Author: Stefan Fouant

Stefan Fouant brings over 18 years of experience in the Service Provider and network security industries as both an trusted advisor as well as a thought leader. Most recently, Fouant worked at Juniper Networks as a routing and security expert assisting large Tier 1 carriers. His background includes work at Verizon where he was responsible for launching one of the first large-scale cloud-enabled DDoS mitigation and detection services and also work at Neustar/UltraDNS where he was responsible for building out their layered DDoS response mechanisms, laying the groundwork for Neustar’s DDoS mitigation service offerings. Most recently during his time at Corero, he has authored drafts within the IETF relating to standardized signaling of coordinated DDoS attack filtering and mitigation mechanisms. He holds several patents in the areas of DDoS Detection and Mitigation, as well as many industry certifications including CISSP, JNCIE-SP, JNCIE-ENT, and JNCIE-SEC. He was the first person in the world to achieve all three expert level Juniper certifications and was a technical editor of the book “Juniper MX Series” by O’Reilly.
Posted on

Book Review :: OSPF and IS-IS: Choosing an IGP for Large-Scale Networks

OSPF and IS-IS

OSPF and IS-IS: Choosing an IGP for Large-Scale Networks
by Jeff Doyle
Paperback: 480 pages
Publisher: Addison-Wesley Professional
ISBN-13: 978-0321168795

5starsA welcome addition to any networking library

If you consider yourself a student of routing protocols and enjoy coverage of graph theory from the perspective of its application to link-state routing protocols, this text will certainly be a welcome addition to your library. This book not only provides information regarding ‘how’ link-state routing protocols work, it also provides information regarding ‘why’ the link-state routing protocols behave as they do, and why the protocol designers made certain choices in the development of these protocols. While it might seem a daunting task especially to the novice reader to learn about two routing protocols side-by-side, it is this treatment which makes this text so worthwhile. Being able to compare these two protocols and identify their similarities and differences simultaneously will ultimately help the network designer pick the right protocol for the job in a given network environment.

This book goes beyond IGP fundamentals by giving practical advice to the network designer which can assist in the planning and implementation of a scalable IGP deployment. For example, in the chapter on Area Design, the author states that “a useful guideline when designing a network is that network control traffic should never exceed 5 percent of the available bandwidth of any link in the network, and in normal circumstances should not exceed 1 percent”. The author then presents various formulas which can be used to determine the amount of bandwidth used by the protocol control traffic based on the number and type of LSAs which are expected to be present in a given network. Arguably one of the best chapters in the book is the chapter on Scaling. This chapter has some of the best coverage of the various modifications which router vendors make to their link-state protocol implementations in order to make routers perform calculations more rapidly, enhance flooding of Link-State updates, and other changes designed to make the protocols scale to support very large networks.

I am a stickler for accuracy, especially when it comes to technical textbooks. I pride myself on my ability to spot technical and grammatical errors in texts such as these, however I must say as I read this book I was very impressed that I found very little errors beyond just the simple grammatical and typographical. Jeff Doyle is an experienced writer, and it should come as no surprise that the technical content in this book is extremely well-vetted, accurate, and error-free. Ultimately, if you are a network operator, designer or architect and are interested in broadening your understand of link-state protocols coupled with the ability to more fully understand the technical distinctions between OSPF and IS-IS, this book is without a doubt one of the best options on the market today.

Posted on

Book Review :: Designing and Developing Scalable IP Networks

Scaleable Networks

Designing and Developing Scalable IP Networks
by Guy Davies
Hardcover: 302 pages
Publisher: Wiley
ISBN-13: 978-0470867396

3starsDecent information with a hefty price tag…

The title of this book “Designing and Developing Scalable IP Networks” would lead one to believe that reading this book would give the reader special insight into certain architectural approaches that would enable the network designer to build very large and expansive networks. And while the book certainly did provide some useful information, I found it lacking somewhat in details. The author does not delve into the minutiae of the various protocols, such as message types, protocol interaction, etc. Instead, the author assumes the reader already has a solid understanding of the basic principles of IP networking and the protocols associated with IP routing and switching. The author states early on that the book is meant to “examine the architectural and design principles that can be applied to designing and building scalable IP and MPLS networks”, however after a thorough reading I did not find that I was substantially more educated in the subject matter. And herein lies the crux – this book, which is priced in at a whopping $130 – is far more expensive than other texts of a similar nature, some of which cover far more expansive material and cost considerably less. Furthermore, the book is too light on details to be sufficiently useful to someone who is new to the industry and looking to gain a better understanding of what is required to build large-scale networks, and is unlikely to provide the experienced network architect with useable knowledge beyond that which he or she may already possess.

That being said, there is decent treatment of MPLS and Generalized MPLS, MPLS VPNs, QoS, and IPv6. And there certainly are a few good nuggets of information to be found throughout the book. For example, there is very good information on route-reflection, such as the pro’s and con’s of using the same cluster-id on a pair of route-reflectors running in a pair. It also examines practical deployment information for such mechanisms as graceful-restart, citing the fact that enabling BGP graceful-restart without enabling a similar mechanism in the IGP is likely to reduce the benefit of enabling such a mechanism in the first place. And while this is one of the few texts that I have seen on the market that broaches the subject of graceful-restart, I welcome the author to include more information on this subject in subsequent editions.

All in all I would say that this is a good desk side reference if one wants a text which covers the main protocols and mechanisms in use in large Service Provider networks, but if you are looking for a text which will enable you to build large-scale networks you might be somewhat disappointed in the treatment, especially considering the hefty price tag of this item.

Posted on

Book Review :: Configuring NetScreen Firewalls

netscreen_firewalls

Configuring NetScreen Firewalls
by Rob Cameron
Paperback: 600 pages
Publisher: Syngress
ISBN-13: 978-1932266399

2starsBetter off waiting for a Second Edition…

I read a lot of books, and while I don’t review all of them, I am often compelled to write a review when a book stands out, either for it’s clear leadership and technical distinction in the marketplace, or for it’s extreme lack thereof. In this case, I was compelled to write the review based on the latter.

Seeing as this is the only Netscreen book on the market, I had high expectations for it. When one looks at the credentials of the numerous authors, it reads like a veritable list of leaders in the Security industry. As such, I was rather excited when I picked up this book. As I began reading this book, I quickly realized that it was not going to meet my expectations. Clearly this book was rushed to market, another sign that the primary concern of many publishers is not in producing quality, but rather quantity. This book suffers from many of the same problems I see with other books on the market with multiple contributing authors, which is that the voice isn’t consistent throughout the book. Some chapters have diagrams, screen shots, or CLI commands outlining various procedural steps, whereas these details are noticeably absent in others.

In addition, this book is littered with many errors throughout, both typographical as well as technical. In some cases, as other reviewers point out, sentences simply stop abruptly mid-sentence. The text often refers to diagrams which don’t even exist. There are numerous references to find additional information in other chapters which are non-existent.

With regards to technical content, the authors certainly could have added more detail, especially considering the number of authors who contributed to this text. For example, the chapter on Routing does a good job of telling the reader how to enable BGP, but provides no details on how to actually configure a BGP neighbor. Another example is URL filtering which is discussed in the chapter on Attack Detection and Defense. While the authors do a good job of describing the various modes to support URL filtering (redirect vs. integrated), there is no explanation of how redirection actually takes place and no diagrams to provide for comprehensive understanding of the subject matter.

I can’t blame the authors entirely for the many flaws in this book, as any decent technical editor should have been able to spot many of these errors prior to publication. One wonders whether the technical editors even read the book as many of the errors are so blatant that it’s inconceivable that so many managed to slip through. I’m disappointed in Syngress for publishing a book with so many errors, and this has definitely led me to believe that Syngress does not want to maintain a leadership position of publishing technical content of the highest magnitude, but rather they are only concerned with being the first to market with a particular product.

I will give this book 2 stars in that it is indeed a noble attempt at covering a wide array of topics, as well as for being the only book in the industry which covers this subject matter. I suggest that the authors should examine the possibility of releasing a second edition which may fix these blatant errors, as well as hiring some decent technical editors.

LOCATION
Corporate Headquarters
12020 Sunrise Valley Drive
Suite 100
Reston, VA 20191-3429
Tel: 703-625-6243
CONNECT
Linkedin Twitter Youtube
Copyright © 2024 ShortestPathFirst