April 30, 2016

Networking Now (Juniper Blog)

Software Defined Secure Networks (SDSN): Why do we need them?

At this year’s RSA event Juniper announced, “software defined secure networks” (SDSN). It has been the topic of discussion with customers and partners to make them think of security in a completely different way. This blog focuses on a new way of deploying security across the entire organization and cloud assets.



by rkkumar at April 30, 2016 01:12 AM

April 29, 2016

XKCD Comics

April 28, 2016

Internetwork Expert Blog

OSI Model…moving up-and-down the stack

Hello everyone!
I recently received an email from a learner who is studying for his CCNA Routing-and-Switching Certification and he had a few excellent questions about the OSI model and how, exactly data moves from one-layer to the next. I figured my response might prove valuable to others studying for their CCNA so…here it is!

  1. Learner-Question: In video of the osi model, you said that the session layer should provide the source and destination port number but the fields of those ports are at the transport header- my question is how does the session layer put this number on field which does not exist in that time (when i send the date the encapsulation process goes down from the app layer)?

    In order to thoroughly answer all of your questions below, one really needs to know about computer programming, APIs, etc…which frankly, I know very little about. But what I do know, I’ll try to explain. From my understanding, there are some kind of software “links” or “hooks” which are used to allow a program at one layer of the OSI model to communicate with a program at another layer. Many applications have software built-in that provide multi-layer functionality. For example, imagine that you open some kind of Terminal Client (like Hyperterminal, SecureCRT, PuTTY, etc). That software you’ve opened technically does not reside at ANY of the OSI layers. That software just provides the graphical display such as the buttons you can press, the pulldown menus available, etc. Now imagine that within PuTTY or Hyperterminal you press a button to initiate a Telnet connection. At that moment, the PuTTY software informs your CPU that the CPU must start the Telnet program. PuTTY provides the interface so you can see…and control…what is going on, but PuTTY itself is NOT Telnet. It’s simply the user-interface so you can control Telnet.

    The functionality of Telnet actually is actually composed of an Application-Layer process as well as a Session layer process, all rolled into one. At the Application layer, the Telnet protocol answers such questions as, “what is a “username” and what is a “password” and is that required? Shall it send data downstream to lower-levels of the OSI model one-bit-at-a-time or several bytes-at-a-time? How is the user supposed to know when Telnet is waiting for input, versus currently transmitting output?” etc etc. The Session-Layer component of Telnet knows that it should be “listening” for incoming sessions on port-23. And when initiating outgoing sessions, it should use a destination port-23. At some point, the Telnet protocol creates a hook (I think these are called APIs) that allows it to invoke the Transmission Control Protocol (TCP). TCP knows that as part of the datastructure it creates, it must reserve 2-bytes for a “destination port-number” field and another 2-bytes for a “source port-number field” but what TCP DOESN’T know is what numbers to place in those fields. So this API (or whatever it is) allows the Session-Layer component of Telnet to convey to TCP that it place the value of “23” in either the Source or Destination Port Number field (depending on who is initiating the Telnet session).

    You may now be thinking, “but what about the Presentation Layer? You didn’t include that in the Telnet process?”. I believe that once SecureCRT (or PuTTY or Hyperterminal) invoke your Application-Layer protocol (such as Telnet or SSH) that SecureCRT/Hyperterminal will provide the Presentation Layer-component. SecureCRT knows if, when you press a keystroke on your keyboard, that key should be represented by ASCII or EBCDIC, SecureCRT/Hyperterminal also knows if you pressed the button indicating that encryption should be used. So it kind of “merges” or “blends” all of that information into Telnet thus providing the Presentation-Layer components. I’m not sure HOW it does this…but it does.

  • This question is about the type code field which lays at the llc sublayer, I understood that it purpose is to provide the upper layers what protocol is “talking”‘, how does it happens if the nic strips off the frame header in the decapsulation process?

    Basically what I wrote above happens in reverse here. There is some kind of internal software “hook” (probably another API) that allows your Layer-2 protocol (Ethernet) to communicate the value in the EtherType field to the CPU. In this way the CPU knows if it needs to invoke a Layer-3 procoess (like IP) or…if that process is already running…to take the Data from the Telnet frame and forward it to the correct layer-3 process. So IP itself does NOT see that Ethernet frame or any of the fields within it. But that “hook” (API???) provides the interface so that Ethernet data can be transferred upstream to the IPv4 process. At this point, my knowledge of the specific details of how this works ends.

  • If the type code provides the protocol(and its version), why does the IP header has “vers” field?

    Once again, to answer this question I believe it’s all about the APIs that allow protocols at different layers to talk to each other. Moving downstream (from Layer-3 to Layer-2) when IPv4 (as an example) has created a full IP Packet, it will “call” the API that allows it to hook into the Layer-2 protocol. IP doesn’t even CARE what that Layer-2 protocol is. It probably does something like, “Hey Layer-2 hooking API!! I’ve got some data here. Please pass it on to whatever protocol is operating at the Datalink Layer for me!!” The API, because it is talking to IPv4 will then invoke whatever layer-2 protocol is running (Ethernet, HDLC, Frame-Relay, etc) and say, “I’ve got some Layer-3 data for you!!”. At that point, the Layer-2 protocol (Ethernet in this case) will say, “Great! Can you give me some number that I can shove into my Ethertype field that indicates WHICH Layer-3 protocol created the data?? I don’t really care personally…but the device at the other end of the link receiving this data will need to know!”. So the API (that was originally called by the IPv4 process and was DESIGNED to be an interpreter between IPv4 and Ethernet) will say, “sure…the number you need is 0×800!” and thus…Ethernet places that value into the Ethertype field. Receiving an Ethernet frame would work the same way but in reverse. This time the Layer-2 protocol would “call” that L2-to-L3 API and provide the data, ALONG WITH the value of the Ethertype field to that API. In turn, the API would then know it needs to call-out to IPv4 and transfer the data upstream.

  • by Keith Bogart, CCIE #4923 at April 28, 2016 03:23 PM

    Network Design and Architecture

    Beware: CCIE University Steals and Cheats

    With more than 13 years of IT related experience, I have spent my past few years using my passion in IT to teach Cisco network design concepts such as CCDE, CCDP and CCDA to help Cisco exam takers get successfully certified. Through my work, https://orhanergun.net/ not only became one of the most recognized and well […]

    The post Beware: CCIE University Steals and Cheats appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

    by Orhan Ergun at April 28, 2016 12:59 PM

    My Etherealmind

    Gartner Being Wrong on OpenStack

    This week saw established analyst firm scrambling to recover after realising that OpenStack is a huge, unstoppable thing.  Sean Kerner writes that 451 Research released some data : 451 Group now reports 2015 OpenStack ecosystem revenue at $1.2 billion and forecasts it will grow to $3.37 billion by 2018. From 2014 to 2018, 451 Group has […]

    The post Gartner Being Wrong on OpenStack appeared first on EtherealMind.

    by Greg Ferro at April 28, 2016 12:43 PM

    April 27, 2016

    My Etherealmind

    Blessay: IPv6 was Designed For Different Era

    IPv6 is badly designed. Constant updates make us uncertain. Lack of features make us unwilling.

    The post Blessay: IPv6 was Designed For Different Era appeared first on EtherealMind.

    by Greg Ferro at April 27, 2016 01:04 PM

    Network Design and Architecture

    MPLS Design Question

    MPLS Design Question – MPLS is one of the most commonly used encapsulation method today. Especially on Wide Area Networks of the Service Providers, Large Enterprises and some datacenters. Service Providers sell MPLS services to customers for decades. When customers want to have Service Provider redundancy so two MPLS circuit from different Service Providers, Inter AS […]

    The post MPLS Design Question appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

    by Orhan Ergun at April 27, 2016 09:33 AM

    XKCD Comics

    April 26, 2016

    My Etherealmind

    Analytics of Everything

    The ashes of network monitoring products from the last 30 years is a Sauron-sized mountain of tears on which we must build the a new generation of tools. Analytics, machine learning, big data and user interfaces are the new hope. Network as a Service A key feature in “as a Service” products is transparency & […]

    The post Analytics of Everything appeared first on EtherealMind.

    by Greg Ferro at April 26, 2016 07:39 PM

    April 25, 2016

    My Etherealmind

    Blessay: Your Future WAN is a 5G Network

    But I've been reading whitepapers about the possible future of 5G networking and its becoming clear to me that the larger part of any private WAN (if you have one at all) is going to be wireless in the next ten years.

    The post Blessay: Your Future WAN is a 5G Network appeared first on EtherealMind.

    by Greg Ferro at April 25, 2016 05:06 PM

    XKCD Comics

    April 22, 2016

    My Etherealmind

    There is NO IPv6 Standard

    Geoff Huston highlights that the IETF has never completed their standard process. One hundred and forty-six of these RFCs are Informational, four of these are Historic, 23 are Experimental, five are Best Current Practice and the remaining 193 are Standards Track documents. Of these 193 documents, 24 are already obsoleted, 164 are Proposed Standards, just five […]

    The post There is NO IPv6 Standard appeared first on EtherealMind.

    by Greg Ferro at April 22, 2016 03:26 PM

    XKCD Comics

    April 21, 2016

    Internetwork Expert Blog

    INE & VIRL Webinar – Using INE, VIRL, & the Cloud for Large Scale CCIE Preparation

    Edit: The recording of this session is now available here

    This coming Tuesday, April 19th 2016, at 09:00 PDT (17:00 UTC) I will be joining the VIRL team for a discussion and demo of using cloud hosted servers, VIRL, and INE material for CCIE preparation, with a focus on large topologies (30+ devices). The Webex signup link is here. The session will also be simulcast on live.ine.com.

    Specifically in this session I will be covering:

    • How to deploy VIRL on cloud servers
    • Loading INE topology files into the VIRL cloud instance through GIT
    • Launching and managing multiple large topologies

    Attendees will also have an opportunity to submit questions to me as well as the VIRL team.

    Hope to see you there!

    by Brian McGahan, CCIE #8593, CCDE #2013::13 at April 21, 2016 03:57 PM

    April 20, 2016

    Networker's Online

    Software-Defined Networks .. A Primer

    SDN, Software-Defined Networking, the trending technology that some friends/colleagues of mine like to refer to it as “Still Does Nothing”. Let’s see if it does some thing. SDN has been a market hype for few years now.  Out of laziness, I ignored it in the beginning then I had to catch up a bit later …

    The post Software-Defined Networks .. A Primer appeared first on Networkers-online.com.

    by Wael Osama at April 20, 2016 08:47 PM

    Renesys Blog

    A Baker’s Dozen, 2015 Regional View


    Our Baker’s Dozen blog focuses on the top global Internet providers as measured by quantity of transited IP space.  If your market is not truly global, it pays to consider your provider options by region, country or even city.  Our Internet Intelligence product suite is designed around helping our customers understand the structure, performance and reliability of the Internet regardless of their geographic scope or potential providers.  In other words, there is a lot more to consider than just a top global list by a single metric.  To explore this topic further, we’ll look one geographic level deeper into the Internet Intelligence – Transit rankings for the top-5 providers by continent.  As we’ll see below, these can vary considerably from our top global list and even include other players with a more regional focus.  Let’s take a quick look.



    At the end of 2015, Cogent (AS174) was ranked  as the #4 global provider by our metric, but it closed the year as #1 in Africa, opening up a wide margin over Level 3 (AS3356), its nearest competitor on the continent.  Cogent started transiting a sizeable number of new prefixes from South Africa’s MTN (AS16637) and Tunisian incumbent Ooreddo (AS37693) to mention two of Cogent’s 80 AS customers in Africa.  As in our global rankings, Telia (AS1299) surged in Africa as well, ending up as #3 there and within striking range of #2 Level 3.  Telia also picked up transited prefixes from Tunisia’s Ooreddo, as well as increases from Angola Cables (AS37468) and Sudan’s Canar Telecommunications (AS33788).  NTT (AS2914), a solid #3 globally, is treading water in Africa and on verge of being passed by #4 Tata (AS6453).



    In Asia, our top provider is NTT (AS2914), followed by China Telecom (AS4134), Level 3 and TeliaSonera, in that order.  PCCW (AS3491), who did not make are global list, ranks #5 in this fast growing continent.   NTT picked up Asian transit from Japan’s Softbank (AS17676), China Mobile (AS58453), Pakistan Telecommunications Authority (AS17557), and many others.  China Telecom’s erratic behavior is explained in our Baker’s Dozen blog.  PCCW picked up transited prefixes from Taiwan’s Digital United (AS4780), China Mobile (AS58453), Malaysia’s TM Net (AS4788) and many others in the region.



    By our metric, Level 3 has stagnated in Europe, while TeliaSonera closed the year within striking ranging of the continent’s top spot, exactly the same position they found themselves in globally.  However, as 2016 began, TeliaSonera’s worldwide surge continued; they passed Level 3 and currently maintain a clear advantage.  TeliaSonera picked up transit from European providers Liberty Global Operations (AS6830)  and Datagroup PJSC (AS21219) to name a couple of significant wins, gains that came at the expense of Level 3 (see the graphics below).  The rest of the top 5 in this group are a long way off from our two leaders and, thanks to Rostelecom’s  (AS12389) increased use of Cogent, this subgroup ended the year largely indistinguishable from one another in Europe.





    To probably no one’s surprise, Level 3 is the clear leader by a very wide margin in North America, their home base, over every other potential provider.   While Level 3 lost a bit of ground, losing for example Canada’s Rogers Cable Communications (AS812) as a customer, TeliaSonera picked up a major win in the Great White North with increased transit from Bell Canada (AS577).  Although absent from our global list, CenturyLink (AS209) comes in at #5 in North America, ending the year just behind NTT.  While CenturyLink gained in our rankings during the time period, some of those increases were due to their announcements of prefixes registered to Qwest, an entity they acquired in 2011.



    Our top 5 in South America look quite a bit different from the other continents we’ve examined with Spanish broadband and telecommunications provider Telefonica (AS12956) taking the top spot at the end of 2015.  Telefonica, ranking #19 globally, provides service throughout South and Central America, as well as in Spain and a number of other locations.  Telefonica’s increase in ranking was helped in part by an increase in transited prefixes from Internexa Brasil (AS262589).

    Telecom Italia Sparkle (AS6762) had a very erratic year in South America, which can be largely explained by large moves of transited prefixes from their Brazilian subsidiary Tim Celular (AS26615).  Some of Sprint’s (AS1239) year-end decline could be attributed to the loss of Brazilian customer Algar Telecom (AS16735).  Tata’s (AS6453) fourth quarter rise is due in part to increased transit from Brazil’s Oi (AS7738, formerly Telemar).



    Despite only looking at the top 5 providers in 5 continents, we still managed to see 10 of our 13 Baker’s Dozen global providers, missing only Hurricane Electric, Verizon, and XO.  That is, even global providers tend to be stronger in certain parts of the world than others.  So even if your audience is truly worldwide, you probably need several global providers to serve them well.

    In a technology-driven world with too many complex choices, people naturally seek simple solutions in an attempt to “bring order to chaos, relieve stress and focus the mind.”  Sure, you might feel good buying the #1 ranked transit provider, CDN, widget, etc., based on some list you found on the Internet (like this one!), but you might not only pay dearly for the privilege, you might actually be making a very poor decision based on your unique set of circumstances and the markets you are trying to serve.  Even if your market is limited to a single country, the physical location and service providers of your users will matter greatly to their ability to reach you.


    This is where Dyn comes in.  By understanding the performance, reliability, and structure of the Internet second-by-second, 24 hours a day, 365 days a year in any and all geographic markets, our Internet Intelligence suite of products help connect your content to your users faster, safer and more reliably than any other option, especially ones gleaned from annual rankings.  Contact us and let us show you how we help our many customers optimize their Internet presence.

    The post A Baker’s Dozen, 2015 Regional View appeared first on Dyn Research.

    by Earl Zmijewski at April 20, 2016 01:02 PM

    XKCD Comics

    April 19, 2016

    My Etherealmind

    SDN is NOT an Innovation, its Iteration

    The big Red Herring in networking over the past ten years is most things labeled “innovative” when the word that should be used is “iterative.”

    The post SDN is NOT an Innovation, its Iteration appeared first on EtherealMind.

    by Greg Ferro at April 19, 2016 05:00 PM