July 25, 2014

PACKETattack

The Ethernet Switching Landscape – Part 07 – Data Center Interconnect (DCI)

This is one of a multi-part series on the Ethernet switching landscape I wrote to support a 2-hour presentation I made at Interop Las Vegas 2014. Part 1 of this written series appeared on NetworkComputing.com. Search for the rest of this series. One of the more specialized featured that appears in a limited […]

by Ethan Banks at July 25, 2014 02:22 PM

The Ethernet Switching Landscape – Part 08 – SDN & OpenFlow

This is one of a multi-part series on the Ethernet switching landscape I wrote to support a 2-hour presentation I made at Interop Las Vegas 2014. Part 1 of this written series appeared on NetworkComputing.com. Search for the rest of this series. Ethernet switches have been a focal point of software defined networking. […]

by Ethan Banks at July 25, 2014 02:22 PM

Guest Post – I Am Interviewed About Interop New York

Folks, this is a first for me on this blog – a guest post. In this case, I was interviewed by TechnologyAdvice’s Clark Buckner about my involvement with Interop. Since I’m a big fan of Interop as a vendor-neutral conference designed to bring together all the IT silos, it was an easy interview […]

by Ethan Banks at July 25, 2014 02:15 PM

D-Link for Business? Yes, That’s a Thing.

Yesterday, I was briefed by the good folks at D-Link about their managed Ethernet switches. If you’re like I was, you think of D-Link purely as a consumer-grade line of switches aimed at home users. Reality is that D-Link also has managed switches that are worth evaluating for the small-to-medium sized enterprise. Why? […]

by Ethan Banks at July 25, 2014 02:10 PM

What is ONIE (Open Network Install Environment)?

On 16-July-2014, I attended a webinar hosted by Curt Brune of Cumulus Networks on ONIE. This post is a distillation of some key points from that webinar. What is the Open Network Install Environment (ONIE)? Conceptually, ONIE (pronounced oh-nee) is a network OS installer used by several whitebox switching vendors to load a network […]

by Ethan Banks at July 25, 2014 02:10 PM

Cisco IOS Hints and Tricks

Could You Replace MPLS/VPN with IPSec-over-Internet?

Someone recently sent me this scenario:

Our CIO has recently told us that he wants to get rid of MPLS because it is too costly and is leaning towards big Internet lines running IPSEC VPNs to connect the whole of Africa.

He was obviously shopping around for free advice (my friend Jeremy Stretch posted his answers to exactly the same set of questions not so long ago); here are the responses I wrote to his questions:

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 25, 2014 09:09 AM

PACKETattack

Seek The Peak Fundraiser Wrap-Up & Thank You

Thanks to all of you that helped me raise money for New Hampshire’s Mount Washington Observatory through the annual “Seek The Peak” hike to Mt. Washington’s summit. I completed the hike on Saturday. If you’d like to read about that hike and see a pile o’ pictures, go to my family’s hiking blog. […]

by Ethan Banks at July 25, 2014 12:57 AM

XKCD Comics

July 24, 2014

Potaroo blog

Some Internet Measurements

At APNIC Labs we’ve been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP.

July 24, 2014 10:00 PM

Peter's CCIE Musings and Rants

Disabling specific log messages on the ASA to help troubleshoot

The ASA logging gives you lots of great info but it tends to have loads of info coming up all at once. I tend to do a trick where I know the IP address I am looking for, so I constantly type:

show log | inc

then I try and generate the traffic and capture the entry in the log.

However, someone else has a great way to disable specific logs

http://tekcert.com/blog/2014/07/23/how-disable-useless-logs-cisco-asa?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Tekcert+%28tekcert.com%29


Great stuff!

by peter_revill (noreply@blogger.com) at July 24, 2014 03:01 PM

July 23, 2014

CCIE Journey

CCIE Journey Special – $500 off 1-Year Premium All Access Pass

INE is offering a $500 off special for a 1 year All Access Pass for our blog readers here. To get the special just click on the INE banner to the left and it will take you to the sign up site for the discount. Not sure how long they will keep the discount going so keep that in mind :)

by CCIE Journey at July 23, 2014 06:04 PM

Cioara's Cisco Blog
Cisco IOS Hints and Tricks

Campfire story: Using the wrong tool for the job

Summer is the perfect time for campfire stories – here’s one about using the wrong tool for the job.

A Long time ago in an IT organization far, far away Artificial Intelligence (AI) was the coolest kid on the block.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 23, 2014 09:07 AM

XKCD Comics

July 22, 2014

Networking Now (Juniper Blog)

VMworld 2014 – Juniper at the Hands-on Lab

This is an exciting year for me. I joined Juniper Networks and my first week, I submitted a lab proposal representing Juniper for the VMworld 2014 Hands-on Lab.  Weeks later, it was approved and two weeks ago, I finalized the lab and document.  I am so incredibly excited that for the first time ever, Juniper Networks is represented in the VMworld Hands-on Lab.

What will be covered in the lab you ask? The lab of course covers some, but not all, of our Security virtualized products.  If you would like a complete listing of these products, please review my previous blog post.

 

 

VMware-Hands-On-Labs.jpg

 

 

 

 

 

 

 

 

 

The Hands-on lab for 2014 is lab

 

HOL-PRT-1472 : Juniper Virtual Security for the Enterprise and Service Provider Environment

 

covers Juniper Junos Space with Security Director and Virtual Director, Firefly Perimeter, and DDoS Secure.  The agenda for the lab is:

 

 

 

HOL-PRT-1472

Juniper Virtual Security for the Enterprise and Service Provider Environment

 

Lab Overview

 

Juniper Junos Space 101

            Introduction to Space

            Introduction to Virtual Director

            Introduction to Security Director

 

Managing Your Physical and Virtual Infrastructure with Juniper Junos Space

            Use Cases for Juniper Junos Space and Firefly Perimeter

            Deploying Firefly Perimeter

            Virtual Director – Greater Detail

            Security Director – Greater Detail

            Why Juniper for Your Physical and Virtual Infrastructure

 

Juniper DDoS Secure

            Why Juniper DDoS Secure

            Introduction to Juniper DDoS Secure

            Introduction to Juniper DDoS Secure UI

            Configuration of Testing Environment

            Low and Slow Attack

 

If you are interested in taking the lab, the hours are:

 

  • Sunday, August 24: 9:00 am – 7:00 pm
  • Monday, August 25: 10:30 am – 7:00 pm
  • Tuesday, August 26: 10:30 am – 6:00 pm
  • Wednesday, August 27: 8:00 am – 5:00 pm
  • Thursday, August 28: 8:00 am – 3:00 pm

 

Information on the Hands-on Labs

 

I look forward to seeing you there! Make sure you stop by and say hi!!!

by banksek at July 22, 2014 08:54 PM

Honest Networker
My Etherealmind

Big Switch Networks Launches Mature Hardware-Centric Data Centre SDN Solution

Big Switch Networks (BSN) launches Version 4.0 of Big Cloud Fabric for hardware-centric SDN data centre fabric. The Data Centre Fabric solution clearly shows the maturity gained from 5 years of shipping products while adding innovation in switch hardware through Switch Light operating system. At the same time, they have completed the transition from platform to product. A product that really has what you need in a hardware-centric SDN platform and addresses nearly all of the issues the competitors have not addressed. And it is shipping now.


Advertise here with BSA

The post Big Switch Networks Launches Mature Hardware-Centric Data Centre SDN Solution appeared first on EtherealMind.

by Greg Ferro at July 22, 2014 02:30 PM

Inevitable

Six Phases of Network Evolution


Last month I was asked to speak about Next Generation Networks at Indonesian Network Operators Group (IDNOG) forum. Whenever I speak about this subject with my customers, I usually use top down approach: started by talking about the business drivers and requirements, NGN architecture, to high level and low level design, before going deep into details to each supporting technology.

This time I decided to take a different approach. Instead, I tried to demonstrate how to build a new SP network from bottom to up. The objective is to show how the network can be transitioned from the simple one that offers a single service, to the one that carry multiple services and become resilient Next Generation Networks. I don't know if the message was received by the attendees, but I run out my 30 minutes time so I continued that effort by conducting the webex session few weeks ago.


The presentation I made for that session inspires me to write down about the six phases of network evolution below. And the phase will end up with the one thing that has become hot topic these days: Software Defined Network (SDN).

Phase 1: It begins with connectivity
When we build the network from ground up, the first and most important thing to focus is all about connectivity. Site A can connect to site B. User can access the server. This means we need to build the physical topology, enable layer 2 and L3 routing protocols (IGP, BGP) to provide connectivity. And it is common to deliver only single service (Internet/data) on global routing table.

Phase 2: Converged network and multi-services
Then comes the next requirement to use the same network to deliver multiple services. MPLS is definitely the protocol of choice by industry to provide overlay in the network, even other tunneling protocols can still be used as long as the objective is achieved. The network now must be able to provide L3VPN and L2VPN services over MPLS, High speed Internet, voice over IP, IPTV for both multicast stream and unicast video on demand, even mobile services and multimedia. Convergence happens in access layer too: one IP MPLS network to carry different types of last-mile access networks technology.

Phase 3: Scalability
When we have big number of users accessing multiple services, especially for Service Provider, scalability factor becomes important. Nowadays we use IGP routing protocol only to connect between SP routers while the customer networks are carried using BGP. IGP must be fine tuned and link-state protocol area design must be done properly to make it scalable. BGP RR design becomes crucial when the number of BGP speakers is high. Multiple BGP AS must be able to work between each other to carry the services seamlessly. Even the design of every part of the network need to be unified and consistent in order to make it easier to scale up.

Phase 4: Services level differentiation
QoS will kick in when there is congestion in the network. When there is no congestion, QoS is applied to limit the service in order to differentiate service level provided to end user. QoS implementation in Service Provider network is obviously different with Enterprise network. In SP it's common to share network infrastructure that spread across the nation connected with WAN links, with potential of network congestion, to serve big number of users trying to access multiple services. QoS makes sense to be applied to prioritize certain type of traffic, or to charge the customer differently depending on the agreed service level. In Enterprise network such as LAN campus network or data center, it is already considered low latency network with sufficient bandwidth pipe hence the QoS implementation focus is most likely on the WAN link.


Phase 5: High availability and resiliency
The target for HA and resiliency in the network depends on how much we can tolerate services unavailability. Some customers can afford network downtime for days while others can only tolerate fraction of seconds. Some applications can continue to work, or to resume immediately, when it gets disconnected for more than few seconds while some others can show serious disruption when the network is down within miliseconds. So we need to look at high availability and resiliency from end to end perspective. Physical topology redundancy is good but may not be enough. Link down or network node down detection becomes crucial. IGP can be fined tune to react below 500 ms. Hardware availability combined with NSF, NSR and GR may be able to provide 0 packet drop during route-processor failover. BGP fast convergence is done in forwarding plane, even in control plane it still relies on IGP convergence. Multicast streams can be active-active and in parallel using path diversity to provide always-on IPTV service. MPLS TE and IP FRR may be used to achieve sub-50 ms while waiting for the IGP to fully converged, in exchange of more complexity in the network. And infrastructure security is another factor to consider to ensure network availability.

Phase 6: Manageability, agility and efficiency
"Simplicity is the prerequisite for reliability". In order to provide reliable services it should be simple enough to run the network. Some believe if network management works as expected we won't even talk much about SDN. The fact that the network today has become very complex to manage, even with various management tools available in the market, makes many of us are looking for the solution that seems to be promised by SDN. We still need to run lots of management protocol like SNMP and RMON. We still need to secure management channel through SSH or other encrypted channel. But now we want the network to be agile to adopt to the changes that come from lots of new applications. We need to be able to provision new services quicker. We are talking more and more about automation and network programmability. We want the network to be efficient. We want to hide all the complexity that happens in the network to make it efficient for the operator to run and manage it. And SDN may be able to do so by providing the abstraction to provide the simplicity to run the network.



In the end, with the amount of complexity built up when the network transforms from one phase to the other as above, it's clear why SDN looks promising. It's easier now to understand why people believe SDN is the answer.
Because it's simply the part of the network evolution.

by noreply@blogger.com (Himawan Nugroho) at July 22, 2014 12:31 PM

Renesys Blog

Kurdish ISPs enable growth of Iraqi Internet

The recent violence in Iraq and the government’s actions to block social media and other Internet services have put a spotlight on the Iraqi Internet. However, an overlooked but important dynamic in understanding the current Iraqi Internet is the central role Kurdish ISPs play in connecting the entire country to the global Internet.

In the past five years, the Internet of Iraq has gone from about 50 networks (routed prefixes) to over 600. And what is most noteworthy this that the growth has not occurred as a result of increased connectivity from the submarine cable landing at Al Faw, as would be expected in a typical environment. Instead the dominant players in the Iraqi wholesale market are two Kurdish ISPs that connect to the global Internet through Turkey and Iran: Newroz and IQ Networks. Iraq-International-Internet-Connectivity-Paths-by-Dyn@72dpi

Help from the Kurds

The Iraqi Kurdistan region contains four main cities: Erbil, Duhok, Zakho and Sulaymaniyah. Newroz covers the first three, while IQ Networks provides service in the last. However, it would be incorrect to simply classify these providers as city-level retail ISPs. They also carry significant amounts of traffic for the rest of the country.


logo4        iq-networks-orig-220x48

From the relative peace and stability of Kurdistan, Newroz and IQ Networks sell transit to Iraqi ISPs in the biggest markets — those in the middle and south of Iraq. Central Iraq ISPs, such as Earthlink, ScopeSky, and FastIraq, attain transit from the Kurdish providers by connecting in northern Iraqi cities of Mosul and Kirkuk.

Five years Iraqi Internet growth

The graph below illustrates the overall growth of the Iraqi Internet over the last five and a half years. The total count of Iraqi networks (routed prefixes) is depicted in purple and the networks transited by either Newroz (blue), IQ Networks (green) or both (yellow) are overlaid as a stacked plot in the forefront. At last count, 73% of Iraq networks are routed through these two providers. And if you count unique IP addresses, these two Kurdish providers transit 86% of all Iraqi IP address space.


pfx_count_IQ.dat2-3

The remaining networks are either routed through Jordan (e.g. Earthlink to Damamax), various satellite service providers, smaller direct connections to Turkey or submarine cable connectivity at the Al Faw cable landing (most notably ITC service to GTT). Below are recorded remarks by Prime Minister Nouri al-Maliki at the opening ceremony of ITC fiber service during which he said, “fiber optic cables have paved the way in revolutionizing the world of communications and this will now be witnessed in Iraq.”

The following graph is similar to the previous one, but limited to just 2014 to more clearly illustrate recent changes. You can see a discontinuity in June as militants destroyed an interconnection point in Mosul, impacting Internet traffic transited by Newroz from central Iraq. Most notably Earthlink lost its service from Newroz and Damamax in this incident.


mosul_shift

Low Risk of Disconnection

In 2012, Jim Cowie classified Iraq as “low risk of disconnection” in his blog post Could it happen in your country?. The conclusion was that due to the diversity of external transit sources (submarine cable, satellite, and terrestrial via Turkey, Iran and Jordan), it would be difficult to completely disconnect the Iraq from the global Internet. It may be cold comfort for those Iraqis who were (and still are) impacted by the recent blackouts, but this back-of-the-envelope analysis was proven correct by recent events.

In fact, it is the latest attempted shutdowns (including the failed attempt last fall during a pricing dispute) that prove, perhaps surprising to some, how resilient the Internet of Iraq is. And that resiliency is primarily due to Kurdish transit.

The post Kurdish ISPs enable growth of Iraqi Internet appeared first on Renesys.

by Doug Madory at July 22, 2014 11:45 AM

The Networking Nerd

I Can’t Drive 25G

Ethernet

The race to make things just a little bit faster in the networking world has heated up in recent weeks thanks to the formation of the 25Gig Ethernet Consortium.  Arista Networks, along with Mellanox, Google, Microsoft, and Broadcom, has decided that 40Gig Ethernet is too expensive for most data center applications.  Instead, they’re offering up an alternative in the 25Gig range.

This podcast with Greg Ferro (@EtherealMind) and Andrew Conry-Murray (@Interop_Andrew) does a great job of breaking down the technical details on the reasoning behind 25Gig Ethernet.  In short, the current 10Gig connection is made of four multiplexed 2.5Gig connections.  To get to 25Gig, all you need to do is over clock those connections a little.  That’s not unprecedented, as 40Gig Ethernet accomplishes this by over clocking them to 10Gig, albeit with different optics.  Aside from a technical merit badge, one has to ask themselves “Why?”

High Hopes

As always, money is the factor here.  The 25Gig Consortium is betting that you don’t like paying a lot of money for your 40Gig optics.  They want to offer an alternative that is faster than 10Gig but cheaper than the next standard step up.  By giving you a cheaper option for things like uplinks, you gain money to spend on things.  Probably on more switches, but that’s beside the point right now.

The other thing to keep in mind, as mentioned on the Coffee Break podcast, is that the cable runs for these 25Gig connectors will likely be much shorter.  Short term that won’t mean much.  There aren’t as many long-haul connections inside of a data center as one might thing.  A short hop to the top-of-rack (ToR) switch, then another different hop to the end-of-row (EoR) or core switch.  That’s really about it.  One of the arguments against 40/100Gig is that it was designed for carriers for long-haul purposes.  25G can give you 60% of the speed of that link at a much lower cost.  You aren’t paying for functionality you likely won’t use.

Heavy Metal

Is this a good move?  That depends.  There aren’t any 25Gig cards for servers right now, so the obvious use for these connectors will be uplinks.  Uplinks that can only be used by switches that share 25Gig (and later 50Gig) connections.  As of today, that means you’re using Arista, Dell, or Brocade.  And that’s when the optics and switches actually start shipping.  I assume that existing switching lines will be able to retrofit with firmware upgrades to support the links, but that’s anyone’s guess right now.

If Mellanox and Broadcom do eventually start shipping cards to upgrade existing server hardware to 25Gig then you’ll have to ask yourself if you want to pursue the upgrade costs to drive that little extra bit of speed out of the servers.  Are you pushing the 10Gig links in your servers today?  Are they the limiting factor in your data center?  And will upgrading your servers to support twice the bandwidth per network connection help alleviate your bottlenecks? Or will they just move to the uplinks on the switches?  It’s a quandary that you have to investigate.  And that takes time and effort.


 

Tom’s Take

The very first thing I ever tweeted (4 years ago):

We’ve come a long way from ratified standards to deployment of 40Gig and 100Gig.  Uplinks in crowded data centers are going to 40Gig.  I’ve seen a 100Gig optic in the wild running a research network.  It’s interesting to see that there is now a push to get to a marginally faster connection method with 25Gig.  It reminds me of all the competing 100Mbit standards back in the day.  Every standard was close but not quite the same.  I feel that 25Gig will get some adoption in the market.  So now we’ll have to choose from 10Gig, 40Gig, or something in between to connect servers and uplinks.  It will either get sent to the standards body for ratification or die on the vine with no adoption at all.  Time will tell.

 


by Tom Hollingsworth at July 22, 2014 01:13 AM

July 21, 2014

Packet Pushers Blog/Podcast

Show 197 – Cisco Nexus Updates with Ron Fuller – Sponsored

Repeat guest and friend of the Packet Pushers Ron Fuller chats with Greg Ferro and Ethan Banks about the latest updates to both the hardware and software in the ever-growing and capable Cisco Nexus product line. We get a thorough update in this show, hitting lots and lots of highlights. Discussion What's new with the Nexus 7K product line? New hardware in the form of the 7706, 7710, 7718 chassis. New F3 line cards. Additions to the Nexus 6K line with the 6004X chassis, featuring all removable LEMs. NX-OS continues to mature. The 6.2 code train now has "long lived" releases for customers who wish to standardize on specific builds. The Nexus Validation Testing program continues to grow in scope. New software services include Remote Integration of Services Engines (RISE) and Intelligent Traffic Director (ITD). The Nexus 5K line gets new models in the 5672 and 56128 which feature line rate L3 forwarding. What is Dynamic Fabric Automation, and how has customer adoption been? Links Cisco Nexus 7700 Data Sheet Cisco Nexus I/O Modules Data Sheets (including the F3 modules) Cisco Remote Integrated Service Engine Cisco/Citrix RISE-related White Paper Cisco Nexus 7000 NX-OS 6.2 Release Notes

by Packet Pushers Podcast at July 21, 2014 06:31 PM

Honest Networker
My Etherealmind

Response: Improving Flow Based Hashing on ECMP with Cuckoo hashing

There are many algorithms that can be used to for flow-based hashing to provide the best load balancing method over multiple IP or Ethernet connections but I recently learned that Cuckoo Hashing the preferred method.


Advertise here with BSA

The post Response: Improving Flow Based Hashing on ECMP with Cuckoo hashing appeared first on EtherealMind.

by Greg Ferro at July 21, 2014 03:39 PM

Internetwork Expert Blog

CCIE RSv5 ATC Continues Wednesday, July 23rd

The CCIE Routing & Switching Advanced Technologies Class v5 resumes Wednesday, July 23rd at 8:00 AM PDT (15:00 UTC) at live.ine.com, where we will be discussing MPLS Layer 3 VPN. In the meantime, you will find the streaming and download playlists have been updated and now includes over 63 hours of content.

We have some other great news as well. The CCIE R&S v5 Rack Control panel has been released with the built-in telnet, loading and saving configs and one click device configurations and reset requests. Also, new content will be posted this week to the workbook, including all new troubleshooting labs.


by Brian McGahan, CCIE #8593, CCDE #2013::13 at July 21, 2014 03:01 PM

Cioara's Cisco Blog
Cisco IOS Hints and Tricks

Layer-3 Switching over VXLAN Revisited

My Trident 2 Chipset and Nexus 9500 blog post must have hit a raw nerve or two – Bruce Davie dedicated a whole paragraph in his Physical Networks in Virtualized Networking World blog post to tell everyone how the whole thing is a non-issue and how everything’s good in the NSX land.

It’s always fun digging into more details to figure out what’s really going on behind the scenes; let’s do it.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 21, 2014 08:12 AM

XKCD Comics

July 19, 2014

Cioara's Cisco Blog

July 18, 2014

My Etherealmind

My Private Cloud Block Architecture Diagram

Here is a block diagram showing the functional areas in private & public cloud that I use when working with clients. I'm often explaining the full picture of cloud building especially in relation to how the network can be orchestrated to fully accelerate the cloud process. I hope you find it useful.


Advertise here with BSA

The post My Private Cloud Block Architecture Diagram appeared first on EtherealMind.

by Greg Ferro at July 18, 2014 12:36 PM

Cisco IOS Hints and Tricks

Next Chapter in Data Center Design Case Studies

When I published the Data Center Design Case Studies book almost exactly a month ago, three chapters were still missing – but that was the only way to stop the procrastination and ensure I’ll write them (I’m trying to stick to published deadlines ;).

The first one of the missing chapters is already finished and available to subscribersand everyone who bought the book or Designing Private Cloud Infrastructure webinar (you’ll also get a mailing on Sunday to remind you to download the fresh copy of the PDF).

The Amazon Kindle version will be updated in a few days.

by Ivan Pepelnjak (noreply@blogger.com) at July 18, 2014 08:55 AM

XKCD Comics

July 17, 2014

Honest Networker
Networking Now (Juniper Blog)
Honest Networker
Packet Pushers Blog/Podcast

Coffee Break 12

The Coffee Break will be renamed to the "The Network Break" and will be getting its own channel on the Packet Pushers Network. But for this week, we talk about the latest news in networking and physical infrastructure.

by Packet Pushers Podcast at July 17, 2014 12:54 PM

Networking Now (Juniper Blog)

A Holistic Approach to DDoS Mitigation and DNS Availability

Today organizations need to be prepared for a number of different types of DDoS attacks on their networks. Today Juniper Networks announced several new enhancements that allows its DDoS Secure solution to help the network better defend itself by using routers as enforcement points.  

by rajoon at July 17, 2014 12:00 PM

Cisco IOS Hints and Tricks

Network Automation @ Spotify on Software Gone Wild

What can you do if you have a small team of networking engineers responsible for four even-growing data centers (with several hundred network devices in each of them)? There’s only one answer: you try to survive by automating as much as you can.

In the fourth episode of Software Gone Wild podcast David Barosso from Spotify explains how they use network automation to cope with the ever-growing installed base without increasing the size of the networking team.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 17, 2014 08:56 AM

Internetwork Expert Blog

CCIE Bootcamp Price Reduction

INE is reducing the cost of our live, instructor-led bootcamps by $1,000 each. Our new pricing model will still include access to our workbooks and ATC video courses with the purchase , but will separate out the Lab Exam Voucher and access to our All Access Pass as optional add-ons to provide you with a more flexible options for both your learning style and your budget. If you would like the existing complete, bundled solution, you have until Aug 1 to make a bootcamp purchase.

See this advert for more details.

Look forward to seeing you in a bootcamp soon!

by Mark Snow, CCIE #14073 at July 17, 2014 01:21 AM

July 16, 2014

Packet Pushers Blog/Podcast

Priority Queue – SDN and The Reseller Channel

What is the future of SDN Vendors ? Will all the startups eventually close down to just a few choices or can there be a vibrant ecosystem which can allow for many vendors to survive ? The discussion took a left turn and became an strong discussion of whether resellers will survive the arrival of SDN.

by Packet Pushers Podcast at July 16, 2014 04:00 PM

Networking Now (Juniper Blog)

Infonetics Research Analyst Jeff Wilson Validates Juniper Networks Commitment to Security

Juniper Networks has the ingredients and lineage to remain one of the top three players in network security, according to a report by Jeff Wilson, principal analyst with Infonetics Research. See what he had to say after attending Juniper's annual Industry Analyst Event.

by dthomchick at July 16, 2014 03:11 PM

Peter's CCIE Musings and Rants

Good looking CDR reporting tool for CUCM

Hi Guys


I just saw this CDR reporting tool for CUCM and it actually looks really good
http://www.isi-info.com/solutions/call-accounting-and-reporting/infortel-select

Also please find below a really good Erlang B calculator for working out trunk sizes
http://www.cas.mcmaster.ca/~qiao/publications/erlang/newerlang.html

by peter_revill (noreply@blogger.com) at July 16, 2014 09:05 AM

XKCD Comics

July 15, 2014

CiscoZine

Send Cisco commands via SNMP

In the article “How to save configurations using SNMP“, I have explained how to get the Cisco configuration using SNMP. Now, I explain how to send commands via SNMP using the “ciscoConfigCopyMIB” MIB;  with this MIB, you can replace running/startup configuration, send commands, save the “show” output or reload the device. OK, let’s start :) First of all, check if your PC/Server has the SNMP suite; if not, install the net-snmp software (http://net-snmp.sourceforge.net/). Then open a terminal on your pc and use these commands: snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.2.[Random number] i 1 snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.3.[Random number] i […]

by Fabio Semperboni at July 15, 2014 09:57 PM

My Etherealmind

Mellanox and bad CLI choices

I’ve been working on Mellanox S-Series switches lately in a largish network with several hundred 10GbE server ports. On the whole, the product has performed beyond my cynically low expectations and the product has good capabilities overall but the command line interface (CLI) is a really poor user experience. How about this gem for configuring […]


Advertise here with BSA

The post Mellanox and bad CLI choices appeared first on EtherealMind.

by Greg Ferro at July 15, 2014 07:02 PM

Networking Now (Juniper Blog)

A Hale and Hearty Network

                                                        healthy_heart_image.jpg

As I was reading this article describing examples of certain healthcare practitioners using data mining and analytics of patients’ lifestyles (e.g. foods they eat, activity levels, where they live, etc.) to help predict their risk factor for ailments, I started to draw a parallel to the state of the network. I was thinking about how security analytics of a network may help predict the onset of a data breach. The common goal in both cases, human and network, is to maintain a certain level of health – call it an “equilibrium” state, one that doesn’t require immediate intervention or repair.

 

Inspired by the table shared in the article describing what certain collected data about a patient could indicate about his/her health habits, I came up with a table containing types of network state related which could be indicators for a potential data exploit/breach.

 

State of Network

Analysis

Weak password for an online account

This could allow a hacker to uncover the password (by using automated tools), gain access to user data (name, address, phone #, bank account/credit card data) and perform unauthorized transaction (e.g., purchase of product/service or withdrawal of money from bank account) on the user’s behalf.

Multiple unsuccessful attempts to search for usernames and passwords via Web browser exploitation techniques

This could result in a data breach.

Improper isolation of HR records, financial, medical, credit/debit card, or other PII data within Enterprise data center/private cloud network

This could inadvertently allow an insider (e.g. employee) access to the network for obtaining and selling data on black market for profit.

Excessive communication requests to a Web server or other resource, slowing it down considerably or rendering it unavailable

This could indicate someone is trying to gain access to the server for malicious intent.

No application layer protection at Enterprise edge

This could allow a hacker to launch an application-layer attack and access data for further exploitation.

 

Enterprise and service providers would benefit greatly from self-monitoring and constantly improving the health of networks, to minimize the possibility of a data breach.

 

One of the ways to do this is via technology, including application-aware, next generation firewalls, and strong SIEM solutions and network security management solutions (for firewall management), which provide visibility, analyze network security posture, and alert administrators about unusual network activity.

 

In addition, humans themselves should be held accountable for security. For one, it is imperative that the IT security team is proactively monitoring the network security posture, carefully balancing access to certain network resources, applications and data with control over the same. In addition, trust plays a big role in maintaining security and privacy, so it is ultimately the responsibility of individuals (business owners and employees) to not exploit data for personal gain.

by skathuria at July 15, 2014 06:48 PM

PACKETattack

Support Science – Donate to My 19-July-2014 Hike Up Mt. Washington!

On Saturday, 19-July-2014, I’ll be hiking up to the summit of Mt. Washington in New Hampshire. Mt. Washington is famous for its terrible weather, extraordinarily high winds on bad days, and arctic-like conditions in winter. Everest hopefuls train on Mt. Washington. Mt. Washington is also home to a number of weather-related scientific endeavors […]

by Ethan Banks at July 15, 2014 03:01 PM

Cisco IOS Hints and Tricks

There Is no Paradigm Shift – Good Applications Were Always Network-Aware

Someone left the following comment on one of my blog posts:

There is a paradigm shift that I don’t think most application developers understand. In a traditional enterprise model, the network is built around the application requirements, now we are saying the application has to build around the network.

I would say there’s no paradigm shift – developers of well-performing applications were always aware of laws of physics.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 15, 2014 08:50 AM

The Data Center Overlords

OTV AEDs Are Like Highlanders

While prepping for CCIE Data Center and playing around with a lab environment, I ran into a problem I’d like to share. I was setting up a basic OTV setup with three VDCs running OTV, connecting to a core VDC running the multicast core (which is a lot easier than it sounds). I’m running it in […]

by tonybourke at July 15, 2014 03:10 AM

Packet Pushers Blog/Podcast

Using Big Tools for Small Problems

BGP in the data center? And MPLS? Are you insane? Well, maybe, yes. But then again, I’ve been known to do a lot of crazy things in my time. Isn’t MPLS a core and edge service provider technology, while VXLAN is an enterprise data center technology? But let’s begin with this idea that technologies are […]

Author information

Russ White

Russ White

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking on Network Complexity at RIPE in May, and has recently published a new book, The Art of Network Architecture.

The post Using Big Tools for Small Problems appeared first on Packet Pushers Podcast and was written by Russ White.

by Russ White at July 15, 2014 02:10 AM