NetworkSydney

Although I havent nutted this out completely, so far it seems like running NTP Servers as a virtual machine may not be such a good idea. As most are already somewhat aware, time drift can cause issues with virtual machines and their applications. My research is based on the whitepaper from VMware which talks about how time is managed (timekeeping whitepaper), Wikipedia - stating that NTP Servers shouldn’t be virtualized, VMware Engineer also recommending against it. I did recieve some info on paravirtualization maybe addressing this but have not confirmed as yet. It looks like the best option is to deploy physical NTP servers or use physical hardware such as routers or switches.

This week I had an opportunity to fly down to Melbourne and attend a training session on Arbor network devices. The two main devices we covered was the X series and the SP. The X series is suited to enterprise networks and mainly used to monitor and track what is happening on your network from the distribution to the core. The SP was more equipped for the Service Provider space, this device had some additional features which are more appealing to service providers particularly around the use of BGP. In summary the devices look at netflow data coming from your routers or mirrored ports on your switches to build a database of all the traffic traversing the network. Based on this information you can then perform any remediation tasks required. Note: this device does not actually do anything to stop issues on the network apart from deploy an ACL to the devices which apparently isn’t used very often. The SP device can inject a route into the BGP community to redirect DDoS traffic to a remediation device and allow for services for the remaining customers to continue.