Network Virtualization and the End-to-End Principle

[This post was written by Dinesh Dutt with help from Martin Casado.  Dinesh is Chief Scientist at Cumulus Networks. Before that, he was a Cisco Fellow, working on various data center technologies from ASICs to protocols to RFCs. He’s a primary co-author on the TRILL RFC and the VxLAN draft at the IETF.  Sudeep Goswami, Shrijeet Mukherjee, Teemu Koponen, Dmitri Kalintsev, and T. Sridhar provided useful feedback along the way.]

In light of the seismic shifts introduced by server and network virtualization, many questions pertaining to the role of end hosts and the networking subsystem have come to the fore. Of the many questions raised by network virtualization, a prominent one is this: what function does the physical network provide in network virtualization? This post considers this question through the lens of the end-to-end argument.

Networking and Modern Data Center Applications

There are a few primary lessons learnt from the large scale data centers run by companies such as Amazon, Google, Facebook and Microsoft. The first such lesson is that a physical network built on L3 with equal-cost multipathing (ECMP) is a good fit for the modern data center. These networks provide predictable latency, scale well, converge quickly when nodes or links change, and provide Continue reading

Show 168 – Juniper QFX5100 & Virtual Chassis Fabric – Sponsored

Juniper Network’s Doug Hanks & Satish Surapaneni join Juniper customer (and Kool-Aid drinking fanboy) Kurt Bales in a discussion about the newly announced QFX5100 line of switches with Ethan Banks & Greg Ferro. Along the way, we talk about useful new technologies enabled by the QFX5100, such Virtual Chassis Fabric & TISSU. This is one of […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 168 – Juniper QFX5100 & Virtual Chassis Fabric – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cashing in on Hotspot 2.0

Nothing is hotter right now in the networked world than Hotspot 2.0. While most of the attention on Hotspot 2.0 has centered on the technology and how it works, the really compelling “feature”(that has received nearly no attention) is the...

‘Hello world’ for network engineers exploring Hadoop

It is hard to ignore all of the hype around Hadoop and Big Data these days. Like most infrastructure engineers, we tend to focus on how to build highly-available, highly-scalable networks – and I’m no exception. However, it is still important to me to keep up with and implement projects on popular trends, directly infrastructure […]

Author information

JR Mayberry

I build large networks. I secure large networks. Seattle based. Formerly Comcast, TorreyPoint, Coca-Cola and current Microsoft. Philly born and raised. Personal website: http://www.rickmayberry.com twitter: mayberry0404 linkedin: http://www.linkedin.com/in/mayberry0404

The post ‘Hello world’ for network engineers exploring Hadoop appeared first on Packet Pushers Podcast and was written by JR Mayberry.

Stahp it with the Network programmer FUD already

Every week I see somebody ask “will all Network Engineers be programmers” on Twitter, LinkedIn, at a trade show or just to be antagonistic and for no other reason than to start an argument.

The anger inside has been brewing for over 12 months until the pressure valve finally released in the form of this blog post. Expect snark.

Stahp it with the Network programmer FUD already

Every week I see somebody ask “will all Network Engineers be programmers” on Twitter, LinkedIn, at a trade show or just to be antagonistic and for no other reason than to start an argument.

The anger inside has been brewing for over 12 months until the pressure valve finally released in the form of this blog post. Expect snark.

What is a programmer anyway?

Lets clear something up. IF YOU CAN WRITE ONE LINE OF RUBY YOU ARE NOT A PROGRAMMER. The Programmers of myth and legend are these days referred to as “Software Engineers”, “Software Architects” and sometimes even “Hackers”, “Coders” or “Code Monkeys”. What they “do” - is build software for a living.

So what about Networking Engineers?

The networking industry can be broken in to four main segments:

Network Operations - These folk keep networks running. They eat support tickets and are seldom let out of their cages.

Network Architects - These folk run around data centers with whiteboards and sharpies and draw clouds. Consultants fall under this designation too. Occasionally these guys get their hands dirty and pick up a console cable but most times they are cooking up the most complicated solution to a simple Continue reading

Stahp it with the Network programmer FUD already

Every week I see somebody ask “will all Network Engineers be programmers” on Twitter, LinkedIn, at a trade show or just to be antagonistic and for no other reason than to start an argument.

The anger inside has been brewing for over 12 months until the pressure valve finally released in the form of this blog post. Expect snark.

Healthy Paranoia Show 19: The ABCs of PCI DSS

Hello boys and girls! What time is it? That’s right, it’s time for another fun-filled episode of Healthy Paranoia! Joining us in the top secret Healthy Paranoia treehouse and just in time for the release of PCI DSS 3.0 is special guest, Dr. Anton Chuvakin, Research Director at Gartner and recognized security expert in the […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
TwitterLinkedIn

The post Healthy Paranoia Show 19: The ABCs of PCI DSS appeared first on Packet Pushers Podcast and was written by Mrs. Y.

TPM chip protecting SSH keys

STOP! There is a better way. this post explains a simpler and more secure way.

Update 2: I have something I think will be better up my sleeve for using the TPM chip with SSH. Stay tuned. In the mean time, the below works.

Finally, I found out how to use a TPM chip to protect SSH keys. Thanks to Perry Lorier. I'm just going to note down those same steps, but with my notes.

I've written about hardware protecting crypto keys and increasing SSH security before:

but this is what I've always been after. With this solution the SSH key cannot be stolen. If someone uses this SSH key that means that the machine with the TPM chip is involved right now. Right now it's not turned off, or disconnected from the network.

Update: you need to delete /var/lib/opencryptoki/tpm/your-username/*.pem, because otherwise your keys will be migratable. I'm looking into how to either never generating these files, or making them unusable by having the TPM chip reject them. Update to come.

When I run this again on a completely blank system I'll add Continue reading

When is enough, enough?

I recently came across this article from John Dix – who made the point that throughout the year, SDN events have helped monitor and inform the community on where the adoption is really occurring. Many articles like this suggest to me that the market understands the idea of SDN opening up a “stack” as in the entire solution – from the metal, to the OS, to the applications. Yet today, there is not enough understanding to necessarily pull the ideal stack together. Articles such as this ask a common question we are all trying to answer: How much SDN is enough to see the value of SDN?

Customers help us see the value in “de-laminating the stack” and moving toward a horizontal model instead of the traditional, fully integrated and closed system that legacy networking vendors now provide. This makes sense because a more open SDN was designed in part to enable innovation and help break some of the vendor lock-in that a closed system fosters. Conversely, for even visionary customers, it can be daunting to try to pull the stack back together and add value to their specific environments.

Do customers see SDN as part of their collective visions Continue reading

F5 Networks iRule Event Order – HTTPS/SSL – Client & Server Side

As promised, here’s the event order for  HTTPS. I’d be grateful to any F5′ers out there that can pick holes in this, if any. Apologies for the ‘slimming’ of the diagram caused by the WordPress theme. Right click and view in a new tab or save as to see it in all it’s glory. Last […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

TwitterLinkedIn

The post F5 Networks iRule Event Order – HTTPS/SSL – Client & Server Side appeared first on Packet Pushers Podcast and was written by Continue reading

Configuring the HP MSR930 for BT Infinity

After trying in vain to make my BT Home Hub 3 work as a Proper Router™ for my home lab I decided to take the plunge and get something better. Seeing as I work at HP, I thought I’d try the HP MSR 930

First step is to get your Fundamentals configured. The config below is a snippet from my configuration. This will enable SSH, SFTP, and HTTPS access from local IP addresses only.

sysname <Your Hostname>
#
# Change some web timeouts
#
web https-authorization mode auto
web idle-timeout 3
#
# ACL for Local Access
#
acl number 2000
 description *** Local Only ***
 rule 0 permit source 192.168.1.0 0.0.0.255
 rule 5 permit source 10.0.0.0 0.255.255.255
#
# Secure Web Interface
#
undo ip http enable
ip https enable
ip https port 443
ip https acl 2000
#
# SSH Setup
#
ssh server enable
ssh server authentication-timeout 10
sftp server enable
#
# Restrict VTY to SSH from Local IP's
#
user-interface vty 0 4
 acl 2000 in
 authentication-mode scheme
 protocol inbound ssh

Once we have our fundamentals done, we can get our firewall ready. Continue reading

Learning though experimentation and breaking things

Lifehacker suggested“Learning to Code by Breaking Someone Else’s Code” and I wanted to share my personal experiences with this method….

The DOS era

When I was young, 7ish, my parents bought a Packard Bell 486 machine (a DX with goofy speakers that hook on the side of the monitor IIRC). It was supposed to be for school, but as far as I was concerned it was for playing games! While the PC ran Windows 3.11, all of my games ran on DOS. DOS, as many of you probably know, has no UI, so in order to install or run a game you were at the mercy of the manual. Typically, the manual would instruct you to “cd” to a removable disk drive and run an “.exe”. This taught me some basic DOS and that an “exe” was an application that I could run.

Sound, Joysticks, IRQ and DMA

Upon running the “exe” in DOS you would be lucky if the game would run correctly first time. Sometimes you would have graphics issues, other times no sound and sometimes your joystick wouldn’t work. To get a game to work you had to select the correct drivers for graphics Continue reading

1 3,718 3,719 3,720 3,721 3,722 3,789