Re: China Showdown Huawei vs ZTE

2018-04-26 Thread Saku Ytti 
https://kb.juniper.net/InfoCenter/index?page=content=JSA10819
https://kb.juniper.net/InfoCenter/index?page=content=JSA10713
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame

I think quite careful analysis would be needed to draw any conclusion
if there are statistically relevant difference in security issues.

After I fixed my tinfoil hat with some duct tape, I can say that to me
the ScreenOS particularly doesn't look like just someone forgot some
development backdoor to release software, but rather looks like
someone intentionally sneaked backdoor to software, which doesn't look
like backdoor. But it's hard to say for sure which are incompetency
and which are malice.



On 26 April 2018 at 15:38, Alan Buxey  wrote:
> https://www.theregister.co.uk/2018/04/26/hyperoptics_zte_routers/
>
> yet another ZTE issue . :(
>
> alan



-- 
  ++ytti

Re: China Showdown Huawei vs ZTE

2018-04-26 Thread Alan Buxey 
https://www.theregister.co.uk/2018/04/26/hyperoptics_zte_routers/

yet another ZTE issue . :(

alan

Re: China Showdown Huawei vs ZTE

2018-04-24 Thread Saku Ytti 
On 24 April 2018 at 21:45, Naslund, Steve  wrote:


Hey,

> The US Government considers Huawei and ZTE to have "close ties" to the 
> Chinese government according to the Director of National Intelligence along 
> with the heads of CIA, FBI, and the NSA as stated in testimony before the 
> Senate Intelligence Committee.  The founder of Huawei is the former 
> engineering officer of the People's Liberation Army of China.
>
> Now, this only applies to US Government agencies according to their 
> acquisition rules but there have been moves by the FCC to ban these devices 
> from US cellular network.  I am not advocating for or against any of these 
> policies and you can run what you want (assuming it can be imported).  I 
> myself would be nervous running Huawei code in a device if a cyber war broke 
> out between the US and China.

Thank you for the insight, quite interesting.

Call me naive, but I don't think sticker in device has any
implications on security, as components and code are sourced through
complicated chains through various jurisdictions. Let's assume for a
moment that attacker is NSA, I don't think that NSA would want to even
push project through Cisco or Apple via official channels, even if
legally allowed, to get some secret backdoor installed, because too
many people would be involved in the project and controlling the
information would become challenging. Two years from now lot of those
involved people might be in different company or different country,
how to avoid them from exposing the information?
It seems much better vector would be to target individual person with
commit rights, ensure you have leverage over them, then ask them to
commit specific set of abstruse code, which is likely to pass code
review but introduce functionality which benefits your agenda. Even if
this one person would talk, would they know it was NSA, if they knew,
would anyone believe them? Why would China work differently? Why not
pwn one Cisco employee in India to get the code in that the party sees
beneficial?

-- 
  ++ytti

RE: China Showdown Huawei vs ZTE

2018-04-24 Thread Naslund, Steve 
>I'm sure all these companies have legal entities in all countries the operate 
>in. So Huawei in US is US company and Huawei products bought in US from US 
>Huawei are good,. but bad >when bought from Huawei China?

IANAL however I was a network engineer for the US Air Force for over ten years. 
 Here is how the US DoD looks at it.  There are three tiers of defense 
contractors.

Yes - Cisco, Juniper and other US controller entities that the DoD has already 
vetted and does business with on a routine basis.  Also includes systems 
pre-integrated by defense contractors like Boeing and Lockheed that are sold as 
complete turn-key systems.

Maybe - Allied (usually NATO) defense contractors that also have vetted 
security policy.  That would be companies like BAE Systems, Dausault, and 
Siemens.  This would also include US suppliers that may never have done 
business with the DoD before and would have to undergo further review prior to 
being awarded a contract.  There are also some "buy American" consideration 
that required us to use US suppliers unless there was a valid reason why the 
foreign manufacturer was the better choice (say we have an air defense system 
from BAE that has been designed to work with a specific device as part of a 
system).  That is an economic/political concern in addition to the security 
concern and is covered under contracting regulations.  

No way - entities considered to be under to control of or part of the military 
industrial complex of rival nations.  That would include most Russian, Chinese, 
Iranian, etc companies.  Also companies that refuse to comply with certain 
government sanctions or disclosure requirements.  Also companies that employ 
specifically banned individuals under the export control act.

This is not necessarily a technical legal thing like having a corporate entity 
in the US (every multinational does), it is an intelligence assessment of risk. 
 For sensitive software there is a long laundry list of requirements 
surrounding source code control and signing.  In almost all cases I am aware of 
the US DoD acquires a Restricted Software License which actually means that 
they have access to view to source code for whatever they are running and 
require a cryptographically secure way of knowing the running code matches.  
For many of the systems I worked with there were actually special software 
loads signed by DISA (Defense Information Systems Agency) that we had to run.  
DISA software loads also tended to block certain configurations known to be 
insecure and a lot of times enforced higher security or encryption requirement. 
 Our hardware had to come off a list of approved devices and in very sensitive 
service the device were sent to an NSA lab for analysis and returned under 
courier control before they could enter certain areas or networks.  If the 
device ever exited the facility they had to go back for recertification.  This 
was for assurance against embedded hardware taps or bugging devices.  They also 
compared the device against known good models to make sure the hardware was the 
same.

The US Government considers Huawei and ZTE to have "close ties" to the Chinese 
government according to the Director of National Intelligence along with the 
heads of CIA, FBI, and the NSA as stated in testimony before the Senate 
Intelligence Committee.  The founder of Huawei is the former engineering 
officer of the People's Liberation Army of China.

Now, this only applies to US Government agencies according to their acquisition 
rules but there have been moves by the FCC to ban these devices from US 
cellular network.  I am not advocating for or against any of these policies and 
you can run what you want (assuming it can be imported).  I myself would be 
nervous running Huawei code in a device if a cyber war broke out between the US 
and China.

Steven Naslund
Chicago IL

Re: China Showdown Huawei vs ZTE

2018-04-24 Thread Saku Ytti 
Hey Aaron,

> Excuse my lack of knowledge... What does this mean?  "Shareholders are people 
> holding Vanguard/Blackrock."

Funds which are largest owners of Cisco shares.

-- 
  ++ytti

Re: China Showdown Huawei vs ZTE

2018-04-24 Thread Aaron Gould 
Excuse my lack of knowledge... What does this mean?  "Shareholders are people 
holding Vanguard/Blackrock."

Aaron

> On Apr 24, 2018, at 10:31 AM, Saku Ytti  wrote:
> 
> Shareholders are people holding Vanguard/Blackrock.

RE: China Showdown Huawei vs ZTE

2018-04-24 Thread STARNES, CURTIS via NANOG 
-Original Message-
>From: NANOG <nanog-boun...@nanog.org> On Behalf Of Saku Ytti
>Sent: Tuesday, April 24, 2018 11:59 AM
>To: Naslund, Steve <snasl...@medline.com>
>Cc: nanog@nanog.org
>Subject: Re: China Showdown Huawei vs ZTE

>On 24 April 2018 at 19:50, Naslund, Steve <snasl...@medline.com> wrote:

>> Easy one, what law is the company incorporated under?  Nothing against the 
>> Chinese companies (some of their stuff is really great), but it is 
>> admittedly hard to separate China's military industrial complex from their 
>> >communications suppliers.  I can understand other countries not wanting 
>> critical infrastructure under their software control given that the Chinese 
>> government has been very active in industrial espionage.  It is not that a 
>> US >company cannot be compromised but I think they might at least be held 
>> accountable (by their markets) when they get caught.

>I'm sure all these companies have legal entities in all countries the operate 
>in. So Huawei in US is US company and Huawei products bought in US from US 
>Huawei are good,. but bad when bought from Huawei China?


> --
> ++ytti

From what I have read, any Huawei product purchases fell under scrutiny but 
after this came about Huawei announced they were going to pull out of U.S. 
markets. 
https://www.forbes.com/sites/jeanbaptiste/2018/04/19/analyst-chinas-huawei-to-quit-u-s-market/#2a0839d311cb

Re: China Showdown Huawei vs ZTE

2018-04-24 Thread Saku Ytti 
On 24 April 2018 at 19:50, Naslund, Steve  wrote:

> Easy one, what law is the company incorporated under?  Nothing against the 
> Chinese companies (some of their stuff is really great), but it is admittedly 
> hard to separate China's military industrial complex from their 
> communications suppliers.  I can understand other countries not wanting 
> critical infrastructure under their software control given that the Chinese 
> government has been very active in industrial espionage.  It is not that a US 
> company cannot be compromised but I think they might at least be held 
> accountable (by their markets) when they get caught.

I'm sure all these companies have legal entities in all countries the
operate in. So Huawei in US is US company and Huawei products bought
in US from US Huawei are good,. but bad when bought from Huawei China?


-- 
  ++ytti

RE: China Showdown Huawei vs ZTE

2018-04-24 Thread Naslund, Steve 
>
> > Yes looks like they are both under pressure. I feel bad for the USA based
> > employees. I know Huawei has quite a few in Plano, Texas.
>
> Feel sorry for US based consumers. Historically protectionism always
> hurts the local economy most. By creating artificial demand on local
> products, over time local products become uncompetitive for export.
>
> I wonder, in what fundamental way Cisco and Juniper are US products,
> Huawei and ZTE Chinese products? To me it looks like Cisco has no
> development on IOS-XR outside India, components and assembly is in
> China. Shareholders are people holding Vanguard/Blackrock. What makes
> US company a US company?
>

Easy one, what law is the company incorporated under?  Nothing against the 
Chinese companies (some of their stuff is really great), but it is admittedly 
hard to separate China's military industrial complex from their communications 
suppliers.  I can understand other countries not wanting critical 
infrastructure under their software control given that the Chinese government 
has been very active in industrial espionage.  It is not that a US company 
cannot be compromised but I think they might at least be held accountable (by 
their markets) when they get caught.

Steven Naslund
Chicago IL

Re: China Showdown Huawei vs ZTE

2018-04-24 Thread Colton Conor 
Saku,

I do feel bad for US Based consumers as I am one of them! Overall, I find
Huawei's solutions to be 1/3 the price of the equivalent Juniper/Cisco. The
only the stopping me from buying them is the fear of it being hacked due to
the media.

Like the S6720-EI is MEF certified, runs MPLS, and is $3500 with a lifetime
warranty. Please let me know if anyone else comes close to this number.

On Tue, Apr 24, 2018 at 10:31 AM, Saku Ytti  wrote:

> On 20 April 2018 at 16:44, Colton Conor  wrote:
>
> > Yes looks like they are both under pressure. I feel bad for the USA based
> > employees. I know Huawei has quite a few in Plano, Texas.
>
> Feel sorry for US based consumers. Historically protectionism always
> hurts the local economy most. By creating artificial demand on local
> products, over time local products become uncompetitive for export.
>
> I wonder, in what fundamental way Cisco and Juniper are US products,
> Huawei and ZTE Chinese products? To me it looks like Cisco has no
> development on IOS-XR outside India, components and assembly is in
> China. Shareholders are people holding Vanguard/Blackrock. What makes
> US company a US company?
>
> --
>   ++ytti
>

Re: China Showdown Huawei vs ZTE

2018-04-24 Thread Saku Ytti 
On 20 April 2018 at 16:44, Colton Conor  wrote:

> Yes looks like they are both under pressure. I feel bad for the USA based
> employees. I know Huawei has quite a few in Plano, Texas.

Feel sorry for US based consumers. Historically protectionism always
hurts the local economy most. By creating artificial demand on local
products, over time local products become uncompetitive for export.

I wonder, in what fundamental way Cisco and Juniper are US products,
Huawei and ZTE Chinese products? To me it looks like Cisco has no
development on IOS-XR outside India, components and assembly is in
China. Shareholders are people holding Vanguard/Blackrock. What makes
US company a US company?

-- 
  ++ytti

RE: China Showdown Huawei vs ZTE

2018-04-24 Thread Colin Stanners (lists) 
Colton, can you post some examples of the Whitebox/OS examples that you were 
looking at in that performance tier?

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Colton Conor
Sent: Friday, April 20, 2018 7:46 AM
To: Josh Reynolds <j...@kyneticwifi.com>
Cc: NANOG <nanog@nanog.org>
Subject: Re: China Showdown Huawei vs ZTE

Josh,

I like the whitebox route, but I can't find anything that will come close price 
wise.

Example, Huawei S6720 with 24 10G ports, 2 40G ports, and full MPLS operating 
system from Huawei is $3500 out the door with a lifetime warranty. I can't even 
find a whitebox hardware, not even accounting for the OS, that is close to that 
price. Most 48 Port 10G with 6 40G uplinks (so double this huawei unit) are in 
the $5k range, and then you have to buy an operating system costing a couple 
more grand. Choices are limited on whitebox operating systems that support MPLS.

There might be some FibeStore models that come close to this price, but FS.com 
is a Chinese company too, so that's no better than ZTE or Huawei.



On Fri, Apr 20, 2018 at 7:34 AM, Josh Reynolds <j...@kyneticwifi.com> wrote:

> Why not just go the whitebox route and pick your NOS of choice?
>
> Far cheaper, and far more flexible.
>
> On Fri, Apr 20, 2018, 7:28 AM Colton Conor <colton.co...@gmail.com> wrote:
>
>> Of the two large Chinese Vendors, which has the better network 
>> operating system? Huawei is much larger that ZTE is my understanding, 
>> but larger does not always mean better.
>>
>> Both of these manufactures have switches and routers. I doubt we will 
>> use their routing products anytime soon, but the switching products 
>> with MPLS are what we are exploring. Price wise both of these vendors 
>> seem to have 10G MPLS capable switches that are a 1/4 of the price of 
>> a Cisco or Juniper wants to charge.
>>
>> On the Huawei side looks like the S6720 is a fit.
>> On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
>>
>> Has anyone had experience with either of these two switches? How do 
>> they compare?
>>
>> Also, for each independent brand, is their switching network 
>> operating system the same as their routing network operating system 
>> that their routers run?
>>
>

Re: China Showdown Huawei vs ZTE

2018-04-20 Thread Colton Conor 
Yes looks like they are both under pressure. I feel bad for the USA based
employees. I know Huawei has quite a few in Plano, Texas.

With both ZTE and Huawei out of the picture for USA operators, who is the
low cost leader in this space then?

On Fri, Apr 20, 2018 at 7:56 AM, STARNES, CURTIS <
curtis.star...@granburyisd.org> wrote:

> Same for Huawei.
> https://www.theverge.com/2018/3/26/17164226/fcc-proposal-
> huawei-zte-us-networks-national-security
> https://www.forbes.com/sites/jeanbaptiste/2018/04/19/
> analyst-chinas-huawei-to-quit-u-s-market/#194f570211cb
> https://www.nytimes.com/2018/04/17/technology/huawei-trade-war.html
>
> I don't think I would recommend either in todays political climate.
>
> -Original Message-
> From: NANOG <nanog-boun...@nanog.org> On Behalf Of Suresh Ramasubramanian
> Sent: Friday, April 20, 2018 7:35 AM
> To: Colton Conor <colton.co...@gmail.com>; NANOG <nanog@nanog.org>
> Subject: Re: China Showdown Huawei vs ZTE
>
> Ah. ZTE is in a spot of trouble right about now.
>
> http://www.scmp.com/tech/article/2142557/zte-calls-us-
> government-ban-extremely-unfair-vows-fight-its-rights
>
> On 20/04/18, 5:58 PM, "NANOG on behalf of Colton Conor" <
> nanog-boun...@nanog.org on behalf of colton.co...@gmail.com> wrote:
>
> Of the two large Chinese Vendors, which has the better network
> operating
> system? Huawei is much larger that ZTE is my understanding, but larger
> does
> not always mean better.
>
> Both of these manufactures have switches and routers. I doubt we will
> use
> their routing products anytime soon, but the switching products with
> MPLS
> are what we are exploring. Price wise both of these vendors seem to
> have
> 10G MPLS capable switches that are a 1/4 of the price of a Cisco or
> Juniper
> wants to charge.
>
> On the Huawei side looks like the S6720 is a fit.
> On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
>
> Has anyone had experience with either of these two switches? How do
> they
> compare?
>
> Also, for each independent brand, is their switching network operating
> system the same as their routing network operating system that their
> routers run?
>
>
>
>

RE: China Showdown Huawei vs ZTE

2018-04-20 Thread STARNES, CURTIS via NANOG 
Same for Huawei.
https://www.theverge.com/2018/3/26/17164226/fcc-proposal-huawei-zte-us-networks-national-security
https://www.forbes.com/sites/jeanbaptiste/2018/04/19/analyst-chinas-huawei-to-quit-u-s-market/#194f570211cb
https://www.nytimes.com/2018/04/17/technology/huawei-trade-war.html

I don't think I would recommend either in todays political climate.

-Original Message-
From: NANOG <nanog-boun...@nanog.org> On Behalf Of Suresh Ramasubramanian
Sent: Friday, April 20, 2018 7:35 AM
To: Colton Conor <colton.co...@gmail.com>; NANOG <nanog@nanog.org>
Subject: Re: China Showdown Huawei vs ZTE

Ah. ZTE is in a spot of trouble right about now.

http://www.scmp.com/tech/article/2142557/zte-calls-us-government-ban-extremely-unfair-vows-fight-its-rights

On 20/04/18, 5:58 PM, "NANOG on behalf of Colton Conor" 
<nanog-boun...@nanog.org on behalf of colton.co...@gmail.com> wrote:

Of the two large Chinese Vendors, which has the better network operating
system? Huawei is much larger that ZTE is my understanding, but larger does
not always mean better.

Both of these manufactures have switches and routers. I doubt we will use
their routing products anytime soon, but the switching products with MPLS
are what we are exploring. Price wise both of these vendors seem to have
10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper
wants to charge.

On the Huawei side looks like the S6720 is a fit.
On the ZTE side, it looks like the ZXR10 5960 Series is a fit.

Has anyone had experience with either of these two switches? How do they
compare?

Also, for each independent brand, is their switching network operating
system the same as their routing network operating system that their
routers run?

Re: China Showdown Huawei vs ZTE

2018-04-20 Thread Colton Conor 
Josh,

I like the whitebox route, but I can't find anything that will come close
price wise.

Example, Huawei S6720 with 24 10G ports, 2 40G ports, and full MPLS
operating system from Huawei is $3500 out the door with a lifetime
warranty. I can't even find a whitebox hardware, not even accounting for
the OS, that is close to that price. Most 48 Port 10G with 6 40G uplinks
(so double this huawei unit) are in the $5k range, and then you have to buy
an operating system costing a couple more grand. Choices are limited on
whitebox operating systems that support MPLS.

There might be some FibeStore models that come close to this price, but
FS.com is a Chinese company too, so that's no better than ZTE or Huawei.



On Fri, Apr 20, 2018 at 7:34 AM, Josh Reynolds  wrote:

> Why not just go the whitebox route and pick your NOS of choice?
>
> Far cheaper, and far more flexible.
>
> On Fri, Apr 20, 2018, 7:28 AM Colton Conor  wrote:
>
>> Of the two large Chinese Vendors, which has the better network operating
>> system? Huawei is much larger that ZTE is my understanding, but larger
>> does
>> not always mean better.
>>
>> Both of these manufactures have switches and routers. I doubt we will use
>> their routing products anytime soon, but the switching products with MPLS
>> are what we are exploring. Price wise both of these vendors seem to have
>> 10G MPLS capable switches that are a 1/4 of the price of a Cisco or
>> Juniper
>> wants to charge.
>>
>> On the Huawei side looks like the S6720 is a fit.
>> On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
>>
>> Has anyone had experience with either of these two switches? How do they
>> compare?
>>
>> Also, for each independent brand, is their switching network operating
>> system the same as their routing network operating system that their
>> routers run?
>>
>

Re: China Showdown Huawei vs ZTE

2018-04-20 Thread Suresh Ramasubramanian 
Ah. ZTE is in a spot of trouble right about now.

http://www.scmp.com/tech/article/2142557/zte-calls-us-government-ban-extremely-unfair-vows-fight-its-rights

On 20/04/18, 5:58 PM, "NANOG on behalf of Colton Conor" 
 wrote:

Of the two large Chinese Vendors, which has the better network operating
system? Huawei is much larger that ZTE is my understanding, but larger does
not always mean better.

Both of these manufactures have switches and routers. I doubt we will use
their routing products anytime soon, but the switching products with MPLS
are what we are exploring. Price wise both of these vendors seem to have
10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper
wants to charge.

On the Huawei side looks like the S6720 is a fit.
On the ZTE side, it looks like the ZXR10 5960 Series is a fit.

Has anyone had experience with either of these two switches? How do they
compare?

Also, for each independent brand, is their switching network operating
system the same as their routing network operating system that their
routers run?

Re: China Showdown Huawei vs ZTE

2018-04-20 Thread Josh Reynolds 
Why not just go the whitebox route and pick your NOS of choice?

Far cheaper, and far more flexible.

On Fri, Apr 20, 2018, 7:28 AM Colton Conor  wrote:

> Of the two large Chinese Vendors, which has the better network operating
> system? Huawei is much larger that ZTE is my understanding, but larger does
> not always mean better.
>
> Both of these manufactures have switches and routers. I doubt we will use
> their routing products anytime soon, but the switching products with MPLS
> are what we are exploring. Price wise both of these vendors seem to have
> 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper
> wants to charge.
>
> On the Huawei side looks like the S6720 is a fit.
> On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
>
> Has anyone had experience with either of these two switches? How do they
> compare?
>
> Also, for each independent brand, is their switching network operating
> system the same as their routing network operating system that their
> routers run?
>