NetworkingNexus.net

IS-IS Flooding Details

Last week I published an unrolled version of Peter Paluch’s explanation of flooding differences between OSPF and IS-IS. Here’s the second part of the saga: IS-IS flooding details (yet again, reposted in a more traditional format with Peter’s permission).

In IS-IS, DIS¹ is best described as a “baseline benchmark” – a reference point that other routers compare themselves to, but it does not sit in the middle of the flow of updates (Link State PDUs, LSPs).

A quick and simplified refresher on packet types in IS-IS: A LSP carries topological information about its originating router – its System ID, its links to other routers and its attached prefixes. It is similar to an OSPF LSU containing one or more LSAs of different types.

IS-IS Flooding Details

Enter the NSX Giveaway – Tune In on LinkedIn

Do you remember the 21st night of September?

At VMware NSX, we sure do – and you can bet we’ll be dancing to Earth, Wind & Fire all September long. Whether or not this is your September song of choice, there’s no better way to listen to your favorite tunes than on a top-notch speaker. VMware NSX wants to help by giving away new portable Sonos Roam Speakers that you can bring wherever your grooving takes you.

Yep, you heard us – we’re hosting a giveaway! Entering for a chance to win is easy, too: just follow our new Networking & Security LinkedIn.

For an extra entry, tag a friend or colleague who would enjoy NSX content in the comments of the announcement post.

We’ll select winners from our new followers after the giveaway closes on Oct. 14, 2021. In the meantime, we’ll be listening to “September” on repeat.

This giveaway is limited to those living in the US. If you live somewhere else you can still participate, but we may not be able to deliver your prize. See full Terms and Conditions below. If you have questions, reach out to us on LinkedIn or Twitter.

Lenovo extends TruScale as-a-service model to its entire portfolio

Lenovo is expanding its TruScale pay-per-use model to cover all its data-center products—servers, storage—and client-side devices—laptops, tablets.This transition to a fully integrated, end-to-end, as-a-service model is part of the company’s “One Lenovo” strategy of providing its entire portfolio of clients and servers as a fully managed, on-premises cloud environment through TruScale leasing.One Lenovo simply means laptops and desktops will be sold along with data-center products together all under one sales program. Lenovo will launch a new channel program in 2022 to encompass the One Lenovo strategy.The everything-as-a-service announcement came at the company’s virtual Lenovo Tech World 2021 eventTo read this article in full, please click here

Lenovo extends TruScale as-a-service model to its entire portfolio

How to add virtual-machine drive space in Microsoft Server Hyper-V

Virtualization is an essential part of modern IT infrastructure that presents many routine management tasks to sysadmins, among them increasing virtual hard-drive space when necessary. In my line of work, because of expanding log files, scaling for growing processes, and new tasks for existing servers, this is something I do at least once a month.Here’s how to do it in a Microsoft Server Hyper-V hypervisor running Windows Server 2016 using either Hyper-V Manager or Failover Cluster Manager.To read this article in full, please click here

How to add virtual-machine drive space in Microsoft Server Hyper-V

That Alfa-Trump Sussman indictment

Five years ago, online magazine Slate broke a story about how DNS packets showed secret communications between Alfa Bank in Russia and the Trump Organization, proving a link that Trump denied. I was the only prominent tech expert that debunked this as just a conspiracy-theory[*][*][*].

Last week, I was vindicated by the indictment of a lawyer involved, a Michael Sussman. It tells a story of where this data came from, and some problems with it.

But we should first avoid reading too much into this indictment. It cherry picks data supporting its argument while excluding anything that disagrees with it. We see chat messages expressing doubt in the DNS data. If chat messages existed expressing confidence in the data, we wouldn't see them in the indictment.

In addition, the indictment tries to make strong ties to the Hillary campaign and the Steele Dossier, but ultimately, it's weak. It looks to me like an outsider trying to ingratiated themselves with the Hillary campaign rather than there being part of a grand Clinton-lead conspiracy against Trump.

With these caveats, we do see some important things about where the data came from.

We see how Tech-Executive-1 used Continue reading

Full Stack Journey 058: New Challenges And Embracing Change

In episode 58 of the Full Stack Podcast, Scott talks to Nick Korte about a change that happened with his own podcast, The Nerd Journey. What lessons did Nick learn from this change, and how can those lessons be applied to careers in general? Scott and Nick's conversation uncovers some true gems of career advice.

Full Stack Journey 058: New Challenges And Embracing Change

The post Full Stack Journey 058: New Challenges And Embracing Change appeared first on Packet Pushers.

The Top Network Upgrades You Should Consider Today

Network technologies and threats are advancing rapidly. Don't let your organization fall behind the times.

Big Iron Will Always Drive Big Spending

Starting way back in the late 1980s, when Sun Microsystems was on the rise in the datacenter and Hewlett Packard was its main rival in Unix-based systems, market forces compelled IBM to finally and forcefully field its own open systems machines to combat Sun, HP, and others behind the Unix movement. …

Big Iron Will Always Drive Big Spending was written by Timothy Prickett Morgan at The Next Platform.

Thoughts on the Collapsed Spine

One of the designs I’ve been encountering a lot of recently is a “collapsed spine” data center network, as shown in the illustration below.

In this design, and B are spine routers, while C-F are top of rack switches. The terminology is important here, because C-F are just switches—they don’t route packets. When G sends a packet to H, the packet is switched by C to A, which then routes the packet towards F, which then switches the packet towards H. C and F do not perform an IP lookup, just a MAC address lookup. A and B are responsible for setting the correct next hop MAC address to forward packets through F to H.
What are the positive aspects of this design? Primarily that all processing is handled on the two spine routers—the top of rack switches don’t need to keep any sort of routing table, nor do any IP lookups. This means you can use very inexpensive devices for your ToR. In brownfield deployments, so long as the existing ToR devices can switch based on MAC addresses, existing hardware can be used.

This design also centralizes almost all aspects of network configuration and management on the spine routers. Continue reading

Mixed Results With A64X Port for Seismic HPC

Seismic processing cloud infrastructure provider, DUG, has enough combined compute power to grace the leading ten systems on the Top 500 list of the world’s most powerful supercomputers, with around 30 petaflops for seismic processing, full waveform inversion, petrophysics, and other HPC applications in oil and gas via many of its own software packages. …

Mixed Results With A64X Port for Seismic HPC was written by Nicole Hemsoth at The Next Platform.

AWS Networking – Part V: Create Subnet Using AWS Console

When we have created a new VPC, we can start adding subnets to it. We are going to create two subnets. Subnet 10.10.0.0/24 is a Public Subnet in Availability Zone eu-west2c, where we later add an Internet GW. Subnet 10.10.0.0/24 is a Private Subnet in Availability Zone eu-west2a that will use a NAT GW for uni-directional Internet access.

Figure 1-18: VPC Route Table: Routes.

AWS Networking – Part IV: Create VPC Using the AWZ CloudFormation

The focus of this section is to show how we can create a VPC using AWS CloudFormation service. Figure 1-12 shows our example AWS CloudFormation Templates. Its first section, AWSTemplateFormatVersion, specifies the template language format. At the time of writing, 2010-09-09 is the latest and only valid version. We can use the Description section to describe our template. Note that it must follow the AWSTemplateFormatVersion Section. AWSTemplateFormation-Version and Description are optional sections. The Resourcessection specifies the actual AWS resources and their properties. Each AWS resource is identified with a logical name. I have given the logical name NwktVPC for our example VPC. We can use resource-specific logical names for defining dependencies between resources. For example, when adding the AWS::EC2::Subnet resource to our template, we assign the VpcId value by calling it from the AWS::EC2::VPC resource using !REF intrinsinc function. I will explain the process in the Subnet section later. The resources and their properties are defined under logical names. The Resources section is the only required section in AWS CloudFormation-Template. AWS CloudFormation Templates are identified by using Stack Names in AWS Cloud Formation. Our example Stack Name is MyNetworkStack.

Figure 1-12: AWS CloudFormation: VPC.

Another SD-WAN Security SNAFU: SQL Injections in Cisco SD-WAN Admin Interface

Christoph Jaggi sent me a link to an interesting article describing security vulnerabilities pentesters found in Cisco SD-WAN admin/management code.

I’m positive the bugs have been fixed in the meantime, but what riled me most was the root cause: Little Bobby Tables (aka SQL injection) dropped by. Come on, it’s 2021, SD-WAN is supposed to be about building secure replacements for MPLS/VPN networks, and they couldn’t get someone who could write SQL-injection-safe code (the top web application security risk)?

Another SD-WAN Security SNAFU: SQL Injections in Cisco SD-WAN Admin Interface

Christoph Jaggi sent me a link to an interesting article describing security vulnerabilities pentesters found in Cisco SD-WAN admin/management code.

Bird on Bird, Episode 4 of BGP Perf testing

1st Post Comparing Open Source BGP Stacks 2nd Post Followup Measuring BGP Stacks Performance 3rd Post Comparing Open Source BGP stacks with internet routes After the last post, I thought the this post would be either adding interesting BGP policy. But that’s tricky. It’s going to take some rethinking about...

Looking at your Linux system’s network interface with ethtool

The ethtool utility on Linux allows you to view and change some of your network-driver and interface-card settings, especially for wired devices. These include their speed, whether the interface uses auto-negotiation, and whether it runs in half- or full-duplex mode. Ethtool also provides an easy way to view or troubleshoot your network interface.More than likely, ethtool is already available on your Linux system. However, to check, you can use one or both of these commands:$ which ethtool /usr/sbin/ethtool $ sudo ethtool —version ethtool version 5.13 To get a sense of how this utility can control settings, run a command like the one below. The -h means “help”. You’ll likely find yourself looking at 10 pages or so of syntax like what is shown here.To read this article in full, please click here

« Previous 1 … 651 652 653 654 655 … 3,832 Next »