0

Turkey Hijacking IP addresses for popular Global DNS providers

At BGPmon we see numerous BGP hijacks every single day, some are interesting because of the size and scale of the hijack or as we’ve seen today because of the targeted hijacked prefixes. 
It all started last weekend when the Turkish president ordered the censorship of twitter.com. This started with a block of twitter by returning false twitter IP addresses by Turk Telekom DNS servers.  Soon users in Turkey discovered that changing DNS providers to Google DNS or OpenDNS was a good method of bypassing the censorship.
But as of around 9am UTC today (Saturday March 29) this changed when Turk Telekom started to hijack the IP address for popular free and open DNS providers such as Google’s 8.8.8.8, OpenDNS’ 208.67.222.222 and Level3’s 4.2.2.2.

BGP hijack
Using the Turk Telekom looking glass we can see that AS9121 (Turk Telekom) has specific /32 routes for these IP addresses. Since this is the most specific route possible for an IPv4 address, this route will always be selected and the result is that traffic for this IP address is sent to this new bogus route.

0

Network Test Automation with Ansible

0

Over Layer Versus Under Layer

Do you feel like you are in data center acronym soup these days?   I sure feel it, and I think sometimes tech-speak can help mask the real driver for change. In the data center, we are striving for a new model.  The idea of real time resource allocation and reallocation, the ideal organism that responds perfectly to every request and oh, did I mention resiliency in the whole stack for instant recovery from any fault. Wow, that would be great!  I think we have a ways to go. For now, the latest craze is to add the word virtualization to each topic.

Why is that?  I think it is because virtualization has helped us learn that you can decouple the hardware and software and create layers of abstraction that lead to better systems.  And here “better” could be lower power / cooling and space utilization, or it could the idea that a virtual machine (VM) can be your 18 wheeler, or container ship, and move the application or data anywhere you want, to help in that resource allocation / re allocation or resiliency story I mentioned above.

Now if we look on the network side, Continue reading

0

When Good NICs Do Bad Things: A Blast of IPv6 Multicast Listener Discovery Queries

This is the write-up of a recent event we experienced on our network.  This will be combination of a  journal of symptoms, troubleshooting steps taken, and a brief overview of the environment and platforms involved. This isn’t a forensic analysis of the cause or of different behaviors in various environments.  Rather, it’s meant to be […]

Author information

0

Internets of Interest for 28th March 2014

  Collection of useful, relevant or just fun places on the Internets for 28th March 2014 and a bit commentary about what I’ve found interesting about them: Brocade – Brocade Extends Ethernet Fabric Leadership – Brocade hasn’t given up on the Campus. This announcement from February talks about their switch platform, most interesting is that […]

The post Internets of Interest for 28th March 2014 appeared first on EtherealMind.

0

Cisco Internal VLAN Usage

About a month ago I worked on an old CatOS switch. Working on this switch reminded me about some of the differences between CatOS and IOS. One of the big differences is how a Layer 3 routed interface is configured between the two OS versions. On a Catalyst running IOS, it is almost identical as […]

Author information

The post Cisco Internal VLAN Usage appeared first on Packet Pushers Podcast and was written by Charles Galler.

0

Does Network Lifecycle Management Make Sense?

 

0

SAN Automation with Python and Jinja

One of my least favorite things to do in my day job is create or maintain a zoning configuration on a fibre channel switch, such as a Cisco Nexus or MDS. It’s tedious, very error prone, and annoying when changes need to be made. I wrote earlier in the week on the value of using a templating language like Jinja to define the structure of a switch configuration, but dynamic enough to accept all kinds of input from some higher-level intelligence elsewhere.

0

SAN Automation with Python and Jinja

One of my least favorite things to do in my day job is create or maintain a zoning configuration on a fibre channel switch, such as a Cisco Nexus or MDS. It’s tedious, very error prone, and annoying when changes need to be made. I wrote earlier in the week on the value of using a templating language like Jinja to define the structure of a switch configuration, but dynamic enough to accept all kinds of input from some higher-level intelligence elsewhere.

0

How to become a network engineer

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
If you have arrived on this page then I would assume  you know what a network engineer is and would like to find out how to become a network engineer? If you are not sure what a network engineer is or does then the picture below explains it very well Picture courtesy of http://perceptionvsfact.com/ A […]

Post taken from CCIE Blog

Original post How to become a network engineer

0

Troubleshooting with Wireshark [Riverbed lab kit]

A while ago I attended a Wireshark webinar from Riverbed in which they presented the tool, some beginner and intermediate users troubleshooting scenarios and some lab kit. Now I got an e-mail that they made it available for download at http://www.riverbed.com/wireshark-virtual-tour Part of this Lab Kit were available in the Virtual World Tour 2014 webinar […]

0

Three reasons why Networking is a pain in the IaaS, and how to fix it

In this post I share the slides, audio recording, and short outline of a presentation I gave at the Melbourne VMUG conference (Feb 2014) called “Three reasons why Networking is a pain in the IaaS, and how to fix it”.

As network technologists we know that when the compute architecture changes, the network architecture changes with it. Consider the precedent. The transition from mainframe to rack servers brought about Ethernet and top-of-rack switches. Blade servers introduced the blade switch and a cable-less network. And of course the virtual server necessitating the software virtual switch and a hardware-less network. At each iteration, we observe the architecture change occurring at the edge, directly adjacent to compute.

We can look at this superficially and say, “yes, the network architecture changed”. However if you think about it, the catalyzing change in each shift was the operational model, with intent to increase agility and reduce costs. The architecture change was consequential. Without compute, there is no reason for a network. Networking, both as a profession and technology, exists as a necessary service layer for computing. Without a network, computing is practically useless. As such, the capabilities of the network will either enable or impede Continue reading

0

Three reasons why Networking is a pain in the IaaS, and how to fix it

In this post I share the slides, audio recording, and short outline of a presentation I gave at the Melbourne VMUG conference (Feb 2014) called “Three reasons why Networking is a pain in the IaaS, and how to fix it”.

As network technologists we know that when the compute architecture changes, the network architecture changes with it. Consider the precedent. The transition from mainframe to rack servers brought about Ethernet and top-of-rack switches. Blade servers introduced the blade switch and a cable-less network. And of course the virtual server necessitating the software virtual switch and a hardware-less network. At each iteration, we observe the architecture change occurring at the edge, directly adjacent to compute.

We can look at this superficially and say, “yes, the network architecture changed”. However if you think about it, the catalyzing change in each shift was the operational model, with intent to increase agility and reduce costs. The architecture change was consequential. Without compute, there is no reason for a network. Networking, both as a profession and technology, exists as a necessary service layer for computing. Without a network, computing is practically useless. As such, the capabilities of the network will either enable or impede Continue reading

0

Three reasons why Networking is a pain in the IaaS, and how to fix it

In this post I share the slides, audio recording, and short outline of a presentation I gave at the Melbourne VMUG conference (Feb 2014) called “Three reasons why Networking is a pain in the IaaS, and how to fix it”.

As network technologists we know that when the compute architecture changes, the network architecture changes with it. Consider the precedent. The transition from mainframe to rack servers brought about Ethernet and top-of-rack switches. Blade servers introduced the blade switch and a cable-less network. And of course the virtual server necessitating the software virtual switch and a hardware-less network. At each iteration, we observe the architecture change occurring at the edge, directly adjacent to compute.

We can look at this superficially and say, “yes, the network architecture changed”. However if you think about it, the catalyzing change in each shift was the operational model, with intent to increase agility and reduce costs. The architecture change was consequential. Without compute, there is no reason for a network. Networking, both as a profession and technology, exists as a necessary service layer for computing. Without a network, computing is practically useless. As such, the capabilities of the network will either enable or impede Continue reading

0

Three reasons why Networking is a pain in the IaaS, and how to fix it

In this post I share the slides, audio recording, and short outline of a presentation I gave at the Melbourne VMUG conference (Feb 2014) called “Three reasons why Networking is a pain in the IaaS, and how to fix it”. As network technologists we know that when the compute architecture changes, the network architecture changes […]

0

Learn Python

Around six years ago, I decided to start a website called packetlife.net. Maybe you've heard of it. Most people turn to a purpose-built content management system like Wordpress or Drupal for such an endeavor, but I needed greater flexibility to achieve some of the projects I had in mind. This meant I needed to learn a programming language and write a good amount of the site's logic myself.

I already had some experience dabbling in PHP, but wasn't thrilled with it. I figured if I was going to learn a new language, it should be useful as a general purpose language and not just for building a web site. After a bit of research and deliberation, I chose Python (and the Django web framework).

The purpose of this post is to convince networkers with little to no experience writing code to learn Python. In the past I've encouraged fellow networkers to pick up any programming language, as it's more important to think like a programmer than it is to gain proficiency in a particular language. However, I've realized that many people get stuck on which language they want to learn, lose motivation, and end up not growing proficient Continue reading

0

OpenDaylight at Networking Field Day 7

Networking Field Day 7 was the third Tech Field Day event I attended as a delegate, and as expected, it was a blast. Its always good to be reunited with old friends, especially in this kind of environment, where constant technical discussions are…….well, they’re just going to happen. There were certainly some common undertones in every single presentation. One big example is OpenDaylight - nearly every vendor had at least something to say about it.

0

OpenDaylight at Networking Field Day 7

Networking Field Day 7 was the third Tech Field Day event I attended as a delegate, and as expected, it was a blast. Its always good to be reunited with old friends, especially in this kind of environment, where constant technical discussions are…….well, they’re just going to happen. There were certainly some common undertones in every single presentation. One big example is OpenDaylight - nearly every vendor had at least something to say about it.

0

Pre-bestpath Cost Community &#8211 What is it?

This post represents the solution and explanation for quiz-21. It is a very long post describing Pre-bestpath community, Point of Insertion, offset list and other networking hacks employed to tackle a less common problem. Make yourself a coffee and start reading...

0

Integrated hybrid OpenFlow control of HP switches

Performance optimizing hybrid OpenFlow controller describes InMon's sFlow-RT controller. The controller makes use of the sFlow and OpenFlow standards and is optimized for real-time traffic engineering applications that managing large traffic flows, including: DDoS mitigation, ECMP load balancing, LAG load balancing, large flow marking etc.

The previous article provided an example of large flow marking using an Alcatel-Lucent OmniSwitch 6900 switch. This article discusses how to replicate the example using HP Networking switches.

At present, the following HP switch models are listed as having OpenFlow support:

• FlexFabric 12900 Switch Series
• 12500 Switch Series
• FlexFabric 11900 Switch Series
• 8200 zl Switch Series
• HP FlexFabric 5930 Switch Series
• 5920 Switch Series
• 5900 Switch Series
• 5400 zl Switch Series
• 3800 Switch Series
• HP 3500 and 3500 yl Switch Series
• 2920 Switch Series 

Note: All of the above HP switches (and many others) support the sFlow standard - see sFlow Products: Network Equipment @ sFlow.org.

HP's OpenFlow implementation supports integrated hybrid mode - provided the OpenFlow controller pushes a default low priority OpenFlow rule that matches all packets and applies the NORMAL action (i.e. instructs the switch to apply default switching / routing forwarding to the packets).

In Continue reading