Archive

Category Archives for "Packet Pushers Podcast"

Datanauts 139: Getting AWS Security Right

AWS security issues show up in tech news fairly often. Today, we talk with someone who wrote about AWS services other than S3 that were found exposed to the public. Could that be some of your services?

Could be. The numbers are pretty impressive. Stay tuned, and find out how to determine whether or not your EBS snapshots, RDS snapshots, AMIs, or ElasticSearch clusters are accidentally public.

Our guest is Scott Piper, an AWS security consultant for Summit Route. You can follow him on Twitter at @0xdabbad00.

We start by exploring the types of AWS resources that can be unintentionally exposed to the public Internet, how to find them, and how to lock them down.

Then we talk about general practices such as vulnerability scanning, how to minimize human error when configuring AWS services, and drill into options such as CloudMapper and Security Monkey, open-source tools to help administrators find and control AWS resources.

Show Links:

Scott Piper on Twitter

Scott Piper’s blog – Duo.com

Scott Piper on GitHub – GitHub

Beyond S3: Exposed Resources on AWS – Duo.com

flAWS Challenge

CloudMapper – GitHub

CloudTracker – GitHub

Netflix Security Monkey – GitHub

Datanauts 086: AWS Identity & Access Continue reading

Network Break 189: The Big Cisco Live Roundup; LiveAction Buys Savvius

Take a Network Break! Cisco Live US 2018 took place last week, so we spend a some time covering show news, overall impressions, and a touch of tea-leaf reading.

In non-Cisco news, VMware has a new lower-cost pricing tier to encourage customers to try VMware on AWS, LiveAction acquires packet capture/network monitoring vendor Savvius for an undisclosed amount, and orchestration vendor Gluware can now upgrade OSs for seven different vendors.

Metaswitch joins the OpenSwitch project, ONAP announces the Beijing release of its network automation package, and Comcast has deactivated its “congestion management system” (aka throttling).

Speaking of Comcast, the ISP has made a $65 billion bid for 21st Century Fox. In other provider news, AT&T gets the greenlight to merge with Time Warner. And last but not least, Cisco has joined an investment round in the startup Avi Networks, which makes software load balancers and service meshes.

Get links to all these stories after our sponsor messages.

Sponsor: ThousandEyes

ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can smoothly migrate to the cloud, transform your WAN, troubleshoot faster and deliver exceptional user experiences. Sign up for a free Continue reading

Show 394: Technology Problems Are Mostly People Problems

You are a problem…maybe the biggest problem of all. No? The crashing router code is the biggest problem? The leaking memory in the switch?

The app needs layer 2 stretched between data centers–what problem could be worse than that?

Today on the show, we re here to argue that, no…it s you. And me. And everyone else you work with.

With us today to defend the idea that technology problems are really people problems is Eyvonne Sharp, network architect and co-founder of The Network Collective.

We talk about how people and processes can contribute more to a problem than a technology. We also talk about three different organizational culture types (Pathological, Bureaucratic, and Generative), how to evaluate your own organization, and Eyvonne recommends a few books on team building and culture development.

Show Links:

Eyvonne Sharp on Twitter

The Network Collective

Using the Westrum typology to measure culture Andy Kelk

Forget about broad-based pay hikes, executives say – Axios

The Undoing Project – Michael Lewis

The Five Dysfunctions of a Team: A Leadership Fable Patrick M. Lencioni

Team of Teams: New Rules of Engagement for a Complex World – General Stanley McChrystal

The post Show 394: Technology Continue reading

Datanauts 138: What’s Up With Ethernet Fabrics?

Today on the Datanauts podcast, we review the state of Ethernet fabrics in 2018.

Between 2010 and 2012, before SDN became the new marketing hotness, it seemed like vendors were churning out Ethernet fabric products for the data center. Everyone had at least one fabric, and some had two or three.

As time has marched on, many of those Ethernet fabrics have dropped off the map. To catch us up and review what Ethernet fabric means today is Stefan Fouant. Stefan is the Chief Architect at Copper River Technologies, a Juniper Ambassador, a quadruple JNCIE, and author of the book Day One: Junos Fusion Data Center Up and Running.

We look at the status of Ethernet fabric protocols such as TRILL and SPB. We also dig into BGP EVPN, the latest hot fabric.

We also discuss the characteristics of a fabric, look at reasons why a fabric might make sense in your data center, and explore inter-fabric connectivity.

Show Links:

Day One: Junos Fusion Data Center Up and Running – Stefan Fouant

Shortest Path First – Stefan Fouant’s blog

Stefan Fouant on Twitter

Transparent Interconnection of Lots of Links (TRILL) – IETF

Shortest Path Bridging (SPB) – Wikipedia

BGP MPLS-Based Continue reading

Network Break 188: Microsoft Buys More Friends, Huawei is No2, Tofino plus more Politics

Take a Network Break! Its the virtual stroopwafel edition this week. Drew is on annual leave and travelling to Amsterdam, don t panic he will be back next week with bags of virtual stroopwaffel s. Mike Fratto is c-hosting to keep the show flowing. 

Microsoft buys a bunch of new developer friends, Arista get some P4 & Tofino, Micron is embroiled in US-China politics to balance ZTE, Huawei is No2 Enterprise networking vendor, Fortinet buys Bradford Networks and more.

Sponsor: InterOptic

InterOptic offers high-performance, high-quality optics at a fraction of the cost. If you’re not doing optics correctly, you’re going to pay for it upfront (and then later too). Don’t be fooled by lesser optics. The difference between generic third-party and brand-equivalent optics matters.

Show Links

Microsoft Buys GitHub for $7.5 Billion Andreessen Horowitz

So Pigs Do Fly: Microsoft Acquires GitHub– Redmonk

Arista Announces New Multi-function Platform for Cloud Networking – Arista

Link: Micron Says It s Being Investigated by Chinese Regulatory Agents – Yahoo

Link: Trump strikes deal with Chinese telecom company ZTE amid trade talks – Axios – 

Link: Cloud computing sticker shock is now a monthly occurrence at many companies | ZDNet – 

Link: Continue reading

Weekly 393 – Infrastructure Monitoring with Juniper AppFormix (Sponsored)

Juniper Appformix is a telemetry platform thats multi-vendor, cross layer, built-in machine learning and
with fancy visualisation. Its designed simplify operations and closed-loop automation.  In the era of multi-cloud, we need tools that run on-prem or in cloud and support OpenStack, K8s, VMware, Azure, Google, Amazon networks with integration into virtual machines, containers, overlay networks and physical devices.

The ability to draw data from a wide range of sources creates data flood that can overwhelm you. Appformix has machine learning and a range of automation functions to simplify and organise this diverse data flood. The increasing complexity of networks as the the edge of the network expands in multiple dimensions – on and off premises, virtual edge, overlay networks as well the physical devices must all operate in cahoots.

Appformix is automating this operational load so you aren’t getting calls at 2am. Thats a very fine thing.

Sumeet Singh, VP/GM for Juniper AppFormix, kicks off the discussion with a quick intro to Appformix, we cover the key features and the approach of the product before we move into use cases and what customers are using today. Surprisingly, this includes WAN operations in addition to DC/Cloud.

PQ 150: HCI Networking With Big Switch’s Big Cloud Fabric (Sponsored)

One promise of hyperconverged infrastructure (HCI) is ease of management. Break down the silos, put all the components into a unified whole displayed on a single pane of glass, and voila! Apps are served.

But networking hasn t been integrated as effectively into HCI as the other components of the IT stack. Networking, even in an HCI world, tends be difficult. And with the dynamic needs of HCI, networking just isn’t keeping up.

The days of standing up the network and letting it run are past, because a best effort, rough approximation of how the network should behave isn t something you have to settle for anymore.

Discussing integration of HCI with networking is Big Switch Networks, our sponsor for today s Priority Queue. Prashant Gandhi, Chief Product Officer at Big Switch, is our guest.

We talk about why “best-effort” networking isn’t suited for HCI, and look at HCI-specific operational issues and use cases including container networking and multi-tenancy.

For hands-on experience with Big Cloud Fabric, register for BSN Labs, a demo environment in the cloud that lets you experience the technical differentiation, management CLI, and GUI of Big Cloud Fabric.

Show Links:

Solution Brief: Scale Out Networking Continue reading

Datanauts 137: Automating Infrastructure As Code With Terraform

The robotic production facilities on board the Datanauts’ dreadnought cruiser are really great at making scout drones for identifying rich mineral deposits. Sadly, our probe production numbers are fairly low right now, because every single build is done by hand.

Blasphemy! We need a way to simply define the end state of our drone creation and then let an orchestration engine handle all of the building. Plus, if the design changes, we need to make sure all of the existing drones are retrofitted to take advantage of the new improvements! What can be done?!

Our guest today is Ned Bellavance. We pick Ned’s brain about infrastructure as code and his hands-on experience with HashiCorp’s Terraform.

Find Out More About Terraform

Follow Ned Bellavance

The post Datanauts 137: Automating Infrastructure As Code With Terraform appeared first on Packet Pushers.

Network Break 187: China Tech Tariffs; FBI Advises Router Reboot

Take a Network Break! The Trump administration proposes sanctions on a portion of Chinese tech imports, the FBI advises router reboots to help thwart the VPNFilter malware, and Huawei completes a 200Gbps backbone network in Spain.

CenturyLink becomes certified on Cisco Meraki to compete with resellers, OpenStack matures, and network engineers decry an ITU proposal to speed IPv6 deployments in emerging countries.

Apstra extends its network orchestration coverage, Cisco wrestles with how to sell cloud, VMware posts a positive financial quarter, and AT&T tests an all-weather communications drone called a Flying COW.

Get links to all these stories just after our sponsor message.

Sponsor: Couchdrop

Couchdrop provides Secure Copy Protocol,or SCP and Rsync to Dropbox, Box and other cloud storage providers. Find out more at Couchdrop.io.

Show Links:

White House announces tariffs, investment restrictions on China over intellectual property abuse – Axios

Donald Trump to hit US$50 billion of Chinese imports with 25 per cent tariffs and restrict investment in US hi-tech industries – South China Morning Post

Sen. Warner warns against ZTE deal – Axios

Huawei and Orange Spain finalize the construction of 200 Gbps Backbone Network – Huawei Press Center

Foreign Cyber Actors Target Home and Office Continue reading

Show 392: Debating The Value Of Expert Certifications

On today’s Weekly Show the Packet Pushers jump on the live grenade that is the debate over the value of IT certifications.

Spurred by Greg’s blog about giving up his CCIE status, this episode looks at the value of technology certifications such as the CCIE and others.

Greg and guests Mike Fryar, Chris Kluka, and Jeremy Filliben discuss the benefits and limits of professional certifications, the differences between certifications and actual skills, whether certifications represent a standardized body of knowledge or just a set of instructions, and how the industry might better foster learning.

Sponsor: InterOptic

InterOptic offers high-performance, high-quality optics at a fraction of the cost. Find out more at InterOptic.com, and if you re attending Interop 2018 in Vegas, stop by the InterOptic booth to learn how they can help you spec the right optics for your network.

Sponsor: Cumulus Networks

The Cumulus Linux network OS is simple, open, untethered Linux that can run on more than 70 hardware platforms and help you transition from your legacy infrastructure. Cumulus Networks is Web-scale networking for the digital age. Go to cumulusnetworks.com to find out more.

Show Links:

Quitting My CCIE Status – Greg Ferro

Jeremy Filliben.com

Continue reading

Datanauts 136: ChatOps Using PoshBot With Brandon Olin

On this episode of Datanauts, we chat with Brandon Olin, the creator of PoshBot, a PowerShell based chatbot for ops teams. What does PoshBot do? How was PoshBot built? How do chatbots impact Brandon’s delivery model?

ChatBots?

Bots have been around for a long time. They re really handy, too, often being able to answer simple questions by submitting a special command that has some sort of prefix or identifier associated with them. Especially if you re on Twitch and want to know how long your favorite streamer has been online.

Maybe that isn t the most helpful thing in the world, but what if we changed the narrative to be all about operations and how talking to a bot (with your peers watching) could actually up-level your day-to-day enjoyment of IT?

That’s our conversation today.

What is PoshBot?

PoshBot is a chat bot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands. PoshBot currently supports connecting to Slack to provide you with awesome ChatOps goodness.

For More Information About PoshBot

Network Break 186: VPNFilter Malware Spreading; Happy GDPR Day!

Take a Network Break! Security researchers are tracking the VPNFilter malware, which has infected an estimated 500,000 devices, GDPR regulations have gone into effect, and the OpenStack Summit debuts a new project called Airship.

Startup Lumina Networks bags $10 million in funding from Verizon, AT&T, and others; Pica8 releases PicaPilot for network fabric orchestration; and Huawei wins “Supplier of the Decade” from Vodaphone.

HPE released its quarterly earnings and warned of challenges for the second half of the year, and Amazon’s Echo unexpectedly recorded and sent a couple’s conversations.

Get links to all these stories after our sponsor message, and stay tuned for a Coffee Talk with Silver Peak.

Sponsor: Cisco Systems

Find out how Cisco and its trusted partners Equilibrium Security and ePlus/IGX can help your organization tackle the General Data Protection Regulation, or GDPR. Tune into Packet Pushers Priority Queue episode 147 to get practical insights on how to get your arms around these wide-ranging rules.

Coffee Talk: Silver Peak and Solis Mammography

On today’s Coffee Talk conversation we discuss SD-WAN with Solis Mammography and how its Silver Peak SD-WAN deployment helped the company streamline the movement of about a petabyte of imaging data efficiently and security.

Show Links:

Continue reading

Show 391: IXP Peering Security With Cisco (Sponsored)

The Internet is a network of networks. Where do each of these networks meet to form the global Internet? At Internet Exchange Points or IXPs. In North America, these IXPs are also known as network access points, or NAPs.

Over the years, connecting to a NAP has become increasingly crucial for service providers to get right because of the sheer volume of traffic the Internet carries these days (Hello, Netflix!), the complexity of service provider peering agreements, and endless troubles with security threats.

Joining us today to discuss how to better plan, design, operate, and secure peering is our sponsor Cisco. Our guests from Cisco are Phil Bedard, Service Provider TME; and Bruce McDougall, Consulting Systems Engineer.

We discuss the evolution of Internet traffic flow and interconnection, how peering designs among service providers have changed, the role of telemetry and data, and peering security issues.

Show Links:

BGP Monitoring Protocol (BMP) – IETF

Internet Edge Peering – Current Practice – GitHub

BGP Operations and Security – IETF

Observing BGP activity with BGP Monitoring Protocol – Cisco

Streaming Network Analytics System (SNAS) – snas.io

The Death of Transit And Beyond – Geoff Huston (PDF)

Eyeball network – Wikipedia

The Continue reading

Datanauts 135: An Introduction To Edge Computing

It turns out you can t do it all in the cloud. And thus, we have the rise of edge computing, in which data is collected, processed, and analyzed close to the source of its creation and close to where people and systems need it.

The goals of edge computing include improving performance, reducing the costs and time of data transmission, and creating new applications to take advantage of that data.

Our guide to edge computing is Alex Marcham. Alex is a technologist, writer and researcher. You can find his work at NetworkArchitecture2020.com.

We level-set with a working definition of edge computing, examine the notion of locality and what it means for edge computing, and discuss latency issues.

We explore edge computing use cases such as industrial processes and video surveillance, and dive into the infrastructure that drives this technology.

Show Links:

Network Architecture 2020

Alex Marcham on Twitter

The post Datanauts 135: An Introduction To Edge Computing appeared first on Packet Pushers.

Network Break 185: HPE Acquires Plexxi; New Batch Of Cisco Security Advisories

Take a Network Break! In this week’s episode we examine why HPE acquired Plexxi, dig into the latest batch of security advisories from Cisco, and discuss Intel’s reference architecture for new uCPE gear.

The Appropriations Committee in the U.S. Congress wants to keep up sanctions pressure against ZTE, AWS adds Verizon as a customer, and a new DDoS attack technique looks to thwart a common filter.

Toshiba clears its last hurdle to sell is semiconductor business, Cisco posts a positive third quarter, and Symantec announces an internal audit into its financial results.

Sponsor: ThousandEyes

ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can smoothly migrate to the cloud, transform your WAN, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt.

Sponsor: Cisco Systems

Find out how Cisco and its trusted partners Equilibrium Security and ePlus/IGX can help your organization tackle the General Data Protection Regulation, or GDPR. Tune into Packet Pushers Priority Queue episode 147 to get practical insights on how to get your arms around these wide-ranging rules.

Show Links:

HPE Acquires Plexxi For HCI, Continue reading

Show 390: Visualizing Complex SD-WAN With LiveAction (Sponsored)

Today on the Packet Pushers Weekly show, we investigate how to monitor hybrid and SD-WAN.

If your WAN looks like a mix of legacy MPLS, SD-WAN, and uplinks to cloud, this is your show. Our sponsor today is LiveAction, who is going to shine a light on the hybrid and SD-WAN through monitoring and automation.

Our guest is John Smith, Founder, CTO and EVP of LiveAction.

We talk about LiveAction’s software and how it works, why it’s essential to have visibility into your hybrid WAN and SD-WAN, and how LiveAction can provide highly visual and intuitive insights and actionable intelligence for day-to-day operations, troubleshooting, and long-term planning.

Show Links:

LiveAction’s Packet Pushers Resources – LiveAction

LiveAction on Facebook

LiveAction on Twitter

LiveAction on LinkedIn

LiveAction on YouTube

LiveAction on Google+

The post Show 390: Visualizing Complex SD-WAN With LiveAction (Sponsored) appeared first on Packet Pushers.

Datanauts 134: Preventing Failures With AI And HPE InfoSight (Sponsored)

The Datanauts travel to a galaxy of artificial intelligence and machine learning. The good ship InfoSight is piloted by sponsor HPE Nimble Storage as we explore automating infrastructure on today s episode.

Our guest is Ryan Brown, Enterprise Storage Architect and Chief Technologist for Storage in Canada at HPE.

We talk about InfoSight, HPE’s cloud-based predictive analytics platform that works with HPE’s Nimble Storage arrays, and soon to work with other products from HPE. InfoSight applies machine learning and AI to help customers better manage storage resources and predict problems before they affect the business.

We look at the kind of information that InfoSight gathers, how it collects that information and ships it to the cloud, and how it’s protected.

We also delve into the value that InfoSight can provide for resource allocation and operational benefits such as preventing outages, maintaining uptime, and improving performance.

Show Links:

HPE InfoSight

HPE InfoSight at Tech Field Day

The post Datanauts 134: Preventing Failures With AI And HPE InfoSight (Sponsored) appeared first on Packet Pushers.

Network Break 184: Arista’s Core Switch Challenges Cisco; Qualcomm Reconsiders Servers

Take a Network Break! Arista challenges Cisco in the campus with a new a new core switch, Qualcomm is reportedly considering backing away from data center server processors, and a security survey shows woeful patching habits.

Another security survey reveals that three quarters of respondents have been breached at least once in 2017, Apple abandons a planned data center site in Ireland, and ZTE halts major operations because of a US export ban on parts and software from American companies.

Finally, Google acquires cloud onboarding startup VeloStrata, while Google’s Duplex voice assistant raises hackles.

Get links to all these stories after our sponsor messages.

Sponsor: InterOptic

InterOptic offers high-performance, high-quality optics at a fraction of the cost. Find out more at InterOptic.com, and if you re attending Interop 2018 in Vegas, stop by the InterOptic booth to learn how they can help you spec the right optics for your network.

Sponsor: Cisco Systems

Find out how Cisco and its trusted partners Equilibrium Security and ePlus/IGX can help your organization tackle the General Data Protection Regulation, or GDPR. Tune into Packet Pushers Priority Queue episode 147 to get practical insights on how to get your arms around these wide-ranging rules.

Coffee Continue reading

Show 389: Using MPLS In The Enterprise

Today on the Weekly show, MPLS in the enterprise, especially for the use case of segmentation.

Should you do it? Why would you do it? Considering the equipment you ve got, could you do it even if you wanted to? And even if you should, you would, and you can, what about all those other people you work with?

Discussing this emotionally fraught topic of MPLS in the enterprise is Tom Ammon, a senior network engineer who s supported it in a few different environments. He blogs at blog.tomammon.net.

We start by discussing the general case for MPLS in the enterprise, walk through the hardware and software requirements necessary to support MPLS, and then drill into segmentation more specifically.

We also look at reasons why you’d want to use MPLS for segmentation, and explores issues around operations, skillsets and training, and troubleshooting.

The post Show 389: Using MPLS In The Enterprise appeared first on Packet Pushers.

PQ 149: WPA3 And Wireless Security Improvements

In January 2018, the WiFi Alliance announced that WPA3 was coming this year, a collection of security enhancements to address issues with WPA2.

Today, we discuss WPA3 with Dan Harkins, a scientist at Aruba Networks, a Hewlett Packard Enterprise company. Dan has been closely involved with WPA3 s development, and I heard Dan present on his work at Aruba Atmosphere 2018 in March of this year.

Dan was kind enough to join us today for a preview of what s coming, with a special focus on one aspect of WPA3 that interests me personally, Opportunistic Wireless Encryption (OWE).

We also discuss the fixes that WPA3 makes to WPA2, and when we can anticipate product support.

Sponsor: Paessler AG

Paessler AG is the maker of PRTG Network Monitor. PRTG monitors your whole IT infrastructure 24/7 and alerts you to problems before users even notice. Find out more about the monitoring software that helps system administrators work smarter, faster, better. Visit paessler.com today.

Show Links:

Wi-Fi Alliance® introduces security enhancements – Wi-Fi Alliance

Opportunistic Wireless Encryption (RFC 8110) – IETF

Dragonfly Key Exchange (RFC 7664) – IETF

The post PQ 149: WPA3 And Wireless Security Improvements appeared first on Packet Pushers.

1 2 3 83