February 24, 2017

Security to the Core | Arbor Networks Security

Change All Your Passwords, Right Now!

by Steinthor Bjarnason, Senior ASERT Security Analyst & Roland Dobbins, ASERT Principal Engineer CloudFlare are probably best known as a DDoS mitigation service provider, but they also operate one of the largest Content Delivery Networks (CDNs) on the Internet. Many popular Web sites, mobile apps, etc. make use of the CloudFlare CDN, which hosts content […]

by ASERT team at February 24, 2017 05:20 PM

Network Design and Architecture

10 Most Popular articles of 2016 on orhanergun.net and statistics

Below is the Google Analytics page views for the articles between January 1st 2016 and January 1st 2017. I didn’t include Home page , CCDE Course and the CCDE E-book pages but just the technical articles. If you haven’t looked at some of those yet, I recommend definitely read them now.   BGP Route Reflector […]

The post 10 Most Popular articles of 2016 on orhanergun.net and statistics appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at February 24, 2017 11:08 AM

XKCD Comics

February 23, 2017

ipSpace.net Blog (Ivan Pepelnjak)

EVPN: All that Glitters Is Not Gold

Cumulus Linux 3.2 shipped with a rudimentary EVPN implementation and everyone got really excited, including smaller ASIC manufacturers that finally got a control plane for their hardware VTEP functionality.

However, while it’s nice to have EVPN support in Cumulus Linux, the claims of its benefits are sometimes greatly exaggerated.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 23, 2017 06:06 PM

My Etherealmind

Frequently Asked Questions: Submarine Cables 101

Useful background information on oceanic cabling from Telegeogrphy.

I’ve been involved with TeleGeography’s research on submarine cables since 2000. Over the years I’ve fielded numermous questions about the submarine cable industry from journalists, investors, family, and friends.

It seems as good a time as any to provide a compilation of answers to some of the most commonly asked questions.

Worth a read.

Frequently Asked Questions: Submarine Cables 101

The post Frequently Asked Questions: Submarine Cables 101 appeared first on EtherealMind.

by Greg Ferro at February 23, 2017 12:26 PM

ipSpace.net Blog (Ivan Pepelnjak)

Newer Docker Networking Options

In the last part of the free Docker Networking Fundamentals webinar Dinesh Dutt described the newer high-performance networking options (Macvlan and Ipvlan) introduced in Docker version 1.12.

by Ivan Pepelnjak (noreply@blogger.com) at February 23, 2017 09:17 AM

Networking Now (Juniper Blog)

Will the Enterprise Welcome Connected Devices?


IoT is everywhere. There are around 15 billion connected devices in the world today. Putting it bluntly, that equals billions of opportunities to launch a cyber-attack. I’m sure we all saw the news at the end of 2016 when IoT cameras were infected with the Mirai malware and turned into ‘bots that were used to disable websites and Internet services.


Will 2017 be the year we hear of the first attack where IoT is used to steal corporate data?

by lpitt at February 23, 2017 09:00 AM

ipSpace.net Blog (Ivan Pepelnjak)

Facebook Backpack Behind the Scenes

When Facebook announced 6-pack (their first chassis switch) my reaction was “meh” (as well as “I would love to hear what Brad Hedlund has to say about it”). When Facebook announced Backpack I mostly ignored the announcement. After all, when one of the cloud-scale unicorns starts talking about their infrastructure, what they tell you is usually low on detail and used primarily as talent attracting tool.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 23, 2017 08:07 AM

February 22, 2017

The Networking Nerd

Networking Grows To Invisibility


Networking is done. The way you have done things before is finished. The writing has been on the wall for quite a while now. But it’s going to be a good thing.

The Old Standard

Networking purchase models look much different today than they have in the past. Enterprises no longer buy a switch or a router. Instead, they buy solution packages. The minimum purchase unit is a networking pod or rack. Perhaps your proof-of-concept minimum is a leaf-spine of no less than 3 switches. Firewalls are purchased in pairs. Nowhere in networking is something simple any longer.

With the advent of software, even the deployment of these devices is different. Automation and orchestration systems provide provisioning as the devices are brought online. Network Monitoring Systems ensure the devices are operating correctly via API call instead of relying on SNMP. Analytics and telemetry systems can pull statistics on the fly and create datasets that give you insight into all manner of network traffic. The intelligence built into the platform supporting the hardware is more apparent than ever before.

Networking is no longer about fast connectivity speed. Instead, networking is about stability. Providing a transport network that stays healthy instead of growing by leaps and bounds every few years. Organizations looking to model their IT departments after service providers and cloud providers care more about having a reliable system than the most cutting edge technology.

This is nothing new in IT. Both storage and virtualization have moved in this direction for a while. Hardware wizardry has been replaced by software intelligence. Custom hardware is now merchant-based and easy to replace and build. The expertise in deployment and operations has more to do with integration and architecture than in simple day-to-day setup.

The New Normal

Where does that leave networkers? Are we a dying breed, soon to join the Unix admins of the word and telco experts on a beach in retirement? The reality is that things aren’t as dire for us as one might believe.

It is true that we have shifted our thinking away from operations and more toward system building. Rather than worry if the switch ports have been provisioned, we instead look at creating resilient constructs that can survive outages and traffic spikes. Networks are becoming the utility service we’ve always hoped they would be.

This is not the end. It’s the beginning. As networks join storage and compute as utilities in the data center, the responsibilities for our sphere of wizardry are significantly reduced. Rather than spending our time solving crazy user or developer problems, we can instead focus on the key points of stability and availability.

This is going to be a huge shift for the consumers of IT as well. As cloud models have already shown us, people really want to get their IT on their schedules. They want to “buy” storage and networking when it’s needed without interruption. Creating a utility resource is the best way to accomplish that. No longer will the blame for delays be laid at the feet of IT.

But at the same time, the safety net of IT will be gone as well. Unlike Chief Engineer Scott, IT can’t save the day when a developer needs to solve a problem outside of their development environment. Things like First Hop Reachability Protocols (FHRP), multipathing, and even vMotion contribute to bad developer behavior. Without these being available in a utility IT setup, application writers are going to have to solve their own problems with their own tools. While the network team will end up being leaner and smarter, it’s going to make everything run much more smoothly.

Tom’s Take

I live for the day when networking is no different than the electrical grid. I would rather have a “dumb” network that provides connectivity rather than hoping against hope that my “smart” network has all the tricks it needs to solve everyone’s problem. When the simplicity of the network is the feature and we don’t solve problems outside the application stack, stability and reliability will rule the day.

by networkingnerd at February 22, 2017 10:28 PM

Aaron's Worthless Words

Cisco Live US 2017 – The Plan So Far

Put it on your calendar.  Cisco Live US is June 25 – 29, 2017, in Las Vegas.  This is the largest conference I go to every year, and it’s the highlight of my professional year.  I’ve been going for a few years now and enjoy it for the content and camaraderie.  What are we doing this year?

We’ll fly in on Friday again and do something.  No idea what, but I imagine we’ll throw out an invitation for dinner to the public and meet somewhere.  If you’re going to be in town, let me know, and we’ll meet up.

The Saturday Adventure was going to be ham radio related since that’s ARRL Field Day.  I reached out to the Las Vegas ham club, and they told me that the clubs out there all go to the top of a mountain to operate.  The problem : that mountain is 44.8 miles away from Mandalay.  That’s one helluvan Uber ride, so that’s out.  I looked at some other epic sites like the Grand Canyon and Hoover Dam, but, based on past participation, the time requirements for those don’t make the cut for the group.  We probably need to meet somewhere at 1pm or and be back by 4pm or so.  That’s just how it’s happened the last few year.  I’m thinking maybe Fremont Street.  There’s plenty to do there.  Let me know if you have any other ideas.

Sunday afternoon is usually open to whatever.  People start arriving en masse, so we play it by ear.  We’ll probably just wind up hanging out at Social Media Central.  Sunday is typically the first tweetup and also the Mentor Program meeting.  Those are big events, so we won’t miss that.  I’ll take part in the Slacker Bet on Sunday.  We all take the CCIE R&S Written exam, and whoever has the highest passing score has to buy everyone else who passed a beer.  It’s always fun.

Monday is sessions, but, perhaps more importantly, it’s Kilted Monday.  Wear your kilt and show off your tartan!  You’re looking at the reigning second-place finisher in the best legs contests!  The biggest conference event of Monday is the opening of the World of Solutions.  This is where you get all the cool swag for your coworkers and kids.  And there’s free beer and food most of the time, too…which is important.  My favorite exhibit in the World of Solutions each year is Cisco Tactical Operations.  These guys have some fancy equipment that they use in disaster relief efforts around the world.  It’s my dream job to work with these guys.  Fingers are still crossed for that.

Tuesday is sessions.  The CCIE party is usually that night, so I try to find a vendor who wants to feed me drinks.  It’s not hard to find one.  Just ask somebody where they’re going.  Your AE back home may have sent you an invite for something that night, too.  I think mine sent me 4 of them total. In other words, you can find something to do.

Wednesday is sessions…and the Customer Appreciation Event!  This is usually the highlight of the week as we all pile into an arena somewhere (I can only imagine we’re in T-Mobile again this year.) to hear some world-class musical acts.  We’ve seen a wide range of acts from Maroon 5 to Devo to Aerosmith to Lenny Kravitz.  The act hasn’t been announced yet, though.  I voted for Rammstein, but we’ll see who shows up.  And don’t forget your hat.

Thursday is sessions mixed with hangovers from the CAE.  As an experienced attendee, I advise you not to schedule an 8am session on Thursday; you probably won’t make it.  Thursday is the closing keynote, so make sure to attend that. It’s always worth your time.  We also wind up meeting for dinner that night as a large group.  And I mean a large group.  I think we did about 45 or so last year.  Remind me to work on getting someone to make reservations for that.

Friday is travel day home and filled with tears as you already miss your buddies that you won’t see until 2018 in Orlando.  🙁

Send any vendor party invites questions my way.

by Aaron Conaway at February 22, 2017 08:15 PM

Networking Now (Juniper Blog)

Turn on “God Mode” with Juniper’s Software-Defined Secure Networks



Networks have changed significantly over the past decade.  Businesses are moving to the cloud and adopting new technologies such as Internet of Things (IoT) and block chain, all of which are heavily network-dependent.


These same enterprises are also spending more on security to protect new and existing infrastructure.  Unfortunately, breaches continue unabated.  Internal records and customer data are being stolen and sold to the highest bidder, causing irreparable damage. This begs the question:  are these businesses missing something fundamental in their approach to network security?

by praviraj at February 22, 2017 03:31 PM

ipSpace.net Blog (Ivan Pepelnjak)

NextGenDC: Securing a Hybrid Cloud with Matthias Luft

Imagine you were asked to migrate some of the workloads running in your data center into a public (or managed) cloud. These workloads still have to access the data residing in your data center – a typical hybrid cloud deployment.

Next thing you know you have to deal with your (C)ISO and his/her usual concerns as well as the variety of articles on tech sites stating that "security is the biggest challenge of cloud adoption".

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 22, 2017 11:46 AM

XKCD Comics

February 21, 2017

Security to the Core | Arbor Networks Security

Additional Insights on Shamoon2

IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. Researchers showcased a potential malware lifecycle which started with spear phishing and eventually led to the deployment of the disk-wiping malware known as Shamoon. Their research showcased a set of downloaders and domains that […]

by Neal Dennis at February 21, 2017 10:19 PM


Network Modernization Webinar Now Available Online

On February 8th I gave a webinar on network modernization initiatives with Doug Nash, the Deputy Chief Information Officer, Operations & Infrastructure at the USDA. I thoroughly enjoyed the opportunity to speak with Doug and discuss some of the new directions that various Federal agencies are undertaking to create more modernized and agile networks. This webinar is now available …

by Stefan Fouant at February 21, 2017 04:51 PM

Networking Now (Juniper Blog)

Sky ATP Shortlisted for the techies 2017 Awards

techies_Finalist_logos_Security Technology Finalist.png




Sky ATP has been shortlisted for the techies 2017 awards in London, read on to find out more...




by lpitt at February 21, 2017 11:46 AM

ipSpace.net Blog (Ivan Pepelnjak)

Network Automation and Undifferentiated Heavy Lifting

I got this tweet after publishing the “use Ansible to execute a single command on all routers” blog post (and a few similar comments on the blog post itself)

Or use Python, Netmiko and a simple For loop

I never cease to be amazed by the urge to do undifferentiated heavy lifting in the IT industry.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 21, 2017 07:33 AM

February 20, 2017

Network Design and Architecture

Free Webinar – DMZ Anywhere.Let’s talk about DMZ security design options

This is a free webinar but requires registration and seats are limited thus please register immediately. Webinar on Tuesday, February 28, 2017 7:00 PM – 8:30 PM AST. REGISTER Agenda Introduction to Security Zones What’s DMZ? Why do we need DMZ? Physical vs Logical Network Segmentation Emerging Technologies (Virtualization, Micro Segmentation) Benefits of DMZ Anywhere […]

The post Free Webinar – DMZ Anywhere.Let’s talk about DMZ security design options appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at February 20, 2017 04:11 PM

ipSpace.net Blog (Ivan Pepelnjak)

Q&A: Migrating to Modern Data Center Infrastructure

One of my readers sent me a list of questions after watching some of my videos, starting with a generic one:

While working self within large corporations for a long time, I am asking myself how it will be possible to move from messy infrastructure we grew over the years to a modern architecture.

Usually by building a parallel infrastructure and eventually retiring the old one, otherwise you’ll end up with layers of kludges. Obviously, the old infrastructure will lurk around for years (I know people who use this approach and currently run three generations of infrastructure).

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 20, 2017 09:35 AM

Network Design and Architecture

February 2017 CCDE Training is over ! Waiting the attendees success now !

My February 2017 CCDE class is now over. The duration of the course was for 11 days and as usual it started with lots of advanced technology lessons. All the critical CCDE exam topics (IGP, BGP , MPLS and the other technologies) were covered in detail from the design point of view. A minimum of […]

The post February 2017 CCDE Training is over ! Waiting the attendees success now ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at February 20, 2017 08:00 AM

XKCD Comics

February 17, 2017

Ethan Banks on Technology

No Sound In Exported Video – Final Cut Pro X 10.3.2

Ran into an issue today where audio was working normally in Final Cut Pro X 10.3.2, but the exported video had no sound. The video and sound were originally recorded using a Canon G7X Mark II.

The fix was to delete Final Cut Pro X preferences, as detailed by Apple here. In short…

  1. Quit FCPX.
  2. Press Command-Option when re-launching FCPX. You’ll be given an option to delete your FCPX preferences.
  3. Delete your preferences.

That will definitely result in some interface trauma for you, as FCPX won’t remember where your libraries are. I’m not sure what other settings you’d invested in that might also be forgotten — probably a lot of things. I’m still relatively new to FCPX, so the hit wasn’t too hard to handle. But still. Yuck.

Yuck or not, that worked. Once I pointed FCPX at my libraries and built a new project for my simple video, exporting rendered not just video, but audio too. And all was right with the world.

Ethan Banks writes & podcasts about IT, new media, and personal tech.
about | subscribe | @ecbanks

by Ethan Banks at February 17, 2017 10:08 PM

ipSpace.net Blog (Ivan Pepelnjak)

OpenConfig: From Basics to Implementations

In 2013, large-scale cloud providers and ISPs decided they had enough of the glacial IETF process of generating YANG models used to describe device configuration and started OpenConfig – a customer-only initiative that quickly created data models covering typical use cases of the founding members (aka “What Does Google Need”).

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 17, 2017 07:24 AM

The Networking Nerd

The Rising Tide of CCIE Written Costs


In CCIE news this week, Cisco has raised the price of their exams across the board. The CCNA has moved up to $325, and the CCIE Written moves from $400 to $450. It goes without saying that there is quite a bit of outcry in the community. Why is the price of the CCIE Written exam surging so high?

No Such Thing As A Free Test

The most obvious answer is that the amount of work going in to development of the exam has increased. The number of people working behind the scenes to create a better exam has caused the amount of outlay to go up, hence the need to recover those costs. This is the simplest explanation of all the cost increases.

As Cisco pours more and more technology into the tests, the amount of hands and fingers touching them has gone down. At the same time, the quality of the eyeballs that do look at the exam has gone up. It’s a lot like going to a specialist doctor. The quality of the care you receive for your condition is high, but the costs associated with that doctor are higher than a regular general practice doctor. Cisco’s headcount is now focused on keeping exam quality high. That kind of expertise is always more expensive per capita, even if the number of those people is fewer.

The odd thing here is that even if the costs of the people doing the work are going up, the amount that the test is increasing doesn’t seem to correlate. It’s been less than two years since the formal introduction of the current version of the CCIE written exam at the then-unheard of price point of $400. We’re two and a half years removed from the CCIE 4.0 Written exam and it’s lofty $350 price point. Has the technology changed so much in less than three years?

The Great Barrier Test

Going back to the introduction of the 5.0 version of the CCIE Written, there was also a retake policy change introduced. Cisco wanted to create a “backoff timer” to reduce the amount of times that a person could take the exam before needing to wait. The change still allowed you to take the second attempt after 30 days, but then the third attempt must wait an additional 90 days after that. So, instead of being able to get three exam attempts in 60 days, those same three attempts would have taken 120 days.

This change was rolled back about six months ago due to outcry from the community. CCIEs trying to recertify were stymied by the exam and forced to wait longer and longer to pass it, with their certification hanging in the balance. With the increased timeouts and limit of four retakes per year, some long time CCIEs were in danger of exhausting their attempts and watching their certification slide away without any recourse to fix it.

Now, the increased price behind the CCIE Written could indeed be attributed to the increased overhead. But it could also be an attempt to keep people from rushing in to take the test every 30 days. Making a policy change to keep people out the exam is one way to do it. But making the exam financially painful to continually fail is another. If you’re willing to drop $1350 in three months to try and pass then you either have money to burn or you’re desperate to pass.

In addition, a higher exam fee would cause test takers to be absolutely certain of their knowledge level before attempting the exam. Creating an initial barrier to entry that will make people think twice before scheduling an exam on a whim does create a situation where the first-time pass rate will improve significantly. This will also help drive funding to certification materials and classes, as candidates will want to know that they will pass before stepping into a certification exam center.

Tom’s Take

I’d really like to think that Cisco is just trying to cover their overhead with the recent price increases. Everything goes up in price. Some things go up faster than others. But the conspiracy theorist in me wonders if Cisco isn’t trying to use the increased price of the exam to help raise the pass rates and discourage folks from rushing the test repeatedly to see the exam question pool. $450 is a tough pill to swallow even if you pass. I think we’re going to see a lot more people taking advantage of the free Cisco Live exam as well as the half price cert exams there. And I sincerely hope the rumored options for recertification take flight soon. Because I don’t know how ready I am to go all out to study when there’s that much money on the line.

by networkingnerd at February 17, 2017 01:31 AM

XKCD Comics

February 16, 2017

Honest Networker
My Etherealmind

Cisco Shrinks in Switching, Routing and DC

Cisco shrinking overall ~2% per quarter (fifth straight down quarter). 10% down in routing, 5% down in switching, 4% down in DC. Increases dividend, investors happy.

Cisco reported $11.6 billion in revenue for Q2 2017 on February 15, 2017, a 2% YoY decrease, but in line with guidance of a 2-4% YoY decline.

Revenue breakout:

Product, $8.49B (down 5.5%); Service, $3.09B (up 4.9%).

By segment:

Switching, $3.31B (down 5%); NGN Routing, $1.82B (down 10%); Collaboration, $1.06B (up 4%); Data Center, $790M (down 4%); Wireless, $632M (up 3%); Security, $528M (up 14%); Service provider video, $241M (down 41%); other, $116M (up 53%

“Cash” of $71.8 billion at the end of Q2 2017, with only $9.6 billion in the US. The introduction of a Corporate Tax Holiday could have huge positive ramifications for Cisco.

The Q3 2017 outlook calls for revenue to decline by 2% or to remain flat YoY.

Data Center

Total product revenue was down 4% and let me walk through each of the product areas. Switching declined 5%, driven by weakness in Campus partially offset by strength in the ACI portfolio, which was up 28%

Cisco ACI is holding up switching revenue but Campus declines are greater. (I continue to think that ACI growth is slower than competitors e.g. NSX and not what Cisco had hoped for)

Across our next-generation data center portfolio, we saw healthy customer traction, including our ACI data center switching portfolio grew revenue by 28%. This includes 1,300 new Nexus 9000 customers and 450 new ACI customers in Q2.

It would seem that people are buying Nexus 9000 with 30% takeup rate on ACI functions.

Bright Spots

Chuck Robbins: Wireless grew 3%, with ongoing strength in Meraki and the continued ramp of our 11ac Wave 2 portfolio. Security grew 14% with deferred revenue growth of 45%, as we offer more solutions to customers with increasing software content that result in greater recurring revenue. We had very strong performance in our advanced threat security of 65% as well as strength in unified threat management and web security solutions.

The Etherealmind View

Cisco is shrinking at a reasonable rate and management have the decline under control. The transition to cheaper switch and routing products like the Nexus 9000 is well under way while attempts to sell software as a service like ACI & Meraki are modest.

The decline in routing seems largely due to service providers who are holding back spending as they work out their SDN/NFV strategy.

Cisco is increasing dividends making it attractive to investors. Many are hopeful that Cisco can turn around the shrinking business over time probably through acquisition.

Link: Cisco Systems (CSCO) Q2 2017 Results – Earnings Call Transcript | Seeking Alpha – http://seekingalpha.com/article/4046482-cisco-systems-csco-q2-2017-results-earnings-call-transcript?part=single

The post Cisco Shrinks in Switching, Routing and DC appeared first on EtherealMind.

by Greg Ferro at February 16, 2017 10:52 AM

Networking Now (Juniper Blog)

Security Prediction 1: The Internet of Things - Are you really in control?


Just three years ago, the concept of IoT (Internet of Things) was still fresh; people bought devices because they were ‘cool’ or because it seemed that we could improve quality of life with ownership. The general excitement around IoT has led to market consumerisation faster than security standards have kept pace. 


In this blog we will discuss growth in IoT, and the risk of not considering security during design, purchase and implementation of these exciting devices.

by lpitt at February 16, 2017 09:00 AM

ipSpace.net Blog (Ivan Pepelnjak)

More Thoughts on OSPF Forwarding Address

Angelos Vassiliou sent me an interesting lengthy email after I published my OSPF Forwarding Address series (part 1, part 2, part 3, part 4). I asked him whether it’s OK to publish his email together with my responses as a blog post and he gracefully agreed, so here it is.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 16, 2017 08:12 AM

February 15, 2017

Router Jockey

Ixia Vision ONE – Tap the Planet

Ixia LogoWhenever I start talking about network visibility and aggreagation taps I can’t help but think of The Matrix. Millions of packets flowing through your network every minute of every day, tapping into that can be a daunting exercise. Luckily we have some new blood in this space, at least in my view, Ixia Vision ONE. For those of you that recognize the name, yes I’m talking about that Ixia.. previously one of the leaders in the load testing market, they’ve moved into the network packet broker space.

Vision ONE is Ixia’s all-in-one product attempts to provide assurance that the network traffic you want to reach your monitoring and security tools is actually reaching your tools. Vision ONE is able to take the input from your device, and send it out in several directions, applying filters to the traffic as needed. This means that you can filter out specific traffic and send it to a monitoring / security tool with traffic it doesn’t need to process. All of this is managed through a clean, easy to user interface that displays the connections between the TAP’s physical ports, filters, and tool ports.

Take a look at the Vision One demo here.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/192286988" webkitallowfullscreen="webkitallowfullscreen" width="640"></iframe>

My Thoughts on Ixia Vision ONE

Ixia has been busy working on the network packet broker portfolio. With acquisitions of Anue Systems and Net Optics over the past few years their service catalogue is growing rapidly. The Vision ONE offers an easy to use toolset with some seriously capability. This is another company that I’m looking forward to working with in the near future and hope to have some hands on time with in 2017.

As Phil Gervasi said – Tap Everything. Tap Everywhere.

Other Info

Here are a few links to other folks that have also shared their thoughts on Ixia’s offerings.

The post Ixia Vision ONE – Tap the Planet appeared first on Router Jockey.

by Tony Mattke at February 15, 2017 03:00 PM

My Etherealmind

Sponsor: FutureWAN – a virtual conference on SD-WAN

A couple of months Packet Pushers hosted an open format, non-boring, live discussion about the reality of operating a SD-WAN with people who have lived through it. This was part of the Future WAN Virtual Summit series from Viptela which are now available online.

The session format was live questions & answers from the audience (via chat window)  we answered them live, on air.


Viptela virtual summit 590 300 featured image opt

Packet Pushers Open Mic Live: Real SD-WAN Challenges Live Q&A

Ethan Banks & Greg Ferro, Analysts, Packet Pushers Date: Jan 17 2017, 0900PST Duration: 45 mins

Direct link to Access 

On a separate note, I would welcome any feedback about the “Virtual Summit” idea. The sessions were recorded and now available for anyone to watch.

Which has me thinking about the potential of running a “virtual conference”.

Could that work ? Drop a note in the comments or email me I would love to hear what you think.


The post Sponsor: FutureWAN – a virtual conference on SD-WAN appeared first on EtherealMind.

by Greg Ferro at February 15, 2017 02:10 PM

XKCD Comics

February 14, 2017

My Etherealmind

Response: Network Icons – ‘net work

These are great icons for network diagrams from Russ White. Much more useful for all diagrams purposes than most other icons.

I’ve developed this set of vendor neutral network icons for drawing diagrams in presentations, books, and the like. I’m placing them here in the public domain in four different formats

Network Icons – ‘net work : http://rule11.us/net-icons/

Personally, I use simple shapes and colours for my diagrams for simplicity but I suspect these will appeal to people who are Visio-centric in their workflow.

<figure class="wp-caption aligncenter" style="width: 594px">Screenshot of OmniGraffle 24 01 2017 21 32 47<figcaption class="wp-caption-text">My personal icon set for diagrams</figcaption></figure>

The post Response: Network Icons – ‘net work appeared first on EtherealMind.

by Greg Ferro at February 14, 2017 09:00 PM

ipSpace.net Blog (Ivan Pepelnjak)

Use Ansible to Execute a Single Command on All Routers

I was using Ansible playbooks to configure Cisco IOS routers running in VIRL and wanted to extract the router configurations before stopping the simulation.

You can download the playbooks from my Github repository, and here’s how you can run Ansible with VIRL.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 14, 2017 06:59 PM

Router Jockey

Forward Networks – A forward approach to formal verification

Forward Networks has stepped out of the shadows to announce their Network Assurance platform, and I was fortunate enough to be a delegate for Networking Field Day 13 to see their first public briefing. We were all excited to set foot onto the Andressen Horowitz campus that day, but none of us were quite sure what exactly to expect.

Forward Networks was founded by David Erickson and Brandon Heller, PhD in Computer Science from Stanford University, who saw the great need for help in the networking market and decided to tackle a challenge that no one else recognized. They worked in Nick McKeown’s Lab at Stanford University back in 2006 before SDN was ever put on a Networking Bingo card, let alone even heard of. They helped create the standards and shape OpenFlow as it came into existence. Working on bleeding edge SDN networks they realized that the tools network engineers were dealing with were wholly insufficient to troubleshoot many advanced and complicated networks.

In 2013 they founded Forward networks with the goal of understanding how networks work at the functional level. They’ve written an algorithm that can take in large amounts of data from your devices and build a software model of your network. Using that model they’re able to provide a provide you a platform to visual and search your network, debug complex issues, verify network policy, and predict network behavior prior to making changes across your entire environment. Part of the magic here is that they’re indexing all of this data into a searchable format, allowing you to quickly access information that would normally take formal testing, or in-depth investigation to verify. But here I go getting ahead of myself again.

The three main applications they demonstrated for us are Search which I just described above, Verify which allows you to define network and security checks to ensure the network is in the condition you expect, and Predict which allows you to test proposed changes to the network and ensure/verify they will result in expected changes.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/192151169" webkitallowfullscreen="webkitallowfullscreen" width="640"></iframe>

Final Thoughts

It’s been several months now since I saw the presentation from Forward Networks at Network Field Day 13 – but I’m still excited about what they have to offer, and what they’re going to be able to accomplish in the future. I can’t think of a single network engineer that wouldn’t love to have more visibility into their network, and the tools that they have to offer should be making you drool. While I am a bit of a realist at heart, I have a part of me that wonders if this product is going to be able to deliver on it’s promises. The amount of data they have to absorb, and process in conjunction with the variety of operating system changes that have to be accounted for just make this seem rather unrealistic.

That said, I’m still ready to be proved wrong. I hope to be doing further testing on the product this year and will keep everyone updated if I am able to do so.

Other Info

Here are a few links to other folks that have also shared their thoughts on Forward Networks.

The post Forward Networks – A forward approach to formal verification appeared first on Router Jockey.

by Tony Mattke at February 14, 2017 06:03 PM

Networking Now (Juniper Blog)
My Etherealmind

Response: AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round

<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">How does a BGP/OSPF routing app on a network device cost more than Microsoft Office ? One is really complex with thousands of features, complex interface and must support a huge range of hardware. The other one is an BGP or OSPF app. 

“His” refers to Jason Forrester, formerly global data center network manager at Apple and now the founder and chief executive of SnapRoute. The startup now has roughly 32 employees, Forrester told VentureBeat in an interview. Forrester figures that the startup has around 35-50 customers, and its software is being used on 12,000-13,000 switches. He declined to name any of SnapRoute’s customers, but Facebook employees have repeatedly mentioned the company’s software by name in recent months.

  1. Snaproute is clearly gaining momentum with their networking apps with comapneis
  2. The software is simpler, focussed and more reliable: “Sure enough, Forrester said, while Cisco’s code runs to 30 million lines of code or more, SnapRoute’s takes up perhaps 100,000.”
  3. A modern startup can compete with established vendors on features and get substantial sales in markets that they cannot reach

AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round | VentureBeat | Entrepreneur | by Jordan Novet : http://venturebeat.com/2017/02/07/att-microsoft-ventures-back-networking-startup-snaproute-in-25-million-round/


The post Response: AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round appeared first on EtherealMind.

by Greg Ferro at February 14, 2017 01:08 PM

Networking Now (Juniper Blog)

Juniper extends SDSN eco system with leading CASBs

Juniper extends SDSN eco system with leading CASBs, CipherCloud and Netskope

by abdis at February 14, 2017 01:00 PM

My Etherealmind

Research: Router Optics Evolution and Market Trends

Timely information on the future of optics and SFP modules. The current situation of price overloading by vendors is seriously grim (markups of 1000% are common) and this could help to increase your knowledge in the area.

  • Router Optics vs. Transport Optics
  • Router Optics Evolution
  • 100G Optics Status and Challenges
  • Higher 100G Density Considerations
  • Router Optics Market Trends
Router Optics Evolution and Market Trends 2_Liu_Optics_Evolution_And_v1.pdf

NB: From a NANOG meeting but haven’t been able to track down the exact link.

Source: https://www.nanog.org/meetings/nanog69/agenda

Video of the session

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="281" src="https://www.youtube.com/embed/kTgcOLmK1AY?feature=oembed" width="500"></iframe>

The post Research: Router Optics Evolution and Market Trends appeared first on EtherealMind.

by Greg Ferro at February 14, 2017 12:53 PM

Networking Now (Juniper Blog)

It's Time to Abandon the Castle

For the past 25 years, organizations of all sizes have relied on the castle and moat protection model – multiple layers of security with the ability to ‘raise the drawbridge’ as a last line of defense. Today, the castle is under siege from all sides and the bridge and moat model has run its course. Today’s networks are extremely complex, but like the castle they are equally simple in foundation: routers, switches and firewalls are the primary building blocks – whether physical or virtual. And like the castle that can no longer keep up with new kinds of foes, network attacks are increasing in complexity, agility and the ability to do damage.

by Kevin Walker at February 14, 2017 12:40 PM

February 13, 2017

Potaroo blog


Few parts of the Domain Name System are filled with such levels of mythology as its root server system. Here I'd like to try and explain what it is all about and ask the question whether the system we have is still adequate, or if it's time to think about some further changes.

February 13, 2017 07:00 PM

Honest Networker

DDoS mitigation these days

<video autoplay="1" class="wp-video-shortcode" controls="controls" height="360" id="video-1257-1" loop="1" preload="auto" width="640"><source src="http://cdn.honestnetworker.com/zvr7fZI.mp4?_=1" type="video/mp4">http://cdn.honestnetworker.com/zvr7fZI.mp4</video>

DDoS mitigation these days

by ohseuch4aeji4xar at February 13, 2017 01:38 PM

ipSpace.net Blog (Ivan Pepelnjak)

Network Automation 101: Featured Webinar in February 2017

The featured webinar in February 2017 is the Network Automation 101 webinar, and the featured video describes the reasons you should be interested in network automation, its basics, and the difference between automation and orchestration.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 13, 2017 08:01 AM

XKCD Comics

February 12, 2017

My Etherealmind

Research: BBR: Congestion-Based Congestion Control – ACM Queue

The BBR algorithm appears to be building critical mass of support in the Internet community which makes reading this research paper even more worthwhile.

When bottleneck buffers are small, loss- based congestion control misinterprets loss as a signal
of congestion, leading to low throughput. Fixing these problems requires an alternative to loss-based congestion control. Finding this alternative requires an understanding of where and how network congestion originates.

BBR: Congestion-Based Congestion Control – ACM Queue : http://queue.acm.org/detail.cfm?id=3022184

The post Research: BBR: Congestion-Based Congestion Control – ACM Queue appeared first on EtherealMind.

by Greg Ferro at February 12, 2017 11:23 AM

February 11, 2017

Potaroo blog


NANOG 69 was held in Washington DC in early February. Here’s my notes from the meeting.

February 11, 2017 11:00 PM

February 10, 2017

My Etherealmind

Response: Facebook – The growing ecosystem around open networking hardware

There is more genuine innovation and change coming from Facebook than any networking vendor. Whether its hardware designs, firmware (BMC , FBOSS applications and new protocols. I’m remain confident that the future isn’t being made by billion dollar companies with 65% gross margins.

If you are involved in network strategy then these videos will get you thinking in new ways.

The growing ecosystem around open networking hardware | Engineering Blog | Facebook Code | Facebook : https://code.facebook.com/posts/1241394199239439/the-growing-ecosystem-around-open-networking-hardware/

The post Response: Facebook – The growing ecosystem around open networking hardware appeared first on EtherealMind.

by Greg Ferro at February 10, 2017 05:46 PM

Networking Now (Juniper Blog)

Presos, Demos & Partnerships: Juniper Networks Returns to RSA 2017 with Impressive Line-Up of Activities

RSA is right around the corner and we’re excited to be back in San Francisco at Moscone Center for another week of security discussions and the opportunity to showcase our latest security innovations. Every year, RSA offers a great opportunity to assess the current security landscape and re-devote ourselves to Juniper’s goal of providing Software-Defined Secure Networks (SDSN) that stop and prevent threats from both inside and outside the perimeter. We have a lot of exciting activities taking place at the conference, so allow me to break down all the highlights of Juniper’s participation.

by smiles at February 10, 2017 05:00 PM

My Etherealmind

Response: Four Ways to Tackle H-1B Visa Reform – IEEE Spectrum

A balanced discussion on the merits of the US H1B visa program. These programs exist in most developed nations, and the same issues apply.

As you would expect, the program is used to benefit some companies and abused by others:

Giants like Amazon, Apple, Google, Intel, and Microsoft were all among the top 20 H-1B employers in 2014, according to Ron Hira, professor of political science at Howard University who has testified before Congress on high-skill immigration. The other fifteen—which include IBM but also consulting firms such as Tata Consultancy, Wipro, and Infosys—used the visa program mainly for outsourcing jobs.

On the whole, modern IT is changing much faster and automation is replacing most of the tasks the outsourcing does today. The era of oursourcing ended about 3 years ago, it will take several years for the market at large to catch up to this fact though.

Four Ways to Tackle H-1B Visa Reform – IEEE Spectrum : http://spectrum.ieee.org/tech-talk/at-work/tech-careers/four-ways-to-tackle-h1b-visa-reform

The post Response: Four Ways to Tackle H-1B Visa Reform – IEEE Spectrum appeared first on EtherealMind.

by Greg Ferro at February 10, 2017 02:28 PM

ipSpace.net Blog (Ivan Pepelnjak)

Video: Simplify BGP Configurations

Running BGP instead of an IGP in your leaf-and-spine fabric sounds like an interesting idea (particularly if your fabric is large). Configuring a zillion BGP knobs on every box doesn’t.

However, BGP doesn’t have to be complex. In the Simplify BGP Configurations video (part of leaf-and-spine fabric designs webinar) Dinesh Dutt explains how you can make BGP configurations simple and easy-to-understand.

by Ivan Pepelnjak (noreply@blogger.com) at February 10, 2017 08:21 AM