This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Show Links Cisco Q1 Slump Drops Ethernet Switch Market HP Links SDN, OpenStack […]
The post Coffee Break – Show 10 appeared first on Packet Pushers Podcast and was written by Greg Ferro.
With all of the activity going on in the networking industry right now, and all of the new terminology (as well as old re-invented terminology), it’s quite easy to get messages mixed up. After all, there’s no centralized dictionary for all of this stuff. I’d like to address something that has bugged me for a while.
I’ve now heard from quite a few folks that SDN to them means the ability to automate network tasks. This almost totally misses the point, in my opinion. Network automation should literally be thought of a prerequisite for what we’ll likely be doing on our networks in 10 years; call it SDN if you want. My logic involved with coming to this conclusion is almost 100% about the people involved. Allow me to elaborate.
In my experience the main thing that’s missing from 90% of enterprise networks today is that networking teams have not properly defined their workflows, and/or have not formalized a service catalog to other parts of the business. As a result, everything is fire-fighting, or one-off requests.
Tracking changes historically, and pinning them to business processes is totally impossible (if it’s even attempted), and garbage collection does not occur. Continue reading
We cover all sorts of different topics on this site. Today, we are starting a multipart series on subnetting. These concepts are fundamental building blocks for network administrators, engineers and architects. The subnetting topics outlined in this series should be well understood prior to moving into advanced design or configuration topics. Moreover, the underlying technical concepts of this subject should be understood prior to utilizing any shortcuts to calculate subnet addresses and useable address space.
If I asked this as a multiple choice question, which one of the possible answers would you choose?
If you chose answer B, you are correct. A subnet is a subset of a Classful Network. So the next logical question is, “What is a Classful Network?”
As we answer these questions, we will use “Classful Network” and Network interchangeable. As we move to discussions about subnets, we will explicitly address them as such.
Classful Networks, in TCP/IP terminology are outline in RFC791. It specifically states the following–
Addresses are fixed length of Continue reading
As the infosec community waits for the researchers involved to present their Zeus Gameover take down spoils at the next big conference; ASERT wanted to profile a threat actor that uses both Citadel, “a particularly sophisticated and destructive botnet”, and Gameover, “one of the most sophisticated computer viruses in operation today”, to steal banking credentials.
Citadel Campaign
When a threat actor decides that they would like to start a Citadel campaign they: buy the builder software, build the malware, distribute it to the wild, and then, unfortunately, usually profit. A “login key” in Citadel parlance identifies a specific copy of the builder. This key is also copied into the generated binaries so a link between malware builder and malware is formed. Login keys are supposed to be unique, but due to builders being leaked to the public, some aren’t. For all intents and purposes though, malware researchers use login keys to distinguish between distinct Citadel campaigns.
On October 29, 2013, security researcher Xylitol tweeted that login key 5CB682C10440B2EBAF9F28C1FE438468 was not associated with any of the defendants in Microsoft’s Citadel botnet lawsuit:
ASERT has the following command and control (C2) URLs linked with that campaign. Most Continue reading
SDN/NFV Management and Orchestration
At last week’s Big Telecom Event in Chicago, Caroline Chappell, senior analyst with Heavy Reading (the sister organization of Light Reading) moderated a panel discussion on SDN/NFV Management and Orchestration. Readers of this blog will know that’s a subject near and dear to us at Packet Design, and Cengiz Alaettinoglu, our CTO, was a member of the panel. He was joined by speakers from Infoblox, Overture, UBIqube, and NTT America.
Packet Design CTO, Cengiz Alaettinoglu, speaks at the BTE Conference
Ms. Chappell opened the discussion by posing the question, “How real is SDN/NFV, and how quickly will network operators move from proofs of concept to production deployments?” In keeping with what we had heard in earlier conference keynotes and panel sessions, Doug Junkins with NTT America, the only operator on this panel, stated they are already implementing SDN/NFV in 50 data centers globally. He said the primary business drivers are: (1) driving down the cost of provisioning services and (2) new services creation. When asked how NTT views SDN in the context of NFV, he explained that they use the term network automation in Continue reading
Images – Messing with the stack
So we’ve had some time to digest what containers and images are. Now let’s talk in a little greater detail about images and how they layer. A key piece of docker is how the images stack. For instance, let’s quickly build a container that has 3 user image layers in it. Recall, images are the read-only pieces of the container so having 3 user layers implies that I have done 3 commits and any changes after that will be in the 4th read/write layer that lives in the container itself…
Note: Im using the term ‘user images’ to distinguish between base images and the ones that I create. We’ll see in a minute that a base image can even have multiple images as part of the base. I’m also going to use the term ‘image stack’ to refer to all of the images that are linked together to make a running image or container.
I’ve highlighted each user image creation to break it out. Essentially this is what happened…
-Ran the base CentOS image creating a container called stacking
-Created a file in the container called Continue reading
Global telecom giant Huawei continues to grow their substantial networking footprint by pushing into the enterprise and data center spaces with competitive products. In this podcast, Ian Foo, Director for Data Center Products & Solutions Enterprise Global Marketing at Huawei, joins co-hosts Ethan Banks and Greg Ferro in a discussion focused on Huawei’s CloudEngine switches […]
The post Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.
One of the things that I find both counterintuitive and often misunderstood is the role of the network command in interior gateway protocols. This command is used in the router configuration mode on Cisco devices. While there are some protocol specifics that should be understood, it behaves similarly between RIP, EIGRP and OSPF. The common misconception is that the network statement determines what will be advertised. While it can affect what is being advertised, that is not the direct purpose of this command.
If you have mistakenly thought the network command determines what is being advertised, you’re certainly not alone. We can even find verbiage in the output of “show ip protocols” that lends credibility to this position. Let’s take a look at the following configuration.
In the above example, I have enable EIGRP on all of the interfaces.
interface Loopback0 ip address 1.1.1.1 255.255.255.0 interface Loopback1 ip address 2.2.2.1 255.255.255.0 interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 router eigrp 1 network 1.1.1.1 0.0.0.0 network 2.2.2.1 0.0.0.0 network 192. Continue reading
As we work through this tutorial, we will learn how to use the cloonix graph interface to build a simulation scenario that includes two small IPv6 networks connected to each other by two routers via static routes. We will also learn how cloonix saves network topologies and guest virtual machine root filesystems.
Linux IPv6 network simulation running on the cloonix open-source network simulator
The cloonix open-source network simulator uses KVM virtual machines in the simulated network so, in this tutorial, we will demonstrate real Linux router and host configuration procedures.
First, let’s review the high-level steps we will execute to set up and configure a simulated IPv6 network and then save a network topology and node configurations.
We intend to create a scenario made up of static root filesystems Continue reading
This post is for anyone who’s thought about deploying VXLAN on their network and who like me thinks deeply about stuff, to the point of utter confusion, which hit me on a very hot sunny afternoon. The good news with confusion is, once you’ve cracked the issue (normally one’s correct understanding), the clouds clear and the birds sing.
Virtual Extensible Local Area Network functionality is beginning to hit a wide range of vendor devices. VXLAN provides 16 million (and then some) segments for Layer 2 networks. Some organisations, especially those providing cloud infrastructure currently have or will have problems with the number of VLANs available in 12 bits, which is 4096. In that 4096 number, some are not usable either are reserved for certain things like token-ring and platform specific internal communication.
VXLAN is a simple encapsulation method or a tunnel. It encapsulates the original payload in to UDP packets for transit across an IP network and adds another 50 bytes on to the header tax. At a very high level, VXLAN can be deployed in multicast mode and with unicast. Virtual Network IDs (VNIDs) represent VXLAN segment identifiers. In order to gain connectivity, a network construct Continue reading
Last week, I spent a the majority of my commute time listening to a cybercrime novel by Mark Russinovich. This book, Trojan Horse, is the second of three books in the Jeff Aiken Novel series and didn’t disappoint in any way. In the past I read the electronic version of the first book, Zero Day. Whether or not you work in information security, you’ll likely find these books enjoyable. Having some grasp of the reach and dependance on information systems, I find these books are reasonably plausible. I plan to listen to the final installment in the series during my travels this week.
Disclaimer: I have nothing to disclaim about this article. The links shared are not affiliate links and PacketU receives no compensation from Mark Russinovich or the vendors distributing his work.
The post Book Recommendations — Jeff Aiken Series by Mark Russinovich appeared first on PacketU.
Those studying for certification exams should know what they’re studying for. This is typically found on some sort of syllabus or blueprint. In Cisco parlance, we simply call this the exam blueprint. So those taking ICND1 in hopes of achieving CCENT, would typically research the ICND1 exam blueprint. This is found selecting the link in the Exam Topics section of the exam overview page.
While reading through this type of document, it is important to keep a few things in mind. For example, it is beneficial to continually think about how a vendor may validate knowledge of a particular competency. It is also important to pay attention to keywords like describe, configure and troubleshoot. The keyword describe would typically indicate only a conceptual understanding is required. Configure or troubleshoot might be used to indicate working proficiency with a technology is expected.
As a candidate assesses a given blueprint, they should think about how they could assess someone else’s knowledge. For example, one might consider the task of hiring a network administrator. How could the understanding of collision domains and broadcast domains be assessed? By thinking in these terms, the challenges that networking vendors face in assessing candidates begins to surface
Looking at a blueprint Continue reading
During Cisco Live 2014, the Cisco team tracked me down and talked to me about my role and the value of the Cisco Learning Network.
Broadcast live streaming video on Ustream
Links
The post Interview with David Major, Discussing CLN appeared first on PacketU.
