Human Infrastructure 342: Links To Make You Think

Author

Drew Conry-Murray
February 22, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

This is a good post about how to incorporate Ethernet fault messaging into your troubleshooting process if you’re dealing with flapping links. It’s also an overview of different components in the physical layer of a switch, with excellent diagrams.  - Drew

Daniel Dib compares the efficiency of using a BFD packet vs an OSPF Hello packet for keep-alive message. As he makes clear with the output of each packet, a BFD message is 66 bytes compared to 114 bytes for OSPF. OK, so fewer bytes per message is more efficient, but does it really make a difference for a single keep-alive? Well, it’s not just about the bytes. As Daniel notes, “When you expand the use cases, you decrease the efficiency. Reading RFC 2328, for every OSPF packet received the router has to do the following:

  • Verify the IP checksum.

  • Verify that destination IP is the IP of receiving interface or ALLSPFRouters or AllDRouters.

  • Verify that IP protocol is 89 (OSPF).

  • Verify that packet was not locally originated (or the packet could be a multicast packet that the router generated).

But there’s even more, including a series of header checks and a variety of other considerations a router has to account for with an OSPF Hello. But again, all those steps won’t tax a router’s CPU, especially if you’re only sending Hellos every ten seconds. But what about every 100 milliseconds with lots of neighbors? Daniel then compares the impact of a BFD packet in the same scenario. The numbers favor BFD. Something to consider. - Drew

I’ve been a long-time critic of PCI DSS. I share the sentiments of CrankySec that PCI is a racket. From the post: “The payment card cartel wants the businesses to spend time and money protecting data they don't own (or even need) in order to reduce the liabilities of giant financial corporations. And lest we forget, the businesses are already paying money to these racketeers on every transaction.” It’s a bad system that allows Visa, MasterCard, et. al., to shift the problem of securing card data to retailers without taking any risk or sharing in any of the burden.  - Drew

Valerie Aurora, a coder working on a VPN project, needed to understand deeply when an IP packet would be fragmented. She thought she had a pretty good handle on this. As she dug in, she found out she did not as she got into implementing PMTUD. As she talked to others who thought they understood fragmentation, she found out they didn’t have a comprehensive understanding, either. So it was that she created fragquiz. You can also watch her RIPE 87 lightning talk on this. - Ethan

Considering migrating from open source NetBox to NetBox Cloud? Learn the top reasons networking teams opt for the managed NetBox solution from NetBox Labs, from scaling challenges to enterprise-grade requirements. Explore the 5 reasons. Ready to jump in and experience NetBox Cloud for yourself? Try enterprise-grade NetBox Cloud for free.

TECH NEWS 📣

Cheap, fast, or good - pick any two. Wi-Fi connected cameras are so convenient to install especially when battery powered. The downside is that they are very easy to jam and render useless with easily available technology. And jammers are easy to buy from well-known websites. For corporate purposes there are more cameras deployed for tracking customers and workers but often without considering what happens when a jammer is used. - Greg

Mega-cloud companies have a clear strategy to minimize dependencies on their suppliers. They will buy AMD and ARM CPUs in volume to make it clear to Intel that they can be replaced. For some products it is better to make your own and remove the need to work with an external supplier at all. Consider that AWS now designs and manufactures power transformers, servers, cooling systems, DPUs, and more. So when Microsoft starts working on its own DPU it’s a signal that they are concerned about Nvidia’s ability to control them. But also it’s a signal that DPUs aren’t that difficult since they use common silicon designs and access to fabs is practical at scale. The hard part is the driver and most of that is standardized - P4, eBPF, DPDK in the network stack for example. Microsoft already writes the DPU software, the next step isn’t too hard. - Greg

The sound your finger makes while swiping on a touchscreen can be used to infer what the actual fingerprint looks like. It’s not terribly accurate. Researchers claim attack success rates of “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” That it works at all is astonishing. More information in this academic paper. - Ethan

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

This not-free (but not expensive) academic paper investigates traffic generators and their suitability for the work they were employed to test. Not all traffic generators create the same sort of traffic mix. Depending on what you’re testing, that matters. One of the authors brought this work to my attention in response to the traffic generator section of our recently published list of networking related open-source software. - Ethan

Allen is working on the 3rd edition of Think Python, to be published by O’Reilly Media in July 2024. The book is aimed at folks brand new to programming, or who gave it a shot in the past and it didn’t go well. As Allen works on the book, he’s releasing chapters in their entirety on this page. Chapters 1-5 are already up. Allen reports, “The book is now entirely in Jupyter notebooks, so you can read the text, run the code, and work on the exercises, all in one place. Using the links below, you can run the notebooks on Colab, so you don’t have to install anything to get started.” - Ethan

An uncluttered website of IP tools that helps you with subnetting, CIDR blocks, and more for both IPv4 and IPv6. Each page links to a short YouTube video (here’s the whole channel) explaining usage. - Ethan

This 30 minute video explains the Starlink base station antenna aka “Dishy McFlatface.” If you’d like to understand how Dishy--without using aiming motors--directs 12GHz data beams to a series of Starlink satellites moving across the sky in low earth orbit, this is the video for you. There’s enough well-illustrated technical detail to satisfy your engineering mind without burying you in physics and math detail. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Akamai is announcing new “edge” cloud computing locations where developers can host applications, such as streaming media or gaming apps, that benefit from low latency between the application and the consumer. This new service, which Akamai calls Generalized Edge Compute, or Gecko, isn’t meant to compete with major public clouds, but to augment “centralized” cloud computing with highly distributed locations. Akamai says it has launched 9 Gecko locations so far. Note that Gecko cloud compute supports virtualized applications, but customers have to use Akamai’s proprietary VM. - Drew

Apple says do not put your phone in dry rice when it gets wet. The rice clogs up the electronics. The ‘Apple Approved’ method is to tap the water out and just leave the phone vertical for a few hours. Don’t use a hair dryer either. Now you are smarter than most everyone. - Greg

Maxim Dounin, an NGINX maintainer, is forking the project and going his own way with FreeNGINX. It appears the first release is picking up right where the last left off. Version 1.25.4 was released on 20-Feb-2024, and CHANGES notes the fork name as well as a number of bug fixes. The parting of ways is rooted in F5’s handling of this issue (did you notice the bug fixes in 1.25.4?) with more comments here. The point of FreeNGINX is to have a public codebase that’s open source but without any corporate control. - Ethan

LAST LAUGH 😆