Link Propagation 147: We Don’t Need No Stinking Badges! - Dec 5, 2018 […] Read more here […]

In recent years, the nature of privacy on the internet has become a very important topic amongst those concerned with the now lack of net neutrality. The de-facto mechanism for dealing with privacy has been to “SSL all the things”, which I am very much in favor of. What many do not realize, though, is that simply using SSL for the traffic that transits a given ISP still leaves a wealth of thick, rich, delicious personal data still easily available to your ISP to harvest, sell, and do with as they please.

Faucet – Enterprise SDN from an office to multi-terabit SCinet at SC18 | - Nov 1, 2018 […] Then my colleague, Nick Buraglio, and I decided, why not wire our satellite branch office with faucet based networking than buy traditional switches? With Josh (Bailey)’s help, Nick has now wired the lives of eight of ESnet’s key employees to be dependent on faucet and he has been having a blast (no downtime there either)!

Remember OpenFlow? It was the media and marketing darling for the better part of 5 years as “the machine” conflated OpenFlow with SDN and SDN with - almost literally - everything. “Still Does Nothing” was a common phrase uttered around those of us that had run large scale, complex networks for a long time. Quietly, and mostly, out of the fickle media and blogosphere eye, a scrappy little SDN project called faucet has been diligently plugging away – making easy to use, production quality, well documented, and very stable code that runs OpenFlow networks quite happily in production and at scale.

As an often-security-engineer and an individual that has been working on large networks for quite a while, dealing with DDoS, or the threat of DDoS is a well traveled path. Recently I was invited to discuss some of the basics of DDoS mitigation on the Network Collective Podcast. This was a really fun and insightful chat with a wealth of great information for engineers and operators of any skill level. Ep38 - DDoS Mitigation from Network Collective on Vimeo.

Recently, the venerable Ivan Pepelnjak published a very insightful article about automation becoming such a popular topic that was spawned by an email from one of his readers. I found this article to be spot on, and wanted to add a bit of my own opinion into the automation pie, as I have been spending a lot of time on automation as it related to existing networks as well as into SDN based environments.

TheBrothersWISP 75 – VoIP Acquisitions, Unifi XG, A Hashing Story | Greg Sowell Consulting - Sep 0, 2018 […] cast we talk about: SECURE YOUR ROUTERS!!!!!!!!! Ignite net new firmware TBW IPv6 podcast Nicks notes on IPv6 All of the pickles Sangoma acquires Digium Inc Unifi super high density deployment radios – […]

IPv6 has been a crusade of mine for well over a decade. Wether it is teaching IPv6 workshops, offering advice to new users, answering questions, or evangelizing it ad nauseam, it is an important topic to me. The ISP world holds a special place in my heart since a good deal of my early experience came from building or assisting regional ISPs. Recently I had a fun opportunity to talk about deploying IPv6 on The Brothers WISP podcast.

Link Propagation 130: Two-Factor Authentication Pays Off - Aug 6, 2018 […] Read more here […]

As a follow up to my last post, I wanted to dive a little deeper into the world of address translation and to suss out some of the more compelling details. As I’ve said on many occasions, it pains me to see NAT referenced as a security mechanism. That said, where PNAT can be beneficial is in an overall privacy strategy, however, even that is comparatively low value and given the current state of global IPv4 allocations, arguably a detriment to usability - we’ll get to that - before we do, it is important to understand what ’NAT” as we call it today actually is, and to do that we need to explain all of the types of address translation (yes, there are several).