馬嘶的網路大道

http://labs.bigswitch.com/ 有空還是要玩玩看, 一個是全專屬架構,有了rest API和controller就說自己是SDN了 另一個是whitebox switch+agent, 也是自己的controller, 看從何角度看 http://blog.ipspace.net/2015/02/big-cloud-fabric-scaling-openflow-fabric.html ARP還好, 實體機或虛機接入就有agent來看 OAM才是挑戰 The only way to solve this one is to run some OAM protocol between adjacent switches, and doing that through the controller every 100 msec with  packet-out  and  packet-in  messages won’t get you very far in terms of scalability.

http://www.msxiaoice.com/DesktopLanding

http://onosproject.org/ 其實除了ODL與ONOS這種重量級的, ryu這種輕量級的我相 信還是有用武之地 在重量級的平台要搞java, 看到maven的設定就昏了

Security firewall ngfw ips swg apt sandbox waf adc lb slb llb http cache proxy diameter backhaul fronthaul ipsec dmvpn openflow p4 openstack vmware vcenter nsx neutron coreos karaf opendaylight onos slicing wireshark apm rum elk snort bro fabric nbi sbi netconf yang md sal python go dpi openvswitch vxlan urlf linux docker pentest aci vpc ryu R kvm JS json MPLS NFV MANO

https://www.sdxcentral.com/articles/news/dells-os10-is-a-platform-play-that-goes-beyond-networking/2016/01/

http://p4.org/p4-bootcamp-1/

http://p4.org/ 不只能看標準的封包 就表示想要有能力 看懂自己發明的封包(在中間)

http://www.sdnlab.com/15659.html

http://solomo.xinmedia.com/travel/60292-OHYA?utm_source=xintravelfb&utm_medium=fbpost&utm_campaign=xinmedia

https://www.gartner.com/doc/2635018/security-leaders-address-threats-rising SSL outbound全解一定是必定的方向, 在入口和出口又搞一堆三明治 (router/switch/ADC/SLB sandwich) FW/IDP一開SSL decrypted效能就掉80% 基本上是無用的 inbound依調查看來是有90%, 但不必是為了安全, 多是為了offload SSL pinning 又防MITM, 然後又搞whitelist, 搞安全真是追來追去團團轉

TCP anycast??

http://docs.fortinet.com/uploaded/files/2021/fortigate-cookbook-52.pdf

https://datatracker.ietf.org/wg/sfc/documents/

https://ripe70.ripe.net/presentations/29-RIPE-BIERv4.pdf

you need to be an idiot to be a nation state-level attacker and to use malware that F**ye catches. ~from appsec is eating security