Hedge 93: Dinesh Dutt and Observability

We talk a lot of about telemetry in the networking world, but generally as a set of disconnected things we measure, rather than as an entire system. We also tend to think about what we can measure, rather than what is useful to measure. Dinesh Dutt argues we should be thinking about observability, and how to see the network as a system. Listen in as Dinesh, Tom, And Russ talk about observability, telemetry, and Dinesh’s open source network observability project.


How to Listen to the Hedge

The Hedge is over 90 episodes now … I’m a little biased, but I believe we’re building the best content in network engineering—a good blend of soft skills, Internet policy, research, open source projects, and relevant technical content. You can always follow the Hedge here on Rule 11, of course, but it’s also available on a number of services, including—

I think it’s also available on Amazon Music, but I don’t subscribe to that service so I can’t see it. You can check the Podcast Directory for other services, as well. If you enjoy the Hedge, please post a positive rating so others can find it more easily.

Upcoming Live Webinar: Data Center Fabrics

I’ll be teaching a three-hour live webinar on data center fabrics on the 20th of August—

Data centers are the foundation of the cloud, whether private, public, on the edge, or in the center of the network. This training will focus on topologies and control planes, including scale, performance, and centralization. This training is important for network designers and operators who want to understand the elements of data center design that apply across all hardware and software types.

Register here.

Leveraging Similarities

We tend to think every technology and every product is roughly unique—so we tend to stay up late at night looking at packet captures and learning how to configure each product individually, and chasing new ones as if they are the brightest new idea (or, in marketing terms, the best thing since sliced bread). Reality check: they aren’t. This applies across life, of course, but especially to technology. From a recent article—

Whenever I start learning a new programming language, I focus on defining variables, writing a statement, and evaluating expressions. Once I have a general understanding of those concepts, I can usually figure out the rest on my own. Most programming languages have some similarities, so once you know one programming language, learning the next one is a matter of figuring out the unique details and recognizing the differences.

RFC1925 rule 11 states—

Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.

Rule 11 isn’t just a funny saying—rule 11 is your friend. If want to learn new things quickly, learn rule 11 first. A basic understanding of the theory of networking will carry across all products, all marketing campaigns, and all protocols.

Weekend Reads 072321

The next tech talent wars may be less about the free stuff, and more about the freedom to work from anywhere in the world. Those famously expensive Silicon Valley campuses that double as adult playgrounds, with their nap pods and herb gardens and bike-shares, are competing with a newfound love for the home office.

There are some features in any architecture that are essential, foundational, and non-negotiable. Right up to the moment that some clever architect shows us that this is not so.

Looking at the Resource Public Key Infrastructure (RPKI) landscape today, it is vastly different from two to three years ago. At the time, resource holders around the world had created a considerable amount of Route Origin Authorization (ROAs), but actually using RPKI data to perform Route Origin Validation (ROV) was only done by a handful of networks

A newly discovered breed of cyber assault is threatening corporate networks. Dubbed “FragAttacks” (Fragmentation and Aggregation Attacks) by Mathy Vanhoef, the researcher who discovered them, these security breaches are a subcategory of digital airborne attacks performed over Wi-Fi networks.

While there’s enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword. Cybercriminals and other threat actors can engage the same techniques or manipulate the automated systems businesses employ.

Most carriers don’t order 200,000 5G base stations, so they will pay more, but that’s the actual price for the joint procurement of China Telecom and China Unicom.

The seemingly endless battle against copyright infringement has caused plenty of collateral damage. But now that damages is reaching new levels, as copyright holders target providers of basic internet services. For example, Sony Music has persuaded a German court to order a Swiss domain name service (DNS) provider, Quad9, to block a site that simply indexes other sites suspected of copyright infringement.

Organizations report it’s becoming increasingly difficult to maintain the security of their Web applications and APIs with a patchwork of security tools and a rising wave of false positive alerts.

In most circumstances, I think it is bad practice for a vendor to do anything other than having patch and advisory publication synchronized. There may be exceptions to this, such as when a vulnerability is under active attack before a patch is available, but there are risks worth considering on either side of a synchronized release.

Why all this talk about an obscure game? Well, the game came to mind the other day as I was working my way through some security data trying to pinpoint a specific piece of information. The problem I had was that there are many signals (like the players looking the wrong way) that distracted from what I was looking for, and even when I started to zoom in on a general area, assessing the space was difficult.

For example, the crazy gyrations in bitcoin prices are ample evidence that financial markets are not efficient. Since bitcoins generate no income, their intrinsic value is zero, yet people have paid hundreds, thousands, and tens of thousands of dollars for bitcoins.

And one of the central tenets of that belief is that, given how many HPC and AI applications are bound by memory bandwidth – not compute capacity or even memory capacity – that some form of extremely close, very high bandwidth memory would come to all manner of calculating chips: GPUs, CPUs, FPGAs, vector engines, whatever.

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).

The RIPE NCC is very invested in Resource Public Key Infrastructure (RPKI) and runs a Trust Anchor (one of the root certificate authorities (CAs). It also hosts a platform for maintaining Route Origin Authorizations (ROAs). The NCC also offers a publication server accessible over rsync and RRDP.

The way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software.

Hedge 92: The IETF isn’t the Standards Police

In most areas of life, where the are standards, there is some kind of enforcing agency. For instance, there are water standards, and there is a water department that enforces these standards. There are electrical standards, and there is an entire infrastructure of organizations that make certain the fewest number of people are electrocuted as possible each year. What about Internet standards? Most people are surprised when they realize there is no such thing as a “standards police” in the Internet.

Listen in as George Michaelson, Evyonne Sharp, Tom Ammon, and Russ White discuss the reality of standards enforcement in the Internet ecosystem.