Thursday, June 21, 2018

Splunk makes two key acquisitions

Now Splunk data and insights can be acted upon more quickly along with automated remediation and forensics.

https://techcrunch.com/2018/06/11/splunk-nabs-on-call-management-startup-victorops-for-120-m/
"With VictorOps, the company gets a system to alert the operations team when something from that muddle of data actually requires their attention."


https://seekingalpha.com/article/4151274-splunk-acquire-phantom-cyber-350-million
"to bolster its data integration, security analysis and automation capabilities as it continues to build out its machine learning offerings."

The enemy of great

In the space between GOOD and PERFECT lies somewhere you occassionally want to be:  GREAT.  Very few things need to be perfect.  For many things we settle for good, and probably should.  We need a precious few to get GREAT.




No more
"Meaning: When deciding whether to commit to something, if I feel anything less than, “Wow! That would be amazing! Absolutely! Hell yeah!” - then my answer is no."  - Derek Sivers



BUT MOST OF THE TIME:

"Better a diamond with a flaw than a pebble without."  -Confucius  via Entrepreneur

...but "Obsession with perfection can paralyze" - Psychology Today

THEREFORE:
“Don't put off until tomorrow what you can do today.” ― Benjamin Franklin

There are times when perfection is called for, of course, but allow me to suggest to you that most of the time, “good enough” will do. There’s a point where it takes more and more energy to achieve smaller and smaller gains. via LifeHack.org


Thursday, August 20, 2015

Network Device API intro "Postman"

Playing around with the basics on network device API calls again.  Postman is a great tool to try things out interactively.  Works great for me as a Chrome plugin.




Kudos to Matt Oswalt for a great post on Nexus 9000 NX-API


Finally, a little bit of super generic Python for getting 'show version' from a switch:

import requests
import json

url='http://YOURIP/ins'
switchuser='USERID'
switchpassword='PASSWORD'

myheaders={'content-type':'application/json-rpc'}
payload=[
          {
                  "jsonrpc": "2.0",
                  "method": "cli",
                  "params": {
                             "cmd": "show version",
                                    "version": 1
                            },
                   "id": 1
           }
          ]
response = requests.post(url,data=json.dumps(payload), headers=myheaders,auth=(switchuser,switchpassword)).json()


Thursday, June 25, 2015

DevOps for Network Engineers

Network Engineers need to not only think about network programmability and automation.  Take a higher look into reducing operations and moves/adds/changes into the smallest incremental steps first.  Here are some great references to give you some thoughts on this.

What is DevOps in Simple English – Rackspace

Ivan Pepelnjak @ioshints describes how "Infrastructure as Code" makes sense

@dave_tucker gives a nice "NetOps to DevOps" plan

Bimodal IT – Lydia Leong of Gartner

BONUS:  Familiarize yourself with revision control.  @DavidJohnGee describes Git

Wednesday, March 11, 2015

Larger, quicker, mobile Networking as in IoT

I was wondering how thousands of new, tiny, mobile devices (such as sensor networks and the Internet of Things) might be assisted by IPv6.   Think about the obvious needs introduced:

1) Many Addresses  - estimates range from 10's to 100's for every person

2) Low Memory  - sensors will be small and somewhat cheap

3) Mobile -  where are they going to be and will they be needed elsewhere tomorrow?

4) Low-touch  -  by sheer numbers managing one-by-one is an impossibility

The current Internet Protocol dominant on the Internet (IPv4) isn't so upstanding for this.  The newer version (IPv6) is looking much more handy!  Found this article from a European Research project looking into just that.

www.iot6.eu
Check out all their material

Tuesday, March 3, 2015

Thursday, October 4, 2012

Regional leadership in IPv6

Network World claims "The US is overtaking the world on IPv6" , but I'm not entirely convinced.

Seems like when the numbers can support the claim such as overall traffic, North America vs. all of Asia numbers are shown.  When it's a bit closer, such as in number of addresses or vendor support the numbers are broken down by country to show the US is slightly ahead of China but not all of Asia.


It's nice to see that North America is no longer ignoring the protocol and the future of the Internet.  Now let's see how we are doing in percentage of bandwidth and percentage of total users!

Thursday, September 20, 2012

SSL and TLS - What do browsers use to encrypt?

I'll spare you all the gory details you can read on wikipedia, but these are protocols used to encrypt data exchanged by browsers and web servers for keeping information private and unchanged.  Secure Sockets Layer (SSL) has been through versions 1, 2, and 3.  All by 1996 !   Transport Layer Security (TLS) was released as version 1.0 in 1999.  (Also a !).

You may often see references to SSL3/TLS1.0 because "TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security."

TLS1.1 was defined in 2006.   TLS1.2 was defined in 2008.  As of 2012, IE9 appears to be the only major browser to support it.

In his great BlackHat 2010 presentation, Ivan Ristic presents great statistics on server support for these protocols discovered during surveying:




Monday, August 13, 2012

nping, a ping for more protocols

Nping is really handy when you suspect that ping or traceroute aren't giving you clear results.  I really like it for a TCP Connect to a website:


$ nping --tcp-connect -c 3 --delay 2s www.google.com

Starting Nping 0.6.01 ( http://nmap.org/nping ) at 2012-08-13 12:09 MDT
SENT (0.0067s) Starting TCP Handshake > www.google.com:80 (74.125.225.176:80)
RECV (0.0209s) Handshake with www.google.com:80 (74.125.225.176:80) completed
SENT (2.0086s) Starting TCP Handshake > www.google.com:80 (74.125.225.176:80)
RECV (2.0250s) Handshake with www.google.com:80 (74.125.225.176:80) completed
SENT (4.0113s) Starting TCP Handshake > www.google.com:80 (74.125.225.176:80)
RECV (4.0244s) Handshake with www.google.com:80 (74.125.225.176:80) completed

Max rtt: 16.390ms | Min rtt: 13.108ms | Avg rtt: 14.507ms
TCP connection attempts: 3 | Successful connections: 3 | Failed: 0 (0.00%)
Tx time: 4.00581s | Tx bytes/s: 59.91 | Tx pkts/s: 0.75
Rx time: 4.01892s | Rx bytes/s: 29.86 | Rx pkts/s: 0.75
Nping done: 1 IP address pinged in 4.02 seconds

You can also scan MAC addresses on your local subnet:


 $ sudo nping --arp-type ARP 172.16.16.1-10 --count 1


SENT (4.8530s) ARP who has 172.16.16.1? Tell 172.16.16.11
RCVD (4.8546s) ARP reply 172.16.16.1 is at 1C:DF:DF:53:91:91
SENT (5.8538s) ARP who has 172.16.16.2? Tell 172.16.16.11
RCVD (5.8548s) ARP reply 172.16.16.2 is at 00:26:9F:37:33:33
SENT (6.8556s) ARP who has 172.16.16.3? Tell 172.16.16.11
RCVD (6.9364s) ARP reply 172.16.16.3 is at A4:EF:57:E3:EA:EA
SENT (7.8575s) ARP who has 172.16.16.4? Tell 172.16.16.11
SENT (8.8582s) ARP who has 172.16.16.5? Tell 172.16.16.11
SENT (9.8587s) ARP who has 172.16.16.6? Tell 172.16.16.11
SENT (10.8600s) ARP who has 172.16.16.7? Tell 172.16.16.11
SENT (11.8612s) ARP who has 172.16.16.8? Tell 172.16.16.11
SENT (12.8621s) ARP who has 172.16.16.9? Tell 172.16.16.11
RCVD (12.8656s) ARP reply 172.16.16.9 is at 00:21:CF:BD:1F:1F
SENT (13.8634s) ARP who has 172.16.16.10? Tell 172.16.16.11


Raw packets sent: 10 (420B) | Rcvd: 4 (184B) | Lost: 6 (60.00%)
Tx time: 9.01162s | Tx bytes/s: 46.61 | Tx pkts/s: 1.11
Rx time: 10.01221s | Rx bytes/s: 18.38 | Rx pkts/s: 0.40
Nping done: 10 IP addresses pinged in 14.86 seconds

Friday, July 13, 2012

Integrating routing with CDN

A content delivery network (CDN) is a large distributed system of servers deployed in multiple data centers in the Internet.[citation needed] The goal of a CDN is to serve content to end-users with high availability and high performance.


Uniform Resource Identifier (URI) is a string of characters used to identify a name or a resource on the Internet. - en.wikipedia.org/wiki/URI


Border Gateway Protocol (BGP) is the protocol which is the core routing decisions on the Internet. It maintains a table of IP networks or 'prefixes' which designate network reach-ability - en.wikipedia.org/wiki/BGP

The multiprotocol extensions of BGP has been used to carry many types of information.  I stumbled across a great progression on the idea from this NANOG presentation from the guys at Comcast.


Here's their packet capture screenshot.  Notice the Address Family -  URI.



Friday, June 22, 2012

IPv1 , v2, and v3

I always hear "What happened to IP version 5?" But we've seen the answer many times.  "Some experimental testing version".

While reading Charles Kozierok's excellent TCP/IP Guide, I found the history of why IPv4 was actually the first version of IP as in a Layer 3 on it's own.  The addressing layer was part of the original Network Control Program and then Transmission Control Program combined into a single Layer3 and 4 functionality.   TCP became Transmission Control Protocol by its 'fourth iteration'.

Tuesday, June 19, 2012

Why hasn't networking followed Moore's Law ?

Andy Bechtolsheim's keynote at NANOG55 in Vancouver looks into what's been going on with networking versus Moore's Law:


Follow the link to his slides in PDF.  There are some fantastic graphs on:

  1. Server 10/40/100G Adoption Cycle
  2. Total Datacenter Switch Revenue by Protocol & Speed
Today's custom switch silicon support 64 10G ports on a single chip but forecast to scale by 4X in the next 3 years.  He wraps up the presentation looking into ways to alleviate the current high cost of optics slowing down 40G/100G adoption.


Wednesday, June 6, 2012

IPv6 Day

Early today, major web sites enabled their DNS 'quad A' or AAAA entries.

These include google.com, bing.com, facebook.com, yahoo.com, youtube.com and aol.com.

I especially like Facebook's IPv6 address:

2A03:2880:2110:3F03:FACE:B00C::

It looks like traffic to Google over one backbone immediately doubled... Albeit up to almost 2% of total traffic.

I'm told that unlike last year, these updates are planned to be permanent. Sure is a step in the right direction!