NetworkingNexus.net

Deep Dive Into a Post-Quantum Key Encapsulation Algorithm

The Internet is accustomed to the fact that any two parties can exchange information securely without ever having to meet in advance. This magic is made possible by key exchange algorithms, which are core to certain protocols, such as the Transport Layer Security (TLS) protocol, that are used widely across the Internet.

Key exchange algorithms are an elegant solution to a vexing, seemingly impossible problem. Imagine a scenario where keys are transmitted in person: if Persephone wishes to send her mother Demeter a secret message, she can first generate a key, write it on a piece of paper and hand that paper to her mother, Demeter. Later, she can scramble the message with the key, and send the scrambled result to her mother, knowing that her mother will be able to unscramble the message since she is also in possession of the same key.

But what if Persephone is kidnapped (as the story goes) and cannot deliver this key in person? What if she can no longer write it on a piece of paper because someone (by chance Hades, the kidnapper) might read that paper and use the key to decrypt any messages between them? Key exchange algorithms Continue reading

Deep Dive Into a Post-Quantum Signature Scheme

To provide authentication is no more than to assert, to provide proof of, an identity. We can claim who we claim to be but if there is no proof of it (recognition of our face, voice or mannerisms) there is no assurance of that. In fact, we can claim to be someone we are not. We can even claim we are someone that does not exist, as clever Odysseus did once.

The story goes that there was a man named Odysseus who angered the gods and was punished with perpetual wandering. He traveled and traveled the seas meeting people and suffering calamities. On one of his trips, he came across the Cyclops Polyphemus who, in short, wanted to eat him. Clever Odysseus got away (as he usually did) by wounding the cyclops’ eye. As he was wounded, he asked for Odysseus name to which the latter replied:

“Cyclops, you asked for my glorious name, and I will tell it; but do give the stranger's gift, just as you promised. Nobody I am called. Nobody they called me: by mother, father, and by all my comrades”

(As seen in The Odyssey, book 9. Translation by the authors of the blogpost).

The Continue reading

Internet is back in Tonga after 38 days of outage

Tonga, the South Pacific archipelago nation (with 169 islands), was reconnected to the Internet this early morning (UTC) and is back online after successful repairs to the undersea cable that was damaged on Saturday, January 15, 2022, by the January 14, volcanic eruption.

After 38 days without full access to the Internet, Cloudflare Radar shows that a little after midnight (UTC) — it was around 13:00 local time — on February 22, 2022, Internet traffic in Tonga started to increase to levels similar to those seen before the eruption.

The faded line shows what was normal in Tonga at the start of the year, and the dark blue line shows the evolution of traffic in the last 30 days. Digicel, Tonga’s main ISP announced at 02:13 UTC that “data connectivity has been restored on the main island Tongatapu and Eua after undersea submarine cable repairs”.

When we expand the view to the previous 45 days, we can see more clearly how Internet traffic evolved before the volcanic eruption and after the undersea cable was repaired.

The repair ship Reliance took 20 days to replace a 92 km (57 mile) section of the 827 km submarine fiber optical cable that Continue reading

Data-center network automation: Its pitfalls and how to avoid them

(Enterprise Management Associates has published “The Future of Data Center Network Automation” based on a survey of enterprises, cloud providers and network service providers. This article by EMA Vice President of Research Networking Shamus McGillicuddy details some of its major findings.)More than 86% of companies expect their budgets for data-center network automation to increase over the next two years, and with spending ramping up, network teams need to plan carefully. Network automation is notoriously difficult to implement due to the complexity of networks in general, and only 23% of the people surveyed were fully confident in their data-center network-automation strategies.To read this article in full, please click here

Data-center network automation: Its pitfalls and how to avoid them

ICMP Redirects Considered Harmful

One of my readers sent me an intriguing challenge based on the following design:

He has a data center with two core switches (C1 and C2) and two Cisco Nexus edge switches (E1 and E2).
He’s using static default routing from core to edge switches with HSRP on the edge switches.
E1 is the active HSRP gateway connected to the primary WAN link.

The following picture shows the simplified network diagram:

ICMP Redirects Considered Harmful

One of my readers sent me an intriguing challenge based on the following design:

He has a data center with two core switches (C1 and C2) and two Cisco Nexus edge switches (E1 and E2).
He’s using static default routing from core to edge switches with HSRP on the edge switches.
E1 is the active HSRP gateway connected to the primary WAN link.

The following picture shows the simplified network diagram:

I Quit: Where the Top Performers’ Cloning Machine Fails?

Sometime in July 2021: It was a quiet Friday afternoon when Tim finally got a chance to sit down and evaluate his first week as a team manager. Mostly grim. It was such an eye-opener and bitter more than sweet week. Not that he didn’t know the group of ten people he was asked to […]

The post I Quit: Where the Top Performers’ Cloning Machine Fails? appeared first on Packet Pushers.

DNS OARC 37

There was a meeting of DNS Operations and Research group in February. These are my notes from the presentations that I found to be of interest.

Another year of the Transition to IPv6

There was a meeting of DNS Operations and Research group in February. These are my notes from the presentations that I found to be of interest.

SD-WAN service-side MPLS VPN

This post goes through how to configure MPLS VPN on the service-side of a Cisco SD-WAN edge device, so the south-side towards non-SD-WAN devices. What I am trying to achieve is to advertise the differing SD-WAN VPN (VRF, why Cisco have to call these VPNs beats me) prefixes to a core switch (using a ASR in the lab) directly connected to the SD-WAN router. This could be accomplished using per-VRF interfaces (or sub-interfaces) and BGP peerings, but a neater solution is to pass all the routing information over one the BGP MPLS VPNv4 peering.

AX.25 over D-Star

Setting up AX.25 over 1200bps was easy enough. For 9600 I got kernel panics on the raspberry pi, so I wrote my own AX.25 stack.

But I also want to try to run AX.25 over D-Star. Why? Because then I can use radios not capable of 9600 AX.25, and because it’s fun.

It seems that radios (at least the two I’ve been working with) expose the D-Star data channel as a byte stream coming over a serial connection. Unlike working with a TNC you don’t have to talk KISS to turn the byte stream into packets, and vice versa.

IC9700 setup

The first hurdle to overcome, because we want to send binary data, is to escape the XON/XOFF flow control characters that the IC9700 mandates. Otherwise we won’t be able to send 0x13 or 0x11. Other bytes seem to go through just fine.

So I wrote a wrapper for that, taking /dev/ttyUSB1 on one side, and turning it into (e.g.) /dev/pts/20 for use with kissattach.

$ ./dsax /dev/ttyUSB1
/dev/pts/20

$ kissattach /dev/pts/20 radio
$ kissattach -p radio -c 2     # See below

Set Menu>Set>DV/DD Set>DV Data TX to Auto, for “automatic PTT”. As Continue reading

How to Pass CCNP ENARSI – Exam Review

Cisco CCNP ENARSI Exam

It is the very version released for this exam, kind of replacing the Routing+TShoot exam of the old CCNP RS,
and it has the code of 300-410

CCNP ENARSI Exam Content & Topics

the exam generally has 4 modules to study and focus on, teaching you configuring and troubleshooting many protocols,

on the aspect of “routing, virtualization & security, IP services, and assurance”

Skills learned with ENARSI

Deep Dive Troubleshooting Mainly for:

EIGRP
OSPF
BGP
mGRE and IPSec (DMVPN)

Focus on for the CCNP ENARSI Exam

The carrier of this badge is expected to have a skills level for routing, security, and virtualization that is definitely higher than the level covered by the CCNP ENCOR exam, and near reaching the level of the CCIE Enterprise Infrastructure, so be careful by really LABBING every topic in the exam with all the possibilities and scenarios.

CCNP ENARSI Exam Nature & Type

The first and the current version of the exam has the code of 300-410.

even though that agenda barely have the word “describe” within its modules, and that most of the topics are to be configured

and troubleshooted, but just like ALL the new NON-LAB Continue reading

AWS Ride Along Blog & YouTube Series

So as many of you know, I decided in 2021 that in my “spare time” I was going to start learning more about AWS. Well that didn’t go so well… lol… so I decided to give myself a “goal” and... Read More ›

The post AWS Ride Along Blog & YouTube Series appeared first on Networking with FISH.

The 7 Requirements of Highly Effective Load Balancers

As Stephen R. Covey stated in his popular book, The 7 Habits of Highly Effective People, “True effectiveness requires balance.” VMware agrees. And when it comes to accelerating modern application delivery, true application effectiveness requires a modern load balancer. So, with a respectful nod to Stephen R. Covey, here are the seven requirements of highly effective load balancers.

Be proactive with self-service. Move away from “create a ticket and wait” developer experiences to self-service, role-based access control for owners to provision, troubleshoot, and monitor their own apps.
Begin with the end in mind with on-demand autoscaling. Automation drives great user experiences. Plan for peak usage times without causing overprovisioning and idle capacity.
Put things first with a 100 percent software solution. The need to support on-premises data center and multi-cloud deployments means that enterprises need to choose applications that work consistently across different environments with a single point of orchestration.
Think win-win with real-time insights and visibility into application traffic. A modern load balancer should collect real-time application telemetry and provide insights into each transaction and end-user patterns.
Seek first to understand, then to be understood with security insights. App vulnerabilities stem from incorrect access control policies Continue reading

Real-time telemetry from a 5 stage Clos fabric

CONTAINERlab described how to use FRRouting and Host sFlow in a Docker container to emulate switches in a Clos (leaf/spine) fabric. The recently released open source project, https://github.com/sflow-rt/containerlab, simplifies and automates the steps needed to build and monitor topologies.

docker run --rm -it --privileged --network host --pid="host" \
  -v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
  -v ~/clab:/home/clab -w /home/clab \
  ghcr.io/srl-labs/clab bash

Run the above command to start Containerlab if you already have Docker installed; the ~/clab directory will be created to persist settings. Otherwise, Installation provides detailed instructions for a variety of platforms.

curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/clos5.yml

Next, download the topology file for the 5 stage Clos fabric shown at the top of this article.

containerlab deploy -t clos5.yml

Finally, deploy the topology.

Note: The 3 stage Clos topology, clos3.yml, described in the previous article is also available.

The initial launch may take a couple of minutes as the container images are downloaded for the first time. Once the images are downloaded, the topology deploys in around 10 seconds.

An instance of the sFlow-RT real-time analytics engine receives industry standard sFlow telemetry from all the switches in the network. All of Continue reading

What is CCNP ENARSI

What is ENARSI, one of the “Specialist” level exam and certificate belonging to the CCNP Enterprise domain, that was announced on June 9th – 2019.

it is the first version of the ENARSI exam that not only participates in the CCNP Enterprise certificate, but also once passed, it will grant the candidate a certificate called:

Cisco Certified Specialist – Enterprise Advanced Infrastructure Implementation

ENARSI and CCNP Enterprise

ENARSI was not the only exam announced from Cisco regarding CCNP Enterprise Specialty, an entire new domain of knowledge and hierarchy was there as well.

ENARSI might be your first and best choice if one of 2 cases:

if you wish to go deep dive with routing protocols and services on enterprise level networks bases
if you already know the old CCNP RS and you wish to refresh topics related to it

The other exams are “ENSDWI, ENSLD, ENWLSI, ENWLSD, and ENAUTO”

So as mentioned in previous blogs, the ENCOR + one of the exams mentioned above (could be the ENARSI)

will result in a CCNP Enterprise Certified

Is ENARSI Important?

It is actually very important not just to accomplish the nice, highly wanted, Continue reading

How to Make the Most of Kubernetes Environment Variables

In traditional systems, environment variables play an important role, but not always a crucial one. Some applications make more use of environment variables than others. Some prefer configuration files over environment variables. However, when it comes to Kubernetes, environment variables are more important than you might think. It’s partially due to the way containers work in general and partially due to the specifics of Kubernetes. In this post, you’ll learn all about environment variables in Kubernetes. Traditionally, environment variables are dynamic key-value variables that are accessible to any process running on the system. The Basics Let’s start with the basics. What are environment variables and why do they exist? Traditionally, environment variables are dynamic key-value variables that are accessible to any process running on the system. The operating system itself will set many environment variables that help running processes understand the specifics of the system. Thanks to this, software developers can include logic in their software that makes the programs adjustable to a specific operating system. Environment variables also hold a lot of important information about the user, things like username, preferred language, user home directory path and many other useful bits of information. User-Defined Environment Variables Dawid Ziolkowski Dawid Continue reading

Five ways to get started with network automation

As many of you know, Red Hat Ansible Automation Platform is a highly flexible IT automation platform that can automate your Linux and Windows instances, your VMware private cloud, your AWS, Azure or Google public cloud, and even your security infrastructure. Today I want to write about one of my favorite use-cases; using Ansible Automation Platform for network automation. It provides easy, highly customizable automation for your routers and switches so you can automate them just like any other IT infrastructure.

However, even though network automation has become increasingly popular, most organizations are still managing their network infrastructure manually by a CLI or GUI. Why is this? This manual CLI work often means that network engineers are reactive and constantly drowning with break-fix network issues because of manual mis-configurations, or the inability to implement change quickly and efficiently.

Because network engineers are so busy firefighting in their day job, they don’t have time to look at a new activity like automating, even though automation will save them time and money in the long run. I fundamentally believe that network automation is not an all or nothing situation. You need to adopt network automation in small increments so you Continue reading

The Post-Quantum State: a taxonomy of challenges

At Cloudflare, we help to build a better Internet. In the face of quantum computers and their threat to cryptography, we want to provide protections for this future challenge. The only way that we can change the future is by analyzing and perusing the past. Only in the present, with the past in mind and the future in sight, can we categorize and unfold events. Predicting, understanding and anticipating quantum computers (with the opportunities and challenges they bring) is a daunting task. We can, though, create a taxonomy of these challenges, so the future can be better unrolled.

This is the first blog post in a post-quantum series, where we talk about our past, present and future “adventures in the Post-Quantum land”. We have written about previous post-quantum efforts at Cloudflare, but we think that here first we need to understand and categorize the problem by looking at what we have done and what lies ahead. So, welcome to our adventures!

A taxonomy of the challenges ahead that quantum computers and their threat to cryptography bring (for more information about it, read our other blog posts) could be a good way to approach this problem. This taxonomy should Continue reading

« Previous 1 … 567 568 569 570 571 … 3,841 Next »