This document discusses challenges and potential solutions for automating inter-domain traffic engineering using BGP. It describes how BGP is used to exchange routing information between networks but has historically been difficult to use for traffic engineering. The document outlines the workflow of collecting data, simulating changes, optimizing traffic flows, and deploying changes. It discusses challenges with each step and how segment routing could help address some issues by allowing more granular control over internal and external paths. The document also covers differences between engineering egress versus ingress traffic and potential approaches for attracting more ingress traffic.
Service Chaining overview (English) 2015/10/05Kentaro Ebisawa
This is English version with additional slides and updated diagrams presented at Network Programmability Study #6 held on 29th Sept.
ネットワークプログラマビリティ勉強会#6 で発表したスライドの英語バージョン。
スライド追加&図などアップデートしてあります。
http://network-programmability.connpass.com/event/19603/
DEVNET-1175 OpenDaylight Service Function ChainingCisco DevNet
This tutorial will overview the OpenDaylight Service Function Chaining (SFC) architecture, implementation and operation. A description of the SFC components and the Network Service Header (NSH) will be presented. This talk will conclude with a step-by-step demonstration of SFC configuration and operation using the GUI and REST interfaces.
Le SDN et NFV sont très à la mode en ce moment car en passant des appliance physiques aux équipement réseau massivement logiciel, celà devrait offrir une grande flexibilité et agilité aux entreprises (et telco en particulier). Néanmoins chainer des services réseau est un exercice encore très complexe et ce document vous explique ce qu'il est déjà possible de faire sur OpenStack en couplant par exemple : un load balancer (BigIP), un Firewall (BigIP), un réseau virtuel WAN (RiverBed) ou encore un routeur virtuel (Brocade).
HKIX IPv4 Address Renumbering from /23 to /21 - Experience SharingAPNIC
HKIX IPv4 Address Renumbering from /23 to /21 - Experience Sharing, by Che-Hoo Cheng.
A presentation given at the APNIC 40 Lightning Talks session on Tue, 8 Sep 2015.
Service Chaining overview (English) 2015/10/05Kentaro Ebisawa
This is English version with additional slides and updated diagrams presented at Network Programmability Study #6 held on 29th Sept.
ネットワークプログラマビリティ勉強会#6 で発表したスライドの英語バージョン。
スライド追加&図などアップデートしてあります。
http://network-programmability.connpass.com/event/19603/
DEVNET-1175 OpenDaylight Service Function ChainingCisco DevNet
This tutorial will overview the OpenDaylight Service Function Chaining (SFC) architecture, implementation and operation. A description of the SFC components and the Network Service Header (NSH) will be presented. This talk will conclude with a step-by-step demonstration of SFC configuration and operation using the GUI and REST interfaces.
Le SDN et NFV sont très à la mode en ce moment car en passant des appliance physiques aux équipement réseau massivement logiciel, celà devrait offrir une grande flexibilité et agilité aux entreprises (et telco en particulier). Néanmoins chainer des services réseau est un exercice encore très complexe et ce document vous explique ce qu'il est déjà possible de faire sur OpenStack en couplant par exemple : un load balancer (BigIP), un Firewall (BigIP), un réseau virtuel WAN (RiverBed) ou encore un routeur virtuel (Brocade).
HKIX IPv4 Address Renumbering from /23 to /21 - Experience SharingAPNIC
HKIX IPv4 Address Renumbering from /23 to /21 - Experience Sharing, by Che-Hoo Cheng.
A presentation given at the APNIC 40 Lightning Talks session on Tue, 8 Sep 2015.
DEVNET-1006 Getting Started with OpenDayLightCisco DevNet
Install OpenDaylight within a VM on your own laptop. Acquaint yourself with the development environment. Learn your way around Dlux (GUI) and the CLI to view and operate an OpenDaylight controlled network. Activate and operate integrations to Cisco network elements
Segment routing is a technology that is gaining popularity as a way to simplify MPLS networks. It has the benefits of interfacing with software-defined networks and allows for source-based routing. It does this without keeping state in the core of the network and needless to use LDP and RSVP-TE.
This session provides an overview of the Next Generation Network Architecture with Segment Routing technology that helps Service Providers to simplify the network. You will get an understanding of the basic concepts behind the technology and its wide applicability ranging from simple transport for MPLS services, disjoint routing, traffic engineering and its benefits in the context of software defined networking. Previous knowledge of IP routing and MPLS is beneficial to understand Segment Routing.
Slides for lecturing in Alpha Networks Inc.
Introduce the routing mechanism in Trellis, namely Segment Routing, from the upper side of application design
and ONOS core functions, to the lower side of fabric pipelines and flows on OFDPA.
Keynote given at DRCN2018, shows that innovation is back in the transport and network layer with a description of Multipath TCP, QUIC and IPv6 Segment Routing.
PLNOG 13: Michał Dubiel: OpenContrail software architecturePROIDEA
Michał Dubiel – TBD
Topic of Presentation: OpenContrail software architecture
Language: Polish
Abstract:
OpenContrail is a complete solution for Software Defined Networking (SDN). Its relatively new approach to network virtualization in data centers utilizes the overlay networking technology in order to achieve full decoupling of the physical infrastructure from the tenant’s logical configurations.
This presentation describes the software architecture of the system and its functional partitioning. A special emphasis is put on a compute node components: the vRouter kernel module and the vRouter Agent. Also, selected implementation details are presented in greater details along with an analysis of their impact on an overall system’s exceptional scalability and great performance.
These slides summarise the 0-RTT converters that were proposed in the IETF MPTCP working group to aid the deployment of Multipath TCP. Additional details are available in https://www.ietf.org/internet-drafts/draft-bonaventure-mptcp-converters-01.txt
DEVNET-1006 Getting Started with OpenDayLightCisco DevNet
Install OpenDaylight within a VM on your own laptop. Acquaint yourself with the development environment. Learn your way around Dlux (GUI) and the CLI to view and operate an OpenDaylight controlled network. Activate and operate integrations to Cisco network elements
Segment routing is a technology that is gaining popularity as a way to simplify MPLS networks. It has the benefits of interfacing with software-defined networks and allows for source-based routing. It does this without keeping state in the core of the network and needless to use LDP and RSVP-TE.
This session provides an overview of the Next Generation Network Architecture with Segment Routing technology that helps Service Providers to simplify the network. You will get an understanding of the basic concepts behind the technology and its wide applicability ranging from simple transport for MPLS services, disjoint routing, traffic engineering and its benefits in the context of software defined networking. Previous knowledge of IP routing and MPLS is beneficial to understand Segment Routing.
Slides for lecturing in Alpha Networks Inc.
Introduce the routing mechanism in Trellis, namely Segment Routing, from the upper side of application design
and ONOS core functions, to the lower side of fabric pipelines and flows on OFDPA.
Keynote given at DRCN2018, shows that innovation is back in the transport and network layer with a description of Multipath TCP, QUIC and IPv6 Segment Routing.
PLNOG 13: Michał Dubiel: OpenContrail software architecturePROIDEA
Michał Dubiel – TBD
Topic of Presentation: OpenContrail software architecture
Language: Polish
Abstract:
OpenContrail is a complete solution for Software Defined Networking (SDN). Its relatively new approach to network virtualization in data centers utilizes the overlay networking technology in order to achieve full decoupling of the physical infrastructure from the tenant’s logical configurations.
This presentation describes the software architecture of the system and its functional partitioning. A special emphasis is put on a compute node components: the vRouter kernel module and the vRouter Agent. Also, selected implementation details are presented in greater details along with an analysis of their impact on an overall system’s exceptional scalability and great performance.
These slides summarise the 0-RTT converters that were proposed in the IETF MPTCP working group to aid the deployment of Multipath TCP. Additional details are available in https://www.ietf.org/internet-drafts/draft-bonaventure-mptcp-converters-01.txt
In part 2 of this BGP webinar series, we cover how to diagnose a variety of route changes. Starting from key concepts, you'll learn about the many types of policy and peering changes and routing misconfigurations, and how you can set alerts for these scenarios. See the webinar recording at https://www.thousandeyes.com/webinars/monitoring-route-changes
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Similar to 【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automation challenges and enablers (20)
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Introduction
• Inter-domain traffic includes all traffic crossing the boundary of
networks
• BGP is used to exchange reachability information among networks
• Inter-domain traffic engineering has been historically hard:
Control traffic to meet objectives
Estimate the effects of changes
• We describe these problems and discuss potential solutions
• Main objective being (semi-)automation
4. Some high-level use-cases
• Design/architectural/business:
Simulate optimal placement of interconnects
Simulate impact of interconnect failures
• Operational:
Simulate impact of (BGP policy) changes without disrupting live traffic
5. Egress / Ingress differences
• Egress and ingress traffic are differently managed
• Egress traffic:
Operators have control on the paths they would like to use for their traffic
• Ingress traffic:
Depends on how the other networks decide
Operators can try to influence the decision of others
6. Egress traffic
• Routers decide the best path using the BGP decision process
• Operators change attributes of the paths to reflect their policy
• The typical egress TE process consists in tweaking attributes to steer
traffic as desired
• Old problem:
Feamster et al. “Guidelines for interdomain traffic engineering”. CCR. 2003.
Nanog presentations (e.g. Wepman, 2004; Roisman, 2009; etc.)
• Proposed workflow: collection, simulation, optimization, deployment
7. EPE Challenges: Collection
• Requires the collection of different sources of data:
BGP paths, traffic, policy
• Over time mostly non-standard or mature APIs:
BGP paths (BGP Add-Path, BMP)
Traffic (Netflow/IPFIX, sFlow)
Policy (Tail-f, Openconfig project)
Collection Simulation Optimization Deployment
8. EPE Challenges: Simulation
• What-if scenarios hard to simulate
• BGP decision process is complex:
RRs add a level of complexity
Not always deterministic
Proper network design
• Focus on the important prefixes
Identify importance, ie. by service or by IP prefixes/paths making more traffic
Prioritize or exclude
Collection Simulation Optimization Deployment
9. EPE Challenges: Optimization
• Not easy to move traffic in a granular way:
Changing LP, MED changes everything
Need to include IGP into account
iBGP policies are typically not desirable
• Complex metrics:
For example: latency, bit-miles calculations
No standard way to include in the optimization process
Collection Simulation Optimization Deployment
10. EPE Challenges: Deployment
• Alternatives to deploy:
Operate changes (ie. policies) at network edges
Injection of best paths via a BGP controller
• Using controllers to operate changes:
Collection would be similar
Southbound interface might vary (BGP itself, Openflow, etc.)
Segment Routing as a solution
Collection Simulation Optimization Deployment
11. Segment Routing: very quick intro (1/3)
• Segment Routing uses Segment IDs to identify links (or services)
• MPLS or IPv6 to define the labels
• Ingress routers and can use SR to control internal path and external
path
• Filsfils et al. “The Segment Routing Architecture”. Globecomm. 2015.
• For inter-domain traffic, SR allows for granularly steering traffic
without being impacted by IGP or other metrics
14. Ingress traffic
• An operator attempts to attract traffic over specific links
• Complex by design: the Internet is formed by networks with different
policies:
Conflicts could be unsolvable
Some Content providers don’t even use BGP to select a source and path
• Proposed workflow: deployment, collection, assessment, negotiation
15. Ingress: Deploy
• Different tools can be used to influence other ASNs:
AS-Path prepending
MEDs, Communities
Prefix de-aggregation or hiding
• Other routers paradigms such as LISP provide more direct ways of
influencing the inbound path:
But policies would still prevail
Deployment Collection Assessment Negotiation
16. Ingress: Collect, Assess, Negotiate
• Collect:
Similar to the egress case
External data might be useful
• Assess:
Keep track of the implemented mechanism. Ensure that it works
• Negotiate:
Talk to your neighbors. They might be willing to cooperate
Deployment Collection Assessment Negotiation
17. Conclusions and closing words
• Take control of your data
• Security was not discussed, but it is an important issue:
New data to monitor
more decisions to make
(Discard a route with problems or lower its preference?)