Current Work in BGP Security

I’ve been chasing BGP security since before the publication of the soBGP drafts, way back in the early 2000’s (that’s almost 20 years for those who are math challenged). The most recent news largely centers on the RPKI, which is used to ensure the AS originating an advertisements is authorized to do so (or rather “owns” the resource or prefix). If you are not “up” on what the RPKI does, or how it works, you might find this old blog post useful—its actually the tenth post in a ten post series on the topic of BGP security.

Recent news in this space largely centers around the ongoing deployment of the RPKI. According to Wired, Google and Facebook have both recently adopted MANRS, and are adopting RPKI. While it might not seem like autonomous systems along the edge adopting BGP security best practices and the RPKI system can make much of a difference, but the “heavy hitters” among the content providers can play a pivotal role here by refusing to accept routes that appear to be hijacked. This not only helps these providers and their customers directly—a point the Wired article makes—this also helps the ‘net in a larger way Continue reading

Navigating Change

All you have to do is take a look around you and it becomes obvious that people just simply don’t like change. Conversely, all you have to do is look around you and it becomes obvious that our industry is in almost a constant state of change. How do we reconcile these things? How can we adapt to the ever changing world around us, and how can we utilize this knowledge to be more effective influencers of change within our organizations and within our jobs.

Links

Show Notes

Now this topic, like many of the topics that have become episodes on Network Collective lately, was prompted by a conversation in the Network Collective Slack. It has an IPv6 bend to it, as IPv6 seems to be the change the industry continually likes to avoid, but the avoidance of change isn’t something new. Nick, I’m going to start with you. Do you think the aversion to change in our industry is just a reflection of being human, or do you think there is more to it than that.

Network Break 313: Salesforce Snaps Up Slack; HPE To Decamp For Houston

This week's Network Break analyzes the implications of Salesforce's Slack acquisition, discusses why HPE is moving its HQ to Houston, new ASICs from Broadcom, the distastefulness of Dell selling security add-ons for its supply chain, the shakiness of IETF funding, and more tech news.

The post Network Break 313: Salesforce Snaps Up Slack; HPE To Decamp For Houston appeared first on Packet Pushers.

The Week in Internet News: Two-Thirds of World’s School Children Lack Access

Homework canyon: Two-thirds of the school children across the globe don’t have Internet access, according to a new report, India Today says. The report from the United Nations Children’s Fund and the International Telecommunication Union says the lack of access is a major problem during the COVID-19 pandemic. “That so many children and young people have no internet at home is more than a digital gap, it is a digital canyon,” said UNICEF Chief Henrietta Fore. “Lacking connectivity prevents young people from competing in the modern economy.”

A quantum breakthrough: A Chinese research team has built a quantum computer capable of performing computations nearly 100 trillion times faster than the world’s most powerful supercomputer, The Independent reports. The Chinese feat comes about a year after a Google team passed the same milestone, although the Chinese quantum computer uses a different setup than Google’s.

Research by smartphone: Smartphone users in 17 countries, including the U.K., Australia, South Africa, and Germany, are donating excess smartphone computing time to the DreamLab app, which uses the computing power to research treatment for people suffering from long-term COVID-19 effects. The study is being run by Imperial College London and the Vodafone Foundation charity, Continue reading

Privacy needs to be built into the Internet

Privacy needs to be built into the Internet
Privacy needs to be built into the Internet

The first phase of the Internet lasted until the early 1990s. During that time it was created and debugged, and grew globally. Its growth was not hampered by concerns about data security or privacy. Until the 1990s the race was for connectivity.

Connectivity meant that people could get online and use the Internet wherever they were. Because the “inter” in Internet implied interoperability the network was able to grow rapidly using a variety of technologies. Think dialup modems using ordinary phones lines, cable modems sending the Internet over coax originally designed for television, Ethernet, and, later, fibre optic connections and WiFi.

By the 1990s, the Internet was being used widely and for uses far beyond its academic origins. Early web pioneers, like Netscape, realized that the potential for e-commerce was gigantic but would be held back if people couldn’t have confidence in the security of online transactions.

Thus, with the introduction of SSL in 1994, the Internet moved to a second phase where security became paramount. Securing the web, and the Internet more generally, helped create the dotcom rush and the secure, online world we live in today. But this security was misunderstood by some as providing guarantees about privacy Continue reading

Introducing the Cloudflare Data Localization Suite

Introducing the Cloudflare Data Localization Suite
Introducing the Cloudflare Data Localization Suite

Today we’re excited to announce the Cloudflare Data Localization Suite, which helps businesses get the performance and security benefits of Cloudflare’s global network, while making it easy to set rules and controls at the edge about where their data is stored and protected.

The Data Localization Suite is available now as an add-on for Enterprise customers.

Cloudflare’s network is private and compliant by design. Preserving end-user privacy is core to our mission of helping to build a better Internet; we’ve never sold personal data about customers or end users of our network. We comply with laws like GDPR and maintain certifications such as ISO-27001.

Today, we're announcing tools that make it simple for our customers to build the same rigor into their own applications. In this post, I'll explain the different types of data that we process and how the Data Localization Suite keeps this data local.

We’ll also talk about how Cloudflare makes it possible to build applications that comply with data locality laws, while remaining fast, secure and scalable.

Why keep data local?

Cloudflare's customers have increasing desire or face legal requirements for data locality: they want to control the geographic location where their data is handled. Continue reading

Updated: Getting Network Device Operational Data with Ansible

Recording the same content for the third time because software developers decided to write code before figuring out what needs to be done is disgusting… so it took me a long long while before I collected enough willpower to rewrite and retest all the examples and re-record the Getting Operational Data section of Ansible for Networking Engineers webinar.

The new videos explain how to consume data generated by show commands in JSON or XML format, and how to parse the traditional text-based show printouts. I dropped mentions of (semi)failed experiments like Ansible parse_cli and focused on things that work well: TextFSM, in particular with ntc-templates library, pyATS/Genie, and TTP. On the positive side, I liked the slick new cli_parse module… let’s hope it will stay that way for at least a few years.

On a totally unrelated topic, I realized (again) that fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results.

Updated: Getting Network Device Operational Data with Ansible

Recording the same content for the third time because software developers decided to write code before figuring out what needs to be done is disgusting… so it took me a long long while before I collected enough willpower to rewrite and retest all the examples and re-record the Getting Operational Data section of Ansible for Networking Engineers webinar.

The new videos explain how to consume data generated by show commands in JSON or XML format, and how to parse the traditional text-based show printouts. I dropped mentions of (semi)failed experiments like Ansible parse_cli and focused on things that work well: TextFSM, in particular with ntc-templates library, pyATS/Genie, and TTP. On the positive side, I liked the slick new cli_parse module… let’s hope it will stay that way for at least a few years.

On a totally unrelated topic, I realized (again) that fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results.

Welcome to Privacy & Compliance Week: Reflecting Values at Cloudflare’s Core

Welcome to Privacy & Compliance Week: Reflecting Values at Cloudflare’s Core
Welcome to Privacy & Compliance Week: Reflecting Values at Cloudflare’s Core

Tomorrow kicks off Cloudflare's Privacy & Compliance Week. Over the course of the week, we'll be announcing ways that our customers can use our service to ensure they are in compliance with an increasingly complicated set of rules and laws around the world.

Early in Cloudflare's history, when Michelle, Lee, and I were talking about the business we wanted to build, we kept coming back to the word trust. We realized early on that if we were not trustworthy then no one would ever choose to route their Internet traffic through us. Above all else, we are in the trust business.

Every employee at Cloudflare goes through orientation. I teach one of the sessions titled "What Is Cloudflare?" I fill several white boards with notes and diagrams talking about where we fit in to the market. But I leave one for the end so I can write the word TRUST, in capital letters, and underline it three times. Trust is the foundation of our business.

Standing Up For Our Customers from Our Early Days

That's why we've made decisions that other companies may not have. In January 2013 the FBI showed up at our door with a National Security Continue reading

Getting DevNet Associate (200-901) Certified

Earlier this week I got DevNet Associate certified, using the online testing offering. The TL DR of this post is going to be this:

I have no affiliation with Pluralsight or anyone else, by the way. It’s just that it happens that Nick’s content is there. This may sound like a very simple plan but it has worked for me and many before me. If you follow his plan, you will be prepared to take the test and have an excellent chance of passing.

Now, for the longer version of this post. As with any certification, you need to check the blueprint and assess your current skill level pertaining to those topics. The DevNet Associate has these major areas of topics:

  • Software development and design (15%)
  • Understanding and using APIs (20%)
  • Cisco platforms and development (15%)
  • Application deployment and security (15%)
  • Infrastructure and automation (20%)
  • Network fundamentals (15%)

With my background as a networking expert, this means that I don’t need to spend much time on network fundamentals. For the rest of the blueprint, Continue reading

Coping With The Learning Treadmill

Networking can feel like it’s a never ending game of catch up when it comes to learning. During our live stream with Tim McConnaughy we chat about this learning treadmill and how to navigate the never ending need to learn in this industry.

https://carpe-dmvpn.com/ (Tim’s Site)

See more content like this on our Youtube channel.

The post Coping With The Learning Treadmill appeared first on Network Collective.

Interesting: Differential Availability

Someone pointed me to a high-level overview of Google’s Spanner database which included this gem:

A second refinement is that there are many other sources of outages, some of which take out the users in addition to Spanner (“fate sharing”). We actually care about the differential availability, in which the user is up (and making a request) to notice that Spanner is down. This number is strictly higher (more available) than Spanner’s actual availability — that is, you have to hear the tree fall to count it as a problem.

In other words, it doesn’t matter if your distributed database fails if its user are also gone. Keep this concept in mind every time you’re designing a high availability solution – some corner cases are simply not worth solving.

Interesting: Differential Availability

Someone pointed me to a high-level overview of Google’s Spanner database which included this gem:

A second refinement is that there are many other sources of outages, some of which take out the users in addition to Spanner (“fate sharing”). We actually care about the differential availability, in which the user is up (and making a request) to notice that Spanner is down. This number is strictly higher (more available) than Spanner’s actual availability — that is, you have to hear the tree fall to count it as a problem.

In other words, it doesn’t matter if your distributed database fails if its user are also gone. Keep this concept in mind every time you’re designing a high availability solution – some corner cases are simply not worth solving.

1 782 783 784 785 786 3,787