Human Infrastructure 377: Just a Stupid Amount of Links

AuthorAuthor

Drew Conry-Murray & Ethan Banks
November 07, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

Russ White is writing a series on how forwarding engines inside network devices work. This post looks at the pros and cons of OpenFlow and I2RS as possible solutions to common problems that forwarding engines have to grapple with. - Drew

Packet rate attacks are a DDoS technique that attempts to overwhelm the packet processing capability of target devices rather than consuming bandwidth with garbage traffic. Packet rate attacks often go after anti-DDoS systems themselves. The post says “Packet rate attacks are quite effective because dealing with a lot of small packets is usually harder than dealing with bigger but less numerous packets. This is because the computing cost is generally higher. For instance, if you’re using software to process packets, each packet means one memory access at the very least (excluding possible copy, access to stored data such as connection tables, and so on), instead of simply iterating over more bytes.” In addition to describing this attack technique, it looks at the rise of packet rate attacks and tracks where they’re coming from. - Drew

Marian Newsome looks at the potential risks that organizations face with managing their digital certificates. This was the subject from a recent Security Field Day presentation by DigiCert. Marian nicely summarizes the risks. - Drew  

Bryan Ward does a little hacking to get a couple of home electronic devices that don’t use the same protocols to talk to each other. It’s a short post and the solution involves a straightforward command, but it was done in the service of some Halloween fun. You might want to keep this one in your back pocket for an upcoming holiday. - Drew

If you want a simple, plain-spoken explanation of how the Internet routes traffic, here you go. This post assumes you know little, starting with “What is a network?” and building from there. By the end, you’ll understand the basics of BGP autonomous systems, route announcements and withdrawals, and the hijacking problem. - Ethan

As part of his ongoing series about building an ISE lab, Daniel Dib provides step-by-step instructions, with screenshots, for joining ISE to Active Directory. - Drew

Ned Bellavance, co-host of the Day Two DevOps podcast, went to HashiConf 2024. He shares his copious impressions in this monster post. Ned touches on major announcements from the event, including Terraform Stacks, Vault Radar, and Vault Secrets. He also talks through several of the sessions he attended and the state of the conference in general. You know what wasn’t in Ned’s post? Any mention of IBM. I think that’s telling. No vibe of the new mothership taking over, at least not yet. - Ethan

Palo Alto Networks SASE Converge 2024

Watch SASE Converge 2024 on demand and discover how AI-powered SASE secures every user, app, and device, no matter where they are. See how we’re different. Register Now https://www.saseconverge.paloaltonetworks.com/

TECH NEWS 📣

There’s creative accounting, and then there’s accounting so creative that your accounting firm wants nothing more to do with you. And so it is that globally recognized Ernst & Young has parted ways with Super Micro.

EY is quoted as saying, “We are resigning due to information that has recently come to our attention which has led us to no longer be able to rely on management's and the Audit Committee’s representations and to be unwilling to be associated with the financial statements prepared by management, and after concluding we can no longer provide the Audit Services in accordance with applicable law or professional obligations.”

It’s hard to imagine a data center supplier doing poorly in the era of the AI boom, but Super Micro has somehow found a way. Too bad. I’ve been a distant admirer for a long time. - Ethan

NVIDIA is on the rise because of the AI demand for GPUs. Intel is on the decline because they are no longer the market leader in semiconductors, having lost technological ground to…well…pretty much everyone. But most notably AMD and NVIDIA. Can Intel return to their glory days? Maybe. They are getting ready to release new chips next year. Besides that, Intel has significant funding from the US government via the CHIPS Act. - Ethan

Ars chats with VMware customers who’ve been whacked by Broadcom’s changes to the VMware product portfolio and pricing structure. Some customers are eating the price increases. Others are moving to new virtualization platforms.

We talked to VMware by Broadcom about the changes in Heavy Networking podcast Ep.736 in a conversation with Prashanth Shenoy. From the feedback we received from you on that episode, you were underwhelmed by what Broadware had to say. Hey, we tried.

As has been observed before, the changes are so significant and have resulted in such loud protests that one can only assume the approach is by design—Broadcom intends to reduce their VMware customer base to a relatively elite few who are all-in. - Ethan

From the deep inside the rumor mill, Roderick S. Beck reports...

“Several sources have whispered in my ear that META is planning a new 16 fibre pair cable that will encompass the world going from the US East Coast to the US West Coast via the Atlantic, Indian Ocean, and the Pacific. The most ambitious subsea project ever undertaken. I do not know the exact routing. I know that the cable will launch from the American East Coast and will go down the West African Coast to South Africa and then head straight to Mumbai. It is not clear if Europe will be online or not. From Mumbai it will head straight to Australia and then up to the US West Coast. I speculate that there may be branching units to Singapore, Malaysia, and Indonesia. But the basic routing is US/South Africa/India/Australia/US. What is not clear is if there will be branching units to add more countries to the cable.”

Why? Resilience and options to avoid routing through the Red Sea and the expensive Egyptian tolls. - Ethan

I don’t know if quantum is going to ever be the next big thing. The problems to be solved to make quantum computing generally available seem quite challenging. But here we are with an early network link connecting two quantum computing facilities.

“A future quantum internet will enable sharing quantum information (qubits) over a new type of network. Such qubits can not only take the values 0 or 1, but also superpositions of those (0 and 1 at the same time). In addition, qubits can be entangled, which means they share a quantum connection enabling instant correlations, no matter the distance.

Researchers around the globe are working to build quantum networks that make use of these features to offer fundamentally new communication and computing capabilities, in coexistence with the current internet. For example, qubits can generate secure encryption keys for safely sharing financial or medical data. Quantum links can also connect distant quantum computers, enhancing their power and allowing access with full privacy for users.”

Bringing this link to life was a significant feat. Click through and read the two paragraphs starting with the “Moving out of the lab” section for more details. This isn’t the networking you’re used to. - Ethan

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Ed Harmoush concludes his Cryptography Essentials series with a discussion of ECC. As promised, the video is less than 5 minutes. Even so, expect to invest more than the time it will take you to watch this video if you want to understand the topic well. - Ethan

NetGuard is a 100% open source firewall app for Android. It makes all the right noises, such as no root required, no calling home, no tracking, no ads, IPv6 support, and more. There is a Pro version with some nice additional features if you’re willing to part with at least €7. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Itential has launched a new offering, called Automation Service, that aims to support two constituencies: developers who create automations and automation workflows for internal use, and network operators who consume those automations. It’s delivered as a cloud service, and includes features such as role-based access control, logging, and auditing.

The cloud service ties in to gateways that run on the customer premises. Developers build automations in the gateways. Operators who consume the automations use the cloud service to see which automations are available, choose the relevant one, and launch the job from the cloud. The cloud service then connects to the gateway. Within the gateway, a controller receives the job and assigns it to runners. Runners touch the requisite devices associated with the automation task and perform the job.

This cloud service is built on top of torero, an open-source gateway developed by Itential. Torero will remain open-sourced, while the Automation Service provides enterprise-grade features (such as the above-mentioned RBAC) and support. If you’re attending AutoCon2 this November, you’ll be able to see Automation Service in action. - Drew

Damien Garros offers some straightforward advice to change the way you think about your devices by changing the way you name them. Pets get names because we love and cherish them. Cattle are commodities. When it comes to automation, your devices should be cattle. Damien writes “To progress in automation, we need to think of our infrastructure in terms of role and function instead of using names.” He suggests three attributes you might want to use to designate your devices: role, type, and status. It might not be as fun as naming your switches Gandalf, Gimili, and Legolas, but it might help change your mindset. - Drew

Campus Network-as-Service (CNaaS) vendors are poised to start eating into revenues from traditional campus network equipment providers, according to a new report from Dell’Oro. CNaaS vendors such as Nile and Meter provide a soup-to-nuts offering for campus environments, including wired Ethernet switches, APs, and monitoring. These vendors don’t just sell the equipment; they deploy and operate it for the customer. Companies such as Nile and Meter also build their own hardware and network OSs instead of reselling other vendors’ gear. Dell’Oro says CNaaS will hit annual revenues of $940 million within the next four years. While that’s still a small slice of overall campus revenues, it may be getting large enough to catch the attention of incumbents. - Drew

If you’re interested in being part of the NAF Advisory Board, the 2025 plans have been laid out. All 12 board seats are open. Existing board members will be re-applying if they wish to continue taking part. Click through if helping set direction for NAF and the in-person AutoCon conference series is something you’d be able to help with. - Ethan

DYSTOPIA IRL 🐙

  1. Lawsuit Argues Warrantless Use of Flock Surveillance Cameras Is Unconstitutional - 404 Media

  2. Chaos in Dublin as thousands turn up for AI ‘hoax’ Halloween parade that didn’t exist - Independent TV

  3. San Francisco Startup Sees Big Demand for Sleeping Pods That Cost $700 a Month - Gizmodo

  4. Intel might be too big to fail — Washington policymakers are already discussing potential solutions if the chipmaker cannot recover - Tom’s Hardware

  5. Facebook asks US supreme court to dismiss fraud suit over Cambridge Analytica scandal - The Guardian

  6. Facebook, Nvidia ask US Supreme Court to spare them from securities fraud suits - Reuters

  7. Mark Zuckerberg says a lot more AI generated content is coming to fill up your Facebook and Instagram feeds - Fortune

  8. AI overwhelmingly prefers white and male job candidates in new test of resume-screening bias - GeekWire

  9. For fame or a death wish? Kids’ TikTok challenge injuries stump psychiatrists - Ars Technica

  1. Adding IPv6 to My Home Network - code.jeremyevans.net

  2. I feel that NAT is inevitable even with IPv6 - Chris Siebenmann

  3. Of Virtual Turduckens (WSL on AWS) - Martin Maugeais

  4. Get Me Out Of Data Hell (an entertaining read, well done) - Lucidity

  5. Before you buy a domain name, first check to see if it's haunted - Bryan Braun

  6. For Sale: Used Domain (**Clean Title**) - Jim Nielsen’s Blog

  7. Unused IT assets sale likened to ‘cash in the attic’ to be considered by Newham Council (unused IPv4 netblock) - Newham London

  8. Serial BGP Hijackers: A Reproducibility Study and Assessment of Current Dynamics - RIPE Labs

  9. Telecom glory days are over – bad news for Nokia, worse for Ericsson - LightReading

  10. For the first time ever, AMD outsells Intel in the datacenter space - Tom’s Hardware

  11. VMware Workstation Shifting From Proprietary Code To Using Upstream KVM - Phoronix

  12. Useful built-in macOS command-line utilities - Wei Yen

  13. NASA's Voyager finally phoned home with a device unused since 1981 - Mashable

  14. Can a Rubik's Cube be brute-forced? (2023) - stylewarning's screed

  15. 34x34x34 Rubik's Cube Record By Matt Bahner - Ruwix

LAST LAUGH 😆