Chris Grundemann is a passionate, creative technologist and a strong believer in technology’s power to aid in the betterment of humankind. In his current role as Managing Director at Grundemann Technology Solutions he is expressing that passion by helping technology businesses grow and by helping any business grow with technology.
Chris has been using technology, marketing, and strategy to build businesses and non-profit organizations for two decades. He holds 8 patents in network technology and is the author of two books, an IETF RFC, a personal weblog, and a multitude of industry papers, articles, and posts.
Chris is the lead research analyst for all networking and security topics at GigaOm and is the co-host of Utilizing AI the Enterprise AI podcast. He is also a co-founder and Vice-President of IX-Denver and Chair of the Open-IX Marketing committee. Chris has given presentations in 34 countries on 5 continents and is often sought out to speak at conferences, NOGs, and NOFs the world over.
Currently based in West Texas, Chris can be reached via Twitter.
Except where otherwise noted, all postings by Chris Grundemann on CircleID are licensed under a Creative Commons License.
Two of the hottest trends in networking today are network dis-aggregation and SDN. This is great for many reasons. It's also confusing. The marketing hype makes it hard to understand either topic. SDN has become so vague that if you ask 10 experts what it means, you are likely to get 12 different answers. Network dis-aggregation seems straightforward enough until it gets confused with SDN. We need to take a step back. In a recent Packet Pushers blog post; I start with a simple explanation of each of these trends and then map how they interact. more
I attended AWS re:Invent 2016 about three or four weeks ago. Being new to both AWS and to re:Invent I was an outsider again, observing with virgin eyes. This means I learned a lot. Hopefully it means I saw things a bit differently than those more fully entrenched in this new community. So while others have long since covered the product announcements and other major news from the event, I'll take this opportunity to touch on some of the things that struck me as descriptive and/or indicative of the greater trends at play here. more
I believe in the Internet As an ideal. As a web of human minds. As a wonder of the world, not built through totalitarian control but rather through fierce coopetition. As a technological pillar held up by a newer, better, governance structure. As the facilitator of knowledge sharing and communication on a level so advanced that it would appear supernatural to folks living just a century ago, or less. I worry for the Internet While it has been a major disruptive force, it is also susceptible to the existing paradigm. more
After a quick break to catch our breath (and read all those IPv6 Security Resources), it's now time to look at our tenth and final IPv6 Security Myth. In many ways this myth is the most important myth to bust. Let's take a look at why... Myth: Deploying IPv6 Makes My Network Less Secure... I can hear you asking "But what about all those security challenges we identified in the other myths?" more
We are approaching the end of this 10 part series on the most common IPv6 security myths. Now it's time to turn our eyes away from security risks to focus a bit more on security resources. Today's myth is actually one of the most harmful to those who hold it. If you believe that there is no good information out there, it's nearly impossible to find that information. So let's get down to it and dispel our 9th myth. more
Most of our IPv6 Security Myths are general notions, often passed on unwittingly between colleagues, friends, conference attendees, and others. Today's myth is one that most often comes specifically from your vendors or suppliers. Whether it's a hardware manufacturer, software developer, or Internet Service Provider (ISP), this myth is all about trust, but verify. more
This week's myth is interesting because if we weren't talking security it wouldn't be a myth. Say what? The phrase "96 more bits, no magic" is basically a way of saying that IPv6 is just like IPv4, with longer addresses. From a pure routing and switching perspective, this is quite accurate. OSPF, IS-IS, and BGP all work pretty much the same, regardless of address family. Nothing about finding best paths and forwarding packets changes all that much from IPv4 to IPv6. more
Here we are, half-way through this list of the top 10 IPv6 security myths! Welcome to myth #6. Since IPv6 is just now being deployed at any real scale on true production networks, some may think that the attackers have yet to catch up. As we learned in Myth #2, IPv6 was actually designed starting 15-20 years ago. While it didn't see widespread commercial adoption until the last several years, there has been plenty of time to develop at least a couple suites of test/attack tools. more
Internet Protocol addresses fill two unique roles. They are both identifiers and locators. They both tell us which interface is which (identity) and tell us how to find that interface (location), through routing. In the last myth, about network scanning, we focused mainly on threats to IPv6 addresses as locators. That is, how to locate IPv6 nodes for exploitation. Today's myth also deals with IPv6 addresses as identifiers. more
Here we are, all the way up to Myth #4! That makes this the 4th installment of our 10 part series on the top IPv6 Security Myths. This myth is one of my favorite myths to bust when speaking with folks around the world. The reason for that is how many otherwise well-informed and highly experienced engineers, and others, hold this myth as truth. It's understandable, really. more
We're back again with part 3 in this 10 part series that seeks to bust 10 of the most common IPv6 security myths. Today's myth is a doozy. This is the only myth on our list that I have seen folks raise their voices over. For whatever reason, Network Address Translation (NAT) seems to be a polarizing force in the networking world. It also plays a role in differentiating IPv4 from IPv6. more
Last June I wrote an article titled "The IETF's Other Diversity Challenge" where I discussed the positive steps the Internet Engineering Task Force (IETF) is taking to increase the diversity of its participants and raised a potentially overlooked demographic: Network Operators. That essay was a problem statement of sorts, and I was long ago taught that you should only raise problems that you have a solution for, or are at least willing to help solve. more
Today we continue with part 2 of the 10 part series on IPv6 Security Myths by debunking one of the myths I overhear people propagating out loud far too much: That you don't need to worry about security because IPv6 has it built into the protocol. In this post, we'll explore several of the reasons that this is in fact a myth and look at some harsh realities surrounding IPv6 security. more
Now that IPv6 is being actively deployed around the world, security is more and more a growing concern. Unfortunately, there are still a large number of myths that plague the IPv6 security world. These are things that people state as fact but simply aren't true. While traveling the world, talking to the people who've already deployed IPv6, I've identified what I believe are the ten most common IPv6 security myths. more
The Internet Engineering Task Force (IETF) is the standards body for the Internet. It is the organization that publishes and maintains the standards describing the Internet Protocol (IP -- versions 4 and 6), and all directly related and supporting protocols, such as TCP, UDP, DNS (and DNSSEC), BGP, DHCP, NDP, the list goes on, and on... But how do they do that? How does the IETF produce documents, and ensure that they are high quality, relevant, and influential? more
It has now been about eight months since I joined the Internet Society as the Director of Deployment & Operationalization and I still get asked on a fairly regular basis "what do you do?" Well, with ISOC's Chief Internet Technology Officer Leslie Daigle's recent departure, and with my time here having exceeded both my first 120 days and my first 6 months, this seems like the right moment to reflect on my brief tenure here so far and perhaps pontificate a bit on where we're going - and why. more
BGP. Border Gateway Protocol. The de-facto standard routing protocol of the Internet. The nervous system of the Internet. I don't think I can overstate the importance, the criticality of BGP to the operation of the modern Internet. BGP is the glue that holds the Internet together at its core. And like so many integral pieces of the Internet, it, too, is designed and built on the principle of trust... The folks who operate the individual networks that make up the Internet are generally interested in keeping the Internet operating, in keeping the packets flowing. And they do a great job, for the most part. more
I recently attended RIPE 66 where Tore Anderson presented his suggested policy change 2013-03, "No Need -- Post-Depletion Reality Adjustment and Cleanup." In his presentation, Tore suggested that this policy proposal was primarily aimed at removing the requirement to complete the form(s) used to document need. There was a significant amount of discussion around bureaucracy, convenience, and "liking" (or not) the process of demonstrating need. Laziness has never been a compelling argument for me and this is no exception. more
I'm a network engineer, and like many engineers I often gravitate to the big projects; large networks with problems of scale and complexity in my case. However, I also consider myself a student of Occam's razor and often quote Antoine de Saint-Exupéry: "perfection is reached not when there is nothing left to add, but when there is nothing left to take away." In this spirit of "less is more" I have recently become intrigued by the problems appearing in home networking. more
Almost every conversation I have with folks just learning about IPv6 goes about the same way; once I'm finally able to convince them that IPv6 is not going away and is needed in their network, the questions start. One of the most practical and essential early questions that needs to be asked (but often isn't) is "how do I lay out my IPv6 subnets?" The reason this is such an important question is that it's very easy to get IPv6 subnetting wrong by doing it like you do in IPv4. more
Declan McCullagh recently opined that the "FBI [and the] DEA warn [that] IPv6 could shield criminals from police." His post was picked-up relatively widely in the past few days, with the headlines adding more hyperbole along the way. So just how real is this threat? Let's take a look. more
World IPv6 Launch kicked off 6 June 2012 at 00:00 UTC. On this day, multitudes of website operators, network operators and home router vendors from all over the world have joined thousands of companies and millions of websites in permanently enabling the next generation Internet. They have done this by turning IPv6 support on by default in (at least some of) their products and services. This is a major milestone in the history of the Internet. more
A World-Renowned Source for Internet Developments. Serving Since 2002.