Packet Pushers Podcast

A wide ranging discussion this week following the Applied OpenFlow Symposium on Wednesday and the Network TechFieldDay on Thursday/Friday where we talked about the week and the much argued about purpose of VXLAN. Probably much more relevant to network engineers, I talk to Ivan Pepelnjak and discuss his conversion to believing in OpenFlow/SDN after he co-hosted the event with me. Big thanks to Marko Milivojevic for being willing to ask questions that the listeners would ask ( It takes a lot of courage to ask questions like he did) Much fun, and herd discussion occurred. The Difference Between Network and Server Engineers – Pictorial Link to Vimeo videos for the Vendor Presentations. We talked about what the vendors are doing in the OpenFlow/SDN space and here are the just the vendor presentations videos from the OpenFlow Symposium. You can watch them yourself Ed Crabbe of Google http://vimeo.com/31176510 Igor Gashinsky of Yahoo http://vimeo.com/31175672 David Ward of Juniper http://vimeo.com/31205041 David Meyer of Cisco http://vimeo.com/31187703 Kyle Forster of Big Switch Network http://vimeo.com/31184739 Don Clark of NEC http://vimeo.com/31204705 Curt Beckmann of Brocade http://vimeo.com/31185469 Table Vimeo Ed Crabbe of Google at OpenFlow Symposium http://vimeo.com/31176510 Igor Gashinsky of Yahoo http://vimeo.com/31176510 David Ward of Juniper at OpenFlow Symposium http://vimeo.com/31205041 Don Clark of NEC at OpenFlow Symposium http://vimeo.com/31204705 David Meyer of Cisco at OpenFlow Symposium http://vimeo.com/31187703 Curt Beckmann of Brocade http://vimeo.com/31185469 Kyle Forster of Big Switch Networks at OpenFlow Symposium http://vimeo.com/31184739 Guests Rob Markovic @vrobm Marko Milivojevic @icemarkom | blog.ipexpert.com Ivan Pepelnjak @ioshints | http://blog.ioshints.info

Jeff Fry, Tony Bourke, and Tom Hollingsworth chat with Ethan and Greg about the upcoming Tech Field Day and closely tied OpenFlow Symposium events to be held in San Jose, California this week. On Wednesday, October 26, 2011, several compelling vendors & potential customers (such as Google and Yahoo) will present their unique take on OpenFlow at the OpenFlow Symposium, the kick-off gathering for this Tech Field Day event. The Packet Pushers Podcast and Tech Field Day are pleased to be able to share this discussion with the networking community via live streaming and audio that will be captured during the event. If you're trying to get a technical handle on the OpenFlow hype, or if you have a specific networking challenge you think OpenFlow can help solve, then be sure to join in the discussion. Ethan and Greg will be compiling crowdsourced questions to pass along to the vendors during this event via Twitter and Google Plus, so please follow us or share with us as you like. Don't forget that Ivan Pepelnjak will also be on the panel to ask several questions of his own. Watch Twitter for the #OFS11 hashtag. A great mix of networking vendors will present to the Tech Field Day delegation on Thursday and Friday, October 27 and 28. The list of vendors and bloggers (many of which have been on the podcast) that will be attending can be found here. As with the OpenFlow Symposium, crowdsourcing questions is definitely on our minds. As the vendors present to the delegation, you'll be able to watch via live streaming (watch Twitter for the #NFD2 hashtag or visit techfieldday.com for live stream info), so tweet away with your questions, aiming them at any or all of us in the room. We'll do our best to relay those questions to the vendors, time and discussion permitting. It's a busy week for us, and we hope you find the networking content we'll be able to share beneficial.

At Interop NYC held the first week of October 2011, HP invited several network engineers engaged in social media to attend at HP's expense. Ethan Banks was one of those in attendance, and he captured several hours worth of audio from the event. This podcast is not the typical "let's gather around the virtual conference table and chat" format, but is instead a compilation of the most interesting technical audio from the event, focused on discussions HP held with the bloggers. Topics Discussed Saar Gillai, leader of HP Networking's Advanced Technology Group, talks about HP's position on OpenFlow. It's not the same over-hyped story you've maybe heard before. Saar's view is a little different, and - dare I say - more balanced than what you hear from some pundits. Saar continues by discussing the issues driving the need for optical backplanes. In short, we can't aggregate very many 100Gbps links into a chassis using copper-based backplane technology before exceeding what science will allow. The change to optical backplanes is therefore inevitable. HP kicks off a discussion with the bloggers about IRF, HP's Intelligent Resilient Framework. IRF allows you to bond as many as 4 switches into a single logical super-chassis. I know some of you just shuddered. The bloggers ask some hard questions about IRF (the ones that made you shudder), and HP comes back with their answers. The final discussion is a technical explanation of how HP handles memory space such that their switches' IPv6 forwarding performance is on par with their IPv4 performance. Not all vendors can say this (often IPv6 performance lags behind IPv4), and HP explains what's different in their systems that allows IPv4 and IPv6 performance parity. Links Saar Gillai's Profile Greg Ferro's Live Shots Of A Prototype HP Optical Backplane HP Overview Whitepaper on IRF HP A5820X & A5800 Switch Series IRF Configuration Guide Ivan Pepelnjak's Take On IRF

Practical Introduction to Applied OpenFlow We've heard a lot of talk about OpenFlow recently and it's potential impact for networking but not a lot about how it works. This screencast is Practical Introduction to OpenFlow with a focus on how we would actually make it work in real networks. Instead of muttering into beards about XML formats and debating the relative merits of protocol mechanics, this is a "bottom up" look at how OpenFLow is designed and it's practical application in networks and what the transition from today to tomorrow will look like. I'm joined by Martin Casado from Nicira Networks, who is also one of the creators of OpenFlow to help me with some of the heavy content and applications for OpenFlow. Thanks to Martin for reviewing the presentation and offering more information and then joining me to discuss various aspects. Don't forget the Applied OpenFlow Symposium happening in San Jose on Tuesday, 26th October. We will be streaming the event live on the Tech Field Day website. We will having panel discussions with the NEC, Juniper, Brocade, Big switch and Cisco on their Business AND Technical approach to OpenFlow and their future plans. And representatives from Google and Yahoo will be on hand to talk about their experiences and practical uses. There have been several blog posts at Packet Pushers -click for a list is the last few weeks that are definitely worth reading. And a podcast on 7 April 2011 where we first 'discovered' OpenFlow - Show 40 – Openflow – Upending the Network Industry Greg has also posted a few previous articles: OpenFlow - Why it can cross the Adoption Gap OpenFlow and Network Value – Network Computing Feedback Follow the Packet Pushers on Twitter (@packetpushers | Greg @etherealmind, and send your queries & comments about the show to packetpushers@gmail.com.  We want to hear from you! Subscribe in iTunes and RSS You can subscribe to Packet Pushers in iTunes by clicking on the logo here. Media Player and MP3 Download You can subscribe to the RSS feed or head over to the Packet Pushers website to download the MP3 file directly from the blog post for that episode.    

Natalie Timms, CCIE Security Program/Product Manager for Cisco, is kind enough to spend a little time chatting with Packet Pushers podcast host Ethan Banks about the current state of the Cisco CCIE Security track. Ethan and Natalie build a conversation around the following items: Talk about what Cisco is doing to help preserve the integrity of the CCIE exams. Please describe at a high-level the sorts of technologies covered in the CCIE Security track. The Routing & Switching track is the most popular; some CCIEs consider the Security track for their second challenge. How much technology overlap is there between R&S and Security? The Security track has been at version 3.0 since about April 2009. How far away is a 4.0 track, and how much notice will we have? The Cisco ASA has seen significant changes with the 8.3 and 8.4 releases. How far are we from seeing these new ASA versions implemented in the exams? There’s been a lot of back-and-forth between Cisco and lab exam candidates about open ended questions and the troubleshooting section. Can you update us on where those issues stand? Is Cisco working with CiscoPress to bring an updated CCIE Security Exam Certification Guide to market? If so, is there a targeted publication date? What test taking tips do you recommend? Links Learning at Cisco - CCIE Security Program CCIE Security Blueprint (written) - Login Required CCIE Security Blueprint (lab) - Login Required

I wanted to know more about VXLAN and NVGRE so who better than Ken Duda from (http://aristanetworks.com) from Arista Networks, the only author listed on both IETF RFCS and [Ivan Pepelnjak](http://blog.ioshints.info) on a call to go fast and loose on the topics. [IETF VXLAN](https://datatracker.ietf.org/doc/draft-mahalingam-dutt-dcops-vxlan/) [IETF NVGRE](https://datatracker.ietf.org/doc/draft-sridharan-virtualization-nvgre/) What is VXLAN and why does networking need it ? How does it works, and what are it's future impacts on networking ? Comparing NVGRE and VXLAN and why there are two standards ? Why aren't we using MPLS or LISP ? Cover some of the limitations ? What about lack of transparency with VXLAN packets ? What about L2 security challenges inside VXLAN networks ? In particular, the key lesson I learned is that the control plane is open. The current implementation doesn't specify the end point discovery and OpenFlow is a consideration here. And that VXLAN silicon is planned for the future for networking intervention in flows. Hosts Name: Ivan Pepelnjak Web: http://blog.ioshints.info Twitter: @ioshints and last, and the very least: Greg Ferro http://etherealmind.com| Twitter @etherealmind Feedback Follow the Packet Pushers on Twitter (@packetpushers | Greg @etherealmind | Tom Hollingsworth), and send your queries & comments about the show to packetpushers@gmail.com.  We want to hear from you! Subscribe in iTunes and RSS You can subscribe to Packet Pushers in iTunes by clicking on the logo here. Media Player and MP3 Download You can subscribe to the RSS feed or head over to the Packet Pushers website to download the MP3 file directly from the blog post for that episode.

This show in all about Beast Attack on SSL, Cisco Nexus network designs and limitations of the FEX switching, and a bitch slap between MrsY and Greg on DNS Load Balancers. This is the second half of the show recorded on the 25th Sep, 2011. You can find the first show. Beast Attack on SSL. MrsY says: Felt so depressed after reading about the new SSL vuln, that I didn’t even want to go to work the next day. I can’t figure out what we’re doing anymore. Why aren’t we deploying TLS 1.1 and 1.2?! Everyone knew this was coming. “...Short for Browser Exploit Against SSL/TLS, BEAST performs what's known as a chosen plaintext-recovery attack against AES encryption in earlier versions of SSL and its successor TLS, or transport layer security. The technique exploits an encryption mode known as cipher block chaining, in which data from a previously encrypted block of data is used to encode the next block.” http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ Pretty good post on mitigating the threat and what it means Saw some figures from Ivan Ristic’s site regarding the prevalence of older (vulnerable) versions of SSL and TLS: http://blog.ivanristic.com/2011/09/ssl-survey-protocol-support.html And from the God of Crypto (i.e. Blowfish), Bruce Schneier: “The tool is based on a blockwise-adaptive chosen-plaintext attack, a man-in-the-middle approach that injects segments of plain text sent by the target's browser into the encrypted request stream to determine the shared key. The code can be injected into the user's browser through JavaScript associated with a malicious advertisement distributed through a Web ad service or an IFRAME in a linkjacked site, ad, or other scripted elements on a webpage. Using the known text blocks, BEAST can then use information collected to decrypt the target's AES-encrypted requests, including encrypted cookies, and then hijack the no-longer secure connection. That decryption happens slowly, however; BEAST currently needs sessions of at least a half-hour to break cookies using keys over 1,000 characters long. The attack, according to Duong, is capable of intercepting sessions with PayPal and other services that still use TLS 1.0­which would be most secure sites, since follow-on versions of TLS aren't yet supported in most browsers or Web server implementations.” Adaptive chosen-plaintext attack, where the cryptanalyst makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions. http://www.schneier.com/blog/archives/2011/09/man-in-the-midd_4.html “The chosen plaintext-recovery at the heart of BEAST attacks algorithms that use a mode known as CBC, or cipher block chaining, in which information from a previously encrypted block of data is used (as an IV) to encode the next block. CBC is present in both AES and DES, but not in RC4.” http://www.theregister.co.uk/2011/09/23/google_ssl_not_vulnerable_to_beast/ And finally, best analysis of how BEAST works by the Tor developers. https://blog.torproject.org/blog/tor-and-beast-ssl-attack Cisco Nexus Switch Designs Ethan says I met with Cisco this week to design a small Nexus core/agg/access. We could talk through why they guided me the way they did. AKA, why is the 7K lagging behind the 5K in features? Shouldn’t the 5K be the leader? Or is it all about the non-blocking? How come FEXen can’t dual-home to a pair of 7Ks? And does it matter? Etc. Using DNS Load Balancers or BIND to manage DNS domains MrsY and Greg go head to head on whether BIND is better than using DNS Load Balancer appliances for managing DNS domains. Talked about F5 GTM, NetScaler Global DNS, Cisco GSLB or using a managed DNS service.

In this sponsored show, Cisco Technical Marketing Engineers Patrick Warichet and Scott Hodgdon join Greg Ferro and Ethan Banks to chat about the recently announced Cisco Catalyst 6500 Supervisor 2T in a deep dive discussion. We mine the depths of the new sup's architecture and get the feeling that, "there's life in the old dog yet!" The Discussion Sup2T engine architecture & fabric forwarding capability. Compatibility: what legacy line cards & DFCs, service modules, and chassis' are supported by the 2T? 80Gbps per slot using new (and future) 6900 series line cards. TrustSec: hop-by-hop layer 2 encryption in hardware (MACsec) & security group tagging compatible with the Nexus scheme. Data center virtualization features: MPLS, VPLS, fat pseudowires, and more. Is FabricPath/TRILL coming to the 6500? Sounds like it. Sup2T initial code release has feature parity with IOS SX 12.2(33)SXI3 on the Sup720. Sup2T VSS capability is single sup per chassis today, but quad sup SSO is coming. What's the development path of the Sup720 in conjunction with the Sup2T going forward? Will the Sup720 be abandoned? When will we see IOS 15.0 on the 6500? What's the licensing structure going to be for the 6500/Sup2T? Will service modules continue to be a big driver in a Sup2T-powered 6500? How do you squeeze as much performance as possible from a 6500? What's the IPv6 performance & feature set like on the Sup2T? Scott talks about his favorite Sup2T feature: flexible netflow. Links Cisco Catalyst 6500 Supervisor 2T Data Sheet Cisco TrustSec Cat6500 – Sup 2T – Dead Parrot or a Million Volts? (Greg) Cisco Catalyst 6500 Supervisor 2T Technical Highlights – Will Sup2T Stop You From Buying Nexus? (Ethan)

First up, we talked about the how Packet Pushers is moving into some sponsored shows and contents. We are a community driven group so your feedback is important and valuable. The good news is that sponsorship will help to continue making content and doing cool things. The bad is that some advertising will appear. We hope to make a reasonable balance, keep it nerdy, a little bit fun and full of tough, good questions. Everyone has said a bit about the HP CEO getting the boot, and then putting some other person in charge. So we pretend to know something about what motivates managers for a while, then give up in frustration. As usual. Blogging at Packet Pushers - everyone is welcome to blog at Packet Pushers and contribute to community. Importantly, you precious writing will actually be read. Contact us packetpushers@gmail.com We invited you to join us at the Applied OpenFlow Symposium, we will streaming the event live, and if you live near San Jose, you can come and join us - get your free ticket at Eventbrite to help us with numbers. James wrote to us and asked “Is there any mileage in a show discussing how different people go about building new skills, in particular when faced with a new subject, a new product or a new technology. Where do you start, what tools do you use to keep tech notes, bookmarks, documentation etc. How do you reinforce learning, build a lab and keep yourself from forgetting it all in three months.” And everyone had something to say. Not sure if it was helpful but we tried :). Our two cents worth. We had a short discussion about HP and their CEO troubles. The question is Do we care? But it's fun to prognosticate. We mentioned running computers in sheds and had good potential conversation. Cisco Announces Hyper-V and Nexus 1000. Omar Sultan has the details and links into the real information. And mentioned @beaker post on Flying Cars and Why The Hypervisor is a Lawnmower in Comparison The rest of the show will be up in the next couple of weeks.

Haseeb Budhani, VP of Products at Infineta, chats with Greg and Ethan to do a technical deep-dive of Infineta's Data Mobility Switch (DMS) in this sponsored show. The DMS is the industry's first Hyper-scale WAN optimization solution that can fill WAN pipes as large as 10Gbps. Targeting customers who need to accelerate replication, backup traffic, Hadoop, and similar data sets between data centers, Infineta is offering a solution that (as far as the Packet Pushers know) no one else is offering at this time. What used to take an array of WAN accelerators can now be handled by a single piece of hardware at each DC. Infineta is focused solely on Hyper-scale WANs - data center to data center traffic. Infineta starts where other WAN optimization vendors leave off. The smallest Infineta box accelerates multiple Gigabits per second. Merchant silicon is used (as opposed to x86 architecture) to allow deduplication of data streams at speeds up to 10Gbps. In this deep-dive, we discuss the following with Haseeb: In-path versus out-of-path deployments. Implications for data center routing architectures. Hardware redundancy. TCP stream manipulation. The effect of interdatacenter path changes on in-flight accelerated traffic. Why disk caching doesn't work at 10Gbps, and what the DMS does instead. Integrating a DMS-accelerated data stream with security devices. Working with the DMS interface. Links Data Mobility Switch (DMS) Overview @haseebbudhani

In show 61, host Ethan Banks is joined again by Mrs. Y, Daniel Powell, Bob Plankers, and Tom Hollingsworth in the second part of a virtual workbench discussion begun in show 56. We recorded this heart-warming, family-friendly episode about securing an Internet-facing application on September 9, 2011. The Packet Pushers eagerly anticipate award nominations for this gripping script expressing the love a network engineer has for his border routers, firewalls, and intrusion prevention devices. Filled with passion, packets, and paradigm shifts, this is the one show that will change the way you see everything. Okay, not really. But we think you'll like it. We hope. After all, "it depends." News Carol Bartz gets irreverently booted from Yahoo. And she's not happy. DNS gets hijacked? OR DID IT?!? The Pushers say web developers have reservations on the short bus. DigiNotar's getting taken over by the Dutch government...and rumor has it they deserved it? Hmm. Why all the hate? Kernel.org hosted a nasty rootkit, and it wasn't detected for 17 days. Did code kernel.org distributes get impacted, or didn't it? Why the weasel words? Stanford patient data is found to be available online for roughly a year. We're pretty sure that's not HIPAA-compliant, and so we discuss the difference between ignorance and stupidity. A University of Vermont web sites gets defaced after a month-old warning went unheeded. See? He told 'em so. Discussion Getting tough with border routers by using hardening guides. We discuss whether it makes sense to filter transit traffic on the border router or not. Or is there a third option? Reputation filters, real-time black hole lists, DNS sinkholes, bogon filters: generally we like them, but maybe they're not always a good idea? Daniel sounds off. ISP DDoS mitigation services are here to help because they're big, and you're small. We talk through common firewall designs. NAT does not make us secure. It just breaks things. And look - Tom's twitching! Should you use private VLANs in a DMZ? Or is that more work than it's worth? Where do multiple DMZs make sense? What about multiple firewalls? Mrs. Y in a moment of frustrated despondency proclaims, "We've done network security to death. And it's not working." Tom breaks down the difference between intrusion detection and intrusion prevention. Some of the actions an IPS can take against detected threats: TCP resets, blackholing, rate shaping. Where you should you place an IDS versus an IPS? Isn't my firewall with built in IPS functionality good enough? The main evil encountered when deploying an IPS: false positives. Mrs. Y points out, "You drop one thing some VP thinks shouldn't have been dropped, and you're disabling everything." Are IPS signatures the crack cocaine of the security world? Are you staffed to properly maintain an IPS infrastructure, since it's not a "set it and forget it" appliance? This point gets hammered home with a vengeance. Using an IPS to help your applications survive an attack. Next-gen firewalls mash up L7 inspections with traditional firewall functions. How does this impact firewall performance? We swap war stories about implementing Check Point Smart Defense. We laugh, we cry, we twitch. And mostly, we turn it off. Daniel goes on a happy rant about Check Point's SmartView Tracker, while Mrs. Y sings the praises of syslog and Splunk. Ethan tries to strike a balance while vendor allegiance rears its ugly head. Poke, poke, poke. We wrap up with a quick reminder to assess the ability of security appliances themselves to withstand attacks. LMGTFY (because we love you) Shady RAT PKI SSL extended validation uRPF CoPP Cisco ASR router & the QuantumFlow processor DNS sinkholes (PDF) OpenDNS DNS-OARC Team Cymru Spamhaus MAPS RBL BGP Obtaining a BGP AS from ARIN SYN flood TCP intercept Level 3 Managed DDoS Protection Service DMZ Cisco private VLANs

Haseeb Budhani, VP of Products at Infineta, chats with Greg and Ethan to introduce Infineta's Data Mobility Switch (DMS) in this sponsored show. The DMS is the industry's first Hyper-scale WAN optimization solution that can fill WAN pipes as large as 10Gbps. Targeting customers who need to accelerate replication, backup traffic, Hadoop, and similar data sets between data centers, Infineta is offering a solution that (as far as the Packet Pushers know) no one else is offering at this time. What used to take an array of WAN accelerators can now be handled by a single piece of hardware at each DC. Infineta is focused solely on Hyper-scale WANs - data center to data center traffic. Infineta starts where other WAN optimization vendors leave off. The smallest Infineta box accelerates multiple Gigabits per second. Merchant silicon is used (as opposed to x86 architecture) to allow deduplication of data streams at speeds up to 10Gbps. We'll be publishing a deep-dive on the DMS in a later show, where we get nerdy about how the DMS does its magic. Links Data Mobility Switch (DMS) Overview @haseebbudhani

Packet Pushers first Design Clinic where we take questions from the audience and try to work them out. We are working out the kinks in the show format so maybe this show isn't as good as we would like. We talk about VXLAN, VTP and it's consequences, and a Design Scenario from CJ.

In show 58, recorded August 27, 2011, Ethan Banks is joined by Tom Hollingsworth, Erik Peterson, and Amy Arnold for the Packet Pushers' first discussion about voice technology. Think of this as a foundational show that will ramp you up if you're a network engineer that doesn't deal with voice much beyond a QoS policy tweak here and there. I apologize in advance for any coughing/sniffling/clicking/crickets/hurricanes you notice. It seems this week's Skype upgrade broke my mute button, at least as related to my recording plug-in, so there's some environmental racket that wasn't possible for me to edit out in this show. First - The News: Cisco's been talking up their Integrated Services Router 819, which they are tagging as a "machine to machine (M2M) gateway". In ruggedized form, the 819 can take a bunch of abuse. Don't try this at home, but definitely check out this video. Lots of fun. ComputerWorld talks about some IPv6 attacks that could ding you, even if you're not an IPv6 shop. Why?Because you probably are an IPv6 shop, even if you don't think you are. Steve Jobs leaves Apple, and Tim Cook takes the helm officially. We wish Steve extremely well with his health, and Tim incredible success in bringing us the next magical and revolutionary devices. Psst...hey, Tim - could you make the big MBP a little cheaper? Some of us have mortgages. Discussion - The Packet Speaks! Voice - the redheaded stepchild of the networking world. Or is it? Why should network geeks pay attention to voice technology? Let's distinguish between voice and video. So I bought this fancy VoIP system for my business. I can dump my phone company now, right? How does a data T1 functionally differ from a voice T1? When I order a voice T1 from my provider, what am I actually ordering? We discuss CAS vs. PRI. Explain channelization of a voice T1 vs. a data T1...D-channels and B-channels, indeed. Why is planning for peak load so critical when deploying voice networks? What components take VoIP packets and turn them into TDM voice suitable for the plain old telephone system? We discuss gateways and DSPs. Do I have to terminate my voice T1 on a router? Or can I terminate it on a call manager system directly? What codecs should be used for what situations? G.711, G.729, and G.722 are discussed. Let's discuss vendor interoperability issues in the voice world. We mention a few religious discussions, proprietary vs. standard methodologies, and integrating a legacy PBX while migrating to a new VoIP system. The voice world is acronym heavy, but we take a stab a grouping them into signalling protocols and media protocols.

The virtual workbench convened on August 9, 2011 with Greg Ferro, Ethan, Kurt Bales, Tom Hollingsworth, Josh O'Brien, and Mrs. Y (aka the Network Security Princess). This week we cover news, views and gossip of the last few weeks. A lot of complaining and review of what's changing in the network industry. Discussion VMware licensing backdown after customers complained- VMware isn't as dominant as it may appear, and will you ever OWN anything ? Lack of networking features in vSphere 5 Mrs Y gives us a rundown of Black Hat A mix of other random topics Cisco Nexus 2000 and working with FEX designs Links Odds and ends of items mentioned in the show... Jeff Fry's Blog on Future Nexus 7000 Line Cards (Sup2/ASA/NAM/WAN) The Register talks about the sales of Alcatel/Lucent Enterprise Business Unit The supposed OSPF vulnerability Symantec takes some potshots at Operation Shady Rat that was discovered by McAfee. We all agree that neither organisation is very credible - "virus protection" is synonymous with extortion and claming "he said/she said" is silly. http://cyberarms.wordpress.com/2011/07/26/researchers-break-military-chip-encryption-keys-using-nvidia-tesla-gpus/