The Target data breach

According to news reports, credit card information from Target’s point of sales systems was stolen after hackers gained access to the systems of an HVAC contractor that had remote access to Target’s network.

Network virtualization is an important tool that can be used to prevent (or at the very least place barriers) to similar attacks in the future. Increasingly retail stores deploy multiple applications that must be accessible remotely. HVAC systems are an example, but retail locations also often support signage applications (advertisement panels), wifi guest networks, etc.

Most of these applications will contain a mix of physical systems on the branch, applications running in the data-center, as well a remote access to contractors.

From a network segmentation perspective, it is important to be able to create virtual networks that can span the WAN and the data-center. The obvious technology choice for network virtualization in the branch is to be use MPLS L3VPN. It is a technology that is supported in CE devices and that can be deployed over a enterprise or carrier managed private network.

The branch office CE will need to be configured with multiple VLANs, per virtual-network, where physical systems reside. In order to have a Continue reading

Where Are All the Operators in the IETF Standards Process?

Network operators – service providers, enterprises, engineers, architects, data-centers, campuses, etc. – are responsible for keeping the packets flowing across their network(s). The Internet Engineering Task Force (IETF) designs, develops, and documents the standard protocols network operators use in and on their networks. In a perfect world, operators would be part of the IETF process […]

Author information

Chris Grundemann

Director, Deployment and Operationalization at Internet Society

Chris Grundemann (JNCIE #449) is a passionate Internet Technologist and a strong believer in the Internet's power to aid in the betterment of humankind. In his current role as Director of Deployment and Operationalization (DO) at the Internet Society, Chris is focused on helping to get key Internet technologies, such as IPv6 and DNSSEC, deployed around the globe. He has over a decade of experience as both a network engineer and architect designing, building, and operating large IP, Ethernet, and Wireless Ethernet networks. Chris has 11 patents pending and is the author of Day One: Exploring IPv6 and Day One: Advanced IPv6 Configuration, as well as several IETF Internet Drafts, a CircleID blog, a personal weblog, and various other industry papers and blogs. He is the Continue reading

Migrating from WordPress to Pelican on PaaS – Part 1

I've been blogging with Wordpress for the last 5 years on and off. It has some great features and is very easy to use, but it's not for me. This series of posts documents my transition from Wordpress to Pelican.

Part 1: Motivation and Decisions

What's Wrong With Wordpress?

There are a few things about Wordpress that have been bothering me lately

  • Performance
  • Backup/Restore
  • Comment Bots
  • Portability

As with anything that relies on server-side scripting, there is performance hit when loading pages. I've been running my blog on a Linode 1024 VPS ($20 per month) and had found that I had to move from Apache to Nginx to get decent performance with Wordpress. Adding Caching to the equation with one of the many caching plugins available has also helped, but this is a rather complex solution. Another performance bottleneck is the database...

Wordpress requires a MySQL database in the back end. I am not a big MySQL fan and would prefer to run Postgres or MariaDB but this isn't officially supported in Wordpress right now. Not only is a performance bottleneck, but it is also another thing that needs to be backed up.

The Backup/Restore capabilities of Wordpress are decent, Continue reading

WLPC Conference Day 1 Highlights

I'm here at the WLAN Professionals Conference (#WLPC if you're following on Twitter). This is the first of what hopefully will turn into an annual conference dedicated to the Wi-Fi industry. But this conference is a bit different than what you might think a typical conference is. First and foremost, it's got a grassroots, peer-to-peer focus. It's engineers talking about Wi-Fi and gathering for discussion. It's not overly promoted by vendors or full of presentations with marketing drivel. Instead, it's just people who are passionate about this technology coming together to share their knowledge and experiences with each other to better everyone! What a great concept!

There are over 100+ attendees, many of whom are also presenters. I hear there was more demand than seats available, so next year Keith Parsons, organizer of the event, should have a solid baseline to grow the conference and allow more of you (the community) to attend and get involved. What's also great is that many of the presentations have been interactive, with great questions and quality discussion fostering the entire group to share information. The focus on the technology instead of the marketing that so often surrounds the technology and products Continue reading

CEF Secret Attributes, Part 3

In Part 1 we saw we can mark prefixes in CEF with certain attributes that might give us interesting things to play with. In Part 2 we found we could track traffic patterns with the traffic_index tag. We will now turn our attention to the qos-group parameters. Let’s say we would like four categories of […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post CEF Secret Attributes, Part 3 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

interoperability testing

Recently, one customer prospect asked the Contrail team to build a POC lab using only non-Juniper network gear. The team managed to find a cisco ASR 900 as a loaner device and we had to make that device work as a data-center gateway.

Typically we use the Juniper MX as a the data-center gateway in our clusters. When you use an MX, the system somehow feels dated. It does feel like a 10+ year old design, which it is. But it is incredibly solid and feature rich. So one ends up accepting that it feels a bit dated as a tradeoff to its “swiss army knife” powers.

The cisco ASR 900 belongs to the 1k family and runs IOS as a user space process on Linux. I’d not used IOS in 3 years. My first impression was: this artifact belongs to the Computer History Museum. In fact the CHM (which is a fantastic museum) has several pieces in exhibition that are more recent that 1984, the year IOS debuted.

And IOS (even the version 15 in this loaner box) is a history trip. You get to see a routing table that precedes classes internet addresses, the config still outputs “bgp Continue reading

Leveraging Python on Network Devices to Monitor Interfaces in Realtime

In a recent post, I wrote about some Python work I was testing on the Nexus 3000.  The end conclusion was that open Linux platforms will offer more flexibility --- for the consumer of the technology, ultimately the customer.  In this post, we’ll take a look at an example that integrates Python with the native Linux operating system.  
In the context of networking, the question often arises, what does having access to Linux really gain you?  For one, as you can see from my last post and you’ll see in this one, for native scripting within bash and Python is of extreme value in itself, not to mention you’d also have the ability to load any piece of software you want to that is compatible with Linux (think about tools, mgmt/monitoring platforms, etc.).

Okay, so you’d have the ability to use Python on a network switch.  So what?  What about running onboard analytics on the switch?  What about sending the exact data you need, the data you use to troubleshoot, the data part of your operational workflow, directly upstream to a head end server, or just simply to an existing syslog Continue reading
1 3,691 3,692 3,693 3,694 3,695 3,773