Packet Pushers Podcast

Introducing the Brocade Virtual Symposium. In a special video session, we brought Chip Copper from Brocade into a room to talk about four key areas of Brocade's Ethernet Fabric. The first episode is this weeks Packet Pushers Podcast. The session is discussing just "What is an Ethernet Fabric" and digging into how Brocade implements their Ethernet Fabric strategy. In the weeks ahead, we will publish three more sessions. In the second session, we had a discussion of Converged Storage with FCoE and for IP Storage protocols. The third session looks at Mulitchassis and Multipath as an alternative or a complement to Ethernet Fabric led by Greg Ferro and we dig in to the features. The fourth and final session titled "Hard Cores and Soft Edges" where Ivan Peplnjak leads the discussion about Automated Migration of Port Profiles (AMPP) and how Brocade has a soft switching solution to fully integrate with VMware. This discussion on "What is an Ethernet Fabric" covered the following broad areas: we kicked off with a short presentation How we could improve Ethernet of today by looking at its weaknesses Spanning Tree means unused bandwidth and forced tree design. Insights on Brocade Ethernet Fabric Architecture How a Brocade Ethernet Fabric improves utilisation and delivers resilience by auto-healing. Hosted by Greg Ferro, Stephen Foskett, Ivan Pepelnjak, Ethan Banks and Brandon Carroll. Thanks to them for their time. Session 2: Converged Storage – Hosted by Stephen Foskett Acknowledging the value of FC but focussing on Ethernet/IP storage What are the emerging workloads that make Ethernet storage compelling. and how do Fabrics play in that arena. SSD performance driving high speed. Big Data driving cluster networking Session 3: Multipath versus Multichassis – Hosted by Greg Ferro Emerging layer-2 multipath technologies introduce the multipathing, fast failure recovery, and optimum bandwidth utilization we’ve always enjoyed in the IP world to the Ethernet layer-2 forwarding, allowing the data center architects to build large-scale (multipath) layer-2 solutions that approach the efficiency of layer-3 networks. Some vendors are proposing an alternate solution: using multi-chassis link aggregation (MLAG) they’re building a virtual star topology that retains the redundancy and optimum bandwidth utilization requirements, and minimizes the impact of link outages without introducing new technologies. Brocade's strategy of “revolution through evolution” Virtual chassis technology Brocade Virtual Cluster Switching Technical Architecture Transparent LAN service Virtual link aggregation groups (vLAGs) Distributed configuration management (virtual Chassis) ECMP / TRILL Session 4: Hard Cores / Soft Edges – Hosted by Ivan Pepelnjak Brocade Automatic Migration of Port Profiles (AMPP) and VM-Aware Network Automation features enable customers to fully align virtual server and network infrastructure resources and realize the full benefits of server virtualization. Brocade VM-Aware Network Automation provides secure connectivity and full visibility to virtualized resources with dynamic learning and activation of port profiles. In VMware environments, the Brocade VCS fabric communicates directly with VMware vCenter ™ to eliminate manual configuration of port profiles. Brocade VCS fabric also supports VM mobility across VCS fabrics within a data center, while providing protection against VM MAC spoofing. Additional VMware vCenter integration with Brocade Network Advisor provides another layer of intelligence to network administrators.b0cca9cf19624a3036c03424f68b6a3e We will be announcing more sessions over the next three weeks, stay tuned for more details on them. Thanks to Brocade for supporting the Packet Pushers by sponsoring a new type of marketing event. You can send Ethan and I feedback at packetpushers@gmail.com.

Network Field Day Three meant that a lot of regular guests on Packet Pushers were in the same room at the same time. And that room was full of cameras, microphones and a crew to run it!! So we recorded a Packet Pushers Live - the first ever show in video as Show 100. That's right - 100 shows! Two years since we started, about 6000 downloads per show and more than 50000 downloads a month.

This week we are talking to Thomas d'Otreppe, author of Aircrack-NG and OpenWIPS-NG about his Open Source project and what they do ? AirCrack-NG Aircrack “Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.” OpenWIPS OpenWips “OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts: Sensor(s): "Dumb" devices that capture wireless traffic and sends it to the server for analysis. Also responds to attacks. Server: Aggregates the data from all sensors, analyzes it and responds to attacks. It also logs and alerts in case of an attack. Interface: GUI manages the server and displays information about the threats on your wireless network(s).” Components of Aircrack-NG: Aircrack-ng (cracking WEP, WPA/WPA2) airodump-ng airmon-ng airbase-ng aireplay-ng airtun-ng General Topics Comparison of Kismet and Aircrack-NG and OpenWIPS-NG. use case and features for Wireless and Network Security Engineers. Call for volunteers on the project! You can also find more about Thomas at WiFu MEME: I don’t always use wireless at the airport...but when I do, I use VPN. Subscribe in iTunes You can subscribe in iTunes by clicking on the logo here. Other Media Players and MP3 Download Alternatively, you can subscribe to the RSS feed with your favourite pod catcher. The URL is feed://feeds.packetpushers.net/PacketPushersPodcast

This is the second part of the TRILL and Spanning Tree discussion. TRILL has been on the radar for about three years and while we are seeing some shipping hardware and deployments, it's still not clear what the current status of TRILL is. This week, Jon Hudson IETF Member for TRILL and Brocade engineer is joined with Andy Shalomon from Cisco, who is conducting testing and deployment on Cisco's FabricPath for a discussion about where TRILL is today.

TRILL has been on the radar for about three years and while we are seeing some shipping hardware and deployments, it's still not clear what the current status of TRILL is. This week, Jon Hudson IETF Member for TRILL and Brocade engineer is joined with Andy Shalomon from Cisco, who is conducting testing and deployment on Cisco's FabricPath for a discussion about where TRILL is today.

Michele Chubirka (our very own Mrs. Y), Greg Ferro, and Ethan Banks gather *in person* with very special guest Gordon "Fyodor" Lyon. Fyodor is the author of Nmap, for many years the tool of choice to perform network scanning. The four of us chat about Nmap, being a security practitioner, and goings-on in the security business. What We Discuss Nmap's 15th birthday. The new version of Nmap 5.61 test 5 soon to be released. What does Nmap do? Host detection. OS detection using heuristics and fingerprinting. What's Zenmap? NSE, the Nmap scripting engine. Is it a good or bad thing that other folks bundle Nmap with their products? Nmap's dual licensing scheme (open source vs. commercial entities). Who's working on Nmap these days? What language do you have to know to use NSE? What are the new features we'll see in the upcoming version of Nmap? The trouble with scanning IPv6 address ranges. Why is there a perception that IPv6 is less secure than IPv4? IPv5 trivia. Why have we had so many big security breaches lately? Is there a disconnect between application developers and IT practitioners? Greg's pet theory of active security and passive security. Did you know that Nmap has an tool called Ndiff that will show you variances in scan results from one day to the next? Evading the notice of intrusion detection devices & firewalls. Does it make sense to patrol outside of the perimeter (i.e. an IDS outside the firewall)? The challenge of sorting through huge amounts of log data. Just how do we protect our intellectual property from hackers with abilities like Fyodor's? Are honeypots useful? How well are OS vendors patching themselves, and how much is it helping? Why do we keep working around our own security tools? Links Nmap - free and open source utility for network exploration or security auditing. Zenmap - the official Nmap Security Scanner GUI. Ndiff - a tool to aid in the comparison of Nmap scans. Metasploit - helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. insecure.org - Fyodor's blog. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning - Fyodor's book. Tor Project - Protect your privacy. Defend yourself against network surveillance and traffic analysis. Greg's blog post on IPv5 - yes, really. Thin-slicing - a term used in psychology and philosophy to describe the ability to find patterns in events based only on "thin slices," or narrow windows, of experience (from Wikipedia). The Honeynet Project - to learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned. Nmap's page on the Google Summer of Code - try coding for Nmap for a summer instead of flipping burgers! Apply by April 6, 2012 to be considered for this summer. twitter.com/nmap facebook.com/nmap Nmap Hackers mailing list Sponsors NEC ProgrammableFlow OpenGear - This week’s show was sponsored in part by Opengear, experts in out-of-band management.  Visit www.opengear.com to learn about secure, next generation management appliances that provide lights out access to network equipment even when the primary link is down.  Tell them you heard of their solutions from Packet Pushers for a free t-shirt.

Ethan Banks and Michele Chubirka (aka Mrs. Y aka the Network Security Princess) have a relaxed chinwag with Doug Burks, Deputy Chief Security Officer at Mandiant, community instructor for SANS, and the man behind Security Onion. What is Security Onion? To quote Doug's website... Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico, and many other security tools, all wrapped up with an easy-to-use Setup wizard. What We Discuss What was the driver that brought about the creation of Security Onion? What security functions does Security Onion include? Why is there such an emphasis on intrusion detection as opposed to intrusion prevention with this distro? How is an IPS like a firewall? Why does it make sense for an enterprise to have an IDS in addition to an IPS? Why does full packet capture matter in an IDS system? What packages are included in the Secuirty Onion distro? How can Secuity Onion be used as a forensic analysis tool? Why should a company that's already invested in commercial IDS/IPS bother with Security Onion? What role does Security Onion play in host-based intrusion detection (HIDS)? How would you size server hardware & storage for a successful Security Onion deployment? When will Security Onion be available in a 64-bit flavor? What's the profile of the typical shop that's deployed Security Onion? Can Security Onion monitor traffic on multiple interfaces simultaneously? What's the difference between a Security Onion "sensor" and "server"? How much data does a Security Onion sensor send back to a server, and what's the impact on WAN utilization? Will there be wireless functionality built into Security Onion in the future? Does Mandiant give Doug much time to work on Security Onion? Can Security Onion be deployed as a virtual machine? Links Security Onion Doug Burks on Twitter TaoSecurity - Richard Bejtlich's blog on digital security Snort - open source network intrusion prevention and detection system OISF - home of Suricata. The Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine. OSSEC - open source host-based intrusion detection system Argus - a small, fast, and easily expandable network IDS designed with small to moderate sized networks in mind Bro - powerful network analysis framework that is much different from the typical IDS NetworkMiner - a Network Forensic Analysis Tool (NFAT) for Windows PF_RING - a new type of network socket that dramatically improves packet capture speed Kismet - an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system TCP/IP Weapons School 3.0 - TWS3 as taught by Richard Bejtlich. Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn the truth? ELSA - enterprise log, search and archive. A centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. Sponsors NEC ProgrammableFlow

Aerohive has recently announced Bonjour support for networking. If you aren’t familiar with Bonjour it’s the zero configuration protocol that used by Apple for all their devices to discover services on the network such as printers, AppleTVs, File Shares and more. Apple technologies such as Airplay (for music/media sharing), AirDrop (for file sharing) and Print Servers to get access to resources. And with companies adopting Apple products on a large scale it’s time for the network to have some control and management of services. At the networking level, the Bonjour protocol was designed for local access only and uses mulitcast and broadcast protocols to announce available services. For example this is a snap of services on a simple networks: Aerohive has placed Bonjour forwarding agents into their hardware that allows control over Bonjour and sponsored this podcast to talk about these features. Side note from greg: Although I learned a lot about Bonjour/ZeroConf in this podcast it's important to realise that you can control Bonjour traffic on LANs in addition to wireless networks. What is Apple’s Bonjour protocol? How does it work? What are the problems with it? What has Aerohive introduced to solve these issues? Why did Aerohive build this feature? What types of companies are in need of this type of solution? Were you the first to address this problem? Show Notes Show 75 - Mid November - Aerohive and Branch networking Bonjour Browser can be downloaded from here. Aerohive Blogs Areohive blog post with more technical detail : Breaking Subnet Boundaries with Bonjour: Simplifying Apple TV and AirPlay in the Enterprise About Mathew Gast Matthew Gast is the Director of Product Management at Aerohive Networks, where he leads development of the core software technologies in Aerohive’s fully distributed Wi-Fi network system. He currently serves as chair of both the Wi-Fi Alliance’s security task groups, and is the past chair of the IEEE 802.11–2012 revision. Matthew is also the author of 802.11 Wireless Networks: The Definitive Guide (O’Reilly), which is now in its second edition and has been translated into six languages. His second book on wireless networking, 802.11n: A Survival Guide (O’Reilly) is expected in March of this year. [OReilly 802.11 book](http://shop.oreilly.com/product/9780596100520.do) [Oreilly 802.11n book]( http://shop.oreilly.com/product/0636920021988.do)

This show is few moments to breathe, take stock, and meditate about peace in our time and listen to someone else do the talking. Today, Packet Pushers is re-broadcasting a recording of a presentation by Geoff Huston from the AusCERT2011. I have to say that I've always known that Internet routing was a mess but Geoff breaks it down in approachable and easy to understand way that drives home just how unreliable and insecure the Internet is. Chilling stuff and well worth listening to. Geoff Huston is a well known and respected figure in the development of the Internet. Here is the description form the conference website: Securing the Internet's Foundations - Addresses and Routing The framework of trust that supports the operation of the internet starts with a basic assumption about the uniqueness of IP addresses and the integrity of routing. If this assumption fails then the internet is exposed to many forms of subversion and attack. This presentation will outline the role of addresses and routing and the potential attack vectors, and will also report on the progress to establish a secure framework for addresses and their use in the Internet, highlighting the progress in establishing a secure routing environment for the Internet. APNIC's Geoff Huston on routing system "lies" This was recorded by Risky.biz - a podcast on information security which I listen to every week. The host, Patrick Grey is a freelance security journalist who really knows his stuff. I'd sure like to meet up and meet both him and Adam Buarlow(?) someday. Risky Business is a great show which a good practical mix of security news and interviews with interesting people. A big shout out to Patrick Grey who kindly gave me permission to use his recording. And thanks to Geoff Huston who also gave his permission to rebroadcast this recording. About Geoff Huston Geoff Huston is the Chief Scientist at the Asia Pacific Network Information Centre (APNIC), where he undertakes research on topics associated with Internet infrastructure, IP technologies, and address distribution policies. Prior to APNIC, Geoff was employed as the Chief Internet Scientist at Telstra and Technical Manager of the Australian Academic and Research Network (AARNET). He was a leading figure in the development of Australia's academic and commercial Internet services. Potaroo

The prime Pushers Ethan Banks and Greg Ferro chat with HP Security's Sanjay Raja in this sponsored podcast about the TippingPoint Secure Virtual Framework (SVF). Sanjay Raja is a Product Marketing Manager with the TippingPoint organization, and describes in detail how SVF integrates into your VMware environment. What We Discuss Inspecting traffic sourced from VMs, when those VMs don't always live in the same physical place. Keeping the same security policy applied to a virtualized environment as would have been applied to a physical environment. Topology discovery and integration with Virtual Management Center. Firewalling VMs from other VMs. Shunting traffic to an external IPS device via low-latency tunneling. New vShield APIs that TippingPoint is creating with VMware via an exclusive partnership. The challenge of virtualizing IPS functionality without consuming all the resources of the cluster being protected. How to integrate SVF into an environment that's only partially virtualized. What "next generation IPS" really means, and how TippingPoint is a part of that space. Why you care about TippingPoint's DV Labs vulnerability discovery team. Does SVF allow inside hosts and DMZ (read: "Internet-facing") hosts to coexist on the same VMware cluster? What's the redundancy/resiliency architecture for SVF? How is TippingPoint SVF integrated with the other HP Security business units like Fortify and ArcSight? Links Secure Virtual Framework HPEnterpriseSecurity.com Solid Reasons for Securing the Cloud (Sanjay Raja) How are you dealing with the new PCI standards covering virtualization and cloud security? (Sanjay Raja)

Packet Pushers had a Packet Party in Feb 17, 2012 with an Open Microphonr. The Packet Party was recorded live from event where we had about 90 people on the call. People from the audience would ask questions, and we throw to topic open for discussion. Overall the discussion was great, and we covered a lot different topics. Please let us know if you enjoyed this format. Depending on the feedback, we will look to schedule more shows in the future.

Trainer, author, and long-time network industry veteran Todd Lammle joins Ethan Banks and Greg Ferro for a chat about the good ol' days, the days ahead, and how to make it in the networking business. Todd's worked at some legendary companies like Atari and Xerox. He's been around the industry for a long time, and worked hard to make a go of it. Today, he's an independent trainer, consultant, and author. And did you know he's never played a video game? We have a great chat with Todd, who opines about the state of the book publishing business, e-learning, staying focused, and how to have a successful career. We hit the following topics along the way. Todd, how did you get started in networking? How did you transition into training and writing? Luck vs. self-discipline – which is more important and why? Is blogging a waste of time? What about social media? Physical books vs. e-books & e-learning. Does it matter? A lot of people think certifications are the answer to IT success. Are they? Why has it gotten so much harder to keep up with technology? What are the up-and-coming skills someone in networking should focus on to stay relevant? When it is time to move on to a different employer? What does cloud computing really mean for the networking industry? How does someone manage to earn a certification when they also have a full-time job and a family? What are some techniques to master the information required to pass a certification exam? Links Tips On Getting Things Done For The Person Already Stretched (Ethan's Personal Blog) Todd Lammle on Twitter, Facebook, and YouTube. Sponsors NEC ProgrammableFlow

In this show we discuss the the differences between OSPF & IS-IS routing protocols and the differences between them. protocol optimisations are both good and bad. How both protocols have poor metric generation OSPFv3 offers some hope for the future. QoS Based metrics in their forms - MPLS TE isn't getting good adoption. Why do vendors put 10 cent CPUs in their equipment and make using SPF protocols so hard ? * Best Quotes: Ivan - "There is the right thing to do, which is to choose IS-IS. Then there is the best thing to do which is to choose OSPF." Marko: "Then you can watch their Eyes reload" On the "Unique versus Useful" A comparison between two routing protocols: OSPF and IS-IS - Radia Perlman - Behind the IEEE Paywall so don't bother following the link Multi-topology routing in OSPFv3 (MT-OSPFv3) IS-IS and OSPF Difference Discussions - IETF DRAFT OSPF and IS-IS : Choosing an IGP for Large-Scale Networks - Jeff Doyle Guests Petr Lapukhov Marko Milovejic @icemarkom and Blog - My Network Stories Ivan Pepelnjak -@ioshints IPspace.net  

Having met at VMworld 2010, Daniel Bowers and I were having an ongoing discussion around server architectures and how they impact network performance. I convinced him to come onto the show and talk broadly about what goes on inside a server. Mostly we focus on how server performance impacts network performance. I wouldn't call this a deep dive, more of an overview into some of the ideas to keep in the top of your head. This show was recorded on 4th October 2011. It's taken a while to find a slot where we can publish this show - we've got too much to talk about. PCI Express bus connections can support 10GbE. PCI Express is a point to point connection Memory performance affects network performance. You may get better performance with less memory modules according the type of memory bus in use. Physical slots in the chassis have different properties. Servers don't make good switches Guests Daniel Bowers is an server design engineer and marketeer who analyzes server architectures and performance for the IT research firm Ideas International.  He’s also a primary representative at SPEC and TPC.   Follow him on Twitter, or read his blogs on ideasint.blogs.com. Show Links Not All Servers Are Alike (With DNA)    

The Packet Pushers voice crew reassembles, this time for a discussion of SIP trunks. Erik Peterson, Amy Arnold and Tom Hollingsworth are the technical talent this week, while Ethan Banks hosts and tries to keep up with the conversation without going, "Huh?" too many times. Hey, we can't all be voice engineers. ;-) SIP gets a pretty good look from us as we take on the following talking points: What’s SIP stand for, and what's it used for? What are the common alternatives to SIP, and why is SIP preferred? What sorts of widely recognized hardware/software uses SIP? How does SIP work? Implementing SIP trunking in the enterprise for PSTN access. What should enterprises be considering when planning a transition to SIP? What is a Session Border Controller? What is SIP normalization, and when does it need to be used? SIP applications in production networks. SIP troubleshooting tools. (Packet captures, ladder diagrams, per call debugging, and common show & debug commands.) How do I learn more about SIP? (Read Tom's review of the CiscoPress title "SIP Trunking".) We hope you enjoy this show, and don't forget all of the different ways that you can follow the Packet Pushers to keep up with the content generated by our community.