IPv6 Security – Server Operating Systems

The DoD has done an excellent job in annotating the best security practices for operating systems for years with its Security Technical Implementation Guides, or STIGs.  In fact, STIGs for networking systems like routers, IDS/IPS, switches, devices, etc have been updated to reflect the new reality: IPv6.  However, with STIGs on the operating system there […]

Tachyon Dynamics Speaking on IPv6 NFV at the North American IPv6 Summit

Tomorrow, our very own Jeremy Duncan will be speaking on “IPv6 Best Practices in Network Functions Virtualization (NFV) with Vmware NSX,” tomorrow around 11:10 am MDT.  We are also here in the Denver Tech Center, so come on by and let’s talk!  We have a booth right in front of the main conference room. If […]

Tachyon Dynamics Sponsoring the 2015 North American IPv6 Summit

We are excited to announce Tachyon Dynamics is now a Silver Sponsor for the North American IPv6 Summit.  This summit has turned out to be the largest collection of IPv6 experts, vendors and enthusiasts in North America – we would argue the world.  So much great and new content will be talked about this year […]

IPv6 Whitebox Networking Presentation

We had a great time at the North American IPv6 Summit last week.  I recommend everyone check out the virtual downloads and sessions, as there was so much great content this year.  Most of this year’s excitement is how IPv6 intersects with things like Software Defined Networking (SDN), OpenStack, Whitebox networking, and Network Functions Virtualization […]

OSPFv3 Authentication Trailers – IPv6 Capitulations

A few weeks ago, the IETF updated the newest in a long line of what I like to call “IPv6 capitulations.”  Going on a rant here – the IETF fought long and hard to have a robust, secure, and interoperable protocol with IPv6.  This is one of the many examples where it is being systematically […]

Stopping Amplification DDoS Attacks – BCP38 Basics

The key to any secure network in stopping 100% of UDP-based DNS amplification DDoS attacks is simple: follow BCP38.  You ask, “but it’s 2014, and BCP38 came out in 2000, why bring it up?”  Well, simply not enough networks are following the Best Common Practice. Why I Bring Up BCP38 This last week saw the […]

Cisco OSPFv3 AF Authentication Fixed!

OSPFv3 AF Authentication is finally fixed! Unless you are a regular follower of this blog, you may not have heard that Cisco’s OSPFv3 with Address Families (AF) Authentication support was broken.  By broken I mean it took down OSPFv3 adjacencies.  Not good.  Read here for that article.  Anyway, I have been using the IOS-XE version […]

DNS: Back to Basics for Network Engineers

Speaking with quite a few network engineers in the last few months, I was shocked by the lack of real understanding of the Domain Naming System (DNS).  It shocked me because it is the singular application functionality that is entirely network-based.  Meaning that DNS is the foundation of the Internet, and from their perspective, should […]

Tachyon Dynamics helps NetApp Achieve DoD UC APL Certification

Fairfax, VA — (August 16, 2012) – NetApp, Inc. (NASDAQ: NTAP), a leader in data storage and storage provisioning enterprise and data center products achieved the Defense Department Unified Capabilities Approved Products List (UC APL) certification with the help of the Washington DC-based Information Technology firm: Tachyon Dynamics. NetApp received its certification as the first […]

World IPv6 Launch

World IPv6 Launch, as it is being called, is this year’s Internet Society IPv6 initiative meant to provide more IPv6 content saturation on the Internet. Similar to World IPv6 Day last June, but with one very key difference: they will be IPv6-enabled permanently! That’s right, no more white lists, no more ipv6.www, v6.www, or other […]

Authentication for OSPFv3 Address Family support in IOS-XE? Think again

Bottom line up front: Cisco has a broken implementation of OSPFv3 authentication. This story begins like many do with network engineers trying to do their best in implementing IPv6 after a thorough and exhaustive engineering exercise.  Cisco’s Aggregation Services Router (ASR) routing platform running IOS-XE, starting with version 3.1.0 until the most recent  3.09.02 S, […]

The Urgency Behind IPv6

A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space.  Enjoy! [youtuber youtube=’http://www.youtube.com/watch?v=oq0RxI1p6zc’] Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips […]

Secure and Affordable 2-factor authentication: Yubikey

In the DoD there is a strong requirement for 2-factor authentication in the network.  For systems and workstations they use a successful implementation with Public Key Infrastructure (PKI) and a DoD common access card (CAC) which has a client certificate.  The user has a PIN; therefore, 2-factor.   Nothing like this exists for network devices (routers, […]

Nexus vPC Peer-Link Interface Options

A colleague brought up a very important issue in regards to vPC survivability.  There are Nexus vPC Peer-Link interface options.  Take a look at the below diagrams.  As you can see, we have a big problem here with survivability that can often be overlooked: if the one single vPC layer-3 peer-link interface goes down for […]

Nexus 7000 IPv6 Configuration Pitfalls

I have recently started working in a datacenter configuring quite a few Nexus 7000 series switches to act mainly as datacenter access switches – mainly making use of the popular features of Virtual Device Contexts (VDCs) and Virtual Port-Channels (vPCs).  Well, IPv6 is a key part of the network environment. So for the last week, […]

2012 US Government IPv6 Mandate: The Day of Reckoning

Well, today is the day, or the last day I should say.  At midnight tonight, the US Government will have shut the books on yet another Fiscal Year.  Although, it’s not finances that has the technology industry glued to government tech news; it’s IPv6 adoption.  By the end of FY 2012, the entire US Government […]

Cisco IPv6 IOS Hardening – DoD Style

***Updated on 14 May 2014 – regarding NET-IPv6-022, See below*** Thousands of network engineers in the DoD out there looking at implementing IPv6 now have to address a few Security and Technical Implementation Guidance (STIG) items that they used to just annotate as “Not Applicable – NA.”  Now, IPv6 security is important.  If you are […]

Why 802.1x is Not Enough: How to Implement SeND – Part 2

Last month I presented the case as to why 802.1x authentication is not enough for local network (wired or wireless) security (go back here to read).  In this post I will present an alternative: IPv6 Secure Neighbor Discovery (SeND).  If you have an IPv6 enterprise, small IPv6 deployment, or a little IPv6 lab then pay […]

Why 802.1x is Not Enough: Use IPv6 SeND – Part 1

There’s been much debate in the IPv6 community regarding the abysmal support or IPv6 Secure Neighbour Discovery (SeND).  To get you up to speed on what IPv6 Secure Neighbour Discovery is think IPv6 + 802.1x-like + ARP security + PKI environment.  Later in this blog I’ll show you how to set up an IPv6 SeND […]

SDN, Open Flow and Cisco ONE: A First Look

Software Defined Networking (SDN) is the new buzzword in IT today.  It has become synonymous with things like cloud, cyber security, CDN, and yes even IPv6.  The curious thing is that they are all inter-related.  Open Flow, which is a specification of the Open Network Foundation, has defined this new phenomenon as something that, “enables […]

World IPv6 Launch: One Week Out

One week ago today (6 June 2012), the Internet Society (ISOC) led the charge on a voluntary initiative called World IPv6 Launch.  Participating in this event were: five home router vendors, 77 Internet Service Providers, and 3,013 websites.  By signing up as a website or ISP, you were committing to enabling IPv6 on your network […]