Category Archives: Networking

Issues and news relating to networking.

Why Google Went Offline Today and a Bit about How the Internet Works

Posted on by

Unfortunately, if a network starts to send out an announcement of a particular IP address or network behind it, when in fact it is not, if that network is trusted by its upstreams and peers then packets can end up misrouted. That is what was happening here.

I looked at the BGP Routes for a Google IP Address. The route traversed Moratel (23947), an Indonesian ISP. Given that I’m looking at the routing from California and Google is operating Data Centre’s not far from our office, packets should never be routed via Indonesia. The most likely cause was that Moratel was announcing a network that wasn’t actually behind them.

via Why Google Went Offline Today and a Bit about How the Internet Works – CloudFlare blog.

When I figured out the problem, I contacted a colleague at Moratel to let him know what was going on. He was able to fix the problem at around 2:50 UTC / 6:50pm PST. Around 3 minutes later, routing returned to normal and Google’s services came back online.

Cisco network really was $100 million more

Posted on by

Total bid costs were the sum of Layer 2 hardware (and software), Layer 3 hardware (and software), Layer 2 maintenance, Layer 3 maintenance, training, and taxes and shipping. Cisco’s cost in each respective category was $51 million; $18.7 million; $34.3 million; $10.6 million; $1 million; and $7 million.

Alcatel-Lucent’s was $14.5 million; $2.5 million; $1.8 million; $798,000; $777,000; and $1.7 million.

via Cisco network really was $100 million more.

The comments in response to this article are superb and well worth the read.  If you don’t drill down far enough this comment stood out for me (highlights mine).

Christopher Mills

it comes down to a architected solution vs best of breed.   If you just want routing and switching (speeds and feeds) – -take it to bid and bid on the lowest vendor.   Although there are still some advantages inherent within each product – you’re going to get what you get.  But you can’t get business value out of switching and routing – its the applications!    In SJSUs case – I laud the concept that you buy an architecture.   If you need to deliver business applications like conferencing, video, call processing, presence/IM service, and contact center… as it appears sjsu was looking to do …  why not buy the architecture that has been integrated and purpose built for the applicaitons.  That is why SJSU is saying Cisco was the only vendor that had a solution.    ALU doesn’t, brocade doesnt, HP doesnt….  the alternative is you could go to bid for each of these, take over a year to do it, once purchased, hire an IBM, Accenture, or build your own team to integrated them all, and then what do you have…   a HUGE expense and stovepiped systems that don’t truly deliver the needs of the business today or tomorrow

Any college with a reputable Computer Science program should have many decent graduate students able to solve integrating applications from various vendors reducing the problem set to just speeds and feeds.  It’s also not a good idea to buy into an architecture that ties one to a single vendor for applications.

A Bandwidth Breakthrough

Posted on by

Testing the system on Wi-Fi networks at MIT, where 2 percent of packets are typically lost, Medard’s group found that a normal bandwidth of one megabit per second was boosted to 16 megabits per second. In a circumstance where losses were 5 percent—common on a fast-moving train—the method boosted bandwidth from 0.5 megabits per second to 13.5 megabits per second. In a situation with zero losses, there was little if any benefit, but loss-free wireless scenarios are rare.

via A Bandwidth Breakthrough – Technology Review.

The technology transforms the way packets of data are sent. Instead of sending packets, it sends algebraic equations that describe series of packets. So if a packet goes missing, instead of asking the network to resend it, the receiving device can solve for the missing one itself. Since the equations involved are simple and linear, the processing load on a phone, router, or base station is negligible, Medard says.

Tier 1 Carriers Tackle Telco SDN

Posted on by

That approach tallies with the new network vision laid out by Michel’s colleague, Axel Clauberg, DT’s vice president of IP Architecture and Design, earlier this year. That vision sees SDN protocols being deployed in data centers and access networks but not in telecom operator core networks. (See DT Unveils New Network Vision.)

via Light Reading Service Provider IT – IP & Convergence – Tier 1 Carriers Tackle Telco SDN – Telecom News Analysis.

Crack in Internet’s foundation of trust allows HTTPS session hijacking

Posted on by

The technique exploits web sessions protected by the Secure Sockets Layer and Transport Layer Security protocols when they use one of two data-compression schemes designed to reduce network congestion or the time it takes for webpages to load. Short for Compression Ratio Info-leak Made Easy, CRIME works only when both the browser and server support TLS compression or SPDY, an open networking protocol used by both Google and Twitter. Microsoft’s Internet Explorer, Google’s Chrome and Mozilla’s Firefox browsers are all believed to be immune to the attack, but at time of writing smartphone browsers and a myriad of other applications that rely on TLS are believed to remain vulnerable.

via Crack in Internet’s foundation of trust allows HTTPS session hijacking | Ars Technica.

A side effect of compression, security experts have long known, is that it leaks clues about the encrypted contents. That means it provides a “side channel” to adversaries who have the ability to monitor the data. A research paper published in 2002 by John Kelsey looks eerily similar to CRIME, but only in retrospect.

What Penetration Testers Find Inside Your Network

Posted on by

Why is network segmentation so important? “Today, there is still more focus on the perimeter than on internal network segmentation. Network engineers don’t realize that one successful social engineering or client-side attack could mean ‘game over’ once the attacker has that foothold,” Sanders says. Segmentation based on asset importance and level of trust is one of the most effective ways to prevent many of the attacks advanced attackers — and even himself — perform once inside a target network, he says.

via Tech Insight: What Penetration Testers Find Inside Your Network – Dark Reading.

Verizon draws fire for monitoring app usage, browsing habits

Posted on by

Verizon Wireless has begun selling information about its customers’ geographical locations, app usage, and Web browsing activities, a move that raises privacy questions and could brush up against federal wiretapping law.

via Verizon draws fire for monitoring app usage, browsing habits | Politics and Law – CNET News.

Verizon Wireless’ marketing literature acknowledges that it sells “mobile-usage data that offers insights on the mobile-device habits of an audience, including URL visits, app downloads and usage.” (Not all carriers do: Google guarantees that its proof-of-concept Google Fiber project “will not engage in deep packet inspection” except when necessary to fend off network attacks.)

Pirate Bay Moves to The Cloud, Becomes Raid-Proof

Posted on by

“If one cloud-provider cuts us off, goes offline or goes bankrupt, we can just buy new virtual servers from the next provider. Then we only have to upload the VM-images and reconfigure the load-balancer to get the site up and running again.”

via Pirate Bay Moves to The Cloud, Becomes Raid-Proof | TorrentFreak.

The load balancer and transit-routers are still owned and operated by The Pirate Bay, which allows the site to hide the location of the cloud provider. It also helps to secure the privacy of the site’s users.