Ethan Banks

Author Archives: Ethan Banks

Heavy Networking 585: From Help Desk To Network Automation Engineer In 5 Years

Curt Norris started his career as an IT support specialist. Five years later he's an automation engineer. On today's Heavy Networking we discuss his career journey including milestones, ongoing learning, the pros and cons of mentorship, whether a degree makes a difference, and more.

The post Heavy Networking 585: From Help Desk To Network Automation Engineer In 5 Years appeared first on Packet Pushers.

Heavy Networking 584: Optimize Your Peering With Crosswork Cloud Traffic Analysis (Sponsored)

Today's Heavy Networking explores Crosswork Cloud Traffic Analysis from episode sponsor Cisco. This tool is designed to make you deeply knowledgeable about your BGP peering relationships and traffic flows throughout your infrastructure. It will also recommend the routing tweaks in your IGPs, BGP, RSVP-TE, and segment routing to eliminate those pesky congestion points. We also discuss the pros and cons of putting network management capabilities in the cloud.

The post Heavy Networking 584: Optimize Your Peering With Crosswork Cloud Traffic Analysis (Sponsored) appeared first on Packet Pushers.

Day Two Cloud 102: Edge Cloud Isn’t Magic

Today we're talking Edge Cloud. Guest Alex Marcham has written a book on the subject and we'll get his take on edge infrastructure, what edge cloud is all about, real-world use cases, and how it differs from typical colo facilities or centralized public cloud data centers. We also look at requirements for edge deployments including networking and 5G, and the workloads driving edge infrastructure.

The post Day Two Cloud 102: Edge Cloud Isn’t Magic appeared first on Packet Pushers.

Day Two Cloud 101: Closing The Network/Cloud Gap Before You Fall In (Sponsored)

On today's episode, sponsored by BlueCat Networks, we examine the technology and human challenges that arise when you integrate on-prem and the public cloud. You can't continue to do things in the cloud with traditional toolsets and processes. You need to update the tech and the people, including how they collaborate. We also discuss a new report that examines the need for, and challenges of, integrating networking and cloud teams. Our guest is Andrew Wertkin, Chief Strategy Officer at BlueCat.

The post Day Two Cloud 101: Closing The Network/Cloud Gap Before You Fall In (Sponsored) appeared first on Packet Pushers.

Heavy Networking 581: How Gluware Lab Brings DevOps To NetOps (Sponsored)

On today's Heavy Networking, we get practical with infrastructure-as-code, talking with sponsor Gluware about how their users have integrated network automation into their IT practices, bringing DevOps to NetOps. We also explore Gluware Lab, an IDE for network engineers can develop network features and workflows. Our guests are Olivier Huynh Van, Chief Science Officer and Co-Founder; and Michael Haugh, VP of Product Marketing.

The post Heavy Networking 581: How Gluware Lab Brings DevOps To NetOps (Sponsored) appeared first on Packet Pushers.

Heavy Networking 580: Multivendor EVPN? Nope

Today's Heavy Networking is a nerdy excursion into EVPN VXLAN, including how it works, why you might want it, and why multivendor interoperability is so difficult with this standard. Guest Tony Bourke and host Ethan Banks also explore hardware challenges, automation strategies, EVPN flooding mechanisms, BGP multi-homing, and more.

The post Heavy Networking 580: Multivendor EVPN? Nope appeared first on Packet Pushers.

How Upgrading PHP On WordPress Became *It Was DNS*-An IT Operations Tale

The server needed a PHP update. WordPress told me so with a severe-sounding notification adorned with red coloration, a security warning, boldface type, and a link explaining how to change the PHP version. I sighed. Security issues never end, and I have a recurring reminder in my todo list to patch the Virtual Private Server (VPS) boxes I shepherd.

But this PHP issue…hmm. This felt like a bigger deal, and many sites I support lean heavily into WordPress. Rather than wait for the next regular patching session, I decided to get on it. I did a process test on one server, a lower profile machine that wouldn’t hurt too much if things went awry. The goal was to move from PHP 7.2.insecure to PHP 7.4.secure. How hard could it be?

Most of the search engine hits for “upgrade PHP on WordPress” told me to go into CPanel or a similar tool my hosting provider might offer to abstract what’s going on with the server itself. That’s not what I was looking for, because I manage my own hosts. I needed to know how to reconfigure the host itself. The OS packages to install. The conf files Continue reading

Day Two Cloud 098: Cloud Centers Of Excellence – Should You Have One?

A fractured cloud strategy causes headaches such as duplicated services, unnecessary costs, poor security controls, and other problems. A cloud center of excellence can reduce the pain by developing and championing best practices, socializing adoption, and addressing inevitable exceptions. Fred Chagnon visits the Day Two Cloud podcast to advocate for building a cloud center of excellence in your org.

The post Day Two Cloud 098: Cloud Centers Of Excellence – Should You Have One? appeared first on Packet Pushers.

Heavy Networking 578: When Your Homegrown Tool Becomes Essential To The Team

Lots of network engineers develop tools to help them automate tasks. What happens if you build something so useful it becomes adopted in your organization? Ivan Del Rio, Senior IP Engineer at DQE Communications, stops by the podcast to talk about a tool he built to automate some of his own tasks that is now being widely used. He discusses how and why he built the tool, and how supporting and developing the tool affects his day-to-day responsibilities.

The post Heavy Networking 578: When Your Homegrown Tool Becomes Essential To The Team appeared first on Packet Pushers.

Is Sticking With A Networking Vendor As Risky As Changing?

The networking industry has had a bumper crop of startup companies including a few unicorns, new and novel solutions, and fresh standards-driven tech in the last decade. There’s been enough churn that you’d think the landscape would be unrecognizable from what it was ten years back. And yet, a dominant vendor supplying networks to enterprises remains Cisco.

Data networking folks sometimes wonder why Cisco remains such a dominant force after all these years. With all the churn in the industry, with all the fancy new products, companies and approaches, with the cloud changing how computing is done, and with software eating the world, there are many more options than Cisco to meet networking needs. Of course, Cisco has always had competition. Cisco’s never gotten 100% of the pie, but, depending on market segment, there’s rarely been a second juggernaut in the enterprise networking space. The choice has typically been between Cisco and everyone else.

But in 2021, the networking market is increasingly fragmented with more startups than I’ve even heard of chasing after slivers of the diverse networking pie. Sure, that impacts Cisco. Still, Cisco tends to dominate, even if their share isn’t quite what it was depending on which Continue reading

Learning In Public Helps Everyone

The tradition of technology blogging is built on the idea of learning in public, something Matt’s encouraging with Red Hat’s Enable Architect blog linked in his tweet above. We encourage it at Packet Pushers, too. We think everyone has at least one blog post in them worth sharing with the community. Let us know, and we’ll set you up with an author account.

Starting a blog, especially for the technically savvy, is not overly difficult, though. Maybe Matt and I are hoping to make it even easier to share by offering our platforms, but I don’t think the time it takes to stand up a blog is necessarily the barrier.

I think the biggest barrier is the “in public” part. Architects and engineers tend to be introverts who are at times unsure of themselves. We don’t want to be learning in public. We want to be left alone to figure it out. When we’ve figured it out, maybe then will we share, once we’re supremely confident that we’ve got it 110% right. We just don’t Continue reading

Tech Bytes: Unifying Cloud Automation And Network Infrastructure With Gluware (Sponsored)

In this Tech Byte podcast, sponsored by Gluware, we explore the latest features and capabilities in the Gluware network automation and orchestration platform, including an API-based controller to work with SD-WAN, and Terraform integration to support infrastructure automation across public clouds.

The post Tech Bytes: Unifying Cloud Automation And Network Infrastructure With Gluware (Sponsored) appeared first on Packet Pushers.

If You Haven’t Checked Your Backups, They Probably Aren’t Working

This is a pleasant reminder to check your backups. I don’t mean, “Hey, did the backup run last night? Yes? Then all is well.” That’s slightly better than nothing, but not really what you’re checking for. Instead, you’re determining your ability to return a system to a known state by verifying your backups regularly.

Backups are a key part of disaster recovery, where modern disasters include ransomware, catastrophic public cloud failures, and asset exposure by accidental secrets posting.

For folks in IT operations such as network engineers, systems to be concerned about include network devices such as routers, switches, firewalls, load balancers, and VPN concentrators. Public cloud network artifacts also matter. Automation systems matter, too. And don’t forget about special systems like policy engines, SDN controllers, wifi controllers, network monitoring, AAA, and…you get the idea.

Don’t confuse resiliency for backup.

When I talk about backups, I’m talking about having known good copies of crucial data that exist independently of the systems they normally live on.

  • Distributed storage is not backup.
  • A cluster is not backup.
  • An active/active application delivery system spread over geographically diverse data centers is not backup.

The points above are examples of distributed computing. Distributed computing Continue reading

A Networking Perspective On Zero Trust Architecture (ZTA)

Zero Trust Architecture (ZTA) is a security point of view that has gathered enough momentum in 2020 and 2021 to frequently appear in marketing literature. The big idea of zero trust in network computing is roughly, “I confidently know who you are and have applied an appropriate security policy, but I still don’t trust you.”

My understanding of ZTA continues to evolve. This post represents my understanding today, with an emphasis on what ZTA means for network engineers.

How Is ZTA Different From Firewall Rules?

At first glance, zero trust sounds mostly like a firewall policy. Of course I don’t trust you. That’s why we apply all these filtering rules to the VPN tunnel, network interface, etc. Yes, but simple filtering implies a level of trust. The trust comes in the assumption that if you get through the filter, what you’re saying is trustworthy.

Zero trust does away with that assumption. For example…

  1. ZTA could mean that just because a VPN user passed a complex authentication scheme, their transactions are not assumed to be wholesome. Well done–your username and password check out, and we’ve applied a filtering policy to your tunnel. With that completed, we’re now going to monitor Continue reading

Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management

Today's Heavy Networking thinks hard about how to manage security policy in modern IT infrastructure. We get into sources of truth, application modeling and application dictionaries, approval workflows, and more--all in the context of automation. Our guests are Ken Celenza and Brett Lykins from Network To Code.

The post Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management appeared first on Packet Pushers.

Day Two Cloud 093: Application Modernization With VMware (Sponsored)

Today’s Day Two Cloud tackles application modernization with sponsor VMware. As new application platforms such as containers and the public cloud take hold, organizations need to examine their application portfolio to figure out how  applications are meeting business requirements—and how they aren’t. The point of app modernization is to determine whether a new approach and […]

The post Day Two Cloud 093: Application Modernization With VMware (Sponsored) appeared first on Packet Pushers.

Why Being A Late Technology Adopter Pays Off

As a technologist helping an organization form an IT strategy, I’m usually hesitant to recommend new tech. Why? Because it’s new. Adopting technology early in its lifecycle is a risky endeavor. For most organizations, I find that shiny new tech isn’t worth the risk.

Emerging products and protocols are often accompanied by great fanfare. Talks are delivered at conferences, whitepapers are written, and Gartner Cool Vendor designations are awarded. The idea is to make you and me believe that this new tech solves a problem in a novel way that’s never been done before. This is the thing we’ve been waiting for. This is so much better than it used to be in the bad old times. Right. I’m sure it is.

Despite my cynical tone, I am hopeful when it comes to new tech. I really am. In part, technologists are employed because of tech’s ever-changing landscape. But I am also dubious during any technology’s formative years. I take a wait-and-see approach, and I’ve never been sorry for doing so. I believe that being a late, not early, adopter of technology pays off for most organizations.

You Aren’t Stuck With Abandoned Tech

If you adopt early, you are hoping Continue reading

When Stretching Layer Two, Separate Your Fate

On the Packet Pushers YouTube channel, Jorge asks in response to Using VXLAN To Span One Data Center Across Two Locations

if stretching the layer 2 is not recommended, then what is the recommendation if you need to fault over to a different physical location and still got to keep the same IP addresses for mission critical applications?

TL;DR

That video is a couple of years old at this point, and I don’t recall the entire discussion. Here’s my answer at this moment in time. If DCI is required (and I argue that it shouldn’t be in most cases), look at VXLAN/EVPN. EVPN is supported by several vendors. If you are a multi-vendor shop, watch for EVPN inter-vendor compatibility problems. Also look for vendor EVPN guides discussing the use case of data center interconnect (DCI).

Also be aware (and beware) of vendor-proprietary DCI technologies like Cisco’s OTV. I recommend against investing in OTV and similar tech unless you already have hardware that can do it and can turn the feature on for free. Otherwise, my opinion, for what it’s worth, is to stick with an EVPN solution. EVPN is a standard that’s been running in production environments for Continue reading

Day Two Cloud 092: What AWS Lambda Is Good For

Today's Day Two Cloud podcast is a thorough introduction to AWS Lambda, which is AWS's serverless compute service. We discuss how Lamdba works, what it can do, use cases, and more. Our guide for today's conversation is Julian Wood, Senior Developer Advocate for the Serverless Product Group at AWS. This is not a sponsored show.

The post Day Two Cloud 092: What AWS Lambda Is Good For appeared first on Packet Pushers.