February 27, 2017

My Etherealmind

Research: The Business Bene ts of Automation and Orchestration – Cisco

Whitepaper from Cisco SPBU that nicely sums the advantages of orchestration and automation. Although its focussed on the service provider market, you could easily use this for an Enterprise proposal and make the case.

The overall savings in time and motions ranged from 60 to 70 percent, with the related OpEx avoidance from 50 to 70 percent. Over five years, that translated to an ROI of 383 percent and savings of $3 to $16.7 million for Tier 3 to 5 providers. The data for Tier 1 and 2 operators shows an estimated savings over five years that exceed $70 million.

Link: The Business Bene ts of Automation and Orchestration – http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/network-services-orchestrator/white-paper-c11-738289.pdf

The post Research: The Business Bene ts of Automation and Orchestration – Cisco appeared first on EtherealMind.

by Greg Ferro at February 27, 2017 06:05 PM

Network Design and Architecture

Feb 2017 -5 people passed the CCDE Practical exam with my courses

I am glad to announce that below 5 attendees passed the CCDE Practical Lab exam in February 22, 2017 after attending my CCDE Training Program and/or Self Paced CCDE Training got their CCDE numbers.     Kim Pedersen Pramod Nair Avinash Gupta Laurent Metzger Concepcion Diaz Cantarero Read the below feedbacks from the people who passed the CCDE […]

The post Feb 2017 -5 people passed the CCDE Practical exam with my courses appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at February 27, 2017 02:50 PM

ipSpace.net Blog (Ivan Pepelnjak)

Leaf-and-Spine Fabrics versus Fabric Extenders

One of my readers wondered what the difference between fabric extenders and leaf-and-spine fabrics is:

We are building a new data center for DR and we management is wanting me to put in recommendations to either stick with our current Cisco 7k to 2k ToR FEX solution, or prepare for what seems to be the future of DC in that spine leaf architecture.

Let’s start with “what is leaf-and-spine architecture?

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 27, 2017 12:08 PM

XKCD Comics

February 24, 2017

Security to the Core | Arbor Networks Security

Change All Your Passwords, Right Now!

by Steinthor Bjarnason, Senior ASERT Security Analyst & Roland Dobbins, ASERT Principal Engineer CloudFlare are probably best known as a DDoS mitigation service provider, but they also operate one of the largest Content Delivery Networks (CDNs) on the Internet. Many popular Web sites, mobile apps, etc. make use of the CloudFlare CDN, which hosts content […]

by ASERT team at February 24, 2017 05:20 PM

Network Design and Architecture

10 Most Popular articles of 2016 on orhanergun.net and statistics

Below is the Google Analytics page views for the articles between January 1st 2016 and January 1st 2017. I didn’t include Home page , CCDE Course and the CCDE E-book pages but just the technical articles. If you haven’t looked at some of those yet, I recommend definitely read them now.   BGP Route Reflector […]

The post 10 Most Popular articles of 2016 on orhanergun.net and statistics appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at February 24, 2017 11:08 AM

XKCD Comics

February 23, 2017

ipSpace.net Blog (Ivan Pepelnjak)

EVPN: All that Glitters Is Not Gold

Cumulus Linux 3.2 shipped with a rudimentary EVPN implementation and everyone got really excited, including smaller ASIC manufacturers that finally got a control plane for their hardware VTEP functionality.

However, while it’s nice to have EVPN support in Cumulus Linux, the claims of its benefits are sometimes greatly exaggerated.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 23, 2017 06:06 PM

My Etherealmind

Frequently Asked Questions: Submarine Cables 101

Useful background information on oceanic cabling from Telegeogrphy.

I’ve been involved with TeleGeography’s research on submarine cables since 2000. Over the years I’ve fielded numermous questions about the submarine cable industry from journalists, investors, family, and friends.

It seems as good a time as any to provide a compilation of answers to some of the most commonly asked questions.

Worth a read.

Frequently Asked Questions: Submarine Cables 101

The post Frequently Asked Questions: Submarine Cables 101 appeared first on EtherealMind.

by Greg Ferro at February 23, 2017 12:26 PM

ipSpace.net Blog (Ivan Pepelnjak)

Newer Docker Networking Options

In the last part of the free Docker Networking Fundamentals webinar Dinesh Dutt described the newer high-performance networking options (Macvlan and Ipvlan) introduced in Docker version 1.12.

by Ivan Pepelnjak (noreply@blogger.com) at February 23, 2017 09:17 AM

Networking Now (Juniper Blog)

Will the Enterprise Welcome Connected Devices?


IoT is everywhere. There are around 15 billion connected devices in the world today. Putting it bluntly, that equals billions of opportunities to launch a cyber-attack. I’m sure we all saw the news at the end of 2016 when IoT cameras were infected with the Mirai malware and turned into ‘bots that were used to disable websites and Internet services.


Will 2017 be the year we hear of the first attack where IoT is used to steal corporate data?

by lpitt at February 23, 2017 09:00 AM

ipSpace.net Blog (Ivan Pepelnjak)

Facebook Backpack Behind the Scenes

When Facebook announced 6-pack (their first chassis switch) my reaction was “meh” (as well as “I would love to hear what Brad Hedlund has to say about it”). When Facebook announced Backpack I mostly ignored the announcement. After all, when one of the cloud-scale unicorns starts talking about their infrastructure, what they tell you is usually low on detail and used primarily as talent attracting tool.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 23, 2017 08:07 AM

February 22, 2017

The Networking Nerd

Networking Grows To Invisibility


Networking is done. The way you have done things before is finished. The writing has been on the wall for quite a while now. But it’s going to be a good thing.

The Old Standard

Networking purchase models look much different today than they have in the past. Enterprises no longer buy a switch or a router. Instead, they buy solution packages. The minimum purchase unit is a networking pod or rack. Perhaps your proof-of-concept minimum is a leaf-spine of no less than 3 switches. Firewalls are purchased in pairs. Nowhere in networking is something simple any longer.

With the advent of software, even the deployment of these devices is different. Automation and orchestration systems provide provisioning as the devices are brought online. Network Monitoring Systems ensure the devices are operating correctly via API call instead of relying on SNMP. Analytics and telemetry systems can pull statistics on the fly and create datasets that give you insight into all manner of network traffic. The intelligence built into the platform supporting the hardware is more apparent than ever before.

Networking is no longer about fast connectivity speed. Instead, networking is about stability. Providing a transport network that stays healthy instead of growing by leaps and bounds every few years. Organizations looking to model their IT departments after service providers and cloud providers care more about having a reliable system than the most cutting edge technology.

This is nothing new in IT. Both storage and virtualization have moved in this direction for a while. Hardware wizardry has been replaced by software intelligence. Custom hardware is now merchant-based and easy to replace and build. The expertise in deployment and operations has more to do with integration and architecture than in simple day-to-day setup.

The New Normal

Where does that leave networkers? Are we a dying breed, soon to join the Unix admins of the word and telco experts on a beach in retirement? The reality is that things aren’t as dire for us as one might believe.

It is true that we have shifted our thinking away from operations and more toward system building. Rather than worry if the switch ports have been provisioned, we instead look at creating resilient constructs that can survive outages and traffic spikes. Networks are becoming the utility service we’ve always hoped they would be.

This is not the end. It’s the beginning. As networks join storage and compute as utilities in the data center, the responsibilities for our sphere of wizardry are significantly reduced. Rather than spending our time solving crazy user or developer problems, we can instead focus on the key points of stability and availability.

This is going to be a huge shift for the consumers of IT as well. As cloud models have already shown us, people really want to get their IT on their schedules. They want to “buy” storage and networking when it’s needed without interruption. Creating a utility resource is the best way to accomplish that. No longer will the blame for delays be laid at the feet of IT.

But at the same time, the safety net of IT will be gone as well. Unlike Chief Engineer Scott, IT can’t save the day when a developer needs to solve a problem outside of their development environment. Things like First Hop Reachability Protocols (FHRP), multipathing, and even vMotion contribute to bad developer behavior. Without these being available in a utility IT setup, application writers are going to have to solve their own problems with their own tools. While the network team will end up being leaner and smarter, it’s going to make everything run much more smoothly.

Tom’s Take

I live for the day when networking is no different than the electrical grid. I would rather have a “dumb” network that provides connectivity rather than hoping against hope that my “smart” network has all the tricks it needs to solve everyone’s problem. When the simplicity of the network is the feature and we don’t solve problems outside the application stack, stability and reliability will rule the day.

by networkingnerd at February 22, 2017 10:28 PM

Aaron's Worthless Words

Cisco Live US 2017 – The Plan So Far

Put it on your calendar.  Cisco Live US is June 25 – 29, 2017, in Las Vegas.  This is the largest conference I go to every year, and it’s the highlight of my professional year.  I’ve been going for a few years now and enjoy it for the content and camaraderie.  What are we doing this year?

We’ll fly in on Friday again and do something.  No idea what, but I imagine we’ll throw out an invitation for dinner to the public and meet somewhere.  If you’re going to be in town, let me know, and we’ll meet up.

The Saturday Adventure was going to be ham radio related since that’s ARRL Field Day.  I reached out to the Las Vegas ham club, and they told me that the clubs out there all go to the top of a mountain to operate.  The problem : that mountain is 44.8 miles away from Mandalay.  That’s one helluvan Uber ride, so that’s out.  I looked at some other epic sites like the Grand Canyon and Hoover Dam, but, based on past participation, the time requirements for those don’t make the cut for the group.  We probably need to meet somewhere at 1pm or and be back by 4pm or so.  That’s just how it’s happened the last few year.  I’m thinking maybe Fremont Street.  There’s plenty to do there.  Let me know if you have any other ideas.

Sunday afternoon is usually open to whatever.  People start arriving en masse, so we play it by ear.  We’ll probably just wind up hanging out at Social Media Central.  Sunday is typically the first tweetup and also the Mentor Program meeting.  Those are big events, so we won’t miss that.  I’ll take part in the Slacker Bet on Sunday.  We all take the CCIE R&S Written exam, and whoever has the highest passing score has to buy everyone else who passed a beer.  It’s always fun.

Monday is sessions, but, perhaps more importantly, it’s Kilted Monday.  Wear your kilt and show off your tartan!  You’re looking at the reigning second-place finisher in the best legs contests!  The biggest conference event of Monday is the opening of the World of Solutions.  This is where you get all the cool swag for your coworkers and kids.  And there’s free beer and food most of the time, too…which is important.  My favorite exhibit in the World of Solutions each year is Cisco Tactical Operations.  These guys have some fancy equipment that they use in disaster relief efforts around the world.  It’s my dream job to work with these guys.  Fingers are still crossed for that.

Tuesday is sessions.  The CCIE party is usually that night, so I try to find a vendor who wants to feed me drinks.  It’s not hard to find one.  Just ask somebody where they’re going.  Your AE back home may have sent you an invite for something that night, too.  I think mine sent me 4 of them total. In other words, you can find something to do.

Wednesday is sessions…and the Customer Appreciation Event!  This is usually the highlight of the week as we all pile into an arena somewhere (I can only imagine we’re in T-Mobile again this year.) to hear some world-class musical acts.  We’ve seen a wide range of acts from Maroon 5 to Devo to Aerosmith to Lenny Kravitz.  The act hasn’t been announced yet, though.  I voted for Rammstein, but we’ll see who shows up.  And don’t forget your hat.

Thursday is sessions mixed with hangovers from the CAE.  As an experienced attendee, I advise you not to schedule an 8am session on Thursday; you probably won’t make it.  Thursday is the closing keynote, so make sure to attend that. It’s always worth your time.  We also wind up meeting for dinner that night as a large group.  And I mean a large group.  I think we did about 45 or so last year.  Remind me to work on getting someone to make reservations for that.

Friday is travel day home and filled with tears as you already miss your buddies that you won’t see until 2018 in Orlando.  🙁

Send any vendor party invites questions my way.

by Aaron Conaway at February 22, 2017 08:15 PM

Networking Now (Juniper Blog)

Turn on “God Mode” with Juniper’s Software-Defined Secure Networks



Networks have changed significantly over the past decade.  Businesses are moving to the cloud and adopting new technologies such as Internet of Things (IoT) and block chain, all of which are heavily network-dependent.


These same enterprises are also spending more on security to protect new and existing infrastructure.  Unfortunately, breaches continue unabated.  Internal records and customer data are being stolen and sold to the highest bidder, causing irreparable damage. This begs the question:  are these businesses missing something fundamental in their approach to network security?

by praviraj at February 22, 2017 03:31 PM

ipSpace.net Blog (Ivan Pepelnjak)

NextGenDC: Securing a Hybrid Cloud with Matthias Luft

Imagine you were asked to migrate some of the workloads running in your data center into a public (or managed) cloud. These workloads still have to access the data residing in your data center – a typical hybrid cloud deployment.

Next thing you know you have to deal with your (C)ISO and his/her usual concerns as well as the variety of articles on tech sites stating that "security is the biggest challenge of cloud adoption".

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 22, 2017 11:46 AM

XKCD Comics

February 21, 2017

Security to the Core | Arbor Networks Security

Additional Insights on Shamoon2

IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. Researchers showcased a potential malware lifecycle which started with spear phishing and eventually led to the deployment of the disk-wiping malware known as Shamoon. Their research showcased a set of downloaders and domains that […]

by Neal Dennis at February 21, 2017 10:19 PM


Network Modernization Webinar Now Available Online

On February 8th I gave a webinar on network modernization initiatives with Doug Nash, the Deputy Chief Information Officer, Operations & Infrastructure at the USDA. I thoroughly enjoyed the opportunity to speak with Doug and discuss some of the new directions that various Federal agencies are undertaking to create more modernized and agile networks. This webinar is now available …

by Stefan Fouant at February 21, 2017 04:51 PM

Networking Now (Juniper Blog)

Sky ATP Shortlisted for the techies 2017 Awards

techies_Finalist_logos_Security Technology Finalist.png




Sky ATP has been shortlisted for the techies 2017 awards in London, read on to find out more...




by lpitt at February 21, 2017 11:46 AM

ipSpace.net Blog (Ivan Pepelnjak)

Network Automation and Undifferentiated Heavy Lifting

I got this tweet after publishing the “use Ansible to execute a single command on all routers” blog post (and a few similar comments on the blog post itself)

Or use Python, Netmiko and a simple For loop

I never cease to be amazed by the urge to do undifferentiated heavy lifting in the IT industry.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 21, 2017 07:33 AM

February 20, 2017

Network Design and Architecture

Free Webinar – DMZ Anywhere.Let’s talk about DMZ security design options

This is a free webinar but requires registration and seats are limited thus please register immediately. Webinar on Tuesday, February 28, 2017 7:00 PM – 8:30 PM AST. REGISTER Agenda Introduction to Security Zones What’s DMZ? Why do we need DMZ? Physical vs Logical Network Segmentation Emerging Technologies (Virtualization, Micro Segmentation) Benefits of DMZ Anywhere […]

The post Free Webinar – DMZ Anywhere.Let’s talk about DMZ security design options appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at February 20, 2017 04:11 PM

ipSpace.net Blog (Ivan Pepelnjak)

Q&A: Migrating to Modern Data Center Infrastructure

One of my readers sent me a list of questions after watching some of my videos, starting with a generic one:

While working self within large corporations for a long time, I am asking myself how it will be possible to move from messy infrastructure we grew over the years to a modern architecture.

Usually by building a parallel infrastructure and eventually retiring the old one, otherwise you’ll end up with layers of kludges. Obviously, the old infrastructure will lurk around for years (I know people who use this approach and currently run three generations of infrastructure).

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 20, 2017 09:35 AM

Network Design and Architecture

February 2017 CCDE Training is over ! Waiting the attendees success now !

My February 2017 CCDE class is now over. The duration of the course was for 11 days and as usual it started with lots of advanced technology lessons. All the critical CCDE exam topics (IGP, BGP , MPLS and the other technologies) were covered in detail from the design point of view. A minimum of […]

The post February 2017 CCDE Training is over ! Waiting the attendees success now ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at February 20, 2017 08:00 AM

XKCD Comics

February 17, 2017

Ethan Banks on Technology

No Sound In Exported Video – Final Cut Pro X 10.3.2

Ran into an issue today where audio was working normally in Final Cut Pro X 10.3.2, but the exported video had no sound. The video and sound were originally recorded using a Canon G7X Mark II.

The fix was to delete Final Cut Pro X preferences, as detailed by Apple here. In short…

  1. Quit FCPX.
  2. Press Command-Option when re-launching FCPX. You’ll be given an option to delete your FCPX preferences.
  3. Delete your preferences.

That will definitely result in some interface trauma for you, as FCPX won’t remember where your libraries are. I’m not sure what other settings you’d invested in that might also be forgotten — probably a lot of things. I’m still relatively new to FCPX, so the hit wasn’t too hard to handle. But still. Yuck.

Yuck or not, that worked. Once I pointed FCPX at my libraries and built a new project for my simple video, exporting rendered not just video, but audio too. And all was right with the world.

Ethan Banks writes & podcasts about IT, new media, and personal tech.
about | subscribe | @ecbanks

by Ethan Banks at February 17, 2017 10:08 PM

ipSpace.net Blog (Ivan Pepelnjak)

OpenConfig: From Basics to Implementations

In 2013, large-scale cloud providers and ISPs decided they had enough of the glacial IETF process of generating YANG models used to describe device configuration and started OpenConfig – a customer-only initiative that quickly created data models covering typical use cases of the founding members (aka “What Does Google Need”).

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 17, 2017 07:24 AM

The Networking Nerd

The Rising Tide of CCIE Written Costs


In CCIE news this week, Cisco has raised the price of their exams across the board. The CCNA has moved up to $325, and the CCIE Written moves from $400 to $450. It goes without saying that there is quite a bit of outcry in the community. Why is the price of the CCIE Written exam surging so high?

No Such Thing As A Free Test

The most obvious answer is that the amount of work going in to development of the exam has increased. The number of people working behind the scenes to create a better exam has caused the amount of outlay to go up, hence the need to recover those costs. This is the simplest explanation of all the cost increases.

As Cisco pours more and more technology into the tests, the amount of hands and fingers touching them has gone down. At the same time, the quality of the eyeballs that do look at the exam has gone up. It’s a lot like going to a specialist doctor. The quality of the care you receive for your condition is high, but the costs associated with that doctor are higher than a regular general practice doctor. Cisco’s headcount is now focused on keeping exam quality high. That kind of expertise is always more expensive per capita, even if the number of those people is fewer.

The odd thing here is that even if the costs of the people doing the work are going up, the amount that the test is increasing doesn’t seem to correlate. It’s been less than two years since the formal introduction of the current version of the CCIE written exam at the then-unheard of price point of $400. We’re two and a half years removed from the CCIE 4.0 Written exam and it’s lofty $350 price point. Has the technology changed so much in less than three years?

The Great Barrier Test

Going back to the introduction of the 5.0 version of the CCIE Written, there was also a retake policy change introduced. Cisco wanted to create a “backoff timer” to reduce the amount of times that a person could take the exam before needing to wait. The change still allowed you to take the second attempt after 30 days, but then the third attempt must wait an additional 90 days after that. So, instead of being able to get three exam attempts in 60 days, those same three attempts would have taken 120 days.

This change was rolled back about six months ago due to outcry from the community. CCIEs trying to recertify were stymied by the exam and forced to wait longer and longer to pass it, with their certification hanging in the balance. With the increased timeouts and limit of four retakes per year, some long time CCIEs were in danger of exhausting their attempts and watching their certification slide away without any recourse to fix it.

Now, the increased price behind the CCIE Written could indeed be attributed to the increased overhead. But it could also be an attempt to keep people from rushing in to take the test every 30 days. Making a policy change to keep people out the exam is one way to do it. But making the exam financially painful to continually fail is another. If you’re willing to drop $1350 in three months to try and pass then you either have money to burn or you’re desperate to pass.

In addition, a higher exam fee would cause test takers to be absolutely certain of their knowledge level before attempting the exam. Creating an initial barrier to entry that will make people think twice before scheduling an exam on a whim does create a situation where the first-time pass rate will improve significantly. This will also help drive funding to certification materials and classes, as candidates will want to know that they will pass before stepping into a certification exam center.

Tom’s Take

I’d really like to think that Cisco is just trying to cover their overhead with the recent price increases. Everything goes up in price. Some things go up faster than others. But the conspiracy theorist in me wonders if Cisco isn’t trying to use the increased price of the exam to help raise the pass rates and discourage folks from rushing the test repeatedly to see the exam question pool. $450 is a tough pill to swallow even if you pass. I think we’re going to see a lot more people taking advantage of the free Cisco Live exam as well as the half price cert exams there. And I sincerely hope the rumored options for recertification take flight soon. Because I don’t know how ready I am to go all out to study when there’s that much money on the line.

by networkingnerd at February 17, 2017 01:31 AM

XKCD Comics

February 16, 2017

Honest Networker
My Etherealmind

Cisco Shrinks in Switching, Routing and DC

Cisco shrinking overall ~2% per quarter (fifth straight down quarter). 10% down in routing, 5% down in switching, 4% down in DC. Increases dividend, investors happy.

Cisco reported $11.6 billion in revenue for Q2 2017 on February 15, 2017, a 2% YoY decrease, but in line with guidance of a 2-4% YoY decline.

Revenue breakout:

Product, $8.49B (down 5.5%); Service, $3.09B (up 4.9%).

By segment:

Switching, $3.31B (down 5%); NGN Routing, $1.82B (down 10%); Collaboration, $1.06B (up 4%); Data Center, $790M (down 4%); Wireless, $632M (up 3%); Security, $528M (up 14%); Service provider video, $241M (down 41%); other, $116M (up 53%

“Cash” of $71.8 billion at the end of Q2 2017, with only $9.6 billion in the US. The introduction of a Corporate Tax Holiday could have huge positive ramifications for Cisco.

The Q3 2017 outlook calls for revenue to decline by 2% or to remain flat YoY.

Data Center

Total product revenue was down 4% and let me walk through each of the product areas. Switching declined 5%, driven by weakness in Campus partially offset by strength in the ACI portfolio, which was up 28%

Cisco ACI is holding up switching revenue but Campus declines are greater. (I continue to think that ACI growth is slower than competitors e.g. NSX and not what Cisco had hoped for)

Across our next-generation data center portfolio, we saw healthy customer traction, including our ACI data center switching portfolio grew revenue by 28%. This includes 1,300 new Nexus 9000 customers and 450 new ACI customers in Q2.

It would seem that people are buying Nexus 9000 with 30% takeup rate on ACI functions.

Bright Spots

Chuck Robbins: Wireless grew 3%, with ongoing strength in Meraki and the continued ramp of our 11ac Wave 2 portfolio. Security grew 14% with deferred revenue growth of 45%, as we offer more solutions to customers with increasing software content that result in greater recurring revenue. We had very strong performance in our advanced threat security of 65% as well as strength in unified threat management and web security solutions.

The Etherealmind View

Cisco is shrinking at a reasonable rate and management have the decline under control. The transition to cheaper switch and routing products like the Nexus 9000 is well under way while attempts to sell software as a service like ACI & Meraki are modest.

The decline in routing seems largely due to service providers who are holding back spending as they work out their SDN/NFV strategy.

Cisco is increasing dividends making it attractive to investors. Many are hopeful that Cisco can turn around the shrinking business over time probably through acquisition.

Link: Cisco Systems (CSCO) Q2 2017 Results – Earnings Call Transcript | Seeking Alpha – http://seekingalpha.com/article/4046482-cisco-systems-csco-q2-2017-results-earnings-call-transcript?part=single

The post Cisco Shrinks in Switching, Routing and DC appeared first on EtherealMind.

by Greg Ferro at February 16, 2017 10:52 AM

Networking Now (Juniper Blog)

Security Prediction 1: The Internet of Things - Are you really in control?


Just three years ago, the concept of IoT (Internet of Things) was still fresh; people bought devices because they were ‘cool’ or because it seemed that we could improve quality of life with ownership. The general excitement around IoT has led to market consumerisation faster than security standards have kept pace. 


In this blog we will discuss growth in IoT, and the risk of not considering security during design, purchase and implementation of these exciting devices.

by lpitt at February 16, 2017 09:00 AM

ipSpace.net Blog (Ivan Pepelnjak)

More Thoughts on OSPF Forwarding Address

Angelos Vassiliou sent me an interesting lengthy email after I published my OSPF Forwarding Address series (part 1, part 2, part 3, part 4). I asked him whether it’s OK to publish his email together with my responses as a blog post and he gracefully agreed, so here it is.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 16, 2017 08:12 AM

February 15, 2017

Router Jockey

Ixia Vision ONE – Tap the Planet

Ixia LogoWhenever I start talking about network visibility and aggreagation taps I can’t help but think of The Matrix. Millions of packets flowing through your network every minute of every day, tapping into that can be a daunting exercise. Luckily we have some new blood in this space, at least in my view, Ixia Vision ONE. For those of you that recognize the name, yes I’m talking about that Ixia.. previously one of the leaders in the load testing market, they’ve moved into the network packet broker space.

Vision ONE is Ixia’s all-in-one product attempts to provide assurance that the network traffic you want to reach your monitoring and security tools is actually reaching your tools. Vision ONE is able to take the input from your device, and send it out in several directions, applying filters to the traffic as needed. This means that you can filter out specific traffic and send it to a monitoring / security tool with traffic it doesn’t need to process. All of this is managed through a clean, easy to user interface that displays the connections between the TAP’s physical ports, filters, and tool ports.

Take a look at the Vision One demo here.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/192286988" webkitallowfullscreen="webkitallowfullscreen" width="640"></iframe>

My Thoughts on Ixia Vision ONE

Ixia has been busy working on the network packet broker portfolio. With acquisitions of Anue Systems and Net Optics over the past few years their service catalogue is growing rapidly. The Vision ONE offers an easy to use toolset with some seriously capability. This is another company that I’m looking forward to working with in the near future and hope to have some hands on time with in 2017.

As Phil Gervasi said – Tap Everything. Tap Everywhere.

Other Info

Here are a few links to other folks that have also shared their thoughts on Ixia’s offerings.

The post Ixia Vision ONE – Tap the Planet appeared first on Router Jockey.

by Tony Mattke at February 15, 2017 03:00 PM

Dyn Research (Was Renesys Blog)

A Baker’s Dozen, 2016 Edition

As is our annual tradition, this blog provides a year-end review of how the Internet providers at the top of our Internet Intelligence – Transit global rankings fared over the previous year.  The structure, performance and security of the Internet remains a huge blind spot for most enterprises, even those critically dependent on it for business operations.  These are familiar topics that we’ve covered over the years in this blog and our Twitter feed, and 2016 was no different.  We saw bogus routing and subsequent grossly misdirected traffic from Ukraine and Iran, for just two examples.  We saw cable breaks, new cable activations, censorship and crippling attacks.  And much, much more.  Dyn provides such critical insight into the structure and performance of the Internet, both real-time and historical, and uses this data set to make 40 billion traffic steering decisions daily for customers.

Back in 2008, we chose to look at the 13 providers that spent at least some time in the Top Ten that year, hence the name “Baker’s Dozen“.  We repeated that exercise in 2009, 2010, 2011, 2012, 2013, 2014, and 2015.  And for the first time in 2015, we even provided a regional Baker’s Dozen blog, illustrating how substantially the provider rankings vary by continent.  During these past 9 years, I’ve really wanted to retire this story line, since these rankings cover such a very small slice of our data and we have many more interesting things to talk about.  But each year this time, the clamor starts to grow from our dedicated fan base, and I dust off this data set yet again.  As in the past, I’ll focus on global IPv4 rankings, given the lack of IPv6 adoption at the Internet’s edge, where most IP space is allocated.  Anyone wishing to explore our IPv6 rankings or further investigate our IPv4 rankings should subscribe to our Internet Intelligence – Transit product.  This application provides full details of every AS on the global Internet, overall and by market, along with news events of interest concerning changes in transit and customer wins and losses.

While the specific details of ranking changes differ from year to year, my overall story line is often the same, namely, traditional US carriers continue to fade from view, while providers more focused on emerging markets continue to climb in our rankings.  In fact, last year, I wrote: “Back in 2008, our rankings were dominated by traditional US carriers, many of which have exited the Baker’s Dozen entirely or dropped significantly in their global rankings.”  But businesses can grow either organically or by acquisition, and several US firms have announced buyouts that should shake up the rankings once completed.  In fact, US carriers now take 3 of the top 5 spots in our global rankings with Level 3 once again in a seemingly unassailable position.

In what follows, we’ll briefly review some of the trends and changes we observed in 2016 relative to the top global Internet providers, and then we’ll dive into what a post-acquisition world might look like over the next couple of years.

Drum roll please …


The above graph shows our global scores for the Baker’s Dozen over the past year.  As always, the absolute scores (computed from the quantity of transited IP space) are not meaningful in this context, so we omit the scale.  At this high level, we see more or less steady growth for all of the players and some seemingly minor jockeying for position throughout 2016.  However, our final annual rankings are anything but predictable, as 2016 saw some significant changes.

Last year, we saw Level 3 (#1) dramatically pull away from Telia Carrier (#2), after Level 3 had briefly given up its roughly eight year run at the top of the heap.  And as we will see below, this margin is only likely to increase in the coming years.  Cogent represents another big win for US carriers, surging from #5 to #3 (by a hair) in a single year’s time.  Last year saw NTT drop from its long held #3 position to #4, while Tata made steady gains and fought GTT for the #5 spot, before (barely) ending the year at #6, the same spot as last year.  Another US carrier, Hurricane Electric, also saw impressive gains, moving all the way from #12 to #8.  The more traditional US carriers, namely, Verizon, Sprint and Century Link, languished near the bottom of our rankings.  However, as we will see, merger activity stands to improve the lot of at least two of these entities.  In short, US carriers are beginning to reassert themselves on the global stage after a long period of stagnation or decline.

To make more sense of the tangled graphic above and this year’s changes, we’ll divide up the players into three tiers and zoom in on each in turn.  Then we’ll discuss the proposed mergers and how they might shake up our rankings.

And then there were two


The beginning of last year saw Telia Carrier and Level 3 in a close fight for #1, with Telia opening up a sizable lead by mid-year.  Although Level 3 (AS3356) completed their acquisition of Global Crossing (AS3549) back in October of 2011, over the intervening years, Level 3 continued to treat Global Crossing more like a peer (with respect to routing), since their networks had not yet been fully merged.  And we continued to show them as separate entities.  That changed in mid-2016 and Level 3 picked up credit for all of Global Crossing’s downstream customers, accounting for Level 3’s surge back to #1 in August.

When we first wrote about the Level 3 merger with Global Crossing in early 2011, we called the new entity a “global colossus” and stated that “the next five global providers would have to merge to rival the new Level 3’s score!”  Telia Carrier’s steady growth since then has given Level 3 a serious challenger and 2016 ended with Telia’s score just 5% below that of Level 3’s, despite Level 3 finally getting full credit for Global Crossing by our scoring algorithm.  However, CenturyLink’s proposal to buy Level 3 (expected to close in late 2017) should ultimately give the combined new entity another huge boost in our global rankings, perhaps allowing it to remain at the top of the leader board for many more years.

A surging middle


Last year saw consistent and solid gains for all the carriers in this group.  But the true star of the show was Cogent, surging all the way from #5 to #3 in twelve short months.  Cogent’s rise was in no small part due to broad-based gains from Asian carriers.  Cogent’s substantial end-of-year drop was the result of losing Apple (AS714) as a customer.  But they quickly began to recover with more gains in Asia, such as increased transit from PT Telekomunikasi Indonesia (AS7713), Rostelecom (AS12389) and Pacnet (AS10026) to name a few, ending the year just ahead of NTT.  NTT’s growth was a bit more erratic, but still about 4% over where they started the year and just a hair below Cogent at year end.

The other US carrier in this group is GTT.  While 2016 saw GTT drop from #4 to #5 in our global rankings, due to Cogent’s rise, they still saw some impressive gains in the second half of the year after lackluster first half.  GTT’s gains were due in part to increased transit in Asia, such as increases from strong regional players like Korea Telecom (AS4766) and Japan’s KDDI (AS2516).  Tata was a much more consistent performer throughout the year with solid transit gains in Asia from the likes of SingTel (AS7473), SK Broadband (Hanaro) (AS9318), LG Uplus (LG DACOM) (AS3786), and Vietnam Posts and Telecommunications (AS45899).  Only year-end declines by both GTT and Tata kept GTT ahead of Tata by the narrowest of margins.  Tata lost some transit from Vietnam’s Viettel (AS7552) and Singtel, while GTT gave up some of its earlier gains from KDDI.

The best of the rest


The biggest stories in our final tier again belong to American carriers with Hurricane Electric surging all the way from #12 to #8, while Verizon fell precipitously from #7 to #10.  Hurricane Electric saw transit gains from Telstra Global (AS4637), Mexico’s Uninet (AS8151) and China Railway (AS9394), among others.  Verizon’s second half of the year plunge was due in part to losing large customers such as LG Uplus, Bharti Airtel Ltd. (AS9498) and C&W Networks (AS23520).  To round out the American carriers listed here, Sprint spend much of the year treading water, while Century Link’s late year surge was due in part to a considerable increase in transit from Telstra Global .


Conclusions and a look to the future

Traditionally, in this section, I talk about the decline of US carriers and the rise of those focused on the emerging world where there is still considerable growth in connecting up the rest of humanity.  But something profound changed in 2016.  For the first time since 2011, two American carriers were among the top three in our global rankings.  And as we illustrated above, American carriers are making big gains in the emerging world, where Internet connectivity can still be considered a novelty.

Plus 2016 saw a wave of M&A announcements.  CenturyLink, owners of Qwest and Savvis, announced plans to purchase Level 3, owners of Global CrossingGTT said they’d acquire Hibernia, a deal that closed at start of 2017Verizon laid claim to XO and even AT&T, which left our Baker’s Dozen entirely in 2013, got into the act by announcing plans to acquire Time Warner.  But our rankings are not based on acquisition announcements or even actual ownership.  They are based on objective routing data, which definitively shows how networks are interconnected and from which you can infer real world dependencies.  In other words, until two entities are routed as if they were a single business, we treat them separately.

But let’s assume for a moment that all of these proposed acquisitions complete and all of the relevant networks are immediately merged.  What would our global rankings look like then?  Using their current customers, we performed our scoring calculations on all of the purposed mergers, resulting the following breakdown by global market share.  The percentages add up to more than 100%, since any organization serious about its Internet presence is multi-homed, i.e., has more than one service provider for redundancy.

Here we see Level 3, CenturyLink, et al. with 46% of the global market share, which is considerably less than the 55% a merged Level 3 and Global Crossing would have had back in 2011.  The main effect of the current proposed merger is to extend Level 3’s lead over Telia.  A merged GTT and Hibernia keeps GTT at #5, but a merged Verizon and XO propels Verizon from #10 to #7.  And a combined AT&T and Time Warner lifts AT&T from #25 all the way to #17, but still along way from regaining a place in our Baker’s Dozen.

In conclusion, while our global rankings are more diversified then they were a decade ago, American carriers with a renewed focus on emerging markets and strategic acquisitions have definitively shown that they are not dead yet.  It will be interesting to see if they can maintain this momentum.  Stay tuned.

by Earl Zmijewski at February 15, 2017 02:24 PM

My Etherealmind

Sponsor: FutureWAN – a virtual conference on SD-WAN

A couple of months Packet Pushers hosted an open format, non-boring, live discussion about the reality of operating a SD-WAN with people who have lived through it. This was part of the Future WAN Virtual Summit series from Viptela which are now available online.

The session format was live questions & answers from the audience (via chat window)  we answered them live, on air.


Viptela virtual summit 590 300 featured image opt

Packet Pushers Open Mic Live: Real SD-WAN Challenges Live Q&A

Ethan Banks & Greg Ferro, Analysts, Packet Pushers Date: Jan 17 2017, 0900PST Duration: 45 mins

Direct link to Access 

On a separate note, I would welcome any feedback about the “Virtual Summit” idea. The sessions were recorded and now available for anyone to watch.

Which has me thinking about the potential of running a “virtual conference”.

Could that work ? Drop a note in the comments or email me I would love to hear what you think.


The post Sponsor: FutureWAN – a virtual conference on SD-WAN appeared first on EtherealMind.

by Greg Ferro at February 15, 2017 02:10 PM

XKCD Comics

February 14, 2017

My Etherealmind

Response: Network Icons – ‘net work

These are great icons for network diagrams from Russ White. Much more useful for all diagrams purposes than most other icons.

I’ve developed this set of vendor neutral network icons for drawing diagrams in presentations, books, and the like. I’m placing them here in the public domain in four different formats

Network Icons – ‘net work : http://rule11.us/net-icons/

Personally, I use simple shapes and colours for my diagrams for simplicity but I suspect these will appeal to people who are Visio-centric in their workflow.

<figure class="wp-caption aligncenter" style="width: 594px">Screenshot of OmniGraffle 24 01 2017 21 32 47<figcaption class="wp-caption-text">My personal icon set for diagrams</figcaption></figure>

The post Response: Network Icons – ‘net work appeared first on EtherealMind.

by Greg Ferro at February 14, 2017 09:00 PM

ipSpace.net Blog (Ivan Pepelnjak)

Use Ansible to Execute a Single Command on All Routers

I was using Ansible playbooks to configure Cisco IOS routers running in VIRL and wanted to extract the router configurations before stopping the simulation.

You can download the playbooks from my Github repository, and here’s how you can run Ansible with VIRL.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 14, 2017 06:59 PM

Router Jockey

Forward Networks – A forward approach to formal verification

Forward Networks has stepped out of the shadows to announce their Network Assurance platform, and I was fortunate enough to be a delegate for Networking Field Day 13 to see their first public briefing. We were all excited to set foot onto the Andressen Horowitz campus that day, but none of us were quite sure what exactly to expect.

Forward Networks was founded by David Erickson and Brandon Heller, PhD in Computer Science from Stanford University, who saw the great need for help in the networking market and decided to tackle a challenge that no one else recognized. They worked in Nick McKeown’s Lab at Stanford University back in 2006 before SDN was ever put on a Networking Bingo card, let alone even heard of. They helped create the standards and shape OpenFlow as it came into existence. Working on bleeding edge SDN networks they realized that the tools network engineers were dealing with were wholly insufficient to troubleshoot many advanced and complicated networks.

In 2013 they founded Forward networks with the goal of understanding how networks work at the functional level. They’ve written an algorithm that can take in large amounts of data from your devices and build a software model of your network. Using that model they’re able to provide a provide you a platform to visual and search your network, debug complex issues, verify network policy, and predict network behavior prior to making changes across your entire environment. Part of the magic here is that they’re indexing all of this data into a searchable format, allowing you to quickly access information that would normally take formal testing, or in-depth investigation to verify. But here I go getting ahead of myself again.

The three main applications they demonstrated for us are Search which I just described above, Verify which allows you to define network and security checks to ensure the network is in the condition you expect, and Predict which allows you to test proposed changes to the network and ensure/verify they will result in expected changes.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/192151169" webkitallowfullscreen="webkitallowfullscreen" width="640"></iframe>

Final Thoughts

It’s been several months now since I saw the presentation from Forward Networks at Network Field Day 13 – but I’m still excited about what they have to offer, and what they’re going to be able to accomplish in the future. I can’t think of a single network engineer that wouldn’t love to have more visibility into their network, and the tools that they have to offer should be making you drool. While I am a bit of a realist at heart, I have a part of me that wonders if this product is going to be able to deliver on it’s promises. The amount of data they have to absorb, and process in conjunction with the variety of operating system changes that have to be accounted for just make this seem rather unrealistic.

That said, I’m still ready to be proved wrong. I hope to be doing further testing on the product this year and will keep everyone updated if I am able to do so.

Other Info

Here are a few links to other folks that have also shared their thoughts on Forward Networks.

The post Forward Networks – A forward approach to formal verification appeared first on Router Jockey.

by Tony Mattke at February 14, 2017 06:03 PM

Networking Now (Juniper Blog)
My Etherealmind

Response: AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round

<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">How does a BGP/OSPF routing app on a network device cost more than Microsoft Office ? One is really complex with thousands of features, complex interface and must support a huge range of hardware. The other one is an BGP or OSPF app. 

“His” refers to Jason Forrester, formerly global data center network manager at Apple and now the founder and chief executive of SnapRoute. The startup now has roughly 32 employees, Forrester told VentureBeat in an interview. Forrester figures that the startup has around 35-50 customers, and its software is being used on 12,000-13,000 switches. He declined to name any of SnapRoute’s customers, but Facebook employees have repeatedly mentioned the company’s software by name in recent months.

  1. Snaproute is clearly gaining momentum with their networking apps with comapneis
  2. The software is simpler, focussed and more reliable: “Sure enough, Forrester said, while Cisco’s code runs to 30 million lines of code or more, SnapRoute’s takes up perhaps 100,000.”
  3. A modern startup can compete with established vendors on features and get substantial sales in markets that they cannot reach

AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round | VentureBeat | Entrepreneur | by Jordan Novet : http://venturebeat.com/2017/02/07/att-microsoft-ventures-back-networking-startup-snaproute-in-25-million-round/


The post Response: AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round appeared first on EtherealMind.

by Greg Ferro at February 14, 2017 01:08 PM

Networking Now (Juniper Blog)

Juniper extends SDSN eco system with leading CASBs

Juniper extends SDSN eco system with leading CASBs, CipherCloud and Netskope

by abdis at February 14, 2017 01:00 PM

My Etherealmind

Research: Router Optics Evolution and Market Trends

Timely information on the future of optics and SFP modules. The current situation of price overloading by vendors is seriously grim (markups of 1000% are common) and this could help to increase your knowledge in the area.

  • Router Optics vs. Transport Optics
  • Router Optics Evolution
  • 100G Optics Status and Challenges
  • Higher 100G Density Considerations
  • Router Optics Market Trends
Router Optics Evolution and Market Trends 2_Liu_Optics_Evolution_And_v1.pdf

NB: From a NANOG meeting but haven’t been able to track down the exact link.

Source: https://www.nanog.org/meetings/nanog69/agenda

Video of the session

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="281" src="https://www.youtube.com/embed/kTgcOLmK1AY?feature=oembed" width="500"></iframe>

The post Research: Router Optics Evolution and Market Trends appeared first on EtherealMind.

by Greg Ferro at February 14, 2017 12:53 PM

Networking Now (Juniper Blog)

It's Time to Abandon the Castle

For the past 25 years, organizations of all sizes have relied on the castle and moat protection model – multiple layers of security with the ability to ‘raise the drawbridge’ as a last line of defense. Today, the castle is under siege from all sides and the bridge and moat model has run its course. Today’s networks are extremely complex, but like the castle they are equally simple in foundation: routers, switches and firewalls are the primary building blocks – whether physical or virtual. And like the castle that can no longer keep up with new kinds of foes, network attacks are increasing in complexity, agility and the ability to do damage.

by Kevin Walker at February 14, 2017 12:40 PM

February 13, 2017

Potaroo blog


Few parts of the Domain Name System are filled with such levels of mythology as its root server system. Here I'd like to try and explain what it is all about and ask the question whether the system we have is still adequate, or if it's time to think about some further changes.

February 13, 2017 07:00 PM

Honest Networker

DDoS mitigation these days

<video autoplay="1" class="wp-video-shortcode" controls="controls" height="360" id="video-1257-1" loop="1" preload="auto" width="640"><source src="http://cdn.honestnetworker.com/zvr7fZI.mp4?_=1" type="video/mp4">http://cdn.honestnetworker.com/zvr7fZI.mp4</video>

DDoS mitigation these days

by ohseuch4aeji4xar at February 13, 2017 01:38 PM

ipSpace.net Blog (Ivan Pepelnjak)

Network Automation 101: Featured Webinar in February 2017

The featured webinar in February 2017 is the Network Automation 101 webinar, and the featured video describes the reasons you should be interested in network automation, its basics, and the difference between automation and orchestration.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 13, 2017 08:01 AM

XKCD Comics

February 12, 2017

My Etherealmind

Research: BBR: Congestion-Based Congestion Control – ACM Queue

The BBR algorithm appears to be building critical mass of support in the Internet community which makes reading this research paper even more worthwhile.

When bottleneck buffers are small, loss- based congestion control misinterprets loss as a signal
of congestion, leading to low throughput. Fixing these problems requires an alternative to loss-based congestion control. Finding this alternative requires an understanding of where and how network congestion originates.

BBR: Congestion-Based Congestion Control – ACM Queue : http://queue.acm.org/detail.cfm?id=3022184

The post Research: BBR: Congestion-Based Congestion Control – ACM Queue appeared first on EtherealMind.

by Greg Ferro at February 12, 2017 11:23 AM