Should you upgrade tape drives to the latest standard?

With the recent release of the linear tape–open 9 (LTO-9) standard, tape drives with increased capacity and speed should be available soon, but that doesn’t mean users of tape drives should rush to buy them.Here are some of the pros and cons to weigh when considering whether an upgrade is in order.Tape drives are a very reliable way to write data to storage, and are very good at holding onto data for multiple decades. They make an excellent medium for long-term storage and for shipping large amounts of data across long distances (a FedEx truck has unlimited bandwidth).[Get regularly scheduled insights by signing up for Network World newsletters.] What tape is not good at is going slow. LTO-8 has a compressed transfer speed of 900MB/s, which is significantly faster than most any backup you're going to send to it. It's definitely faster than any incremental backup that will be sent to it, and that comprises most backups. That makes tapes as the initial target of backups problematic.To read this article in full, please click here

Network Data Is the Key to Preventing DDoS Attacks

Is Zero Trust Network Access Right for Your Remote Workforce?

Addressing the Labyrinthian Enterprise Network Problem

Higher Education Needs an App Modernization Strategy

Controlling IT Costs to Cope with COVID

Interesting: PyEnv

If you’re like me, you’re probably sick-and-tired of Python versions, environments… Every time I update Python on my MacBook Pro with Homebrew, I lose all packages I installed for the previous version of Python (because I’m installing them system-wide and they’re stored in version-specific directory).

Jon Langemak found a potential solution to this problem: PyEnv. My first reaction was: Great, just what I need… but as he described how it really works, I realized that it’s always possible to add another layer of indirection. RFC1925 strikes again.

Keepalived and unicast over multiple interfaces

Keepalived is a Linux implementation of VRRP. The usual role of VRRP is to share a virtual IP across a set of routers. For each VRRP instance, a leader is elected and gets to serve the IP address, ensuring the high availability of the attached service. Keepalived can also be used for a generic leader election, thanks to its ability to use scripts for healthchecking and run commands on state change.

A simple configuration looks like this:

vrrp_instance gateway1 {
  state BACKUP          # ❶
  interface eth0        # ❷
  virtual_router_id 12  # ❸
  priority 101          # ❹
  virtual_ipaddress {
    2001:db8:ff/64
  }
}

The state keyword in ❶ instructs Keepalived to not take the leader role when starting. Otherwise, incoming nodes create a temporary disruption by taking over the IP address until the election settles. The interface keyword in ❷ defines the interface for sending and receiving VRRP packets. It is also the default interface to configure the virtual IP address. The virtual_router_id directive in ❸ is common to all nodes sharing the virtual IP. The priority keyword in ❹ helps choosing which router will be elected as leader. If you need more information around Keepalived, be sure to check Continue reading

Syncing NetBox with a custom Ansible module

The netbox.netbox collection from Ansible Galaxy provides several modules to update NetBox objects:

- name: create a device in NetBox
  netbox_device:
    netbox_url: http://netbox.local
    netbox_token: s3cret
    data:
      name: to3-p14.sfo1.example.com
      device_type: QFX5110-48S
      device_role: Compute Switch
      site: SFO1

However, if NetBox is not your source of truth, you may want to ensure it stays in sync with your configuration management database¹ by removing outdated devices or IP addresses. While it should be possible to glue together a playbook with a query, a loop and some filtering to delete unwanted elements, it feels clunky, inefficient and an abuse of YAML as a programming language. A specific Ansible module solves this issue and is likely more flexible.

Code​

The module has the following signature and it syncs NetBox with the content of the provided YAML file:

netbox_sync:
  source: netbox.yaml
  api: https://netbox.example.com
  token: s3cret

The synchronized objects are:

• sites,
• manufacturers,
• device types,
• device Continue reading

Solve the Simple Problems

One thing I’ve found out over the past decade of writing is that some problems are easy enough to solve that we sometimes forget about them. Maybe it’s something you encounter once in a great while. Perhaps it’s something that needed a little extra thought or a novel reconfiguration of an existing solution. Something so minor that you didn’t even think to write it down. Until you run into the problem again.

The truth behind most of these simple problems is that the solutions aren’t always apparent. Sure, you might be a genius when it comes to fixing the network or the storage array. Maybe you figured out how to install some new software to do a thing in a way that wasn’t intended. But did you write any of it down for later use? Did you make sure to record what you’ve done so someone else can use it for reference?

Part of the reason why I started blogging was to have those written solutions to problems I couldn’t find a quick answer to. What it became was way more than I had originally intended. But the posts that I write that still get the most attention aren’t my Continue reading

Weekend Reads 091820

As it turns out, the Power10 actually has 51-bit physical addressing and a cluster of its processors can indeed see an address space that is 2 PB in size – if enough nodes with enough DDR memory slots are lashed together in the right way. As far as we know, no other CPU out there can do that.

ViacomCBS has struck a deal to sell its CNET unit to Red Ventures for $500 million. The transaction, which is expected to close in the fourth quarter of 2020, is subject to regulatory approvals and customary closing conditions.

NTP (Network Time Protocol) messages are sometimes rate-limited or blocked entirely by Internet operators. This little-known “NTP filtering” was put into place several years ago in response to DDoS (Distributed Denial of Service) attacks. NTP filtering may drop NTP messages based on rate or message size.

In Europe and beyond we struggle with effective policing of online communications. As generations before, we want to be both: free and safe when we interact with others, go shopping or get our news. While this balance is difficult, it is possible to achieve: the rapid development of online communications, often proclaimed the wild west of modern society, Continue reading

MUST Read: Blockchain, the amazing solution for almost nothing

One of the weekend reads collected by Russ White contained a pointer to a hilarious description of blockchain - a solution in search of a problem. Here are a few quotes to get you started (and I had a really hard time selecting just a few):

I’ve never seen so much bloated bombast fall so flat on closer inspection.

At its core, blockchain is a glorified spreadsheet.

The only thing is that there’s a huge gap between promise and reality. It seems that blockchain sounds best in a PowerPoint slide.

Someone should use that article as a framework and replace blockchain with OpenFlow or SDN ;)

Heavy Networking 540: Sinefa Blends Network Data, Synthetics To Measure End User Experience (Sponsored)

Heavy Networking 540: Sinefa Blends Network Data, Synthetics To Measure End User Experience (Sponsored)

In today's sponsored show, we talk with Sinefa about its Digital Experience Monitoring capabilities. Sinefa assembles network traffic, DPI, end point monitoring, and synthetic transactions to get clear, actionable information on network performance to measure end user experience and improve troubleshooting. Our guests are Chris Siakos, CTO; and Alex Henthorn-Iwane, VP of Product Marketing.

The post Heavy Networking 540: Sinefa Blends Network Data, Synthetics To Measure End User Experience (Sponsored) appeared first on Packet Pushers.

The Digital Services Act and Why the Architecture of the Internet Must Be Preserved

Earlier this year, as part of the European Digital Strategy, the European Commission announced a Digital Services Act package to develop new and revised rules to harmonize and deepen the Single Market for digital services. As a part of that initiative, it also initiated a public consultation to scope the specific issues that may require regulatory intervention.

The Internet Society submitted recommendations in response to the critical issues raised in this consultation. One of the key considerations that we hope comes across in this submission is that in order “to design better regulation for the Internet, it is important to understand two things: the first one is that today’s Internet, despite how much it has evolved, still continues to depend on its original architecture; and, the second relates to how preserving this design is important for drafting regulation that is fit for purpose.”

As noted by the Commission, the scale of digital services is substantially different from 20 years ago, when the E-Commerce Directive was introduced. New actors and new services have emerged, creating a much more complex ecosystem. This new ecosystem presents new challenges, particularly with regard to illegal and harmful activities and content online. Current discussions and regulatory initiatives Continue reading

Stuff The Internet Says On Scalability For Sep 18th, 2020

Hey, it's HighScalability time!

Number Stuff:

Sponsored Post: IP2Location, Ipdata, StackHawk, InterviewCamp.io, Educative, Triplebyte, Stream, Fauna

Who's Hiring? 

• InterviewCamp.io has hours of system design content. They also do live system design discussions every week. They break down interview prep into fundamental building blocks. Try out their platform.


• Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.


• Need excellent people? Advertise your job here! 

Cool Products and Services

• P2Location is IP address geolocation service provider since 2002. The geolocation database or API detects location, proxy and other >20 parameters. The technology has been cited in more than 700 research papers and trusted by many Fortune 500 companies. Try it today!


• ipdata is a reliable IP Address Geolocation API that allows you to lookup the approximate location of any IP Address, detect proxies and identify a company from an IP Address. Trusted by 10,000+ developers. Try it now!


• Developers care about shipping secure applications. Application security products and processes, however, have not kept up with advances in software development. There are a new breed of tools hitting the market that enable developers to take the lead on AppSec. Learn how Continue reading

Making Connections to Make a Difference at the 2020 Chapter Workshops

Each year during Chapter Workshops, representatives from across the Internet Society come together to advance their shared vision of an open and trusted Internet for everyone. They gather elbow-to-elbow on five different continents, sharing experiences and exchanging local, regional, and global perspectives. These annual workshops are a meeting ground for Internet Society Chapters, project leads, global colleagues, and our partners at the Internet Society Foundation – a chance to collaborate, define strategies, and develop plans.

Key to the Chapter Workshops is working closely to foster synergies, exchange lessons learned, spark engagement, and strengthen relationships across the global Internet Society community.

This year is a little different.

The 2020 Chapter Workshops come at a time when the world is grappling with the COVID-19 pandemic and relying on the Internet to enable continuity. We now understand too well the importance of having a better, reliable, and affordable Internet for everyone.

With this in mind, the Chapter Workshops have been tailored to this context and will take place virtually – where human connection will still be on the agenda. Each region has identified priority topics and developed their sessions accordingly.

Africa (22-25 September)

Europe (5-7 October)

Asia-Pacific (15-16 October)

North America & The Caribbean (19-23 October)

Middle East Continue reading

Raking the floods: my intern project using eBPF

Cloudflare’s globally distributed network is not just designed to protect HTTP services but any kind of TCP or UDP traffic that passes through our edge. To this end, we’ve built a number of sophisticated DDoS mitigation systems, such as Gatebot, which analyze world-wide traffic patterns. However, we’ve always employed defense-in-depth: in addition to global protection systems we also use off-the shelf mechanisms such as TCP SYN-cookies, which protect individual servers locally from the very common SYN-flood. But there’s a catch: such a mechanism does not exist for UDP. UDP is a connectionless protocol and does not have similar context around packets, especially considering that Cloudflare powers services such as Spectrum which are agnostic to the upper layer protocol (DNS, NTP, …), so my 2020 intern class project was to come up with a different approach.

Protecting UDP services

First of all, let's discuss what it actually means to provide protection to UDP services. We want to ensure that an attacker cannot drown out legitimate traffic. To achieve this we want to identify floods and limit them while leaving legitimate traffic untouched.

The idea to mitigate such attacks is straight forward: first identify a group of packets that is Continue reading

NFA v20.09 is now available, featuring the manual flow sampling rate override option and the new graph data export capabilities.

The post NFA v20.09 is now available, featuring the manual flow sampling rate override option and the new graph data export capabilities. appeared first on Noction.