Large flow marking using BGP Flowspec

Elephant Detection in Virtual Switches & Mitigation in Hardware discusses a VMware and Cumulus demonstration, Elephants and Mice, in which the virtual switch on a host detects and marks large "Elephant" flows and the hardware switch enforces priority queueing to prevent Elephant flows from adversely affecting latency of small "Mice" flows.

SDN and WAN optimization describes a presentation by Amin Vahdat describing Google's SDN based wide area network traffic engineering solution in which traffic prioritization allows Google to reduce costs by fully utilizing WAN bandwidth.

Deconstructing Datacenter Packet Transport describes how priority marking of packets associated with large flows can improve completion times for flows crossing the data center fabric. Simulation results presented in the paper show that prioritization of short flows over large flows can significantly improve throughput (reducing flow completion times by a factor of 5 or more at high loads).

This article demonstrates a self contained real-time Elephant flow marking solution that leverages the real-time visibility and control features available using commodity switch hardware.

The diagram shows the elements of the solution. An instance of the sFlow-RT real-time analytics engine receives streaming sFlow telemetry from a pair of edge routers. A mix of many small flows mixed Continue reading

Tech Bytes: Payomatic Cuts Costs, Revamps WAN With Fortinet Secure SD-WAN (Sponsored)

Today’s Tech Bytes episode, sponsored by Fortinet, explores an SD-WAN deployment with PAYOMATIC, a lending company in NYC. We talk about how PAYOMATIC cut costs by migrating off MPLS, and how Fortinet Secure SD-WAN positioned the company to take advantage of new infrastructure options. Our guest is Michael Saraceno, CISO and VP of IT at PAYOMATIC.

The post Tech Bytes: Payomatic Cuts Costs, Revamps WAN With Fortinet Secure SD-WAN (Sponsored) appeared first on Packet Pushers.

Making the Most of Our MANRS Partnerships – NIC.br and Brazil Lead the MANRS Pack

Read this blog in Portuguese

Improving the state of routing security is no small task. It requires network operators, IXPs, and CDN and cloud providers of all sizes across the globe to work together, improve their own networks, and open lines of communications with both their friends and competitors to make a real difference.

One of the ways we’ve been able to spread the MANRS message so far and wide is through partnerships. We’re lucky to have dedicated, strong partners in several regions of the world. In this post, we’ll talk about one partnership in particular – NIC.br – and how their efforts have changed the landscape for routing security in Brazil and beyond.

A Little History

NIC.br is responsible for the administrative and operational functions related to the .br (Brazil) domain. In addition, NIC.br goes beyond similar entities in other countries, investing in actions and projects that bring a series of benefits to the improvement of activities related to the available Internet infrastructure in Brazil.

In 2017, NIC.br hosted a Safer Internet Program, which the Internet Society supported. NIC.br invited Andrei Robachevsky to speak on a fairly new initiative called MANRS addressing routing security as Continue reading

Network Break 287: Open Compute Infrastructure Makes Its Mark; Cisco Live Postponed

Today's Network Break podcast discusses the growth of the infrastructure market based on Open Compute specs, the decline in switch and routing revenues, Cisco postponing its 2020 Cisco Live virtual event, VMware's latest acquisition, and more tech news.

The post Network Break 287: Open Compute Infrastructure Makes Its Mark; Cisco Live Postponed appeared first on Packet Pushers.

The Week in Internet News: Zoom Says End-to-End Encryption Only for Paying Users

No free encryption: Popular videoconferencing service Zoom has promised to roll out end-to-end encryption, but it won’t provide encrypted service to free users, The Verge reports. The decision allows Zoom to share information about free conference with law enforcement agencies. Zoom doesn’t want to give free users end-to-end encryption “because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose,” Zoom CEO Eric Yuan said.

A big spike: Internet use has gone up dramatically in rural India in recent weeks, with people flocking to YouTube, Netflix, and other services during the COVID-19 pandemic, Inc42.com reports. Data consumption on the BharatNet fiber backbone nearly tripled, to 150 Terabytes in May from 55 TB in January. During the same timeframe, Netflix use in rural India grew by 422 percent, with YouTube and Facebook growing by 219 percent and 374 percent, respectively.

Broadband challenges: The government of Nigeria has a new broadband plan with a goal of increasing download speeds to 25 Mbps in urban areas and 10 Mbps in rural areas, Quartz Africa says. The country now has a mean download speed of less than 1.6 Mbps. But Continue reading

AT&T Trumpets First US Activation of Dynamic Spectrum Sharing

“DSS is an important stepping stone on our path to nationwide 5G," AT&T's Igal Elbaz said.

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Redundant Server Connectivity in Layer-3-Only Fabrics

A long while ago I decided to write an article explaining how you could run VMware NSX on ESXi servers with redundant connections to two top-of-rack switches on top of a layer-3-only fabric (a fabric with IP subnets and VLANs limited to a single top-of-rack switch). Turns out that’s Mission Impossible, so I put the article on the back burner and slowly forgot about it.

Well, not exactly. Every now and then my subconsciousness would kick it up and I’d figure out yet-another reason why it’s REALLY hard to do it right. After a while, I decided to try again, and completely rewrote the article. The first part is already online, more details coming (hopefully) soon.

Continue reading

DevAsc – Introduction to XML

Introduction

XML, or Extensible Markup Language, rounds out the usual suspects of YAML, JSON, and XML. It’s probably my least favorite of the three, but knowledge of XML is needed when working with code.

XML is, of course, related to HTML. So why didn’t we just settle for HTML? Turns out machines don’t understand HTML very well. They can parse it perfectly fine, yes, but in HTML you put information in, such an address, and you understand it’s an address because you are a human. A machine doesn’t know that Baker Street is an address, unless you tell it.

Syntax

XML consists of tags, elements, and attributes. Let’s take a basic example and then go through these in more detail:

<?xml version="1.0" encoding="UTF-8"?>
<address>
  <name>
    <title>Mr</title>
    <first-name>Sherlock</first-name>
    <last-name>Holmes</last-name>
  </name>
  <street>221B Baker Street</street>
  <city state="NA">London</city>
</address>

First, we declare that this is an XML document and the encoding used. This is called a prolog. It’s optional, but if included, should always be the first line.

The tag <address> is the root of the document. We must always have a root. The tag <address> has three children:

  • <name>
  • <street>
  • <city>

The tag <name> has three children as well:

Ladies and Gentlemen… Cloudflare TV!

Ladies and Gentlemen… Cloudflare TV!
Ladies and Gentlemen… Cloudflare TV!

I'm excited to announce the upcoming launch of Cloudflare TV. A 24x7 live television broadcast, streamed globally via the Cloudflare network. You can tune in to the pre-broadcast station and check out the upcoming schedule at: cloudflare.tv

I'm kicking off the first live broadcast starting at 12:00pm Pacific (1900 UTC) on Monday, June 8 with a conversation with Chris Young (add to calendar). Chris was most recently the CEO of McAfee and has had a career defining the cyber security industry, from his own startup Cyveillance in the 1990s, to leadership positions at AOL, RSA, VMWare, Cisco, and Intel. I hope you'll tune in and then stay tuned for all the content our team has in store.

Ladies and Gentlemen… Cloudflare TV!

Which leaves the question: why on earth is Cloudflare launching a 24x7 television station?

The Uniting Power of Television and Tech Conferences

I was born in the 70's, am a child of the 80's, and got started in my career in the 90's. In the background, throughout much of it, was linear television we watched together. Over the last few months I've learned that Michelle Zatlyn, my co-founder and Cloudflare's COO, and I shared a love of Children's Television Network's Continue reading

Headcount: Firings, Hirings, and Retirings — May 2020

Nutanix furloughed 25% of its workforce, saying COVID-19 is to blame; SAP cloud CFO jumped ship;...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

6G Concepts Gain Backing Amid Political Smacking

Efforts to develop what comes after 5G are gaining momentum, but it’s more of a rallying cry to...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Worth Reading: Emerging Communications Technologies

Every few years someone within the ITU-T (the standard organization that mattered when we were still dealing with phones, virtual circuits and modems) realizes how obsolete they are and tries to hijack and/or fork the Internet protocol development. Their latest attempt is the “New IP” framework, and Geoff Huston did a great job completely tearing that stupidity apart in his May 2020 ISP column. My favorite quote:

It’s really not up to some crusty international committee to dictate future consumer preferences. Time and time again these committees with their lofty titles, such as “the Focus Group on Technologies for Network 2030” have been distinguished by their innate ability to see their considered prognostications comprehensively contradicted by reality! Their forebears in similar committees missed computer mainframes, then they failed to see the personal computer revolution, and were then totally surprised by the smartphone.

Enjoy!

On this 8th World IPv6 Launchiversary, Help Us Get More Websites Available Over IPv6

chart showing IPv6 statistics from Google that have gone from near 1% in 2012 to over 30% in 2020

Eight years ago, on June 6, 2012, thousands of companies and organizations came together as part of World IPv6 Launch to permanently enable IPv6 for their websites and networks.

Today, we can see the success! If you visit the World IPv6 Launch measurements site, you can see some amazing numbers:

  • Reliance Jio’s network in India has over 90% IPv6 deployment!
  • Comcast’s huge network in the US is at 73% IPv6.
  • The combined US wireless carriers are over 85% IPv6.
  • Deutsche Telekom is over 68% IPv6.
  • Claro in Brazil is at 62% IPv6.

Another major source of info, Google’s IPv6 statistics, show that over 30% of all traffic to Googles sites globally is now over IPv6. If you look at Google’s per-country IPv6 adoption, some countries are seeing up around 50% of all traffic to Google’s properties going over IPv6.

This is all fantastic to see. But of course, we want more IPv6 deployment!

Specifically, we want more web sites and services available over IPv6. Increasing numbers of IPv6-only mobile networks are being deployed around the world. To ensure that people can reach websites that are still only available over IPv4, many IPv6-only networks use IPv6-to-IPv4 gateways. But we Continue reading

Daily Roundup: VMware Lassos Lastline

VMware lassoed Lastline to boost security NDR; How to train employees not to fall for phishing...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Weekend Reads 060520

On 27 February 2020, MalwareMustDie (MMD), a workgroup focused on the research and study of Linux malware, analysed and shared a new type of malware they called RHOMBUS. This malware was compiled for different architectures, had persistence mechanisms and dropped a second-stage payload. —Lisandro Ubiedo

Security researchers witnessed the deployment of PonyFinal ransomware at the end of extended human-operated attack campaigns. In a series of tweets, Microsoft Security Intelligence revealed it had observed human-operated campaigns laying in wait for the right moment to deploy PonyFinal ransomware as their final payload. —David Bisson

NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data. —Graham Cluley

Memory isolation is a cornerstone security feature in the construction of every modern computer system. Allowing the simultaneous execution of multiple mutually distrusting applications at the same time on the same hardware, it is the basis of enabling secure execution of multiple processes on the same machine or in the cloud. The operating system is in charge of enforcing this isolation, as well Continue reading

1 935 936 937 938 939 3,833