AWS Community Day CPH - Three problems of Terraform
Aspects Strategiques Des Réseaux 2008 2009
1. Veille technologique en TIC
Aspects stratégiques des réseaux
Eric Vyncke
evyncke@cisco.com
Derniè re mise à jour: 27 fé vrier 2009
2. 01/30/15 2
References & Misc
• Slides on http://mastertic.blogspot.com/
• Contacts
– Main job: Cisco Systems as Distinguished Engineer
– Email: evyncke@cisco.com
– Mobile: +32 475 312458
3. 01/30/15 3
Agenda
• Introduction to network
• The acronym soup
• The impact of security
• The impact of IP telephony
• The impact of Virtualization
• Wrap-up: The Questions to be asked
5. 01/30/15 5
Why a Section on Networks?
• TIC = Technologie de l’Information et
Communication
pas de TIC sans ré seaux
– Connaî tre les technos ré seaux = faire des bons
choix
les ré seaux ont impacté le business depuis
la fin de 90’s
7. 01/30/15 7
Importance de la standardisation
• peu de domaines ont autant besoin de standards
– la communication est un domaine complexe: besoin de
spé cifications pré cises
– communication entre diverses machines
– communication entre divers constructeurs informatiques
• plusieurs types de standards:
– standards proprié taires: parfois non public, ré servé à un
constructeur: SNA d’IBM, NetWare de Novell, DECnet de
Digital, Transdata de Siemens Nixdorf, ...
• Presque disparus mais encore actifs dans les domaines ‘pre-
standard’
• Voix sur IP: SCCP de Cisco, wireless security, …
– standards ouverts de jure: OSI de l’ISO, IEEE 802.*, X.25, ...
– standards ouverts de facto: TCP/IP, Ethernet, ...
8. 01/30/15 8
Gé né ralité s
• les communications sont un domaine complexe
et en é volution constante => besoin d’un
modè le:
– é tablir des spé cifications et les tests
– comparer des solutions
– é tablir des thé ories
• le modè le sera en plusieurs couches simples à
vocation pré cise afin de faciliter la
compré hension et l’implé mentation
9. 01/30/15 9
...AN Based on the Span
• A lot of acronym ending with ...AN
– Area Network
• Like
– LAN Local Area Network: several 100’s of meters
– MAN Metropolitan Area Network: a city, 10’s of km
– WAN Wide Area Network: the whole Earth
– PAN Personal Area Network: one meter or so
– RAN Radio Area Network: from a single antenna
10. 01/30/15 10
...AN Based on Usage
• A lot of acronym ending with ...AN
– Area Network
• Like
– SAN Storage Area Network:
• linking servers and hard-disks so that server do not know
that disk are not attached
11. 01/30/15 11
Local Area Network: LAN
• LAN are usually a layer 2 technology
– Using a single media
• Most common Ethernet over twisted pair
– 10 Mbps, 100 Mbps (= Fast Ethernet), 1 Gbps, 10 Gbps, ...
– Standard IEEE 802.3
• Before over a coax cable now over twisted pair and
hub/switch
• Unique Ethernet address on each Network Interface
Card (NIC)
– 24 bits unique per vendor: 00-02-8A (Cisco)
– 24 bits assigned by vendor: 09-07-CF
48-bits unique global address: 00-02-8A-09-07-CF
12. 01/30/15 12
Ethernet Topologies
How to connect more than 2
hosts?
• bus topology popular through mid 90s
– all nodes in same collision domain (can collide with
each other)
• today: star topology prevails
– active switch in center
– each “spoke” runs a (separate) Ethernet protocol (nodes
do not collide with each other)
switch
bus: coaxial cable
star
13. 01/30/15 13
Ethernet Hub
• Frames are repeated on all ports...
• 8 x 100 Mbps ports ~ 15 €
A
C
A B C D
A
C
A
C
A
C
14. 01/30/15 14
Ethernet Switch
• Frames are repeated only on destination port
– Don’t disturb other machines
– While A sends to C, B can simultaneously send to D
• 5 x 100 Mbps ports ~ 20 €
• High density (8 x 48 ports) => up to 100 € /port
A
C
A B C D
A
C
Enterprises always
use switches
Enterprises always
use switches
15. 01/30/15 15
Virtual LAN: VLAN
A B C D
• Switched can be partitioned in virtual LAN
– VLAN#1: ports A & C
– VLAN#2: ports B & D
• Use to separate traffic for security, ...
16. 01/30/15 16
Going Faster than Ethernet
• Ethernet is 1 Gbps (10 Gbps) 109
bit/s 1010
bit/s
– 1 CD-ROM 800 MB = 64 108
bits
– 1 DVD 4.7 GB = 40 109
bits
– Ethernet 1 Gbps transfer
• CD-ROM = 6 seconds
• DVD = 40 seconds
• A very fast hard disk is 800 MB/s write = 6.4 Gbps
• Too slow for High Performance Computing
– Needs faster
17. 01/30/15 17
High Performance Computing
Low-latency,
High-message
rate market data
environments
Real-time
analytics
Increase accuracy
of Reservoir
Modeling and
Seismic Analysis
Deliver large
datasets optimally
Reduce time to
market for new
products
Better Safety &
Product Design
through
Simulation
Expand Research
Capabilities
Complex
Research
Problems
Greater Industry
Outreach
Accelerate time to
market
Molecular
Modeling and
Protein folding
experiments for
drug discovery
Financial
Services
Oil & Gas Manufacturing Biotech
Academic
Research
JPMC – 2000+
Servers in Global
Deployment
Citi – Fixed
Income Trading
Statoil –
Multiple
Clusters
ONGC
ENI
Occidental
Honda
Ferrari – F1
RedBull Racing
Airbus
Boeing
NCSA @ UIUC
Stanford Univ
MIT
Harvard Univ
UNC Chapel Hill
DE Shaw R&D
Cedar Sinai
Stanford BioX
Scripps Institute
Shorten Time
for Tape-Out
Improve Yield
EDA
Intel
Motorola
TSMC
Altis
Semiconductor
18. 01/30/15 18
Another LAN: Infiniband
• Point to point link
• Each link can be 2, 4 or 8 Gbps
• Links can be aggregated (appearing as one)
– 4x => 8, 16 or 32 Gbps
– 12x => 24, 48 or 96 Gbps
19. 01/30/15 19
Wide Area Network Services
• WAN: transfer of data over 100’s of km
• Enterprises cannot build their own network
– Too expensive
• Service is offered by SP (service provider)
– Nation wide: Belgacom, Voo, Mobistar, Telenet
– Worldwide: British Telecom, Colt, Verizon, ...
• Layer 1: transmit elementary bit
• Layer 2 (= Data-Link): transmit a frame (like a
packet)
20. 01/30/15 20
WAN: As Layer 1 or 2 Services
• Layer 1: leased line = a pair of copper wire with
modem
• Like from your ADSL router to Skynet/Belgacom
• Layer 1: optical fiber
• Dark fiberDark fiber (you need to add laser transmitter): just for you, €€€
• Shared fiber (each customer uses a different color for laser):
cheaper
• Layer 2: point to point link (or star network) where SP
handles the layer 1 (modulation) and repeats frame
(layer 2)
• Used to be the prevalent solution: X.25, Frame Relay
• But now reserved for MAN with Ethernet
Do we care?
Decision based on price for bandwidth
Sharing issue? May means less bandwidth
21. 01/30/15 21
3: couche ré seau
• permet le transfert de paquets via plusieurs couches
de liaison de donné es diffé rentes
– Permet de passer de WiFi à ADSL à Internet à Ethernet
– Notion de route à suivre
– Notion d’adresse ré seau unique au niveau mondial
• Exemple: IP (Internet Protocol utilisé sur Internet)
A b Zf
e
22. 01/30/15 22
Network Layer: IP at Home
• IP is the network layer we all use
• Our IP packets traverse multiple data links and media
Access Point ADSL Router
Your ISP
Internet =
All other ISP1st data
link: wifi
2nd data
link:
Ethernet 3rd data link:
ADSL or
Cable
Nth data link:
Ethernet or ...
23. 01/30/15 23
What is an IP address?
• In IPv4, an address is a 32 bit quantity that
uniquely identifies a network interface.
• In IPv4 there are 232 =
4,294,967,296 unique
addresses possible
24. 01/30/15 24
Basic Addressing
64.100.24.1
• IP addresses are
written in dotted
decimal format.
• Four sections are
separated by dots.
• Each section contains a
number between 0 and
255.
Dots separate the sections
Each section
contains a number
between 0 and 255
25. 01/30/15 25
IP Addressing at Home
Access Point ADSL Router
Your ISP
Internet =
All other ISP
I’m
192.168.100.
2
I’m
192.168.100.1
And
192.168.1.2
I’m 192.168.1.1
And 80.123.34.89
• If a node has multiple network interfaces, it typically has multiple
IP addresses
Network Printer
I’m
192.168.1.
3
26. 01/30/15 26
IP Address Hierarchy
For Mr. Postman
• IP address is divided into two parts to achieve
efficient “packet processing”
1. Network-id: Represents the physical network commonly
called a “prefix” (often first 24 bits)
2. Host-id: Represents a computer on the network (often last
8 bits)
Tasman Dr.
250
Tasman Dr.
260
Tasman Dr.
MainSt.
100
Main St.
101
Main St.
27. 01/30/15 27
Can we Automate Addressing?
• Defining static IP addresses on each host
– Does not scale
– Error prone (moving a PC to another network), ...
• Dynamic Host Configuration Protocol (DHCP)
– DHCP server (Windows or a router) is configured
with the list of IP addresses for a network
– When a host boots, it ask the DHCP for an IP
address (and other information like routing,
DNS, ...)
Most enterprises use DHCP
except for servers
keeping the log to see who is using which address
Most enterprises use DHCP
except for servers
keeping the log to see who is using which address
28. 01/30/15 28
What is IPv6?
• The current IP is version 4
– Limited address space (32 bits), exhaustion in 2010
• The next IP is version 6
– Addresses are 128-bits wide
– No more exhaustion
– Else nothing has changed
– Already in Windows Vista or Mac OS/X or Linux
• Windows XP: ‘ipv6 install’
IPv6 will rule in 2010 at the latest
ALL NEW
NETWORKS/APPLICATION
MUST BE DESIGNED FOR IPV6
IPv6 will rule in 2010 at the latest
ALL NEW
NETWORKS/APPLICATION
MUST BE DESIGNED FOR IPV6
29. 01/30/15 29
IPv4 Address Fractal Map Jan-2000
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
Reserved
084
Reserved
083
Reserved
080
Reserved
079
Reserved
078
Reserved
065
Reserved
086
Reserved
087
Reserved
082
Reserved
081
Reserved
076
Reserved
077
Reserved
066
Reserved
064
ARIN
063
ARIN
060
Reserved
067
Reserved
062
RIPE
061
APnic
089
Reserved
088
Reserved
093
Reserved
094
Reserved
075
Reserved
072
Reserved
071
Reserved
068
Reserved
049
Reserved
050
Reserved
090
Reserved
091
Reserved
092
Reserved
095
Reserved
074
Reserved
073
Reserved
070
Reserved
069
Reserved
101
Reserved
100
Reserved
099
Reserved
096
Reserved
117
Reserved
118
Reserved
121
Reserved
122
Reserved
102
Reserved
103
Reserved
098
Reserved
097
Reserved
116
Reserved
119
Reserved
120
Reserved
123
Reserved
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
Reserved
124
Reserved
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
Reserved
059
Reserved
058
Reserved
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Reserved
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
Reserved
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
Reserved
188
Reserved
213
RIPE
214
US DoD
217
Reserved
218
Reserved
212
RIPE
215
US DoD
216
ARIN
219
Reserved
211
APnic
210
APnic
221
Reserved
220
Reserved
208
ARIN
209
ARIN
222
Reserved
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
Reserved
201
Reserved
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
Reserved
191
Various
192
Various
195
RIPE
196
AfrNIC
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
30. 01/30/15 30
IPv4 Address Fractal Map Jan-2001
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
Reserved
084
Reserved
083
Reserved
080
Reserved
079
Reserved
078
Reserved
065
ARIN
086
Reserved
087
Reserved
082
Reserved
081
Reserved
076
Reserved
077
Reserved
066
ARIN
064
ARIN
063
ARIN
060
Reserved
067
Reserved
062
RIPE
061
APnic
089
Reserved
088
Reserved
093
Reserved
094
Reserved
075
Reserved
072
Reserved
071
Reserved
068
Reserved
049
Reserved
050
Reserved
090
Reserved
091
Reserved
092
Reserved
095
Reserved
074
Reserved
073
Reserved
070
Reserved
069
Reserved
101
Reserved
100
Reserved
099
Reserved
096
Reserved
117
Reserved
118
Reserved
121
Reserved
122
Reserved
102
Reserved
103
Reserved
098
Reserved
097
Reserved
116
Reserved
119
Reserved
120
Reserved
123
Reserved
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
Reserved
124
Reserved
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
Reserved
059
Reserved
058
Reserved
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Reserved
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
Reserved
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
Reserved
188
Reserved
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
Reserved
211
APnic
210
APnic
221
Reserved
220
Reserved
208
ARIN
209
ARIN
222
Reserved
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
236
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
Reserved
201
Reserved
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
Reserved
191
Various
192
Various
195
RIPE
196
AfrNIC
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
31. 01/30/15 31
IPv4 Address Fractal Map Jan-2002
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
Reserved
084
Reserved
083
Reserved
080
RIPE
079
Reserved
078
Reserved
065
ARIN
086
Reserved
087
Reserved
082
Reserved
081
RIPE
076
Reserved
077
Reserved
066
ARIN
064
ARIN
063
ARIN
060
Reserved
067
Reserved
062
RIPE
061
APnic
089
Reserved
088
Reserved
093
Reserved
094
Reserved
075
Reserved
072
Reserved
071
Reserved
068
Reserved
049
Reserved
050
Reserved
090
Reserved
091
Reserved
092
Reserved
095
Reserved
074
Reserved
073
Reserved
070
Reserved
069
Reserved
101
Reserved
100
Reserved
099
Reserved
096
Reserved
117
Reserved
118
Reserved
121
Reserved
122
Reserved
102
Reserved
103
Reserved
098
Reserved
097
Reserved
116
Reserved
119
Reserved
120
Reserved
123
Reserved
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
Reserved
124
Reserved
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
Reserved
059
Reserved
058
Reserved
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
Reserved
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
Reserved
188
Reserved
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
Reserved
220
APnic
208
ARIN
209
ARIN
222
Reserved
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
Reserved
201
Reserved
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
Reserved
191
Various
192
Various
195
RIPE
196
AfrNIC
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
32. 01/30/15 32
IPv4 Address Fractal Map Jan-2003
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
Reserved
084
Reserved
083
Reserved
080
RIPE
079
Reserved
078
Reserved
065
ARIN
086
Reserved
087
Reserved
082
RIPE
081
RIPE
076
Reserved
077
Reserved
066
ARIN
064
ARIN
063
ARIN
060
Reserved
067
ARIN
062
RIPE
061
APnic
089
Reserved
088
Reserved
093
Reserved
094
Reserved
075
Reserved
072
Reserved
071
Reserved
068
ARIN
049
Reserved
050
Reserved
090
Reserved
091
Reserved
092
Reserved
095
Reserved
074
Reserved
073
Reserved
070
Reserved
069
ARIN
101
Reserved
100
Reserved
099
Reserved
096
Reserved
117
Reserved
118
Reserved
121
Reserved
122
Reserved
102
Reserved
103
Reserved
098
Reserved
097
Reserved
116
Reserved
119
Reserved
120
Reserved
123
Reserved
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
Reserved
124
Reserved
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
Reserved
059
Reserved
058
Reserved
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
Reserved
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
Reserved
188
Reserved
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
Reserved
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
Reserved
201
Reserved
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
Reserved
191
Various
192
Various
195
RIPE
196
AfrNIC
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
33. 01/30/15 33
IPv4 Address Fractal Map Jan-2004
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
Reserved
084
Reserved
083
Reserved
080
RIPE
079
Reserved
078
Reserved
065
ARIN
086
Reserved
087
Reserved
082
RIPE
081
RIPE
076
Reserved
077
Reserved
066
ARIN
064
ARIN
063
ARIN
060
Reserved
067
ARIN
062
RIPE
061
APnic
089
Reserved
088
Reserved
093
Reserved
094
Reserved
075
Reserved
072
Reserved
071
Reserved
068
ARIN
049
Reserved
050
Reserved
090
Reserved
091
Reserved
092
Reserved
095
Reserved
074
Reserved
073
Reserved
070
Reserved
069
ARIN
101
Reserved
100
Reserved
099
Reserved
096
Reserved
117
Reserved
118
Reserved
121
Reserved
122
Reserved
102
Reserved
103
Reserved
098
Reserved
097
Reserved
116
Reserved
119
Reserved
120
Reserved
123
Reserved
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
Reserved
124
Reserved
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
Reserved
059
Reserved
058
Reserved
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
Reserved
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
Reserved
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
Reserved
191
Various
192
Various
195
RIPE
196
AfrNIC
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
34. 01/30/15 34
IPv4 Address Fractal Map Jan-2005
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
Reserved
084
Reserved
083
Reserved
080
RIPE
079
Reserved
078
Reserved
065
ARIN
086
Reserved
087
RIPE
082
RIPE
081
RIPE
076
Reserved
077
Reserved
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
Reserved
088
RIPE
093
Reserved
094
Reserved
075
Reserved
072
ARIN
071
ARIN
068
ARIN
049
Reserved
050
Reserved
090
Reserved
091
Reserved
092
Reserved
095
Reserved
074
Reserved
073
Reserved
070
Reserved
069
ARIN
101
Reserved
100
Reserved
099
Reserved
096
Reserved
117
Reserved
118
Reserved
121
Reserved
122
Reserved
102
Reserved
103
Reserved
098
Reserved
097
Reserved
116
Reserved
119
Reserved
120
Reserved
123
Reserved
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
Reserved
124
Reserved
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
Reserved
059
APnic
058
APnic
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
Reserved
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
Reserved
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
Reserved
191
Various
192
Various
195
RIPE
196
AfrNIC
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
35. 01/30/15 35
IPv4 Address Fractal Map Jan-2006
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
RIPE
084
RIPE
083
RIPE
080
RIPE
079
Reserved
078
Reserved
065
ARIN
086
RIPE
087
RIPE
082
RIPE
081
RIPE
076
ARIN
077
Reserved
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
RIPE
088
RIPE
093
Reserved
094
Reserved
075
ARIN
072
ARIN
071
ARIN
068
ARIN
049
Reserved
050
Reserved
090
RIPE
091
RIPE
092
Reserved
095
Reserved
074
ARIN
073
ARIN
070
ARIN
069
ARIN
101
Reserved
100
Reserved
099
Reserved
096
Reserved
117
Reserved
118
Reserved
121
Reserved
122
Reserved
102
Reserved
103
Reserved
098
Reserved
097
Reserved
116
Reserved
119
Reserved
120
Reserved
123
Reserved
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
APnic
124
APnic
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
APnic
059
APnic
058
APnic
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
Reserved
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
LACnic
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
LACnic
191
Various
192
Various
195
RIPE
196
AfrNIC
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
36. 01/30/15 36
IPv4 Address Fractal Map Jan-2007
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
RIPE
084
RIPE
083
RIPE
080
RIPE
079
RIPE
078
RIPE
065
ARIN
086
RIPE
087
RIPE
082
RIPE
081
RIPE
076
ARIN
077
RIPE
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
RIPE
088
RIPE
093
Reserved
094
Reserved
075
ARIN
072
ARIN
071
ARIN
068
ARIN
049
Reserved
050
Reserved
090
RIPE
091
RIPE
092
Reserved
095
Reserved
074
ARIN
073
ARIN
070
ARIN
069
ARIN
101
Reserved
100
Reserved
099
ARIN
096
ARIN
117
Reserved
118
Reserved
121
APnic
122
APnic
102
Reserved
103
Reserved
098
ARIN
097
ARIN
116
Reserved
119
Reserved
120
Reserved
123
APnic
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
Reserved
114
Reserved
125
APnic
124
APnic
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
APnic
059
APnic
058
APnic
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
AFRNic
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
Reserved
180
Reserved
183
Reserved
184
Reserved
187
Reserved
179
Reserved
178
Reserved
189
LACnic
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
LACnic
191
Various
192
Various
195
RIPE
196
AFRnic
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
37. 01/30/15 37
IPv4 Address Fractal Map Jan-2008
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
RIPE
084
RIPE
083
RIPE
080
RIPE
079
RIPE
078
RIPE
065
ARIN
086
RIPE
087
RIPE
082
RIPE
081
RIPE
076
ARIN
077
RIPE
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
RIPE
088
RIPE
093
RIPE
094
RIPE
075
ARIN
072
ARIN
071
ARIN
068
ARIN
049
Reserved
050
Reserved
090
RIPE
091
RIPE
092
RIPE
095
RIPE
074
ARIN
073
ARIN
070
ARIN
069
ARIN
101
Reserved
100
Reserved
099
ARIN
096
ARIN
117
APnic
118
APnic
121
APnic
122
APnic
102
Reserved
103
Reserved
098
ARIN
097
ARIN
116
APnic
119
APnic
120
APnic
123
APnic
105
Reserved
104
Reserved
109
Reserved
110
Reserved
115
APnic
114
APnic
125
APnic
124
APnic
106
Reserved
107
Reserved
108
Reserved
111
Reserved
112
Reserved
113
Reserved
126
APnic
059
APnic
058
APnic
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
PDN
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
AFRNic
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
Reserved
174
Reserved
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
LACnic
180
Reserved
183
Reserved
184
Reserved
187
LACnic
179
Reserved
178
Reserved
189
LACnic
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
LACnic
191
Various
192
Various
195
RIPE
196
AFRnic
197
Reserved
250
Class E
251
Class E
252
Class E
255
Class E
38. 01/30/15 38
IPv4 Address Fractal Map Jan-2009
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
RIPE
084
RIPE
083
RIPE
080
RIPE
079
RIPE
078
RIPE
065
ARIN
086
RIPE
087
RIPE
082
RIPE
081
RIPE
076
ARIN
077
RIPE
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
RIPE
088
RIPE
093
RIPE
094
RIPE
075
ARIN
072
ARIN
071
ARIN
068
ARIN
049
Reserved
050
Reserved
090
RIPE
091
RIPE
092
RIPE
095
RIPE
074
ARIN
073
ARIN
070
ARIN
069
ARIN
101
Reserved
100
Reserved
099
ARIN
096
ARIN
117
APnic
118
APnic
121
APnic
122
APnic
102
Reserved
103
Reserved
098
ARIN
097
ARIN
116
APnic
119
APnic
120
APnic
123
APnic
105
Reserved
104
Reserved
109
Reserved
110
APnic
115
APnic
114
APnic
125
APnic
124
APnic
106
Reserved
107
Reserved
108
ARIN
111
APnic
112
APnic
113
APnic
126
APnic
059
APnic
058
APnic
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
Reserved
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
AFRNic
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
ARIN
174
ARIN
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
LACnic
180
Reserved
183
Reserved
184
ARIN
187
LACnic
179
Reserved
178
Reserved
189
LACnic
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
LACnic
191
Various
192
Various
195
RIPE
196
AFRnic
197
AFRINic
250
Class E
251
Class E
252
Class E
255
Class E
39. 01/30/15 39
IPv4 Address Fractal Map - Today
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
RIPE
084
RIPE
083
RIPE
080
RIPE
079
RIPE
078
RIPE
065
ARIN
086
RIPE
087
RIPE
082
RIPE
081
RIPE
076
ARIN
077
RIPE
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
RIPE
088
RIPE
093
RIPE
094
RIPE
075
ARIN
072
ARIN
071
ARIN
068
ARIN
049
Reserved
050
Reserved
090
RIPE
091
RIPE
092
RIPE
095
RIPE
074
ARIN
073
ARIN
070
ARIN
069
ARIN
101
Reserved
100
Reserved
099
ARIN
096
ARIN
117
APnic
118
APnic
121
APnic
122
APnic
102
Reserved
103
Reserved
098
ARIN
097
ARIN
116
APnic
119
APnic
120
APnic
123
APnic
105
Reserved
104
Reserved
109
Reserved
110
APnic
115
APnic
114
APnic
125
APnic
124
APnic
106
Reserved
107
Reserved
108
ARIN
111
APnic
112
APnic
113
APnic
126
APnic
059
APnic
058
APnic
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
Reserved
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
AFRNic
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
ARIN
174
ARIN
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
LACnic
180
Reserved
183
Reserved
184
ARIN
187
LACnic
179
Reserved
178
Reserved
189
LACnic
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Reserved
176
Reserved
177
Reserved
190
LACnic
191
Various
192
Various
195
RIPE
196
AFRnic
197
AFRINic
250
Class E
251
Class E
252
Class E
255
Class E
40. 01/30/15 40
IPv4 Address Fractal Map Jan-2010
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
RIPE
084
RIPE
083
RIPE
080
RIPE
079
RIPE
078
RIPE
065
ARIN
086
RIPE
087
RIPE
082
RIPE
081
RIPE
076
ARIN
077
RIPE
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
RIPE
088
RIPE
093
RIPE
094
RIPE
075
ARIN
072
ARIN
071
ARIN
068
ARIN
049
Reserved
050
Reserved
090
RIPE
091
RIPE
092
RIPE
095
RIPE
074
ARIN
073
ARIN
070
ARIN
069
ARIN
101
Next
100
Next
099
ARIN
096
ARIN
117
APnic
118
APnic
121
APnic
122
APnic
102
Next
103
Next
098
ARIN
097
ARIN
116
APnic
119
APnic
120
APnic
123
APnic
105
Next
104
Next
109
Next
110
APnic
115
APnic
114
APnic
125
APnic
124
APnic
106
Next
107
Next
108
ARIN
111
APnic
112
APnic
113
APnic
126
APnic
059
APnic
058
APnic
005
Reserved
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Reserved
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
Reserved
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Reserved
033
US DoD
032
AT&T
031
Reserved
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Reserved
036
Reserved
027
Reserved
024
Cable
023
Reserved
020
CsC
127
Loopback
042
Reserved
041
AFRNic
038
PSI
037
Reserved
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
ARIN
174
ARIN
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Reserved
182
Reserved
185
Reserved
186
LACnic
180
Next
183
Next
184
ARIN
187
LACnic
179
Next
178
Next
189
LACnic
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Reserved
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Next
176
Next
177
Next
190
LACnic
191
Various
192
Various
195
RIPE
196
AFRnic
197
AFRINic
250
Class E
251
Class E
252
Class E
255
Class E
41. 01/30/15 41
IPv4 Address Fractal Map Jan-2011
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar
085
RIPE
084
RIPE
083
RIPE
080
RIPE
079
RIPE
078
RIPE
065
ARIN
086
RIPE
087
RIPE
082
RIPE
081
RIPE
076
ARIN
077
RIPE
066
ARIN
064
ARIN
063
ARIN
060
APnic
067
ARIN
062
RIPE
061
APnic
089
RIPE
088
RIPE
093
RIPE
094
RIPE
075
ARIN
072
ARIN
071
ARIN
068
ARIN
049
Next
050
Next
090
RIPE
091
RIPE
092
RIPE
095
RIPE
074
ARIN
073
ARIN
070
ARIN
069
ARIN
101
Next
100
Next
099
ARIN
096
ARIN
117
APnic
118
APnic
121
APnic
122
APnic
102
Next
103
Next
098
ARIN
097
ARIN
116
APnic
119
APnic
120
APnic
123
APnic
105
Next
104
Next
109
Next
110
APnic
115
APnic
114
APnic
125
APnic
124
APnic
106
Next
107
Next
108
ARIN
111
APnic
112
APnic
113
APnic
126
APnic
059
APnic
058
APnic
005
Next
004
L3
003
GE
000
Reserved
056
US Postal
057
SITA
006
US DoD
007
ARIN
002
Next
001
Reserved
055
US DoD
054
Merck
009
IBM
008
L3
013
Xerox
014
Next
048
Prudential
051
UK DSS
052
El duPONT
053
Cap Debis
010
Private
011
US DoD
012
AT&T
015
HP
047
Bell North
046
Next
033
US DoD
032
AT&T
031
Next
030
US DoD
017
Apple
016
DEC
044
Radio
045
Interop
034
Haliburton
035
MERIT
028
US DoD
029
US DoD
018
MIT
019
Ford
043
Inet
040
Eli Lily
039
Next
036
Next
027
Next
024
Cable
023
Next
020
CsC
127
Loopback
042
Next
041
AFRNic
038
PSI
037
Next
026
US DoD
025
UK Defense
022
US DoD
021
US DoD
149
Various
148
Various
150
Various
151
Various
153
Various
152
Various
154
Various
155
Various
147
Various
144
Various
146
Various
145
Various
157
Various
158
Various
156
Various
159
Various
165
Various
164
Various
166
Various
169
Various
170
Various
167
Various
168
Various
171
Various
163
Various
160
Various
162
Various
161
Various
173
ARIN
174
ARIN
143
Various
142
Various
140
Various
141
Various
139
Various
136
Various
138
Various
137
Various
129
Various
128
Various
130
Various
135
Various
134
Various
131
Various
132
Various
133
Various
181
Next
182
Next
185
Next
186
LACnic
180
Next
183
Next
184
ARIN
187
LACnic
179
Next
178
Next
189
LACnic
188
Various
213
RIPE
214
US DoD
217
RIPE
218
APnic
212
RIPE
215
US DoD
216
ARIN
219
APnic
211
APnic
210
APnic
221
APnic
220
APnic
208
ARIN
209
ARIN
222
APnic
223
Next
229
Multicast
228
Multicast
227
Multicast
224
Multicast
230
Multicast
231
Multicast
226
Multicast
225
Multicast
233
Multicast
232
Multicast
237
Multicast
238
Multicast
234
Multicast
235
Multicast
236
Multicast
239
Multicast
207
ARIN
204
ARIN
203
APnic
202
APnic
206
ARIN
205
ARIN
200
LACnic
201
LACnic
245
Class E
246
Class E
244
Class E
247
Class E
243
Class E
242
Class E
240
Class E
241
Class E
192
RIPE
194
RIPE
199
ARIN
198
Various
249
Class E
248
Class E
253
Class E
254
Class E
172
Various
175
Next
176
Next
177
Next
190
LACnic
191
Various
192
Various
195
RIPE
196
AFRnic
197
AFRINic
250
Class E
251
Class E
252
Class E
255
Class E
42. 01/30/15 42
Wide Area Network
As a Layer 3 Service
• The prevalent solution
– Service offered by a Service Provider (SP)
– Transfer IP packets from your site to another site
• Customers does not care about routing
– Looks like the Internet but more € but with quality defined (see later)
– Typical technology: MPLS (also called IP service)
SP Layer 3
Services
SP manages
Layer 1: cable
Layer 2: Ethernet or ...
Layer 3: addressing and routing
Easier for enterprise
Fixed budget...
... But you loose control
43. 01/30/15 43
Wide Area Network
Layer 3 Service or In House Network?
SP Layer 3
Services
44. 01/30/15 44
Layer 3 Service
Pros and Cons
• Pros
– Outsource the WAN to SP: no more CAPEX, reduce
OPEX
– Easier to deploy
– Easier international WAN
• Specially in weird countries
• Cons
– Lost of network ownership
• Could be impossible for some business
– Need to check quality of delivered service (SLA see
later)
• NB: the cost is not a deal breaker usually
45. 01/30/15 45
What about Congestion?
• Congestion: too many packets arriving in atoo many packets arriving in a
router/switchrouter/switch
– Specially when input throughput > output
throughput
– Routers/switches will store the peak in memory
• Issue: packets wait in queue, longer delay
– Memory exhausted? dropping packets
• Issue: packets are lost forever (hence the need of TCP for
retransmission)
ADSL Router
100 Mbps =
100.000 pps
1 Mbps =
1.000 pps
46. 01/30/15 46
Quality of Service: QoS
• QoS is a sense of quality for packet transfer
– Packet loss: due to congestion or frame corruption
(rare)
– Latency (or delay): the time to transfer data from
source to destination
– Jitter: variation of the delay (see next slide)
48. 01/30/15 48
How to Guarantee QoS?
• Classify & mark
– Each IP packet is marked with its priority
(precedence)
• The is a byte reserved for it in IP packet
• By the host
• By a network device based on TCP/UDP ports
• Enforce
– Make different queues: routine, normal, priority, ...
– In case of congestion
• Drop packets from routine queue
• Always process priority packets first
– Think about fire trucks in traffic jam
50. 01/30/15 50
Service Level Agreement: SLA
• This is the contract between
– A customer
– A provider
• About
– Penalties (discount) when SLA not met
– Quality of service:
• Data traffic: packet loss, latency, jitter
• Availability:
– 99,999% availability is 5 minutes down per year
– Maintenance window (scheduled network down) don’t count
• Change request: time to establish a new circuit
Never forget to put SLA
in any service
Never forget to put SLA
in any service
52. 01/30/15 52
100% Security
“
”
The only system which is truly secure is
one which is switched off and unplugged,
locked in a titanium lined safe, buried in a
concrete bunker, and
is surrounded by nerve gas and very highly
paid armed guards. Even then,
I wouldn’t stake my life on it….
Gene Spafford—Director, Computer Operations, Audit, and Security
Technology (COAST), Purdue University
53. 01/30/15 53
Risk Assessment in 2006
In the 2004 CSI/FBI survey (481 US
organizations):
Over 52% reported security breaches.
Reported security incidents totaled losses over
$52 million. in decrease
Highest source of loss was virus – over $15
million alone followed by unauthorized use $10
million.
Of the top causes of loss, insider misuse of
resources was in top 3.
-Source: CSI/FBI 2006 Computer Crime & Security Survey
54. 01/30/15 54
Insiders…
“
”
Over 75% of hacking is done by insiders
and it’s easy to see why. The person on
the inside is on the right side of the
firewall—they know the computer
systems and they have access to the
passwords
Neil Barrett, Bull Information Systems,
‘Computer Crime Fighter’—Personal Computer World, Feb 1999
55. 01/30/15 55
Regulations and Compliance...
• EU directives on data protection & privacy
– Identity Theft legislation, Personal Data Protection (Directive
95/46/EC on the protection of personal data)
• Sarbanes Oaxley
– Mainly for US companies (listed on Wall Street)
– But also for their WW partners
• Section 302 requires CEO and CFO to make quarterly and annual certifications
regarding company’s internal control over financial reporting.
• Section 404 requires management assessment and audit report regarding
management’s assessment.
• Basel II
• Payment Card Industry Data Security Standard: PCI
DSS
• Even ISO 27001 (or BS 7799)
56. 01/30/15 56
Facts about PCI DSS
• Published January 2005
– v1.1 released Sept 7, 2006
– All new audits must use
v.1.1
• Impacts ALL who
– Process
– Transmit
– Store: cardholder data
• Developed by MasterCard
and Visa, endorsed by
other brands
• Global reach
– Account Information
Security (AIS) regulation
outside of US
Payment Card Industry Data
Security Standard
January 2005
57. 01/30/15 57
The Principles of Security: C I A
I
C
A
Confidentiality
- Ability to ensure secrecy
Availability
-Of service
-Of data
Integrity
- Ability to ensure asset/data
in not modified
security
62. 01/30/15 62
Handling Risk…
• Transfer: to an insurance company
• Reduce: implement countermeasure(s)
– Also called controls
• Rejecting/Ignoring: foolish…
• Accepting: when cost of CM does not make
sense
63. 01/30/15 63
Controls
• Administrative controls
– Policies, standards, procedures
– Screening personnel, education
• Technical controls
– Access control, encryption, security devices
• Physical controls
– Facility protection, security guards, locks,
monitoring, intrusion detection
• All the above to protect company assetsAll the above to protect company assets
64. 01/30/15 64
Technical Control:
Access Control
• SubjectSubject
– Active entity
– Request access
– E.g.: users, program, process, …
• Object:Object:
– Passive entity
– Contain information or other objects
– E.g.: computer, disk, file, …
• Access:Access:
– Flow of information between subject and object
• Access Control:Access Control:
– Mechanisms to control the access
65. 01/30/15 65
Access Control
Id, Authen, Author, Account
• Consecutive steps for access control
1. Identification: who are you ?
2. Authentication: prove it !
3. Authorization: what can you do ?
4. Accounting/Auditing: what have you done ?
(after the object access)
• Sometimes called AAAAAA for Authentication,
Authorization and Accounting
67. 01/30/15 67
Some Words on Cryptography
• Encryption/decryption
– mathematical functions with 2 parameters
• Message (plain text or cipher text)
• Key
– Strength: linked to function and size of key
– Two classes of crypto systems
• Symmetric crypto systems: encryption key = decryption key
• Asymmetric crypto systems: encryption key decryption≠
key
68. 01/30/15 68
Technical Controls
More Words on Crypto
• Symmetric cryptosystems
– Current minimum key size: 128 bits
– Examples: AES (from Belgium), RC4
– Very fast: 1 Gbps
– Issue: how can we safely share a key?
• Asymmetric cryptosystems
– Current minimum key size: 2048 bits
– Examples: RSA
– Very slow: 100 kbps
– No shared key, easy to deploy
– Mainly used for signatures (non reputable proof of origin) or
for authentication (who you are)
69. 01/30/15 69
Crypto on Networks
• IPsec
– Used to encrypt all IP packets between two
routers/hosts
– Virtual Private Network (VPN)
• Linking remote branches over the public Internet
• Linking a remote user over the public Internet
• Secure Session Layer (SSL)
– Used to encrypt a single TCP (like HTTP)
connection
• https:// allows for e-commerce
• Also used for remote user over the public Internet
Cryptography alone is
NEVER ENOUGH
to guarantee security!
Cryptography alone is
NEVER ENOUGH
to guarantee security!
70. 01/30/15 70
Technical Controls
Perimeter Security and Firewalls
• Security often relies on segregation of security
domains
– Trusted
– Untrusted: Internet, …
• Trusted domains are protected by a perimeter
– Hence the term of security perimeter
• When a point of passage between domains is
required
– Firewall: security policy enforcement
73. 01/30/15 73
Technical Controls: Firewalls
Deep Packet Inspection
• More and more protocols run over HTTP
– SOAP (= XML over HTTP)
– …
• Security policy must be enforced for those new
protocols
need to also inspect the payload of HTTP
• This is called Deep Packet Inspection
75. 01/30/15 75
Why Voice over IP?
• Before voice had a separated network
• If voice is over IP then
– Single network to operate (or to outsource)
– Toll by-pass:
• Data communication is usually cheaper than voice communication
– More functions in phones
• Video
• User directory
– Data and voice applications can merge
• Voice mail
• Web conferencing
• Customer Relation Management systems
76. 01/30/15 76
Voice Payload
Voice PayloadRTP
Voice PayloadRTPUDP
Voice PayloadRTPUDPIP
1. Transform usual voice (analog) in digital with CODEC
2. Cut voice in small chunks
3. Transport those chunks over IP
Voice in an IP Packet
77. 01/30/15 77
Analog Audio Source
= 0101
G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0
Everything
Is Bits
Sample
Compand
Quantize
Encode
Frame
4000 Hz
Analog
Signal
=
Sample 8,000/sec
Nyquist Frequency
Quantize 256 Steps
Using 8 Bits
DS0
64 Kbps
What Is a CODEC?
Analog to Digital Conversion
78. 01/30/15 78
IP Telephony vs. Voice over IP
• IP telephony is a super-set of services over IP
– Pure Voice over IP transport
– Conferencing
– Voice mail
– ...
79. 01/30/15 79
Network Requirements for Voice
• Power over the Ethernet
– No need for power cord for the phone
• Quality of service
– Voice is delay sensitive (< 150 msec)
• Other issue
– Relationships between
• Network department
• Voice department
80. 01/30/15 80
The Skype Service
• P2P based VoIP software
• Founded by the founders of
Kazaa
• Can be downloaded free at:
– http://www.skype.com
• Services
– Both paid and free services
available
– Free
- Instant Messaging
- Voice and Video
communication (PC to PC)
A typical Skype user interface
81. 01/30/15 81
Skype Architecture
Hierarchical P2P
architecture but
involves a central
Skype authority for
registration and
certification
services
Skype Architecture: Normal peers, super
nodes, and centralized Skype server
82. 01/30/15 82
Should You Use Skype?
• If you can answer yes to four questions:
– Are you willing to circumvent the perimeter controls of your
network?
– Do you trust the Skype developers to implement security
correctly (being closed-source)?
– Do you trust the ethics of the Skype developers?
– Can you tolerate the Skype network being unavailable?
84. 01/30/15 84
What is Virtualization
• Separation of location and services
– Services can run anywhere
– Users cannot see the difference
• Corollary
– Several services in the same location
86. 01/30/15 86
Why Virtualization
• Flexibility
– Can add a new server/service in less than 1 second
– Can move a service to a better server
• Being faster, more secure, cheaper
• Cost efficiency
– Share a physical €€€ server by several application
• Green
– No need to power 10 servers for 10 services if all
10 services can run on a single server
87. 01/30/15 87
“By 2008, 50% of Today’s Data Centers Will Have Insufficient Power
and Cooling Capacity to Meet the Demands of High-Density Equipment”
Data Center Trends
Days to Deploy Applications
Server/Storage Utilization
Annual Storage Growth
DC Records Retention (Years)
DC Power and Cooling Costs
Data Center Operations
Source: Gartner, 2008
60–180
< 25%
40–400%
7–10
~ 25–30%
> 30%
88. 01/30/15 88
Data Center Virtualization
• Enables consolidation or sharing of
physical assets to increase utilization
Reduces physical devices and cabling, space,
power, and cooling
Enables rapid deployment and redeployment of
resources to meet business objectives
89. 01/30/15 89
Consolidation of physical SANs
Improved storage utilization
Greater flexibility
Storage Virtualization
Consolidation of physical servers
Improved server utilization
Greater flexibility
Server Virtualization
Network Virtualization
Data Center Virtualization
• Consolidation of physical
networks
• Greater flexibility
• Improved capacity utilization
OS
App
Hypervisor
OS
App
OS
App
OS
App
OS
App
Network
Virtualization
Storage
Virtualization
Server
Virtualization
90. 01/30/15 90
Network Virtualization
• The basis of other virtualization
– Virtual LAN: sharing an Ethernet switch for several
independent LAN
– Virtual Private Network (VPN) sharing a WAN
infrastructure among several independent WAN
91. 01/30/15 91
Storage Virtualization
• Network Attached Storage
– Attaching a hard-disk to ONE computer via
USB/Network
– NOT a real virtualization: computer is aware of the
remote disk
• Storage Area Network (SAN)
– Attaching hard-disk to SEVERAL computers via
network
– Virtualization because computers are unaware of
the disks being remote
– Network must be really fast: Infiniband or Fibre
Channel
92. 01/30/15 92
Why SAN?
• Virtualization allows
– Sharing disk
– Adding storage easily without disruption
– Single place for all storage
• Easier to secure
• Easier to take back-up
– Storage is no more local to the computer
• Can move the computer and keep the same disk
• Important when the computer becomes virtual
93. 01/30/15 93
Storage Volume Virtualization
• Adding more storage requires administrative
changes
• Administrative overhead, prone to errors
• Complex coordination of data movement
between arrays
Target
SAN
Fabric
Initiator
Initiator Target
94. 01/30/15 94
SAN
Fabric
Storage Volume Virtualization
• A SCSI operation from the host is mapped in
one or more SCSI operations to the SAN-
attached storage
• Zoning connects real initiator and virtual target
or virtual initiator and real storage
•
Virtual Volume
2
Virtual
Target 1
VSAN_10
Virtual Volume
1
Virtual
Target 2
VSAN_20
Virtual
Initiator
VSAN_30
Virtual
Initiator
VSAN_30
Initiator
VSAN_20
Initiator
VSAN_10
95. 01/30/15 95
Server Virtualization
• Multiple Computers inside a Computer
– Guest OS can be different than host OS
– Guest machines are isolated by default
CPU
m
em
ory
Modified Stripped
Down OS with
Hypervisor
Guest OS
App
VM
CPU
m
em
ory
Host OS
VM
Hypervisor
VMware Microsoft
Guest OS
App
Guest OS
App
Guest OS
App
96. 01/30/15
VMware Virtualization Layer
Virtual Server Migration
• VMotion, aka VM Migration
allows a VM to be reallocated on
a different Hardware without
having to interrupt service.
• Downtime in the order of few
milliseconds to few minutes,
not hours or days
• Can be used to perform
Maintenance on a server,
• Can be used to shift workloads
more efficiently
VMware Virtualization Layer
OS OS
Console
OS
OS
App. App. App.
CPU
m
em
ory
CPU
m
em
ory
Console
OS
Hypervisor Hypervisor
97. How to Deploy a Network?
Or the right questions to be asked?
98. 01/30/15 98
Basic Networking
• IPv6 Readiness
• Addressing (mainly technical)
– Use of DHCP?
– Important for mobile user
• Routing (mainly technical)
99. 01/30/15 99
Levels of Security
• Does the security policy include network?
• Risk management: assets, confidentiality
requirements
– Specific requirements for some business: Basel II,
PCI
• Which are my security domains?
– HR
– Sales?
– Guests
– What about contractors?
100. 01/30/15 100
QoS
• Do you need QoS in your network?
– Probably for IP telephony
• What are my critical application?
– ERP?
– Emails?
– Back-up?
101. 01/30/15 101
High Availability
• Availability is usually important
• Redundancy
– Hot or cold standby?
– Redundant links?
– Redundant Service Providers?
• What are your disaster recovery procedure?
102. 01/30/15 102
Open Standards
• Pros
– Competition means lower price
– Can switch vendors easily
• Cons
– Having multiple vendors cost a lot of € (training the
operators and users)
– Lagging (not leading edge)
• Be prepared for some compromise
– But ask your vendor for commitment to support
future standards
103. 01/30/15 103
Future Proof...
• Find the balance between
– Proven technologies: but obsolete in a few years
• Think IPv4 vs. IPv6
– Leading edge technos: but unstable and expensive
105. 01/30/15 105
Outsourcing Network
• Pros
– Reduces CAPEX
– Improves balance sheet
• Cons
– Your business relies on another party (could go
bankrupt or be acquired by competitor)
– Less flexibility
– Long process cycle
• Never forget about SLA in the contract
106. 01/30/15 106
Outsourcing Web Portal
• Pros
– Learning curve pretty small
– Cheaper (CAPEX & OPEX)
– More secure (no link to your real data)
• Cons
– Less control
– No access to your life data
• No e-business
107. 01/30/15 107
Green Impact
• A tornado since early 2008
• Sometime a simple excuse to reduce cost
• Power consumption
– Faster means more power means more cooling...
– Data Center location is no more based on salary but
power stability & price
– Turn off devices when not in use: RFID, electronics,
...
– Reduce consumption => slower device?
– SHARE equipment: importance of virtualization
&lt;number&gt;
Transcript:
Okay, so that&apos;s sort of our vision of how to put solutions together, how far have we gotten, we&apos;ve got solutions defined as verticals and horizontals. So there&apos;s actually seven different verticals that we have defined and we&apos;re working on more. Let me pick a couple of examples here. Let&apos;s say in the EDA space, so when we say we have a solution, one of the things we have is a customer facing deck. So it&apos;s easy for you folks to go, our EDA deck for example has all the scripts, but we also have people that have implemented this or put the deck together. So it&apos;s very targeted to the customer set. And if you look at the benefits, actually across all the markets, shorten time to tape-out, improve yield, reduce time to market for new products in the manufacturing space. One of the really exciting things about high-performance computing is the benefits are directly tied to a customer&apos;s revenue. It&apos;s not often that we can go and tell a customer, Customer we have a solution if you implement this, you can improve your top line. This is a very fundamental powerful solution, a message that Cisco can bring when you sort of couple it together with the integrated solution, we believe this is extremely valuable. Sorry, I lost my train of thought there, but one of the things -- I used to work at Goldman Sachs for many years. One of the things that&apos;s very valuable for an IT individual who gets this kind of message is to go to the business and say I&apos;ve got this message. So your IT contacts are going to love the fact that you&apos;re bringing them this kind of a message. So when you think about the customers in your space, please think about who fits into one of these buckets. And even I would argue -- even if they don&apos;t buy a lick of this stuff. The fact that you can go in and show that you understand this space, show that you understand the business problem that they have. And the fact that you have a solution that ties into their top line is a powerful message that you can leverage for any of your products. And as you can see here in each of these spaces, we&apos;ve called out specific customers that have implemented this.
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
If not, the information regarding which host is where is going to increase dramatically.
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
The Payment Card Industry is a consortium of multiple credit card companies.
In essence, PCI is different than legal regulatory compliance because it was created by the card brands, not legislature. This makes the standard much easier to read and understand (it’s 12 pages in total), and is more detailed than the government standards.
Important is that it applies to more than just processing credit cards. It also applies to 3rd party hosting companies, information storage companies, etc.
PCI is NOT specific to retail only – it’s applicable to ANY industry that touches credit cards – i.e.. Most of them!
This is not US specific, it is global. However, the fines and enforcement have not reached outside the US – yet.
Each card brand – VISA, MC, Discover, etc have their own security programs. This includes the PCI standard, but has the process of reporting security breach, assessment questions, programmatic information, etc. They all are built upon the PCI standard though.
To date: less than 25% Level 1 merchants are compliant. The other 75% have submitted their initial Report on Compliance.
Unauthorized access to data
Confidentiality
Password theft
Data corruption
Data is tampered in transit
Data is altered to change the eventual outcome
&lt;number&gt;
Preventing authorized people from using a service
Using up all of the resources
SYN attacks
Finger attacks
Mailbombing
Killing the service
Ping o’ death
udp attacks
&lt;number&gt;
l
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
However, although IT has been an enabler that has driven significant increases in productivity, the data center, where IT systems and data are housed, may now be an inhibitor to business growth. Several factors are now coming into play that limit, and in some cases prevent, IT’s ability to meet business objectives. What can be seen is that there are a mixture of factors that singly, or in combination can significantly limit business top- and bottom-line growth.
DAYS TO DEPLOY APPLICATIONS
Delays in deploying new applications reduce productivity and can reduce the window of opportunity for competitive advantage. In many cases this is due to limitations with:
Space
power and cooling or
limitations with acquiring or deploying storage and server assets.
SERVER / STORAGE UTILIZATION
Server and storage assets are often aligned with applications or business units that often leads to duplicated, siloed resources that are significantly underutilized and cannot be easily shared.
It should be noted that assets that are underutilized need the same power as those that have higher utilization.
This has a direct affect on a business’ ability to respond to changing business conditions to achieve top-line growth, and also affects the bottom-line as under-utilized assets consume space, power and cooling that could be used for new applications.
ANNUAL STORAGE GROWTH
Storage is growing at anywhere between 40% and 400%, often driven by new regulatory mandates such as Sarbanes-Oxley, Gramm-Leach-Bliley, which demand longer and more stringent data retention. This places greater stress on the data center environment, especially if storage infrastructure is siloed and under-utilized as spare capacity cannot be easily shared…
DC POWER & COOLING COSTS
Modern data center technologies such as multicore CPU servers and blade servers require more power and generate more heat, and moving to new technologies can significantly impact data center power and cooling budgets. Additionally, Under-utilized assets – servers and storage –require power and cooling at 100%. As more and more infrastructure is added, it is little wonder that power and cooling is now becoming a significant portion of IT budgets. This is also starting to impact DC operational budgets that are now an increasing part of the overall IT budget (&gt;30%) and rising.
Branch office
Although branch offices are not data center, branch offices typically have mini-IT infrastructure – typically 6 servers – to deliver application services and consequently share many common challenges with the data center: long deployment cycles, under-utilized assets, data management and security & compliance challenges, and inconsistent back-up and restore.
The problems posed by these demands has been largely driven by ad-hoc acquisition of applications and systems in reaction to prevailing market conditions that has lead to an Accidental Architecture of IT systems and organizational alignments. This plus developments in newer, data center technologies, such as high performance servers with multi-core technologies, are now driving data center obsolescence as they simply cannot accommodate modern data center technologies, nor modern application trends…
&lt;number&gt;
&lt;number&gt;
Transcript:
So at the end of the day, this presentation, we&apos;ll focus on network virtualization from a data center front-end standpoint on the server virtualization itself and on the storage virtualization of the backend. So to give you a broad perspective. So just pull your seatbelts, and let&apos;s go to the journey.
&lt;number&gt;
Transcript:
Another key concept when dealing with designs for VMware is migration. So everybody knows about VMotion. So this is a key concept because it has certain implications when you&apos;re planning for the network. So first of all, what does VMotion do? It allows you to move a VM, virtual machine, from an ESX host to another ESX host while the client is still performing transaction to the VM and so the client doesn&apos;t notice any disruption. There are different advantages of having this technology in place. You can take a server into maintenance mode so that you can change hardware, fix things. And prior to doing that, you want the VM to automatically go to another host so that users will still be able to perform transactions and eventually you can do whatever you need to do on the host. So that&apos;s one use of it. The other use has to do with the fact that you can create a pool of machines and then you can run a VM on the most appropriate machine. So if you specify the resource requirements of a given VM, then when you launch the VM, you can make sure it&apos;s going to be started on the most appropriate hardware based on how much CPU is being utilized, how much memory is available. And then it&apos;s all done for you by technology which is called DRS, the Dynamic Resource Scheduler. On top of that, you can move that VM over time to the machine that has the best resources available. So that can change over time and you don&apos;t want the users to see that the machine is moving and so that happens behind the curtains. So that is migration. Now there are two different key types of migrations and this is something to keep in mind because it has significant implications on which kind of network you&apos;re planning for. So there&apos;s the regular migration which is the migration of a powered-off VM which is you basically say, I want to associate a VM with a given ESX host. And that VM is going to be started off of a different ESX host. Then there is the other concept of VM which requires its own license which is the VMotion migration which is the migration of a VM that is powered on while the user is performing interactions with this VM. So the aspect that poses most quote, unquote, challenges for us is the VMotion migration because basically, you have to guarantee that during the migration, there&apos;s no interruption of service to the VM that is moving.
Author’s Original Notes:
Explain the requirements, similar CPUs, etc…