Internets of Interest for 24th March 2012


Collection of useful, relevant or just fun places on the Internets for 24th March 2012 and a bit commentary about what I’ve found interesting about them:

IETF Journal March 2012 | Internet Society – Always a good read – maybe not the whole thing, but a few articles are always worthwhile. Add this to your RSS reader.

HP and Openflow « kontrolissues

@netmanchris reminds that HP was the company that introdcued me to OpenFlow back on Packet Pushers Show 25 when we interviewed Lin Neese on HP Data Centre products. He is absolutely correct, HP did introduce me to OpenFlow which I’ve been very interested in since then. HP does have a strong input to OpenFlow and a vendor that has put a lot of support and shipping products into OpenFlow.

To be clear, HP has been about OpenFlow and it’s genuine initiative. However, the external represenation and communication hasn’t been reaching myself and many other. Sometimes, that is just the way it works. I look forward to seeing HP do more with OpenFlow and HP Networking in the future.

Pica8 launches 3920 – PICA8 Blogs – PIca8 announces a low cost, merchant silicon switch with support for OpenFlow

Pica8 today announces the general availability of Pronto 3920, a high-density, 1RU, 48 ports of 10GE with four 40GE uplinks. Pronto 3920 provides ultra-low-latency and non-blocking performance, and supports full suite of PicOS, including feature-rich L2/L3 switching and OpenFlow capabilities.

A Few Thoughts on Cryptographic Engineering: How do Interception Proxies fail? – Great overview on Interception Proxies and the concerns about their deployment and how they don’t handle revoked certs or faulty CAs well (or even at all).

To counter these tactics, organizations are increasingly deploying security controls that intercept end-to-end SSL/TLS channels. Web proxies, DLP systems, specialized threat detection solutions, and network IPSs now offer functionality to intercept, inspect and filter encrypted traffic. Similar functionality is also present in lawful intercept systems and solutions enabling the broad surveillance of encrypted communications by governments. Broadly classified as “SSL/TLS Interception Proxies,” these solutions act as man-in-the-middle, violating the end-to-end security guarantees promised by SSL/TLS. /blockquote>

Why do I need hardware offloads, I have CPUs to burn! | The Implementer’s Blog – Because they are more efficient, MUCH MORE EFFICIENT, than doing it in software.

An example of this is with a server running VMware ESX5i and comparing realistic virtual machine (VM) I/O workloads to storage devices over an Fibre Channel over Ethernet (FCoE) network. You have a choice of using software FCoE over a 10Gb Ethernet (10GbE) Network Interface card (NIC) or using an Emulex CNA which will offload the FCoE protocol processing. Our test used four VMs with an equal load to storage of 35k I/O transactions per VM. We measured both the CPU used on the hypervisor and the AC input power usage of the server and found that the server used 53% of the server overall CPU resource while running the I/O using the software FCoE and just 23% when using the offload CNA. Saving 30% of the servers’ CPU resources is significant enough to trigger the servers’ power-saving strategies to use less power and this showed up on the computers’ input power measurements. At idle with no I/O workload running, the server was drawing 110W. While running the I/O over software FCoE, the server was drawing 167 watts. When running over our CNAs with hardware FCoE, it measured 129 watts. The server used 37 less watts to perform at the same performance level, which is significant power savings that can add up over time or when applied throughout the data center.

Scalable, Virtualized, Automated Data Center « by @ioshints – Ivan is talking about the ways is which automation of network configuration will occur. Best point

Until we make the virtual networks into applications running on top of IP, the automation will remain a hard problem. You know that every data center’s design (or at least the way it’s wired together) is unique (which doesn’t necessarily mean it’s useful). Writing automation scripts that would generate network device configurations for unknown topology is a tough exercise.

Security and Networking – Blog – My Last Rant of the Year and New Year Wishes – Blog post on the failing of the security industry – saying similar things to my own post this week.

That this community matures and not becomes a checkbox checker, that this community is able to break from the geek shell and move to be able to provide the growth in the area of a more formal uniform profession and lot the charlatans be the face and voice of this profession to the rest of the world.