peer) for days on end.  The third example looks back at the China Telecom routing leak of April 2010 to see how a US academic backbone network prioritized bogus routes from one of its peers, China Telecom, to (briefly) redirect traffic from many US universities through China.

Recap: How this works

To recap the explanation from the previous blog (and to reuse the neat animations our graphics folks made), we first note that ISPs form settlement-free direct connections (peering) in order to save on the cost of sending Continue reading

0

The requirements for IT’s Third Platform

With the blurring of technology lines, the rise of competitive companies, and a shift in buying models all before us, it would appear we are at the cusp of ushering in the next era in IT—the Third Platform Era. But as with the other transitions, it is not the technology or the vendors that trigger a change in buying patterns. There must be fundamental shifts in buying behavior driven by business objectives.

The IT industry at large is in the midst of a massive rewrite of key business applications in response to two technology trends: the proliferation of data (read: Big Data) and the need for additional performance and scale. In many regards, the first begets the second. As data becomes more available—via traditional datacenters, and both public and private cloud environments—applications look to use that data, which means the applications themselves have to go through an evolution to account for the scale and performance required.

Scale up or scale out?

When the industry talks about scale, people typically trot out Moore’s Law to explain how capacity doubles every 18 months. Strictly speaking, Moore’s Law is more principle than law, and it was initially applied to the number of transistors Continue reading

0

Network Design Concepts Part-3

In the first article of the series, reliability and resiliency are covered. We should know that whatever device, link type or software you choose eventually they will fail. Thus designing resilient system is one of the most critical aspects of IT. I mentioned that one way of providing resiliency is redundancy. If we have redundant […]

Author information

The post Network Design Concepts Part-3 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

0

Scaling the Cloud Security Groups

Most overlay virtual networking and cloud orchestration products support security groups – more-or-less-statefulish ACLs inserted between VM NIC and virtual switch.

The lure of security groups is obvious: if you’re willing to change your network security paradigm, you can stop thinking in subnets and focus on specifying who can exchange what traffic (usually specified as TCP/UDP port#) with whom.

Read more ...

0

Using Schprokits to Automate Big Switch’s Big Cloud Fabric

I gave a presentation at Interop last month and tried to make two major points about network automation. One, network automation is so much more than just “pushing configs” and two, network automation is still relevant in Software Defined Network environments that have a controller deployed as part of the overall solution. And I’m referring to controllers from ANY vendor including, but definitely not limited to Cisco’s APIC, NSX Controllers, Nuage Controller/Director, Juniper Contrail, Plexxi Control, OpenDaylight, and Big Switch’s Big Cloud Fabric.

A few months ago, I was at Network Field Day 8 and got to see a live demo of Big Switch’s newly released Big Cloud Fabric solution. It seemed slick, but I was curious on automating the fabric using the northbound APIs exposed from their controller. As it turns out, I was able to get access to a small fabric (2 leafs / 2 spines) to get familiar with Big Cloud Fabric. In parallel to that, I started testing Schprokits as I mentioned in my previous post.

So, sure enough I spent some time putting together a demo to show what can be done with network automation tools and how they could integrate with SDN controllers. The Continue reading

0

Fixed-Price, or T&M?

Recently I posted about Rewarding Effort vs Results, how different contract structures can have different outcomes. This post covers Time & Materials vs Fixed-Price a little more, looking at pros & cons, and where each one is better suited.

Definitions:

• Time & Materials: Client & supplier agree on the requirements, and an hourly rate. The client is billed based upon the number of hours spent completing the job. Any costs for materials are also passed on. If the job takes 8 hours, the client pays for 8 hours. If it takes 800 hours, the client pays for 800 hours. To prevent bill shock, there will usually be review points to measure progress & time spent. Risk lies with the client.
• Fixed-Price: Client & Supplier agree beforehand on what outcomes the client needs. It is crucial that this is well-documented, so there are no misunderstandings. The supplier will estimate how long the job will take, allow some extra margin, and quote a figure. The client pays the same amount, regardless of how long the job takes. Risk lies with the supplier.

Comparison:

0

Another Exciting New Beginning – Juniper!

I’ve recently taken on a new Product Management role at Juniper Networks. I will be handling the EX platform. While this is an exciting time for me and I expect to be challenged, it does curtail my independence somewhat as a blogger. That’s the price to pay when you work for a vendor, (even though … Continue reading Another Exciting New Beginning – Juniper! →

0

DDoS Activity in the Context of Hong Kong’s Pro-democracy Movement

In early August, we examined data demonstrating a striking correlation between real-world and online conflict [1], which ASERT tracks on a continual basis [2-7]. Recent political unrest provides another situation in which strong correlative indicators emerge when conducting time-series analysis of DDoS attack data.

The latest round of pro-democracy protests in Hong Kong began on September 22^nd when “. . . Students from 25 schools and universities go ahead with a week-long boycott to protest Beijing’s decision to proceed with indirect elections for Hong Kong’s Chief Executive position.” [8]. The protests ramped up on September 28^th when a larger pro-democracy group, Occupy Central with Love and Peace, combined forces with the student demonstrators [8-9]. On October 1^st, protesters vowed to increased the level of civil disobedience if Hong Kong’s Chief Executive, Leung Chun-Ying, did not step down [10].  Since that time, tensions have increased, with police crackdowns, tear gas, barricades, skirmishes, shutdowns of government buildings and infrastructure, and heavy use of social media to promote both pro-and anti-protest sentiment.  By examining Arbor ATLAS Internet-wide attack visibility data we have identified DDoS attack activity in the APAC region which correlates strongly with the ebb and flow Continue reading

0

Dell World: Driving Innovation in a New Era

I just returned from Dell World in Austin, Texas this past week. It’s one of my favorite events because not only does this week bring out hundreds if not thousands of new and innovative ideas, it also brings together thousands of people from around the world with different experiences and backgrounds.

This event was like no other Dell event that I’ve attended. First, it actually rained in Austin. For two days straight! But more importantly (and as dramatic), as a private company, Dell had a very different vibe. Michael Dell repeatedly said that this was the first time he was having fun in a long time, and looking at the crowd, you could sense it! The general feel was that this new Dell could take on any new challenge and could do so swiftly. Always optimize for the long run and drive innovation to accelerate business.

It’s very evident that the software-defined world is changing. At Dell World you could feel the buzz and witness each and every company’s evolution and observe how each product is helping evolve the face of the entire IT ecosystem. With all of the hype surrounding the software-defined market, I’m happy to have had Continue reading

0

Kicking the Tires on Cisco’s onePK

Recently, I experimented with Cisco’s onePK. What follows are observations on onePK, as well as some details on the mechanics of creating a onePK connection. For those of you that are not familiar with onePK–it is an API created by Cisco that they support on various IOS, IOS-XR, and IOS-XE devices. onePK was announced in 2012 […]

Author information

The post Kicking the Tires on Cisco’s onePK appeared first on Packet Pushers Podcast and was written by Kirk Byers.

0

Migrating to the Ghost Blogging Platform

For those of you that follow the CloudFlare blog, you’ll know that we try to be prolific. We have industry leaders like Matthew Prince, John Graham-Cumming, Nick Sullivan, and others publishing pieces weekly from the front lines of internet performance and security. We’re also big fans of open source software, which is used in almost everything we do.

A little over a year ago we watched as a brand new independent open source blogging platform called Ghost started making waves, raising over $300,000 on Kickstarter. A little later, we reached out to the team to see if CloudFlare could help make the lightning-fast Node.js platform even faster and more secure on the Ghost(Pro) hosted service.

In March, Ghost announced that their entire Pro network was powered by CloudFlare, and today we’re pleased to announce that the CloudFlare blog is now running on Ghost.

While things look largely the same, you’ll find new and improved RSS feeds as well as tag and author archives to allow you to browse through our backlog of content more easily. The biggest improvement by far, though, is in the writing tools which we now have available to us—meaning our team is Continue reading

0

Automatic logon to vCenter using vMA/SDK for Perl

One of the most useful appliance for vSphere administration is a Linux based VM called vMA (vSphere Management Assistant ). It’s a simple SUSE Linux installation with the vSphere SDK for Perl installed. Both method will provide useful tools like esxcli, vmkfstools, vicfg-* and so on. Each command can read credentials as parameters: $ esxcli --server vcenter.example.com --username example\vsphereadmin […]

0

The Trap of Net Neutrality

The President recently released a video and statement urging the Federal Communications Commission (FCC) to support net neutrality and ensure that there will be no “pay for play” access to websites or punishment for sites that compete against a provider’s interests.  I wholeheartedly support the idea of net neutrality.  However, I do like to stand on my Devil’s Advocate soapbox every once in a while.  Today, I want to show you why a truly neutral Internet may not be in our best interests.

Lawful Neutral

If the FCC mandates a law that the Internet must remain neutral, it will mean that all traffic must be treated equally.  That’s good, right?  It means that a provider can’t slow my Netflix stream or make their own webmail service load faster than Google or Yahoo.  It also means that the provider can’t legally prioritize packets either.

Think about that for a moment.  We, as network and voice engineers, have spent many an hour configuring our networks to be as unfair as possible.  Low-latency queues for voice traffic.  Weighted fair queues for video and critical applications.  Scavenger traffic classes and VLANs for file sharers and other undesirable bulk noise.  These plans take weeks to Continue reading

0

Response: Cisco, Arista Disaggregating

Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches.

Is there any mileage in this idea?

Old News, New Timing

The idea of the big players selling their software for use on generic hardware has been floating around pretty much since SDN hit the news and the first bare metal switches came out, with Cisco for example looking like they were pretending that SDN wasn’t a thing, and their position was secure if they continued to do what they already did. To be honest, I think Cisco is still paying the price for initially lacking a strategy, then embracing SDN in such a confusing way. Nonetheless, the idea isn’t new, but has the market moved to a position where Cisco and Arista really need to do this? And what of Juniper; are they immune to being sucked into the bare metal market?

Special Sauce

In addition to being a good addition to awesome music of G. Love, for companies like Cisco Arista and Juniper, their “special sauce” these days Continue reading

0

Response: Cisco, Arista Disaggregating

Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches. Is there … Continue reading →

If you liked this post, please do click through to the source at Response: Cisco, Arista Disaggregating and give me a share/like. Thank you!

0

Integrating HP addons to VMware Update Manager

Honestly I don’t like customized ISO images for VMware ESXi. I prefer to know what software is installed and how to upgrade it. This short guide will show how to integrate HP addons for VMware in the Update Manager (VUM). Open the vClient -> Home -> Update Manager -> Download Settings -> Add Download source: Source […]

0

Understanding IPv6: Solicited-Node Multicast In Action

In the last installment of her IPv6 series, Denise Fishburne explains how to find the MAC address associated with a Layer 3 IPv6 address.

0

VMware Update Managet (VUM) fail after upgrade

Sometimes after a vSphere upgrade Update Manager (VUM) can fail with the following error: There was an error connecting VMware vSphere Update Manager – [vcenter.example.com:443]. Database temporarily unavailable or has network problems. The easiest way is to reconfigure the VUM using the VMwareUpdateManagerUtility.exe utility installed in the VMware Update Manager program path (usually C:Program Files (x86)VMwareInfrastructureUpdate Manager): […]

0

An industry in transition

The tendency of most companies is to talk strategy and vision. Almost every technology company can paint a future that is somehow more elegant based on their product’s fit into customer plans. And, as a sales leader, if you find a company whose vision you find compelling enough to inspire you to share it with customers, you’re probably feeling pretty good about things.

But sales is ultimately measured on wins and losses. And there is no taking solace in a grand vision if you cannot meaningful and immediately make a difference in a customer’s life. So as much as sales is about demonstrating a better future, there is no substitute for solving immediate pain.

This means that the ideal landing spot for anyone in a sales role is a company that thinks big but is committed to enabling the game changing vision for today’s customer problem set.You want to be a part of an organization that wants to do nothing short of changing the world, but who has the focus to do it in ways that provide immediate tangible benefit.

I am certain I have found that in Plexxi.

Before joining Plexxi as the head of Worldwide Sales, I Continue reading

0

Deploying VMware vCenter Operations (vCOPS)

Deploying the VMware vCOPS appliance is an easy task with only one prerequisite: IP pool. An IP pool is IP pools provide a network identity to vApps. An IP pool is a network configuration that is assigned to a network used by a vApp. The vApp can then leverage vCenter Server to automatically provide an […]