Russ White

Russ White

Network Architect at LinkedIn
Joined on July 21, 2016
Total Post Views: 46,372

About

Russ White is a network architect at LinkedIn, where he works on next generation data center designs, complexity, and security. He is active in the IETF and ISOC, is an active writer, and a widely traveled speaker. Russ holds an MSIT from Capella University, an MACM from Shepherds Theological Seminary, is in progress on an Ph.D. from Southeastern Baptist Theological Seminary, CCIE #2635, CCDE 2007:001, and the CCAr. You can find him at http://www.rule11.us.

Featured Blogs

In Response to Offensive Destruction of Attack Assets

It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to "do something." The something that seems to be emerging is, however, not necessarily the best possible "something." Specifically, governments are now talking about attempting to "wipe out" the equipment used in attacks. more»

Mend, Don't End, the IETF

Is it time for the IETF to give up? Martin Geddes makes a case that it is, in fact, time for the IETF to "fade out." The case he lays out is compelling -- first, the IETF is not really an engineering organization. There is a lot of running after "success modes," but very little consideration of failure modes and how they can and should be guarded against. Second, the IETF "the IETF takes on problems for which it lacks an ontological and epistemological framework to resolve." In essence, in Martin's view, the IETF is not about engineering, and hasn't ever really been. more»

Into the Gray Zone: Considering Active Defense

Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including "the old magic bullet," the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate. more»

Reaction: Do We Really Need a New Internet?

The other day several of us were gathered in a conference room on the 17th floor of the LinkedIn building in San Francisco, looking out of the windows as we discussed some various technical matters. All around us, there were new buildings under construction, with that tall towering crane anchored to the building in several places. We wondered how that crane was built, and considered how precise the building process seemed to be to the complete mess building a network seems to be. more»

Blocking a DDoS Upstream

In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more»

Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more»

Dispersing a DDoS: Initial Thoughts on DDoS Protection

Distributed Denial of Service is a big deal -- huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, "tonight my network will not be impacted by a DDoS attack." more»

Is Proprietary Dead?

A new age of openness is coming upon us. At least that's what we're being told. For instance -- "The reign of closed solution suites is over, shifting to the rise of open, heterogeneous software ecosystems." Maybe it's my 30 years in the information technology business (how many people remember Thomas-Conrad ARCnet hardware?), but I'm not convinced. It's worth taking a moment to consider the case. more»

Death of Transit: A Need to Prevent Fragmentation

Way back in the olden days, folks decided that cities should invest lots of money in public transportation systems. The reasons were many fold, including reducing the number of individual vehicles being driven in too, and parked in, congested "downtown" areas, and increasing traffic to businesses in those areas, increasing their commercial viability. Many of these systems are sold to the public with the idea that they will (at least) break even against capital and operational expenses over time, but the reality is far different. more»

The Future of Software Patents

What should we do with software patents? I've seen both sides of the debate, as I work a great deal in the context of standards bodies (particularly the IETF), where software patents have impeded progress on a community-driven (and/or community-usable) standard. On the other hand, I have been listed as a co-inventor on at least 40 software patents across more than twenty years of work, and have a number of software patents either filed or in the process of being filed. more»

Complexity and Crashes

It's a familiar story by now: on the 8th of August, 2016, Delta lost power to its Atlanta data center, causing the entire data center to fail. Thousands of flights were cancelled, many more delayed, and tens of thousands of travellers stranded. What's so unusual about this event is in the larger scheme of network engineering, it's not that unusual. If I think back to my time on the Escalation Team at a large vendor, I can think of hundreds of situations like this. And among all those events, there is one point in common: it takes longer to boot the system than it does to fix the initial problem. more»

Hyperconvergence, Disaggregation, and Cloud: The Foggy Future of Network Engineering

The world of networking tends to be bistable: we either centralize everything, or we decentralize everything. We started with mainframes, passed through Lotus 123 hidden in corners, then to mini's and middleware, then to laptops, and now to the cloud, to be followed by fog. This particular cycle of centralization/decentralization, however, has produced a series of overlapping changes that are difficult to decipher. You can somehow hear someone arguing about disaggregation and hyperconvergence through the fog -- but just barely. more»

Topic Interests

Data CenterCloud ComputingNetworksLawWebCybersecurityCyberattackDDoSInternet ProtocolPolicy & Regulation

Recent Comments

Mitigating DDoS

Popular Posts

Is Proprietary Dead?

Blocking a DDoS Upstream

Dispersing a DDoS: Initial Thoughts on DDoS Protection

Hyperconvergence, Disaggregation, and Cloud: The Foggy Future of Network Engineering

Mitigating DDoS