Piotr Kupisiewicz – Technical Expert in Krakow’s TAC VPN team. In IT for more than 10 years, out of which 5 years is mostly software engineering experience. Last 5 years spent mostly in networking area interested mostly in Network Security. His hobby are drums and very heavy music. CCIE Security 39762.
Olivier Pelerin – as a key member of the escalation team at Cisco’s Technical Assistance Center, he handles world-wide escalations on VPN technologies pertaining to IPSEC, DMVPN, EzVPN, GetVPN, FlexVPN, PKI. Olivier has spent years troubleshooting and diagnosing issues on some of largest, and most complex VPN deployments Olivier have a CCIE in security #20306
Topic of Presentation: Make IOS-XE Troubleshooting Easy – Packet-Tracer
Language: English
Abstract: “IOS-XE is operating system running on Service Provider devices like ASR series and ISR-4451. Aim of this session is to show how very complicated Service Provider’s configurations can be easily troubleshoted using packet-tracer tool.”
This slides deck presents mobile network protocol interworking idea of which the mobile networking IDs in GTP-U are mapped into IPv6 address with SRv6 concept in stateless. We adopt VPP as the target platform for prototyping the SRv6/GTP-U stateless translation. IETF104 hackathon was the venue where we hacked VPP to implement it.
The presentation in great details explains how modern CPUs work, what is instruction pipeline, cache, superscalar CPUs, out of order execution, speculative execution, branch misses and what is branch predictor.
Then the presentation explains step-by-step how the spectre attack works and why it was possible.
Next it touches process isolation, system calls and privilege levels, explains step-by-step how the meltdown attack works and why it was possible.
At the very end there is a source code for Spectre-based Meltdown attack (i.e. 2-in-1) in just 99 lines of code.
Kernel Recipes 2019 - Suricata and XDPAnne Nicolas
Suricata is a network threat detection engine using network packets capture to reconstruct the traffic till the application layer and find threats on the network using rules that define behavior to detect. This task is really CPU intensive and discarding non interesting traffic is a solution to enable a scaling of Suricata to 40gbps and other.
This talk will present the latest evolution of Suricata that knows uses eBPF and XDP to bypass traffic. Suricata 5.0 is supporting the hardware XDP to provide ypass with network card such as Netronome. It also takes advantage of pinned maps to get persistance of the bypassed flows. This talk will cover the different usage of XDP and eBPF in Suricata and shows how it impact performance and usability. If development time permit, the talk will also cover AF_XDP and the impact on this new capture method on Suricata.
Eric Leblond
This presentation introduces Data Plane Development Kit overview and basics. It is a part of a Network Programming Series.
First, the presentation focuses on the network performance challenges on the modern systems by comparing modern CPUs with modern 10 Gbps ethernet links. Then it touches memory hierarchy and kernel bottlenecks.
The following part explains the main DPDK techniques, like polling, bursts, hugepages and multicore processing.
DPDK overview explains how is the DPDK application is being initialized and run, touches lockless queues (rte_ring), memory pools (rte_mempool), memory buffers (rte_mbuf), hashes (rte_hash), cuckoo hashing, longest prefix match library (rte_lpm), poll mode drivers (PMDs) and kernel NIC interface (KNI).
At the end, there are few DPDK performance tips.
Tags: access time, burst, cache, dpdk, driver, ethernet, hub, hugepage, ip, kernel, lcore, linux, memory, pmd, polling, rss, softswitch, switch, userspace, xeon
This slides deck presents mobile network protocol interworking idea of which the mobile networking IDs in GTP-U are mapped into IPv6 address with SRv6 concept in stateless. We adopt VPP as the target platform for prototyping the SRv6/GTP-U stateless translation. IETF104 hackathon was the venue where we hacked VPP to implement it.
The presentation in great details explains how modern CPUs work, what is instruction pipeline, cache, superscalar CPUs, out of order execution, speculative execution, branch misses and what is branch predictor.
Then the presentation explains step-by-step how the spectre attack works and why it was possible.
Next it touches process isolation, system calls and privilege levels, explains step-by-step how the meltdown attack works and why it was possible.
At the very end there is a source code for Spectre-based Meltdown attack (i.e. 2-in-1) in just 99 lines of code.
Kernel Recipes 2019 - Suricata and XDPAnne Nicolas
Suricata is a network threat detection engine using network packets capture to reconstruct the traffic till the application layer and find threats on the network using rules that define behavior to detect. This task is really CPU intensive and discarding non interesting traffic is a solution to enable a scaling of Suricata to 40gbps and other.
This talk will present the latest evolution of Suricata that knows uses eBPF and XDP to bypass traffic. Suricata 5.0 is supporting the hardware XDP to provide ypass with network card such as Netronome. It also takes advantage of pinned maps to get persistance of the bypassed flows. This talk will cover the different usage of XDP and eBPF in Suricata and shows how it impact performance and usability. If development time permit, the talk will also cover AF_XDP and the impact on this new capture method on Suricata.
Eric Leblond
This presentation introduces Data Plane Development Kit overview and basics. It is a part of a Network Programming Series.
First, the presentation focuses on the network performance challenges on the modern systems by comparing modern CPUs with modern 10 Gbps ethernet links. Then it touches memory hierarchy and kernel bottlenecks.
The following part explains the main DPDK techniques, like polling, bursts, hugepages and multicore processing.
DPDK overview explains how is the DPDK application is being initialized and run, touches lockless queues (rte_ring), memory pools (rte_mempool), memory buffers (rte_mbuf), hashes (rte_hash), cuckoo hashing, longest prefix match library (rte_lpm), poll mode drivers (PMDs) and kernel NIC interface (KNI).
At the end, there are few DPDK performance tips.
Tags: access time, burst, cache, dpdk, driver, ethernet, hub, hugepage, ip, kernel, lcore, linux, memory, pmd, polling, rss, softswitch, switch, userspace, xeon
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
This talk introduces JTAG debugging capabilities, both for debugging hardware and software. Marek first explains what the JTAG stands for and explains the operation of the JTAG state machine. This is followed by an introduction to free software JTAG tools, OpenOCD and urJTAG. Marek shortly explains how to debug software using those tools and how that ties into the JTAG state machine. However, JTAG was designed for testing hardware. Marek explains what boundary scan testing (BST) is, what are BSDL files and their format, and practically demonstrates how to blink an LED using BST and only free software tools.
Marek Vasut
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Cisco Canada
IP SLA is a Cisco IOS feature available today to actively and proactively measure and report many network metrics. It is easy to use, and is supported by many existing network management applications.
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
This talk will start with a deep dive and hands on examples of BPF, possibly the most promising low level technology to address challenges in application and network security, tracing, and visibility. We will discuss how BPF evolved from a simple bytecode language to filter raw sockets for tcpdump to the a JITable virtual machine capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss and demonstrate how Cilium with the help of BPF can be combined with distributed system orchestration such as Docker to simplify security, operations, and troubleshooting of distributed applications.
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
Linux has become a 1st class Network Citizen for many years and doesn't fall short compared to commercial solutions. It in fact is the very essence many of those are build on and is used as the foundation for nearly all cloud solutions out there.
This talk will touch on methods and features to set up Layer3 network separation and will walk through and show case
* Policy-based routing
* VRFs (with and without MPLS)
* Network Namespaces
We will compare features and options and go through a number of use cases, covering Linux as a router, VPN server, load balancer, etc.
A basic understanding of networking, routing and how the Internet works certainly help, some aha moments will be there in any way.
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
Sie möchten Ihr großes internes Netzwerk - ein Autonomes System - mit dem Internet verbinden, eine IP-Fabric aufbauen oder interne Dienste per Anycast in Ihrem Netzwerk anbieten. Für all diese Dinge ist das Border Gateway Protokoll entwickelt worden und auch hervorragend geeignet.
Dieser Vortag vermittelt die Funktionsweise von BGP im externen und internen Einsatz, gibt einen Überblick über die Steuermechanismen und Stellschrauben und zeigt den praktischen Einsatz mit dem Bird Internet Routing Daemon auf.
This slide was presented at FPGA Extreme Conference #6 held at Dowango on Feb 1st, 2015. (It was originally in Japanese but translated to English)
Audience of the presentation was people new to OpenFlow and network processing using hardware, but interested in how FPGA is used in network processing.
Event home page (only Japanese)
http://connpass.com/event/10638/
Best Current Operational Practices - Dos, Don’ts and lessons learnedMaximilan Wilhelm
Max und Falk versammeln knapp 42 Jahre Erfahrung in der Netzwerk- und Open-Source Praxis. In diesem Vortrag stellen sie schmerzhafte Erfahrungen vor und leiten daraus Best Practices für den Netzwerkbetrieb ab. Zusätzlich werden Best Community Practices vorgestellt und der ein oder andere Schwank aus den Anfangszeiten des Internet in Deutschland erzählt.
BKK16-312 Integrating and controlling embedded devices in LAVALinaro
Previous introductory tutorials on LAVA have focussed on virtual platforms. This is an end-to-end tutorial as a basis to evaluate LAVA with one or more embedded targets using U-Boot. It integrates both a physical bootloader device with a stand-alone installation of LAVA, along with a simple PDU for target power control which is based on off-the-shelf Arduino components and fully integrated with pdudaemon. It covers device requirements, device configuration for 32- and 64-bit platforms, use of lavatool, tftp, pduclient and logging via the LAVA web interface and /var.
PLNOG 13: Piotr Wojciechowski: Security and Control PolicyPROIDEA
Piotr Wojciechowski – Consultant and network solutions architect, working on projects for clients from a wide Service Providers sector. Focuses not only on typical routing issues, IP/MPLS but also on VoIP and Wireless technologies. He gained his experience first at NOC ATMAN, then at leading integrator in the design and implementation for the operators, medium and large companies. Piotr is a holder of CCIE Routing & Switching Certificate, he is also CCIE.PL portal Administrator.
Topic of Presentation: TBD
Language: Polish
Abstract: TBD
PLNOG 13: Robert Ślaski: NFV, Virtualise networks or die – the voice of the r...PROIDEA
Robert Ślaski – Chief network consultant at Atende S.A., with 15 years experience in ICT, responsible for most demanding and challenging company projects within operator networks and mobile technologies – i.e. for ATMAN, T-Mobile, Polkomtel, OST112. The Cisco Certified Internetwork Expert CCIE #10877 (Routing & Switching and Security).
Topic of Presentation: NFV, Virtualise networks or die – the voice of the realist
Language: Polish
Abstract: Currently we are on the leading edge of NFV (Network Function Virtualization) hype, but what does it entirely mean? Is the network element virtualization concept a quite new one? Does it mean the same as SDN? When it makes sense, when it is a salvation, and when it would probably fail? For the SP or for the enterprise? An introduction to the topic and a couple of unanswered questions.
PLNOG 13: Sebastian Pasternacki: Standard 802.11e, a usługi multimedialne w s...PROIDEA
Sebastian Pasternacki – Inżynier sieciowy i systemowy z 15 letnim doświadczeniem na rynku IT. Od połowy 2011 pracuje w Cisco Systems Polska, początkowo w Technicznej Organizacji Partnerskiej zajmując się wsparciem, rozwojem i edukacją techniczną partnerów Cisco Systems z całej Polski, od połowy 2013 roku jako konsultant systemowy w dziale Enterprise Networks skupiający się na rozwiązaniach i usługach oferowanych przez routery, a od maja 2014 jako Architekt Rozwiązań Sieciowych. Poprzednio zdobywał doświadczenie w Polsce i Irlandii pracując jako inżynier i konsultant sieciowy dla firm integracyjnych takich jak British Telecom, PlanNet21 i NextiraOne. Specjalizuje się w rozwiązaniach Enterprise z zakresu Routing & Switching, Security oraz Mobility. Posiadacz wielu certyfikatów branżowych, w tym poczwórny CCIE #17541 R&S/SEC/SP/Wireless oraz CCDE #2012::9. Prywatnie entuzjasta rocka i metalu oraz pikantnej orientalnej kuchni, fan przerzucania żelastwa na siłowni oraz ostatnio miłośnik sztuki przemawiania publicznego.
Temat prezentacji: Standard 802.11e, a usługi multimedialne w sieciach bezprzewodowych
Język prezentacji: Polski
Abstrakt: Sieci bezprzewodowe są powszechnie używaną metodą dostępu do sieci, a wraz z mnogością używanych aplikacji i ich wymaganiami, rośnie nacisk na gwarancję jakości transmisji, zwłaszcza dla usług multimedialnych. Czy zastanawialiście się kiedyś w jaki sposób i jakimi mechanizmami można zapewnić oczekiwaną jakość usługi? Odpowiedź leży w standardzie 802.11e i mechanizmach, które wraz z tym standardem mogą, a często powinny być zaimplementowane. Ta sesja to wycieczka ścieżką wytyczoną poprzez mechanizmy kontroli dostępu do medium transmisyjnego, klasyfikację i oznaczanie różnych typów ruchu, zwieńczona istotną tematyką oszczędności energii.
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
This talk introduces JTAG debugging capabilities, both for debugging hardware and software. Marek first explains what the JTAG stands for and explains the operation of the JTAG state machine. This is followed by an introduction to free software JTAG tools, OpenOCD and urJTAG. Marek shortly explains how to debug software using those tools and how that ties into the JTAG state machine. However, JTAG was designed for testing hardware. Marek explains what boundary scan testing (BST) is, what are BSDL files and their format, and practically demonstrates how to blink an LED using BST and only free software tools.
Marek Vasut
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Cisco Canada
IP SLA is a Cisco IOS feature available today to actively and proactively measure and report many network metrics. It is easy to use, and is supported by many existing network management applications.
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
This talk will start with a deep dive and hands on examples of BPF, possibly the most promising low level technology to address challenges in application and network security, tracing, and visibility. We will discuss how BPF evolved from a simple bytecode language to filter raw sockets for tcpdump to the a JITable virtual machine capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss and demonstrate how Cilium with the help of BPF can be combined with distributed system orchestration such as Docker to simplify security, operations, and troubleshooting of distributed applications.
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
Linux has become a 1st class Network Citizen for many years and doesn't fall short compared to commercial solutions. It in fact is the very essence many of those are build on and is used as the foundation for nearly all cloud solutions out there.
This talk will touch on methods and features to set up Layer3 network separation and will walk through and show case
* Policy-based routing
* VRFs (with and without MPLS)
* Network Namespaces
We will compare features and options and go through a number of use cases, covering Linux as a router, VPN server, load balancer, etc.
A basic understanding of networking, routing and how the Internet works certainly help, some aha moments will be there in any way.
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
Sie möchten Ihr großes internes Netzwerk - ein Autonomes System - mit dem Internet verbinden, eine IP-Fabric aufbauen oder interne Dienste per Anycast in Ihrem Netzwerk anbieten. Für all diese Dinge ist das Border Gateway Protokoll entwickelt worden und auch hervorragend geeignet.
Dieser Vortag vermittelt die Funktionsweise von BGP im externen und internen Einsatz, gibt einen Überblick über die Steuermechanismen und Stellschrauben und zeigt den praktischen Einsatz mit dem Bird Internet Routing Daemon auf.
This slide was presented at FPGA Extreme Conference #6 held at Dowango on Feb 1st, 2015. (It was originally in Japanese but translated to English)
Audience of the presentation was people new to OpenFlow and network processing using hardware, but interested in how FPGA is used in network processing.
Event home page (only Japanese)
http://connpass.com/event/10638/
Best Current Operational Practices - Dos, Don’ts and lessons learnedMaximilan Wilhelm
Max und Falk versammeln knapp 42 Jahre Erfahrung in der Netzwerk- und Open-Source Praxis. In diesem Vortrag stellen sie schmerzhafte Erfahrungen vor und leiten daraus Best Practices für den Netzwerkbetrieb ab. Zusätzlich werden Best Community Practices vorgestellt und der ein oder andere Schwank aus den Anfangszeiten des Internet in Deutschland erzählt.
BKK16-312 Integrating and controlling embedded devices in LAVALinaro
Previous introductory tutorials on LAVA have focussed on virtual platforms. This is an end-to-end tutorial as a basis to evaluate LAVA with one or more embedded targets using U-Boot. It integrates both a physical bootloader device with a stand-alone installation of LAVA, along with a simple PDU for target power control which is based on off-the-shelf Arduino components and fully integrated with pdudaemon. It covers device requirements, device configuration for 32- and 64-bit platforms, use of lavatool, tftp, pduclient and logging via the LAVA web interface and /var.
PLNOG 13: Piotr Wojciechowski: Security and Control PolicyPROIDEA
Piotr Wojciechowski – Consultant and network solutions architect, working on projects for clients from a wide Service Providers sector. Focuses not only on typical routing issues, IP/MPLS but also on VoIP and Wireless technologies. He gained his experience first at NOC ATMAN, then at leading integrator in the design and implementation for the operators, medium and large companies. Piotr is a holder of CCIE Routing & Switching Certificate, he is also CCIE.PL portal Administrator.
Topic of Presentation: TBD
Language: Polish
Abstract: TBD
PLNOG 13: Robert Ślaski: NFV, Virtualise networks or die – the voice of the r...PROIDEA
Robert Ślaski – Chief network consultant at Atende S.A., with 15 years experience in ICT, responsible for most demanding and challenging company projects within operator networks and mobile technologies – i.e. for ATMAN, T-Mobile, Polkomtel, OST112. The Cisco Certified Internetwork Expert CCIE #10877 (Routing & Switching and Security).
Topic of Presentation: NFV, Virtualise networks or die – the voice of the realist
Language: Polish
Abstract: Currently we are on the leading edge of NFV (Network Function Virtualization) hype, but what does it entirely mean? Is the network element virtualization concept a quite new one? Does it mean the same as SDN? When it makes sense, when it is a salvation, and when it would probably fail? For the SP or for the enterprise? An introduction to the topic and a couple of unanswered questions.
PLNOG 13: Sebastian Pasternacki: Standard 802.11e, a usługi multimedialne w s...PROIDEA
Sebastian Pasternacki – Inżynier sieciowy i systemowy z 15 letnim doświadczeniem na rynku IT. Od połowy 2011 pracuje w Cisco Systems Polska, początkowo w Technicznej Organizacji Partnerskiej zajmując się wsparciem, rozwojem i edukacją techniczną partnerów Cisco Systems z całej Polski, od połowy 2013 roku jako konsultant systemowy w dziale Enterprise Networks skupiający się na rozwiązaniach i usługach oferowanych przez routery, a od maja 2014 jako Architekt Rozwiązań Sieciowych. Poprzednio zdobywał doświadczenie w Polsce i Irlandii pracując jako inżynier i konsultant sieciowy dla firm integracyjnych takich jak British Telecom, PlanNet21 i NextiraOne. Specjalizuje się w rozwiązaniach Enterprise z zakresu Routing & Switching, Security oraz Mobility. Posiadacz wielu certyfikatów branżowych, w tym poczwórny CCIE #17541 R&S/SEC/SP/Wireless oraz CCDE #2012::9. Prywatnie entuzjasta rocka i metalu oraz pikantnej orientalnej kuchni, fan przerzucania żelastwa na siłowni oraz ostatnio miłośnik sztuki przemawiania publicznego.
Temat prezentacji: Standard 802.11e, a usługi multimedialne w sieciach bezprzewodowych
Język prezentacji: Polski
Abstrakt: Sieci bezprzewodowe są powszechnie używaną metodą dostępu do sieci, a wraz z mnogością używanych aplikacji i ich wymaganiami, rośnie nacisk na gwarancję jakości transmisji, zwłaszcza dla usług multimedialnych. Czy zastanawialiście się kiedyś w jaki sposób i jakimi mechanizmami można zapewnić oczekiwaną jakość usługi? Odpowiedź leży w standardzie 802.11e i mechanizmach, które wraz z tym standardem mogą, a często powinny być zaimplementowane. Ta sesja to wycieczka ścieżką wytyczoną poprzez mechanizmy kontroli dostępu do medium transmisyjnego, klasyfikację i oznaczanie różnych typów ruchu, zwieńczona istotną tematyką oszczędności energii.
PLNOG 13: Andrzej Karpiński: Mechanizmy ochrony anty-DDoS stosowanych w Tele...PROIDEA
Andrzej Karpiński – TBD
Temat prezentacji: Mechanizmy ochrony anty-DDoS stosowanych w Telekomunikacji Polskiej / Orange.
Język prezentacji: Polski
Abstrakt: Orange posiada największą ilość abonentów w Polsce, i w związku z tym największą infrastrukturę sieciową w kraju. Sieć Orange, podobnie jak sieci innych operatorów, jest obiektem ataków DDoS. W naszej prezentacji chcielibyśmy omówić problematykę związaną z atakami DDoS w skali takiego operatora w praktyce, oraz opowiedzieć o tym, jak próbujemy sobie z tym na co dzień radzić. Prezentacja byłaby podzielona na dwie części – w pierwszej zaprezentowalibyśmy przykładowe ataki i ich wpływ na usługi i klientów, z rozbiciem na kategorie: usługi mobilne, usługi szerokopasmowe kablowe i segment klientów premium (biznes, łącza międzyoperatorskie). Parę słów trzebaby także powiedzieć na temat wpływu ataków na samą infrastrukturę sieci (przeciążenia routerów, firewalli, łączy wewnątrz sieci Orange). W drugiej części pokazalibyśmy co operator może z tego typu atakami robić dziś, i jakie są pomysły i oczekiwania w zakresie przyszłości. Prezentacja nie będzie pokazywała żadnego konkretnie komercyjnego produktu sprzedawanego przez Orange, będą to raczej ogólnosieciowo-rynkowe rozważania na temat metod podejścia do takich problemów. Myślę, że ciekawe i ogólnorozwojowe dla dość szerokiego grona słuchaczy.
PLNOG14: Architektura oraz rozwiązywanie problemów na routerach IOS-XE - Piot...PROIDEA
Piotr Kupisiewicz - Cisco Systems
Language: Polish
Architektura IOS-XE jest implementowana w każdym nowoczesnym routerze Cisco. Mowa tutaj o routerze ASR1000, jak również o seriach 43xx oraz 44xx.
Skoro IOS oraz IOS-XE "wyglądają" tak samo, jaka jest różnica między nimi ?
W jaki sposób efektywnie rozwiązywać problemy z przepływem ruchu poprzez router oparty o IOS-XE ?
Sesja omawiająca architekturę oraz podejście do rozwiązywania problemów (z prawdziwym "live demo"). Aspekty te mogą okazać się bardzo pomocne dla inżynierów sieciowych, jak również dla architektów sieciowych.
Zarejestruj się na kolejną edycję PLNOG: krakow.plnog.pl
This webinar explains why PISA chips are inevitable, provides overview of machine architecture of such switches, presents a brief primer on the P4 language with sample programs for a variety of networks and demonstrates a powerful network diagnostics application implemented in P4.
Programmability in SDNs is confined to the network control plane. The forwarding plane is still largely dictated by fixed-function switching chips. Our goal is to change that, and to allow programmers to define how packets are to be processed all the way down to the wire.
This is made possible by a new generation of high-performance forwarding chips. At the high-end, PISA (Protocol-Independent Switch Architecture) chips promise multi-Tb/s of packet processing. At the mid- and low-end of the performance spectrum, CPUs, GPUs, FPGAs, and NPUs already offer great flexibility with performance of a few tens to hundreds of Gb/s.
In addition to programmable forwarding chips, we also need a high-level language to dictate the forwarding behavior in a target independent fashion. "P4" (www.p4.org) is such a language. In P4, the programer declares how packets are to be processed, and a compiler generates a configuration for a PISA chip, or a programmable target in general. For example, the programmer might program the switch to be a top-of-rack switch, a firewall, or a load-balancer; and might add features to run automatic diagnostics and novel congestion control algorithms.
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
Recent trends have led to the erosion of the security perimeter and increasingly attackers are gaining operational footprints on the network interior. For more information, please visit our website: http://www.cisco.com/web/CA/index.html
Better Network Management Through Network ProgrammabilityCisco Canada
As we enter the age of network programmability the data models, protocols, and tools provided by a programmable network can greatly improve and simplify network management tasks. Configuration and operational data can be read and set regardless of the underlying device. Errors are properly reported to ensure reliable delivery of data. Connections are secure and robust. Data is more intelligently extracted. This presentation will explore how tools like NETCONF, YANG, as well as Cisco's Embedded Event Manager, onePK APIs, and embedded Python scripting can radically improve network management applications by offering visibility and provisioning power throughout the network stack. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
Preparing to program Aurora at Exascale - Early experiences and future direct...inside-BigData.com
In this deck from IWOCL / SYCLcon 2020, Hal Finkel from Argonne National Laboratory presents: Preparing to program Aurora at Exascale - Early experiences and future directions.
"Argonne National Laboratory’s Leadership Computing Facility will be home to Aurora, our first exascale supercomputer. Aurora promises to take scientific computing to a whole new level, and scientists and engineers from many different fields will take advantage of Aurora’s unprecedented computational capabilities to push the boundaries of human knowledge. In addition, Aurora’s support for advanced machine-learning and big-data computations will enable scientific workflows incorporating these techniques along with traditional HPC algorithms. Programming the state-of-the-art hardware in Aurora will be accomplished using state-of-the-art programming models. Some of these models, such as OpenMP, are long-established in the HPC ecosystem. Other models, such as Intel’s oneAPI, based on SYCL, are relatively-new models constructed with the benefit of significant experience. Many applications will not use these models directly, but rather, will use C++ abstraction libraries such as Kokkos or RAJA. Python will also be a common entry point to high-performance capabilities. As we look toward the future, features in the C++ standard itself will become increasingly relevant for accessing the extreme parallelism of exascale platforms.
This presentation will summarize the experiences of our team as we prepare for Aurora, exploring how to port applications to Aurora’s architecture and programming models, and distilling the challenges and best practices we’ve developed to date. oneAPI/SYCL and OpenMP are both critical models in these efforts, and while the ecosystem for Aurora has yet to mature, we’ve already had a great deal of success. Importantly, we are not passive recipients of programming models developed by others. Our team works not only with vendor-provided compilers and tools, but also develops improved open-source LLVM-based technologies that feed both open-source and vendor-provided capabilities. In addition, we actively participate in the standardization of OpenMP, SYCL, and C++. To conclude, I’ll share our thoughts on how these models can best develop in the future to support exascale-class systems."
Watch the video: https://wp.me/p3RLHQ-lPT
Learn more: https://www.iwocl.org/iwocl-2020/conference-program/
and
https://www.anl.gov/topic/aurora
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!