Networking Industry Update 2021-02

Telcos and 5G

In Finland, Telia made a deal with Nokia on the 5G network and it will be heard in ads promoting the only “domestic and secure” network. The CEO warns of the risks and promises Finns the Finnish 5G network as the only operator. Telia has had a tough year and has now set new goals on a sustainable basis. The aim is to reinvent connected living, save on costs and take advantage of infrastructure. This is a familiar text from all operators. Something concrete though: Telia launched a global IoT service and announced that it will close its 3G network by the end of 2023. These network closures have often slipped or perhaps the goal has been set too ambitious. For example, Verizon postponed the 3G shutdown originally announced for 2019 until 2023.

In Sweden, the “NAT rule” for operators came into force in April last year, requiring users behind a note to be identified by a non-IP address. Telia has not been able to collect data for a year and is now facing a fine of SEK 10M.

There has been enough talk about 5G private networks and companies. In Finland, Telia, Digita and Nokia will start cooperating, and Nokia and Elisa will join forces to promote private networks for companies. At DNA, the private network is the winning solution of the future. Nokia’s Lundmark also believes that enterprise networks will overtake the public 5G over the next decade, and Ericsson’s Ekholm says enterprise applications will capture most of the value in 5G. The provider side now sees strong momentum in enterprises, but according to an Omdia study, big companies are not much interested. On the contrary, small and medium-sized enterprises would be more enthusiastic, but operators do not want them as their customers.

Indeed, the 5G business model currently exudes more symbolism than a sustainable business. The frequencies used to follow the laws of physics and the frequencies have their price not only in the auction but also in the numbers of devices and locations. The situation gets worse when we go to mm-waves and the 5G New Radio standard at very high frequencies. Mm-waves are very inefficient and are prone to weather interference, so the power must be directed very precisely towards the terminal. There are applications from side to side and the needs are very different. It may be that different radio technologies and frequencies are different for different applications. In any case, 5G will become more widespread as usage gradually moves to the new network and new applications and applications find their place. It just takes time.

The development of 6G is starting in companies. One revolutionary reform may be in data transfer, where it no longer makes sense to even move a growing mass of data back and constantly increase the speed of data transfer. In the future, only the data model and changes may be transferred, and the raw data remains on the device. At the same time, privacy and security issues are resolved. Silicon Valley’s Pied Piper was ahead of its time.

5G broadcasting has received the ETSI standard. It could be used to broadcast a linear TV and radio program on a 5G network. The feature was already available on the 4G network with eMBMS. A converged distribution path over IP in a mobile network is beneficial because it is expensive to maintain a separate terrestrial TV transmission network. In Finland, public service broadcaster Yle has been lobbying for forward-looking mobile network distribution for the past 10 years to save on duplication of distribution costs.

Finnish public safety network Virve 2.0 has progressed so that the bit passes between Elisa’s radio network and Ericsson’s Core. The transition to the new network would be possible as planned for 2023-2025. Here’s a little look at the history of the public safety network in Finland. Sweden is a little behind, but with the same plans to upgrade their Rakel network. The difference to Finland is that the authorities would use their own frequencies and organization. Technically, Sweden has much more ambitious plans, for example in terms of adequacy of reserve power for 7 days, instead of the current three hours in Finland.

In the UK, attempts are being made to secure networks with friendly calls not to destroy equipment cabinets.

In IoT networks, Lorawan’s rival French Sigfox has allied with Google to provide 0G network services more efficiently. Founded in 2010, Sigfox has been in turmoil as the target of one billion connected devices has not materialized, and only 17 million devices have been added to the network. In general, IoT has not materialized as expected. Sigfox is following the operator improvement program: reinventing itself, selling infrastructure and saving costs. Expectations are set to be realistic and better-refined services are sought to be provided with Google.

Cloud

Good overview of AWS networking, best practices and optimization tips. You know these: Region, Availability Zone, vPC, shared VPC, Direct Connect, Private Link, Transit GW, VPN, SD-WAN, Gateway Load Balancer, Firewall, Private Virtual Interface, Placement Groups, Flow Logs, Cloudfront… Did you know routing has hard limits that cannot be crossed? Surprising how small they are in some cases. Keep going AWS and don’t stop releasing!

Other overviews and comparisons of public cloud networking from Ivan Pepelnjak:  AWS Networking 101Azure Networking 101Availability Zones and Regions in AWS, Azure and GCPVirtual Networks and Subnets in AWS, Azure, and GCP.

AWS Direct Connect is now available at 100Gbps in 14 locations around the world, mainly in Asia and the United States. Availability is likely to be based on demand. The hourly rate for a dedicated port alone is $22.50, making $16,200 a month. Pretty succulent price if you compare the port price with, for example, interconnection points. Ficix’s 100G port costs a paltry 445 € per month, which is the same as 10G. Through Nednod in Stockholm, connections can be made to all public clouds and there a 100G gate costs 3360 € per month, a 400G gate 7500 € per month. 100G IP transit could cost less than €10,000 per month. But it is useless to speculate on these, the one who needs it pay kindly or negotiates a better price.

The public cloud has been seen as a model example of a routed IP environment where bridging is irrelevant. Now, however, Oracle is watering down the principles and bringing L2 support to the OCI cloud. The feature is probably targeted at Vmware customers. Is it about hauling customers in with the easiest possible means so that there is no need to change anything in the cloud transition? Pretty bad idea for the longer term.

Mysocket.io is a free open source cloud service that allows you to publish your intranet services to the Internet. The service includes great features such as anycast network, load sharing and zero trust-based identity-based access.

Cybersecurity

The parties to the Solarwinds case have been heard in the U.S. Senate. Blaming others has been a way to handle it. Solarwinds said the trainee had put a weak password in the Github repo. Microsoft told this hacking required at least 1,000 skilled engineers and the fault was not in Microsoft’s software but on the customer side. Crowdstrike accused Microsoft of its intricate and antique architecture. Attempts were also made to involve AWS in the case because the servers it ran were used in the attack. AWS declined to participate.

The case spills wildly and all sorts of things can be connected to it. New serious vulnerabilities have been found in Solarwinds’ programs, in addition to the Russians, the Chinese would have spied on the U.S. payroll agency, hackers would have been interested in unclassified information in the O365 environment, and 30% of targeted private companies would not have used Solarwinds. Microsoft said the source code for Azure, Intune and Exchange have been stolen. Extrahop caught the eye of how its EDR product detected an increase in suspicious activity, even though hackers created their own firewall rules and moved laterally, trying to hide their tracks.

The French IT surveillance product Centreon is allegedly the subject of a long-running Russian attack through a backdoor found in the program. The target has been French companies and other large firms. Centreon has stressed that this is not an attack on the supply chain, it has only targeted an already outdated open source version of the program and commercial customers have not been compromised.

The RIPE NCC Access SSO service was subjected to a brute-force attack. The service was interrupted, but the user information was not compromised. Users are prompted to enable 2-step verification. A hands-on experiment with a public server with a passworded SSH login showed that it took the hacker about four hours to crack the easy ID and password. Therefore, it is important to use only SSH keys to log in or restrict access to your own IP addresses. The root login should always be turned off and use sudo to increase execution privileges.

Vulnerabilities have been found in Fortinet’s Fortiweb application firewall versions 6.2 and 6.3. Sonicwall’s devices are being actively attacked using a new zero-day vulnerability. There were two critical command execution vulnerabilities in Microsoft’s TCP / IP implementation. In Python versions 3.x-3.9.1, the typical buffer overflow vulnerability was less critical, but updates are recommended for versions 3.8.8 or 3.9.2.

Vulnerabilities in the Cisco ACI Multi-site Orchestrator and NX-OS could allow an attacker to bypass authentication. A NAT slipstream vulnerability was detected in JavaScript, in which any TCP / UDP port opens from the outside to the machine behind the sheet. Plex Media Server is used for DDoS attacks. The amplification factor for SSDP service is 5. A new Linux malware steals SSH credentials using the OpenSSH Trojan. It is focused on supercomputers and servers in the academic world.

Florida water supply hacking scared the whole world. An attacker who came in with Teamviewer adjusted the lye level of the water, but the water plant operators noticed the actions on the screen and intervened. The intruder probably took advantage of a weak password and outdated computers. Here we saw how rapid human perception and response saved from problems. An automatic response would have responded even faster and more reliably. However, one may also ask why, in general, the level of additives can be adjusted above the permitted limit. Teamviewer is one of the highest risks and should not be part of the production toolkit. The beginnings of remote management date back to ancient mainframes, but began to spread from remote desktop management in the mid-1980s with DOS-based Carbon Copy software.

IBM wants to support educational institutions in developing cybersecurity. The problem with schools is the long summer holidays when the machines are closed and no upgrades are made. In the fall, when the season kicks off, a huge number of out-of-date machines will appear on the web and the use of the apps will begin at full capacity. The model where machines need to be upgraded on an intranet is outdated and risky.

The diversity, longevity, and number of IoT devices have made them network-connected waste that no one cares about. If the devices once worked, why would anyone update and maintain all of them if new updates were even released? If we can’t take care of a smaller computer network, how could we manage the entire digital infrastructure from devices to applications? The U.S. Congress is trying to create even minimum standards for post-sales support that would force manufacturers to take more responsibility instead of just pushing out more and more equipment.

The NCSC has a weighty issue about becoming a victim of the malware. Blackmail malware is a visible symptom of more serious intrusion inside a company. Therefore, the treatment of symptoms is not enough, but the cause must be found and corrected. The example shows a company that paid millions in ransoms but did nothing else. The company got its data back until a couple of weeks later a new blackmail malware appeared. The company had no choice but to pay the ransom again.

The level of cybersecurity in companies has been studied and found that the reality beneath the surface is quite harsh. Those who say security is important tend to work better in practice as well. Big companies perform better, even though they have shortcomings in the basics. Cyber ​security budgets are really hard to justify because they don’t have a direct payback. Besides, tough performance targets and frustration may increase risky behavior. Companies tend to outsource risk to third parties and focus on more important things themselves. Cyber ​​insurance may seem like a good option, but it usually does not cover loss of sales and reputation or repair costs for a weak point.

Products

The traditional WAF, or application firewall, simply does not keep up with the pace of application change in the cloudy world. Maintaining it creates a huge amount of work where even machine learning doesn’t help. Therefore, in practice, WAF is only used at a basic level, in which case it provides little protection. Checkpoint and Paloalto are moving to cloud-based application security with their new products. Paloalto Prisma Cloud claims to have the best WAF features in the industry. It is based on various cloud-native functions that tackle dynamic cloud services. Also, WAF has integrated other functions such as IAM and DLP, so the service may be approaching more of a zero-trust model. Or was WAF the first step towards a zero-trust.

So what exactly is zero-trust? It is about the principle of the least right, identity and segmentation. NSA published a short concise document on zero trust principles.

With the previous acquisition of Awake, Arista became strongly involved in the security side and now also offers a zero trust model. In the Arista model, the functions are group-specific segmentation, situational intelligence, network visibility, and artificial intelligence-assisted observation and response. Activities focus on network infrastructure and its orchestration.

Cisco expanded the capabilities of AppDynamics to include vulnerability management. Secure Application combines application monitoring and security view into one tool.

Juniper merges the operator WAN management tools under Paragon Automation Umbrella. It continues the confusing naming and product positioning that has prevailed in Contrail products. Paragon includes the old Northstar and Contrail Healthbot once again renamed, as well as the new Netrounds-based monitoring component and Anuta ATOM configuration management. The purpose is good, which is to improve the generally poor customer experience of telcos.

On the enterprise side, Mist is the best thing that has happened in the industry for a long time. Juniper now has a clear strategy and a good platform to build on. And the momentum has been maintained in product integration. 128 Half a year has passed since the acquisition of Technology and only two months since the acquisition was confirmed, and the technology has already been integrated into Mist‘s management and AI platform. The 128T is the latest evolution of SD-WAN, where application traffic is routed by sessions without traditional IPSec tunnels. This is a big step towards a true application routing and network as a service model.

And SD-WAN and SASE have generated a lot of stories again. The current SD-WAN implementation is probably only an intermediate step towards a holistic SASE cloud model. SD-WAN was introduced to replace MPLS connections, but today it does much more combined to SASE. According to one study, many companies have SASE elements in use, but the comprehensive SASE architecture is only just over 10%, which is hardly surprising. The most advanced is the security of supply sectors, followed by the legal, financial and healthcare sectors. IT departments drive deployment a lot more than the security department. Despite the jump, zero-trust and edge content filtering are the least used features. Cloud utilization seems to limit the deployment rate.

At the edge of the office, the physical equipment will remain for the time being, but the software alone will gain more and more space in the solutions. Cato is one of the software-only routers and has made a wild rise into a unicorn company. Security features are starting to become more important than networking in SD-WAN / SASE solutions. Brand new players are coming to the field and, for example, cloud companies are gaining a foothold. However, according to the study, traditional manufacturers Zscaler, HPE, Cisco, Fortinet, and Versa are at the forefront stillFortinet relies above all on its own hardware, even though it adds SASE cloud services. But with that hardware strategy, Fortinet will remain a prisoner of its own dwindling genre in the long run.

The applications of SD-WAN / SASE are expanding into the IoT and manufacturing. SD-WAN service would be suitable for users if only service providers took on a role. The MEF3.0 has standardized an SD-WAN overlay service to facilitate the building and interconnecting services. There is also a list of certified service providers, that includes e.g. Telia.

Paloalto acquires Bridgecrew and moves security to the left in application development. Bridgecrew’s product is baked according to Prisma Cloud to bring security into application development and the entire application lifecycle. The fire wave travels towards the cloud-like world as a trendsetter like F5.

Cloud access converts firewall licensing to subscription-based. The user can use the walls more freely and only pay for the use. Some benefit from this, others pay more than before. Estimating usage is difficult, or at least as predictable or unpredictable as in cloud services in general.

Companies

Cisco’s results remained stable and exceeded expectations. Security and services pulled the result up. By comparison, Cisco’s sales and earnings were approximately the same as AWS’s. Cisco’s performance has been incredibly steady over the long term despite all the talk and small dips. Cisco is more broadly involved in the development of society, and in Japan, it stroke a partnership with the government to digitize the country.

Huawei has also done nicely despite the problems. It had a 40% market share in broadband equipment revenues and Huawei is also strong in other product groups, such as transmission equipment and data centers. KPN, for example, has gone upstream and opted for Huawei instead of Ericsson. DT has taken Huawei as its cloud partner for equipment and has kept the operation in its own hands. Huawei itself has expanded its already comprehensive portfolio into electric cars.

Arista had a difficult year with the cloud giants, but now the result was good. Arista continues to expand the product repertoire and combine management and believes in the familiar data center-routing-campus triangle. By comparison, Arista’s market value is approximately the same as Ubiquiti’sPaloalto’s good results were based on Prisma Access SASE product, which was updated with new featuresExtreme is investing in its cloud services without forgetting hardware and wants to expand into the 5G world as well. Extreme will implement MLB’s 16 stadium’s wifi networks.

An interesting detail in the US is Bank Of America, which has filed a record 722 patent applications last year. One of the priorities was network management and traffic analysis.

In Finland, the Ministry of Employment and the Economy’s report shows that digitalization and climate change are the most important factors affecting society and the economy in the 2020s. Finland has the technical know-how, but the utilization of ICT capital in business is lagging. In Finland in particular, labor productivity growth has slowed and the declining impact of ICT capital is of great importance.

The effects of the winter storm in Texas were mainly reflected in regional power and broadband outages and affected more people than technology. Dallas is an important hub in the southern US and also between North and South America. The large data center operators in the area, Digital Realty, had 15 data centers and Equinix had 9 data centers all in operation with backup power without interruptions. Instead, factories had to be closed and semiconductor manufacturers Samsung, NXP and Infineon shut down production lines, further exacerbating the semiconductor shortage.

Operations

The free book NSX Network Automation for Dummies is available for download from Vmware.

Nokia has released the DelOps initiative, which does not mean deleting everything, but Delivery and Operations like CI/CD. The goal is to revamp and revolutionize 5G-Core’s software distribution and operations management to be agile.

CLI tool has been built to configure Meraki’s cloud management. It includes over 400 commands and help to access cloud management through the API from your own machine with CLI commands. Meraki joins the ranks of cloud services thus coded.

A couple of similar stories about awkward disk problems illustrate how laborious it is to find the physical network problem in the background. Proper monitoring tools that get deep enough to catch individual errors would help with problem-solving.

The use of SD-WAN has been studied and the need for better monitoring tools has emerged. Although the platforms themselves have built-in monitoring capabilities, they do not appear to be sufficient. A large proportion of users say they need additional external monitoring of the SD-WAN environment. In particular, technical experts need better visibility to solve problems. It is not enough to present problems on the board, but the causes should also be found and corrected. External tools are needed to solve problems. The work is further complicated by the fact that many SD-WAN devices do not support standard monitoring interfaces.

Prometheus and Grafana are starting to be standard tools for monitoring, but they are not always optimal for network monitoring. A Draw.io Flowchart plugin is available for Grafana to visualize telemetry data in near real-time. Rich Traceroute is a simple traceroute data enrichment and sharing service that provides a little more information over mere IP addresses.

Python turned 30 years old and is open source is breaking up again. Ansible has completed its reorganization with the new Community package version 3.0. Ansible is broken down into two parts: Core and Galaxy Collections form the core functions and the Community Package includes all modules and plugins. The version numbering is no longer uniform, but Community collections went its own way and the Core section remained in its own 2.10 version. Name changes and version dependencies add to the confusion. You can try to interpret these from the Q&A page or the blog. The Roadmap has version 4.0 of the Community Collection as early as May of this year.

Network to Code caused confusion by forking Netbox into its own Nautobot product, which it unexpectedly introduced in its NFD24 presentation. Nautobot is a completely open and free automation platform, but NTC offers commercial support for it. The reasons for this choice are presented in the blog. The roads of Netbox and NTC parted, users are confused, and in the background, there is a smell of a rift between people and interests.

Events and technology

The massive Mobile World Congress, canceled last year due to Covid-19 as the first major event, is scheduled for June this year in Barcelona. Places and times have been swapped between Barcelona and Shanghai, and the fair was already held in Shanghai in February. The organizers’ belief in the Barcelona event is strong, despite the bitter criticism. It is estimated that there would be less than half of the normal trade fair guests, ie about 50,000. The organizers demand a negative test result from the participants in advance and promise a non-contact fair environment. You can see if the event will take place and how many will actually participate there.

Cisco Live will be held virtual at the end of March. The all-access pass costs $ 349 and the free Explorer pass eliminates technical breakout sessions and other side benefits.

The NFD24 again featured the hottest networking technology. Included were Juniper, Anuta, Network to Code, Drivenets, Itential, Forward Networks, EfficientIP, and NetBeez. The performances can be found on the NFD page or on Youtube.

The FOSDEM conference agenda also includes online stuff on SDN and network monitoring tracks related to open source software. Linux also plays an important role in networks, and it’s pretty enlightening how much Linux and x86 iron can do and at what power. Or how about 28 Mpps with a few cores, which makes about 14-300Gbps traffic, and the ability to run one elephant flow on an IPSec at 40Gbps?

NANOG81 again offers the top presentations in the industry. Keynote was a review of the development of routers, how the network card evolved into the bus and switch. The current spine-leaf fabric of the Clos model has been used in telephone exchanges since the 1950s, but later also inside individual network devices. From the devices, the fabric has just popped out and is now distributed between the individual devices. Spine-leaf fabrics are now also spreading to service provider backbones. Geoff Huston collects thoughts about the conference and gives his additional spice to the agenda.

Russ White presents in his philosophical way how information security could be built inside systems. Usually, attempts are made to control and reduce complexity through modularization. The good side of modularity is that it introduces interfaces to which insert control and observation points. On the other hand, creating new interfaces increases the attack area and reduces optimization. Complexity and optimization remain fairly constant, and choices are a balance between a local or distributed model. As the familiar saying goes: “If you haven’t found the tradeoffs, you haven’t looked hard enough”.

In network automation, the single source of truth is an important component. It takes a lot of time and effort to collect, process, and verify data, and at worst, the same operation is repeated with each change. Installing the configuration itself is a quick and straightforward operation, so automation should focus more on reviewing and refining the workflow. The same frustration is dispelled by David Gee in his presentation.

nPrint is a standardized packet-level analysis tool that converts packet data into machine-readable form. It is a good tool for machine learning and other mechanical processing of traffic data.

UKNOF46 videos have been released. A fascinating multi-level story from Cloudflare tells how misdocumented IP addresses cause operational problems in networks. Cloudflare’s DNS server 1.1.1.1 is certainly one of the services that receive the most incorrect traffic because its public address is configured to who knows where. In this case, an unknown party’s ERSPAN traffic was routed to a DNS service, and engineers were wondering why GRE tunnel traffic is causing CRC errors on a Cisco Nexus switch, but not on Juniper’s QFX. It was revealed that Nexus is looking at packages inside the GRE tunnel and noticing errors. However, the real problem was in the Cisco Nexus 5k documentation, wherein the ERSPAN example configuration, the tunnel destination address was set to 1.1.1.1. You can imagine how many people in the world have copied it to their ERSPAN session! The conclusion for all of us: the documentation (and why not other private use) is assigned its public IP address ranges that are not routed. RFC3849 IPv6 Address Prefix Reserved for Documentation (2001: DB8 :: / 32) and RFC5737 IPv4 Address Blocks Reserved for Documentation (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24). Use these.

In routing, hyperscalers begin to reach the limits of scaling with current technology. The IP fabric protocol has been debated before and BGP has been practically the standard because everyone uses it for everything, so why wouldn’t I. But BGP is not the easiest protocol. IGP has its own strengths, like super-fast convergence and simple configuration. On the other hand, the dissemination of LSA information is a problem in larger networks. BGP, on the other hand, has the advantage of traffic control, but in large networks, Private AS numbers run out and configuration is tedious. Now the new IP fabric protocol is RIFT, which seeks to combine the benefits of IGP and BGP. In addition, other features have been introduced to make the network more automatic. Built-in has e.g. ZTP and BFD. Juniper’s Day One book covers RIFT in more detail.

In optics, the deployment of the 400G is progressing and the 800G is being outlined. Standardization has broken because of multiple MSA groupings have come along since 2017, creating their own standard and competing with IEEE. Manufacturers have spread to different camps, pushing things from different starting points and goals. MSA standardizations have spawned fairly exotic breakout implementations such as the 6 km 400G and 400G-bidi. In any case, the 100G wavelength is the most widely used foundation in future standards, so it would be believed to live the longest. For sure high-speed optics, modulation, and naming will not be easy in the future, so such explanatory maps are needed.

Arista has tested 400G-ZR optics and compatibility from various manufacturers over Microsoft’s 120 km long Open Line system. The test result was positive: thermal management, performance and compatibility were excellent. The result of the test is that the QSFP-DD is ready for data center DCI solutions and the subway. In another test, Windstream transmitted traffic over 1,027 km link in real network with 400G-ZR optics. In addition to the space savings, power consumption is 10 times lower. Deployments begin with Windstream, where the technology directly fits 80% of the links.

As port speeds increase, combining ports with different speeds becomes cumbersome on the same switch. As a new acquaintance for me, QSA or QSFP-SFP adapter was introduced. I have imagined that the 100G/40G ports should be always channeled and connected with a breakout cable, but QSA could make a one-to-one mapping between 100G and 10/25G port allowing the use of standard fiber or DAC. QSA is a physical adapter from a larger QSFP pluggable to a smaller SFP. It switches only one of the four 100G channels through to the SFP. In the switch configuration, the port speed must be set to match the slower speed. I have no experience with these and I don’t know if there will be any other problems with using the adapter.

For short-distance connections, such as between servers and switches, a DAC or AOC can save money, effort, and power consumption. The SFP head of a single device is usually about 2-3 times more expensive than a DAC or AOC. With DAC / AOC, you also don’t have to nut with connector and cable types, and you don’t have to clean fibers. The entire cable with its connectors is factory-made, which increases its reliability. However, I have also seen such lousy Chinese DACs, and that could not be much to pull or twist the terminals already went out. And after all, some of the devices are very picky about the “wrong” manufacturer’s modules. However, the power consumption of the DAC is close to zero and the active optical circuit of the AOC clearly drops the power consumption compared to the SFP. Studies show that one watt at the server level means 2.5 watts across the data center. On a large scale, it may already matter.

In data transmission, quantum encryption prepares for the future when current encryption methods are not sufficient. Adva and Colt have tested QKD (Quantum Key Distribution) technology in optical transmission, which provides strong L1-level encryption at 100Gbps. QKD is part of the quantum Internet and transmission, where data is encoded into quantum instead of bits and encryption keys are sent with the data. QKD makes it easier to detect eavesdropping. ETSI introduces various applications for QKD and can also be used with L2-L4 to manage PPP, MACsec, IPSec and TLS keys.

If you’re wondering how SD-WAN hardware works, here’s a description of how to build one with open source products themselves.

Trade policy

The semiconductor shortage is plaguing the world and has mostly talked about the juxtaposition of consumer electronics and the automotive industry. Circuit manufacturing is almost completely outsourced and badly centralized on Samsung and TSMC. The biggest buyers, like Foxconn and Apple, are doing well, but the volumes on network devices aren’t very big, so a shortage of components is to be expected. More detailed information on network devices is difficult to find or obtain. Equipment manufacturers have begun warning customers and delivery times seem threatening to lengthen to unprecedented lengths. The semiconductor shortage is expected to last a long time and perhaps alleviate sometime next year.

Corruption is common in China and Russia, but also in the Middle East and elsewhere in Asia. Cisco is investigating “self-enrichment”, in which Chinese workers would have made payments to employees of state-owned companies. Ericsson has excelled in bribery many times and Juniper is also known to have greased officials in China.

Internet

A new Telegeography internet map has been released. World capacity, prices, major metropolises, hubs and clouds presented in one sheet.

BGP optimizers are starting to be notorious because they make it easy to shoot yourself in the foot. Again a user of the Noction product, hosting provider Psychz Networks from California, managed to make a configuration error that resulted in false advertising of nearly 200,000 routes. Fortunately, the recipient was only a route collector, so the effect remained non-existent. Otherwise, there would have been a wide-ranging problem.

Google’s latest, 14th submarine cable Dunant between France and the US has been completed. It uses new space-division multiplexing (SDM) technology to get a record 250Tbps of capacity out of the fiber.

Google has completed RPKI signing maybe the “world’s most important” prefix 8.8.8.0/24. Its true origin can now be verified in routing. Almost the entire Google AS15169 is now included in RPKI. RPKI-ROA certificates must be remembered for new ones so that they cannot expire. Is there a new problem coming this that routes are getting old and causing various weird problems with internet services?

Quad9, the non-profit DNS service of 9.9.9.9, is moving from California to Switzerland to provide the administrative backdrop for its GDPR-level privacy promises worldwide. DNS services have different levels of security that allow you to do lightweight SASE security for free. Quad9 blocks malware by default, Cloudflare 1.1.1.1 for Families can block not only malware but also adult content, and OpenDNS offers a more adjustable filtering level but requires login and portal usage. Google DNS does not perform filtering except in exceptional cases.

Russia is ready to exit the Internet if necessary, Medvedev said. In legal and technological terms, there is readiness, but there is no reason to do so except in an extreme situation. Russia is also ready to exit international SWIFT payments.

Forest fires cause serious problems for telecommunications connections. In Australia, the trunk link of one city was destroyed in a fire and took more than a year to repair. The heavy use of broadband has led American Mediacom to intervene in fixed-line data volumes because too much uploading causes problems on the network.

Satellite Internet

Starlink seems to be making steady progress towards the victory of satellite broadband. It already has 10,000 users in the U.S. and beta testing is underway extensively. Pre-orders have been opened more widely, the equipment looks jagged and installation is reported to be easy. Speeds and delays are at a decent level, but regular interruptions still occur and the price is pretty tough. However, general acceptance has been obtained, this is better than nothing. In France, however, there has been opposition to the construction of ground stations.

In satellite technology, Starlink has had to cut its implementation from what was initially planned. ISL laser links between satellites have been omitted for now but will be forthcoming as long as permits are obtained. So far, Starlink has sent more than 1,000 satellites into space, but there is a desire for up to 30,000 satellites. Also, other actors have their plans, which raises concerns about the filling of space. There are so many satellites that they make space exploration difficult. Starlink has been cooperative and has tried to solve problems, for example, by making black satellites that reflect less light. About 1/40 of the satellites decay, which as such is small, but in large numbers causes problems. The amount of space debris and the risks of collisions are starting to increase.

Researchers have found that Starlink satellites could be used alongside GPS as an inexpensive and reliable positioning method and time source. Starlink is up to 10 times more accurate and much more reliable than GPS in positioning because the signals from LEO satellites are up to 1000 times stronger than GPS.

Rajeev Suri has taken over as CEO of satellite company Inmarsat. Inmarsat will provide traditional satellite frequencies and build a European aviation network with DT. Lynk and Mobilespace compete in their own way with satellites that use mobile network frequencies. Phones and other mobile devices could chat directly with satellites.

History

Did you know that Altavista, better known as a search engine, also made firewalls, routers, network cards, and email serversIn the 1997 test, the Altavista firewall shone with easy control and the Digital Tech Journal from the same year describes the products in more detail. I remember myself watching colleagues installing Checkpoint Firewall-1 on a server somewhere around 2000. It wasn’t easy.

1978 videotaped nostalgic presentation with Bob Metcalfe introducing Ethernet.

Epic Persistence

The 90-year-old gentleman, who has been an AT&T customer since 1960, rose to the barricades and expressed his dissatisfaction with the slowness of the company’s DSL connection by publishing an open letter to the CEO of AT&T in the Wall Street Journal. The announcement cost him $ 10,000 and in it, he dispelled his outrage at the company’s ability to provide better connections.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: