DNS Cookies and DDoS Attacks

16 June 2016 |

DDoS attacks, particularly for ransom—essentially, “give me some bitcoin, or we’ll attack your server(s) and bring you down,” seem to be on the rise. While ransom attacks rarely actually materialize, the threat of DDoS overall is very large, and very large scale. Financial institutions, content providers, and others regularly consume tens of gigabits of attack…

DHCP Topology Customization Options

1 June 2016 | Comments Off on DHCP Topology Customization Options

The Dynamic Host Configuration Protocol (DHCP) is widely used, and yet poorly understood. There are, in fact, a large number of options in DHCP—but before we get to these, let’s do a quick review of basic off-segment operation. When the client, which has no IP address, sends out a request for configuration information, what happens?…

Reaction: More Encryption is Bad?

15 March 2016 |

This week I was peacefully reading the March 9th issue of ACM Queue when I received a bit of a surprise. It seems someone actually buys the “blame the victim” game, arguing that governments are going to break all encryption if we don’t give them what they want. These ideas are all based on the…

Defining SDN Down

16 October 2015 |

If a WAN product that uses software to control the flow of traffic is an SD-WAN, and a data center than uses software to build a virtual topology is an SD-DC, and a storage product that uses software to emulate traditional hardware storage products is SD storage, and a network where the control plane has…

Worth Learning: The Power Grid

25 August 2015 | Comments Off on Worth Learning: The Power Grid

Stop mulling over the latest (now dead) command line, and learn something useful. If you work in networking, you work with electricity. But how many people really know how the power grid works? Even though I have relatives and friends who’ve worked in the power industry all their lives, I’m still learning new things about…

Engineering Lessons, IPv6 Edition

14 August 2015 | Comments Off on Engineering Lessons, IPv6 Edition

Yes, we really are going to reach a point where the RIRs will run out of IPv4 addresses. As this chart from Geoff’s blog shows — Why am I thinking about this? Because I ran across a really good article by Geoff Huston over at potaroo about the state of the IPv4 address pool at…

SD-WAN and Multiple Metrics

6 July 2015 | Comments Off on SD-WAN and Multiple Metrics

Ivan has posted a reaction to Ethan, which prompts me to… Okay, let’s start at the beginning. Ethan wrote a nice post on SD-WAN and the “shortest path we always wanted,” covering some of the positive and negative aspects of software defined WAN. Ivan responded with this post, in which he says several interesting things,…