Ethan Banks
Author Archives: Ethan Banks
- Home → Author's archive:
Ethan Banks
If You Haven’t Checked Your Backups, They Probably Aren’t Working
This is a pleasant reminder to check your backups. I don’t mean, “Hey, did the backup run last night? Yes? Then all is well.” That’s slightly better than nothing, but not really what you’re checking for. Instead, you’re determining your ability to return a system to a known state by verifying your backups regularly.
Backups are a key part of disaster recovery, where modern disasters include ransomware, catastrophic public cloud failures, and asset exposure by accidental secrets posting.
For folks in IT operations such as network engineers, systems to be concerned about include network devices such as routers, switches, firewalls, load balancers, and VPN concentrators. Public cloud network artifacts also matter. Automation systems matter, too. And don’t forget about special systems like policy engines, SDN controllers, wifi controllers, network monitoring, AAA, and…you get the idea.
Don’t confuse resiliency for backup.
When I talk about backups, I’m talking about having known good copies of crucial data that exist independently of the systems they normally live on.
- Distributed storage is not backup.
- A cluster is not backup.
- An active/active application delivery system spread over geographically diverse data centers is not backup.
The points above are examples of distributed computing. Distributed computing Continue reading
A Networking Perspective On Zero Trust Architecture (ZTA)
Zero Trust Architecture (ZTA) is a security point of view that has gathered enough momentum in 2020 and 2021 to frequently appear in marketing literature. The big idea of zero trust in network computing is roughly, “I confidently know who you are and have applied an appropriate security policy, but I still don’t trust you.”
My understanding of ZTA continues to evolve. This post represents my understanding today, with an emphasis on what ZTA means for network engineers.
How Is ZTA Different From Firewall Rules?
At first glance, zero trust sounds mostly like a firewall policy. Of course I don’t trust you. That’s why we apply all these filtering rules to the VPN tunnel, network interface, etc. Yes, but simple filtering implies a level of trust. The trust comes in the assumption that if you get through the filter, what you’re saying is trustworthy.
Zero trust does away with that assumption. For example…
- ZTA could mean that just because a VPN user passed a complex authentication scheme, their transactions are not assumed to be wholesome. Well done–your username and password check out, and we’ve applied a filtering policy to your tunnel. With that completed, we’re now going to monitor Continue reading
Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management
Today's Heavy Networking thinks hard about how to manage security policy in modern IT infrastructure. We get into sources of truth, application modeling and application dictionaries, approval workflows, and more--all in the context of automation. Our guests are Ken Celenza and Brett Lykins from Network To Code.
The post Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management appeared first on Packet Pushers.
Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management
Today's Heavy Networking thinks hard about how to manage security policy in modern IT infrastructure. We get into sources of truth, application modeling and application dictionaries, approval workflows, and more--all in the context of automation. Our guests are Ken Celenza and Brett Lykins from Network To Code.Day Two Cloud 093: Application Modernization With VMware (Sponsored)
Today’s Day Two Cloud tackles application modernization with sponsor VMware. As new application platforms such as containers and the public cloud take hold, organizations need to examine their application portfolio to figure out how applications are meeting business requirements—and how they aren’t. The point of app modernization is to determine whether a new approach and […]
The post Day Two Cloud 093: Application Modernization With VMware (Sponsored) appeared first on Packet Pushers.
Day Two Cloud 093: Application Modernization With VMware (Sponsored)
Today’s Day Two Cloud tackles application modernization with sponsor VMware. As new application platforms such as containers and the public cloud take hold, organizations need to examine their application portfolio to figure out how applications are meeting business requirements—and how they aren’t. The point of app modernization is to determine whether a new approach and... Read more »Why Being A Late Technology Adopter Pays Off
As a technologist helping an organization form an IT strategy, I’m usually hesitant to recommend new tech. Why? Because it’s new. Adopting technology early in its lifecycle is a risky endeavor. For most organizations, I find that shiny new tech isn’t worth the risk.
Emerging products and protocols are often accompanied by great fanfare. Talks are delivered at conferences, whitepapers are written, and Gartner Cool Vendor designations are awarded. The idea is to make you and me believe that this new tech solves a problem in a novel way that’s never been done before. This is the thing we’ve been waiting for. This is so much better than it used to be in the bad old times. Right. I’m sure it is.
Despite my cynical tone, I am hopeful when it comes to new tech. I really am. In part, technologists are employed because of tech’s ever-changing landscape. But I am also dubious during any technology’s formative years. I take a wait-and-see approach, and I’ve never been sorry for doing so. I believe that being a late, not early, adopter of technology pays off for most organizations.
You Aren’t Stuck With Abandoned Tech
If you adopt early, you are hoping Continue reading
When Stretching Layer Two, Separate Your Fate
On the Packet Pushers YouTube channel, Jorge asks in response to Using VXLAN To Span One Data Center Across Two Locations…
TL;DR
That video is a couple of years old at this point, and I don’t recall the entire discussion. Here’s my answer at this moment in time. If DCI is required (and I argue that it shouldn’t be in most cases), look at VXLAN/EVPN. EVPN is supported by several vendors. If you are a multi-vendor shop, watch for EVPN inter-vendor compatibility problems. Also look for vendor EVPN guides discussing the use case of data center interconnect (DCI).
Also be aware (and beware) of vendor-proprietary DCI technologies like Cisco’s OTV. I recommend against investing in OTV and similar tech unless you already have hardware that can do it and can turn the feature on for free. Otherwise, my opinion, for what it’s worth, is to stick with an EVPN solution. EVPN is a standard that’s been running in production environments for Continue reading
Day Two Cloud 092: What AWS Lambda Is Good For
Today's Day Two Cloud podcast is a thorough introduction to AWS Lambda, which is AWS's serverless compute service. We discuss how Lamdba works, what it can do, use cases, and more. Our guide for today's conversation is Julian Wood, Senior Developer Advocate for the Serverless Product Group at AWS. This is not a sponsored show.
The post Day Two Cloud 092: What AWS Lambda Is Good For appeared first on Packet Pushers.
Day Two Cloud 092: What AWS Lambda Is Good For
Today's Day Two Cloud podcast is a thorough introduction to AWS Lambda, which is AWS's serverless compute service. We discuss how Lamdba works, what it can do, use cases, and more. Our guide for today's conversation is Julian Wood, Senior Developer Advocate for the Serverless Product Group at AWS. This is not a sponsored show.It’s Not What You Say. It’s How You’re Heard.
In written communication, technical people can sometimes come across as impolite. I see this on Slack (talking down), Twitter (the angry tweeter), in emails (blunt and terse), in blog comments (bitter sarcasm or pedantry), Hacker News discussions (aggressive confrontation), and other places IT builders gather online.
Perhaps you, as just such a technical person, don’t mean to be impolite. Maybe your focus is on efficiency. Get to the point. Say what needs saying, however it comes out. Click send. Job done. Go back to facepalming at the Swagger docs explaining this ill-considered API you need to use.
Here’s the problem with your communications approach. To the person receiving your missive, you might sound like you’re upset. Or tone-deaf. Or maybe just a jerk. You’re presumably none of those things, at least not intentionally. We’re all nice folks who want to get along with our fellow humans, right?
It’s not what you say. It’s how you’re heard.
You need to communicate in such a way that you’re heard as you mean to be heard. If you’re not good at this and want to be, you can improve your messaging.
Before hitting send, engage in role reversal. If you received a Continue reading
BiB100: Zero Trust With Araali Networks
Today’s briefing summary is about startup Araali Networks, one of the most interesting startups we’ve chatted with in a while. Abhishek Singh, CEO and co-founder, gave Ethan Banks and Drew Conry-Murray at Packet Pushers an overview of their approach to modern application security on March 31, 2021.
The post BiB100: Zero Trust With Araali Networks appeared first on Packet Pushers.
BiB100: Zero Trust With Araali Networks
Today’s briefing summary is about startup Araali Networks, one of the most interesting startups we’ve chatted with in a while. Abhishek Singh, CEO and co-founder, gave Ethan Banks and Drew Conry-Murray at Packet Pushers an overview of their approach to modern application security on March 31, 2021.Heavy Networking 571: Network Automation Workflows With Jenkins
Today on Heavy Networking, we talk about how to roll your own network automation workflow. Guest Steve Puluka has developed an automation workflow system that uses GitLab and Jenkins, among other tools, to make sure the network devices he supports are pure gold. We talk about how it works, and how you can put your own together.
The post Heavy Networking 571: Network Automation Workflows With Jenkins appeared first on Packet Pushers.
Heavy Networking 571: Network Automation Workflows With Jenkins
Today on Heavy Networking, we talk about how to roll your own network automation workflow. Guest Steve Puluka has developed an automation workflow system that uses GitLab and Jenkins, among other tools, to make sure the network devices he supports are pure gold. We talk about how it works, and how you can put your own together.Free Networking ArubaOS-CX Lab Image From Aruba Networks
This is a continuation of my post documenting hassle-free, virtualized network operating system images you can download for labbing and learning.
Aruba Networks (HPE) ArubaOS-CX
What is it?
While you probably think of wireless networking first when Aruba Networks comes up, ArubaOS-CX is a ground-up network operating system for switches built by the former HPE ProCurve team, if memory serves me correctly. Aruba has been a part of HPE for some time, and the networking folks within HPE fall under the Aruba hierarchy as I understand it.
I wrote an overview of ArubaOS-CX as part of a series on the Aruba 8400 switch launch back in October 2017.
Aruba offers a virtual version of ArubaOS-CX delivered as an OVA. You can use the OVA as-is, or extract the OVA tarball to get to the vmdk and convert the vmdk to a qcow2 image, all depending on what your hypervisor needs.
How do I obtain the image?
- Create an Aruba Support Portal account & log in via https://asp.arubanetworks.com/.
- Head to Software and Documents, currently https://asp.arubanetworks.com/downloads.
- In the left pane, filter on…
- File type: Software
- Product: Aruba Switches
- File Category: OVA
- Sort by: Version New To Old
- That Continue reading
Free Networking Lab Images From Arista, Cisco, nVidia (Cumulus)
Here’s my current list of no cost, minimal headache, easily obtainable networking images that work in a virtual lab environment such as EVE-NG or GNS3. My goal is to clearly document what these images are and how to obtain them, as this data is less obvious than I’d like.
I missed some. Probably a bunch. Let me know on the Packet Pushers Slack channel or Twitter DM, and I’ll do additional posts or update this list over time. Make sure your recommendations are for images which are freely available from the vendor for lab use with no licensing requirements or other strings attached. Use those same channels if you just want to tell me I’m wrong about whatever you come across in this post that’s…you know…wrong. I’m all about fixing the wrong stuff.
The list is vendor-neutral, sorted alphabetically. I have no personal allegiance to any of these operating systems. I’ve worked with both EOS and NX-OS in production environments. JUNOS, too, although I don’t have a Juniper virtual device on this list currently. I haven’t worked with Cumulus in production, although it’s been a passive interest for a while now.
Remember–configuration is the boring part. Select a NOS Continue reading
Don’t Be Complex When Simple Will Do
Let’s say you’re a consultant working on a couple of internet edge design projects.
In the first scenario, you are designing an internet connection for a factory.
- There are a few hundred workers who access AWS using the internet-as-WAN for critical apps related to factory operations.
- The factory is automated, and metrics related to production line health and performance are analyzed in AWS.
- There is an IoT network used for physical security that relies on an internet-based SaaS product to run reports and distribute alerts.
- A group of executives have offices at one end of the factory. Because of the pandemic, they don’t use them right now, but they do remotely access workstations with highly sensitive data that reside in those offices.
In the second scenario, you are designing an internet connection for an executive’s home.
- The executive has been working from home since the pandemic started, and finds the internet connection is unreliable for video calls. The video lags and gets pixelated. There are audio dropouts and audible jitter.
- The executive’s family members are also demanding internet users. The kids are in Zoom school. The spouse has a digital editing business and shares large files with clients.
Is It Illegal To Be Called “Engineer” Without Having An Engineering Degree?
Some engineers are called engineers because they went through a rigorous process recognized in their industry. The stuff they do tends to affect lives, and so the title of engineer is not awarded until a bunch of other people agree it’s deserved. Engineers in those disciplines sometimes take exception to IT engineers being called such, as there is no industry-wide process one follows to become an IT engineer. So should we be disallowed from using the term?
The post Is It Illegal To Be Called “Engineer” Without Having An Engineering Degree? appeared first on Packet Pushers.
You Can’t Think If You’re Always Thinking
On the March 25, 2021 edition of his Daily Check-In podcast, Ned Bellavance talks about feeling like he’s putting too many inputs into his brain, and not leaving enough time to hear his own thoughts. I have had similar concerns for myself.
I tend to have something going most of the time. Podcasts in the morning before settling into my office. Music during the day, typically something familiar or non-intrusive so that it’s not too distracting while I write and research. YouTube or a Boston Celtics basketball game in the evenings while I eat dinner and unwind from Zoomday. (Zoomday is everyday! 
) Before I go to bed, I read mentally engaging things. Books, a mix of fiction and non-fiction, currently Aldous Huxley’s Brave New World. Blogs like Astral Codex Ten plus a myriad of tech writers. When the sleepies finally hit, I turn off the glowing doom rectangle and hope my dreams aren’t unfathomable. Like the one two days ago where I was inside a commercial jet taxing rapidly through a city, the jet being chased by emergency vehicles that kept inexplicably bursting into flames. My dreams are fun. But I digress.
Like Ned outlined in his podcast, Continue reading