I'm writing this piece on the plane on my way back to Vancouver after a 12-day trip in China. I've written about China before, and every time I go, I understand and appreciate this complex country and culture a little more. If you think China is "up and coming," well, you might want to go and take a look for yourself. To be honest, I think they are already here. more
In my previous post, I talked about the significance of DNS in connection with the Software Defined Data Center (SDDC) and Software Defined Networking. Although the second generation DNS provisioning model I outlined should have seemed straight-forward enough, in real life it is anything but. In my view, the real-world complications of a seemingly trivial issue are largely related to how the network industry approaches IP addressing. more
In general, a network firewall is just a traffic filter... Filtering rules can be anything from "allow my web server to hear and answer web requests but not other kinds of requests" to "let my users Ping the outside world but do not let outsiders Ping anything on my network." The Internet industry has used firewalls since the mid-1980's and there are now many kinds, from packet layer firewalls to web firewalls to e-mail firewalls. Recently the DNS industry has explored the firewall idea and the results have been quite compelling. In this article I'm going to demonstrate a DNS firewall built using RPZ (Response Policy Zones) and show its potential impact on e-mail "spam". more
Well, 2012 is almost over, and we can now reflect on the major events that hit our industry this year. If I had to choose the top three trends from the past 12 months, they would have to be: 1. Over-the-top (OTT) services; 2. IPv6 deployments (finally!); 3. TR-069 adoption. Let's examine each of these in more detail. more
Distributed denial-of-service (DDoS) attacks that targeted U.S. financial institutions this week have reached 60 Gbps, according to researchers from DDoS mitigation provider Arbor Networks. more
Earlier this week we announced our "Proactive Nameservers", which is just marketing speak for what it really is: hot swappable nameservers or nameserver fail over. What is it? ... It's basically what every webmaster, IT department and CTO wishes they had set up before... more
At the WCIT in Dubai it is interesting to follow the debates surrounding the many issues being addressed at this world congress. There are the issues of internet governance in the broadest sense of the word - these have received widespread attention. But if we look at the core issues that an organisation such as the ITU can address then the scope widens - to topics such as the rules for the International Telecommunications Regulations (ITRs), and particularly those in relation to the rules for rates and charges. more
I'm a network engineer, and like many engineers I often gravitate to the big projects; large networks with problems of scale and complexity in my case. However, I also consider myself a student of Occam's razor and often quote Antoine de Saint-Exupéry: "perfection is reached not when there is nothing left to add, but when there is nothing left to take away." In this spirit of "less is more" I have recently become intrigued by the problems appearing in home networking. more
The Internet has managed to collect its fair share of mythology, and one of the more persistent myths is that from its genesis in a cold war US think tank in the 1960's the Internet was designed with remarkable ability to "route around damage." Whether the story of this cold war think tank is true or not, the adoption of a stateless forwarding architecture, coupled with a dynamic routing system, does allow the network to "self-heal" under certain circumstances. Can we see this self-healing in today's network? more
Internet monitoring companies say Syria's Internet connectivity has been shutdown nationwide. Renesys, a U.S.-based network security firm that studies Internet disruptions, reports that about 6 hours ago (12:26pm in Damascus) Syria's international Internet connectivity was shut down. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet." Akamai Technologies Inc. has also confirmed the complete outage in Syria. more
Hurricane Sandy caused major damage in both the Caribbean and the North-Eastern part of the USA. In an earlier article (RIPE Atlas - Superstorm Sandy) we showed data on 15 RIPE Atlas probes that are located in or near the affected areas in the USA. Most of these locations now appear to be back to normal round trip times to targets we monitor. But the effects of Hurricane Sandy were felt beyond the immediately affected area. more
Starting in mid-September, one of the largest and most sophisticated DDoS attacks ever targeted the titans of American banking. Initially, victims included Bank of America, JPMorgan Chase, Wells Fargo, PNC Bank, and U.S. Bancorp. In the weeks to come, others would also feel the pain. Websites crashed, customers were unable to make transactions and IT professionals and PR gurus went into panic mode. Leon Panetta, U.S. Secretary of Defense, said the attacks foreshadowed a "Cyber Pearl Harbor." more
The proposals by the European and Arab telcos that are being considered at the World Conference on International Telecommunications (WCIT) conference in Dubai later this year are most certainly facing defeat. This is not because the USA believes that the international telecommunications regulations (ITR) cannot be discussed by the ITU. America has a rather strange set of national regulations in which they have combined internet infrastructure and content -- and as such they claim that this no longer has anything to do with telecommunications. more
Hurricane Sandy has been a badly needed wake up call for the Internet community as to the threat of climate change. Although most people have forgotten, Sandy is the second hurricane to hit New York in as many years with Irene last August and a third tropical depression headed to New York at the time of this writing. Two, supposedly once in a hundred year storms, within such a short time frame should even make the most die-hard denialist that something's afoot. more
Couple of weeks ago I started a new initiative called "Names, Numbers and Beyond". I started this as I genuinely think we are facing big issues due to the uncontrolled and non-standard growth of the IP and Name space used today and tomorrow. To keep in control and make everything manageable, parcelling out IP address space and the use of tight naming standards/policies is necessary to make networks work better and make them achievable. more
A World-Renowned Source for Internet Developments. Serving Since 2002.