Once we started the Packet Pushers Podcast, it was clear from talking to our listeners that some people didn’t want to run a blog, or publish the occasional article that almost no one reads but they still had something to share, pass on or whatever. The following blogs posts are just some of those that I thought were of interest in the last few weeks.

You can get a list of the most recent blog posts at PacketPushers.net blog category  (this link will take you to the blog posts only). You can add the the URL “http://packetpushers.net/category/blogs/” to get the latest blog posts (without the podcasts etc).

Packet Pushers is happy to welcome you to join the amazing roster of writers. Write when you can, even if it is just once, and share it with the community. Contact us by emailing packetpushers@gmail.com and we will set you up with an account.

Understanding When A Cisco ASA NAT Rule Can Override The ASA Routing Table – Gotcha!

So…here’s the thing. A Cisco ASA does not always determine the egress interface of a packet based on the routing table. Instead, it’s possible that a NAT rule is overriding the routing table. What Cisco says about this is as follows, taken from their official configuration documentation for the ASA:

Show 97 – The Future of TRILL and Spanning Tree – Part 1 – This two part TRILL podcast has been hugely popular with large numbers of people downloading it. Technical and nerdy – just the way we like it.

TRILL has been on the radar for about three years and while we are seeing some shipping hardware and early deployments, it’s not clear what the current status of TRILL is. This week, Jon Hudson IETF Member for TRILL and Brocade engineer is joined with Andy Shalomon from Cisco, who is conducting testing and deployment on Cisco’s FabricPath for a discussion about where TRILL is today.

Thin Slicing Security Data – I agree with Mrs Y here. The security industry needs to change radically to adapt to the future. Here is some very interesting thoughts on a new approach.

Maybe the real evolution in the security industry will come when we realize that we can’t quantify or fight all the unknowns.  What we can do is create strong infrastructures that minimize technical debt by building secure applications and protocols from the start, then add the equivalent of air bags to our architecture for when the inevitable intrusion occurs. We could also focus more on the things we can control, like the human factor, because even though compromises originate with humans,  people are your best intrusion detection mechanisms.

An Alternate Route to a Networking Career – Bob McCouch talk about his path into Networking – for those people who are interested in talking about their career and planning how to be somewhere in the workforce.

Recently, I was reflecting on this sage advice to get into a NOC and answer the phone for down circuits, failed routers, and the like. I realized it’s nothing like the path I took to become a (relatively) successful networking professional. However, unlike “recovering server admins” who moved into networking after years in another IT discipline, I’ve been in networking for my entire working career. As practitioners of the networking arts know, there’s always another way.

Certified Ethical Hacker v7: Certification Review – Ethan talks about his CEH exam experience.

Taking the exam was like any other professional certification I’ve done. You walk into the testing center. They take two forms of ID and sign you in. You can’t bring anything with you like notes or a cell phone. They sit you in front of a PC in a cramped little cube. They load the test, you agree to the terms, the countdown timer starts, and off you go.

RFC Prophecies – Mrs Y talks about April Fool’s IETF RFCs and how they aren’t always funny…….

Wait a second. Users actually DO this on networks with applications like BarbaTunnel and HTTPTunnel. In fact, people do all kinds of things to subvert firewall rules. The only funny part of that RFC is how ineffective firewalls have truly become.

Collection of useful, relevant or just fun places on the Internets for 21st April 2012 and a bit commentary about what I’ve found interesting about them:

RFC 6307 – Encapsulation Methods for Transport of Fibre Channel Traffic over MPLS Networks – I’m speechless. FibreChannel over MPLS ( which runs over IP over Ethernet over SDH || SONET in most cases) is way to sweat old assets for carriers. Wrong in several directions at the same time and proving that dumb ideas will always have their day in the sun:

MPLS networks can be provisioned and operated with very low loss rates and very low probability of reordering, making it possible to directly interconnect Fibre Channel ports over MPLS. A Fibre Channel pseudowire (FC PW) is a method to transparently transport FC traffic over an MPLS network resulting in behavior similar to a pair of FC ports that are directly connected by a physical FC link. The result is simpler control processing in comparison to FCIP.

That’s a very big “can be provisioned“. Note that the only advantage over FCIP is lower control overheads – the downside is plenty of revenue opportunities for unsuspecting customers who could easily be duped into thinking that this is someway better than using FCIP. FCIP has better resilience, visibility, works with WAN accelerators, is compliant with existing MPLS services and requires only latency guarantees from the carrier. FCoM will need latency guarantees from your carrier (who you cannot trust as a general principle) and you will lose all visibility into the network. Not good.

The Sad State of Data Center Networking – Cloud Toad escapes from his research pond again. I swear we improved the security since last time we spoke :

Something about next-generation Data Center networking has been bothering me lately. For a while now, there has been this nagging sensation somewhere in the back of my mind telling me that its just not adding up. While I was at Network Field Day 3, I was able to connect some of the dots and form a picture of what it is thats been scratching away in my mind.

I, Cringely » Blog Archive How to fix IBM in a week – Cringely on technology – Cringely is talking about how IBM outsourcing is a negative outcome in the long term. Personally, I’ve seen a number of outsourcing contracts being terminated and brought back inhouse after serious offshoring failures with big IT companies so there is some factual basis here.

Mostly, though, I like his checklist for what managers should be checking about their IT Infrastructure. It is really comprehensive and within the capabilties of senior executives. Worth reading.

the origin of the <blink> tag – montulli.org –

The bar was the St. James Infirmary and it had a 30 foot wonder woman statue inside among other interesting things. At some point in the evening I mentioned that it was sad that Lynx was not going to be able to display many of the HTML extensions that we were proposing, I also pointed out that the only text style that Lynx could exploit given its environment was blinking text. We had a pretty good laugh at the thought of blinking text, and talked about blinking this and that and how absurd the whole thing would be.

Some ideas don’t need alcohol to get started but hey, bad ideas usually start somewhere. Great war story.

Browser extensions, bookmarklets and PDF help files – DEVONtechnologies – Devonthink ( The tool I use for knowledge management) has published their manuals in ePub format. Which is cool for me. I use Bookle to read them instead of the using Preview. I’m not sure why this impresses me, but it seems easier to read.

Google describes its OpenFlow network – EETImes writes about Google at the ONS2012 conference where they talk about their SDN/OpenFlow enabled network for managing their WAN. Probably signals the death of MPLS TE.

HP Blogs – The Beginning of the End for CLI? Introducing IMC … – The HP Blog Hub – HP is orchestrating the network with their IMC Management platform. This is good news because the alternative of using HP OpenView is unusable in my opinion. HPOV is a multimillion dollar solution and we need practical answers today and HP IMC looks like practical and useful management platform for networking

With IMC’s VAN Manager, we can envision a world without CLI.  Through IMC’s ability to orchestrate and automate networks, the scale by which we measure the deployment of applications will change. Instead of using weeks, now minutes can be used. Is this the beginning of the end for CLI? I think so.

[nvo3] Draft NVO3 WG Charter–

Draft charter from the IETF for yet another tunnelling protocol for software switches in virtual hypervisors ( also called overlay networking). After the proprietary innovation such as VXLAN, NVGRE, vCDNI etc comes the standards based initiatives.

Enter the whining from server admins who haven’t had to work with standards before who are confused by all the virtual switching tunneling protocols – VXLAN, NVGRE, vCDNI, STT and now NVO3.

US slams Australia’s on-shore cloud fixation | Delimiter – Australian Government is blocking the use of offshore cloud business for privavcy fears (meaning the US government wants to get access to the data)

The United States’ global trade representative has strongly criticised a perceived preference on the part of large Australian organisations for hosting their data on-shore in Australia, claiming it created a significant trade barrier for US technology firms and was based on a misinterpretation of the US Patriot Act.

The Office of the United States Trade Representative (USTR), recently released “The 2012 National Trade Estimate Report on Foreign Trade Barriers (NTE),” that surveys significant foreign barriers to US exports. The issue of cloud computing was a major barrier, it was felt.

Currently my view is that US Government intervention in legal cases (which are usually done on correct grounds, but some are not) is slowing Cloud adoption and will cause geographical splits.

Big Switch’s Open Invocation | Twilight in the Valley of the Nerds – I don’t agree. OpenFlow is barely ready for study purposes in University papers. Mainstream adoption is still a long way off.

But time, as always, is a critical factor. Big Switch must establish and maintain market momentum, providing evidence of customer wins as early and as often as possible. It’s about inertia and perception, which tend to feed off one another. The company that makes perceptible progress will be well placed to make further perceptible progress, but the company that is seen to stumble shortly after leaving the gate might never recover.

Collection of useful, relevant or just fun places on the Internets for 13th April 2012 and a bit commentary about what I’ve found interesting about them:

When you share personal data with Facebook friends, you’re sharing your personal data with every app your friends use – raganwald’s posterous –

Facebook prefers that you share your behaviour with as much of the world as possible. It’s possible to control what you share using now-you-see-them, now-you-don’t controls that they provide. For example, you can say that you are only sharing your Work History with friends, but not with friends of friends. If Tom’s your friend, Tom can see that you used to work for Initech, but his buddy Jerry can’t.

Except that now Facebook does.

Should Amazon Define Cloud Standards? – Network Computing – Hysterical debate from server admininstrators (ie cloud operators) who have never had to deal with multi-vendor standards before. I look on and laugh as the rest of infrastructure learns how to interoperate and co-operate. It’s going to be painful for them, they’ve never had think about it before. Note: C++, Ruby, Python and Perl don’t count as “standards”.

The Inevitable Devolution of Standards Into Compliance Regimes – The Falcon’s View – Solid ideas, but overly wordy for me. Think this could be reduced to a few bullet points and be more useful.

The last question that all of this may raise is if it’s worth it, and if so, how to measure it? The answer is two-fold. At the operational level, measuring the state of compliance should be sufficient, combined with monitoring and response capabilities, assuming that proper risk management consideration has gone into the specification of control requirements. At the strategic level, there is then an increasingly important need for a formal, well-defined, well-documented risk management process that leads to legally defensible decisions that help the business establish reasonable risk tolerance and risk capacity levels, and that ensures business survivability (because survivability should be the goal, rather than the failed perspective of trying to stop all badness from happening).

Creating culture of IT innovation includes rewarding failure –

A second barrier is process. “I truly believe process kills innovation,” he said. “I’d never come into an organization in my career outside of the government that was as process-bound as [Kimberly-Clark] was.”

marvellous story. Simply marvellous. If we could get more leadership like this, IT would be a better place.

Think 4G is 10 times faster? Think again — Tech News and Analysis – Although Apptivity product from Riverbed wrote this entirely self interested post, I’d like ot point out that this is the fortieth or fiftieth product I’ve seen in ten years that does app acceleration and I fully expect this product to fail too.

When it comes to Web performance, you need to invest in the areas that have the highest likelihood for significant returns. The networks are already fast enough. We need to find other areas that promise more return on performance investments.

How Google is using OpenFlow to lower its network costs — Cloud Computing News – Two things. One, a live OpenFlow/SDN deployment

Google is trying the protocol out between data centers, although Hölzle didn’t disclose details about how much Google is saving and how widespread the implementation is. Hölzle said the search giant was trying to see how it could make its wide-area network and long-distance network more flexible and speed up the delivery of services to users without adding costs. However, costs for Google aren’t just measured in terms of bandwidth, but also in terms of people required to operate the network or configuring it.

No mention of the developers and managers who wrote the controller and app that runs the system. You need to understand the whole system, not just part of it to make these statements. You don’t save money on OpenFlow/SDN, you just spend it somewhere else.

Let’s not be friends – Great discussion on why Facebook is losing ground with a lot of people. Facebook is a like a friend who is into Amway – after  a while they can’t help but try and sell you dish drops or something. You don’t stay friends for long……..

So we started meeting up for lunch every couple of weeks. And like clockwork, about 30 minutes into the meal, he would reach into his bag and pull out a catalog of stuff he was selling to support some of his entrepreneurial endeavors. I mean, every single time we met he would try to sell me stuff. Aggressively.

How many people are still checking Facebook regularly ?

Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results – Short version – yes. Enterprise grade AV/Malware software detected nothing for an active attack. Script kiddies maybe.

If anyone needs just a little proof that you are using A/V products to mainly defend against low-skilled attackers, then there it is. I asked that the attack team use skills learned in most Penetration Testing courses. They didn’t use anything really advanced, which is one of the reasons many argue that even the “Advanced Persistence Threat” isn’t really that advanced. We even made many mistakes during the attack. Even then… nothing was found and nothing was automatically blocked. If this were a real compromise, we could have been on this network for months or years prior to anyone finding us. Just like in the real world.

A must read.

Create Your Own Network Assessment Appliance | The Little Things –

I often find myself assessing a foreign network infrastructure for performance or other issues. Depending on the size of the environment, digesting everything can be daunting without the help of some third party tools. I’ve been using a custom Linux VM on my workstation that has all kinds of tools specifically for gathering information about a network’s performance, layout, and statistics. I’ve decided to retool the VM I currently use and take better notes on what I install so others may do the same if they so desire.

Zachary Loeber provides a run down on a whole bunch of Open Source tools that I didn’t know about, including installation tips. Nedi, Observium, Xerela, Smokeping, Nipper-NG. Must bookmark.

Java: The OSX and Cross-Platform Nightmare | threatpost –

Even if Apple closes the patch gap the cross-platform Java problem remains. Oracle really needs to step up its game. Its security team should have an easy time getting the necessary resources. After all, these days Microsoft and Adobe generally get praised for their approaches to security. So there’s really no excuse for Oracle here.

Until the day comes where Oracle visibly commits to security the best course of action is to uninstall Java. Regardless of what platform you’re on. Hopefully that will encourage Oracle to improve the overall security of its products.

Collection of useful, relevant or just fun places on the Internets for 3rd April 2012 and a bit commentary about what I’ve found interesting about them:

This memo describes a new experimental protocol for this purpose utilizing the Domain Pseudonym System (DPS), and discusses strategies for its successful implementation and deployment.

tRFC 6592 – The Null Packet

The ever-elusive Null Packet received numerous mentions in documents in the RFC series, but it has never been explicitly defined. This memo corrects that omission.

Twitter / @HipsterRouter: –

My packet buffers are dynamically tuned to provide users time to consider the socioeconomic impact of supporting global megacorporations.

Funny. Must follow this account.

Infineta Unveils Breakthrough Reduction Technology | Infineta Systems – Big claim, will be looking to see how it performs in the real world.

The elegance of PURETM is that it is effective regardless of link speed. Any organization exploring ways to increase effective bandwidth capacity to accelerate BC/DR (business continuity/disaster recovery) workflows such as storage replication and backup could benefit from PURETM.

The Pirate Bay – The galaxy’s most resilient bittorrent site – Tough decision for Greece to take, but a great outcome for file sharers across the world.

Political power in Athens, Greece, today signed an agreement with representatives for The Pirate Bay (TPB) about exclusive usage of the greek airspace at 8000-9000ft.

Coding Relic: BangIP Option – Denton has excellent suggestions here;

We’re almost out of IPv4 addresses, yet IPv6 deployment is still very, very slow. This is a recipe for disaster. I’m talking End of Internet predicted, film at 11 scale disaster. Something must be done. Steps must be taken.

OSI Model 2.0 – Packet Life – Long overdue, and discussions indicate wide ranging support for the new proposal.

Responding to current trends in the world of IT, the International Organization for Standardization (ISO) has announced a refresh of the legacy Open Systems Interconnect (OSI) model which we’ve all come to know and love. The original seven-layer model is to be replaced with a simplified, sleeker six-layer model which more accurately reflects service stacks seen in today’s networks.

Best Effort Fibre Channel « The Data Center Overlords – Excellent update to FibreChannel standards.

Class 9 is relatively new, only having been ratified by the T11 working group (under P9FOS committee) in 2005. However since it was designed specifically for existing hardware, only a software update is needed to support it, so most switch and HBA firmware from the major vendors (Cisco, Brocade, Emulex, QLogic, etc.) support it. The idea for a class of lossfull service was in fact inspired by Ethernet.

How Intel® is Making Ethernet Scalable for Efficient Data Centers – When Intel acquired Fulcrum for their merchant silicon business I didn’t realise that they also make Ethernet switches….

With the Intel FM6000 series switches, latency is the same, port count (or the radix of a scalable fabric) has tripled to 72 ports and we’ve made further improvements for performance and scalability of the fabric, delivering up to 2500 non-blocking 10 Gbps ports in the same two-tier fat tree structure.

The network marketplace seems to get more crowded every day.

You can print a document directly from the Finder… | Finer Things in Mac –

You can print a document directly from the Finder without having to manually open its parent application. This may seem obvious, but enough folks seemed to not know about it when I asked around.

You simply need to select a document in the Finder and hit ⌘-P, or just select Print from the Finder’s File menu.

I’m not a big fan of April Fools.