packetmischief.ca
Author Archives: packetmischief.ca
- Home → Author's archive:
packetmischief.ca
3 Ways to Fail at Logging with Flask
For the benefit of readers who haven't worked with Flask or don't know what Flask is, it's a so-called microframework for writing web-based applications in Python. Basically, the framework takes care of all the obvious tasks that are needed to run a web app. Things like talking HTTP to clients, routing incoming requests to the appropriate handler in the app, and formatting output to send back to the client in response to their request. When you use a framework like this, you as the developer can concentrate a lot more on the application logic and worry a lot less about hooking the app into the web.
As you may have guessed from the title of this post, one of the other tasks that Flask manages is logging within the application. For example, if you want to emit a log message when a user logs in or when they upload a new photo, Flask provides a simple interface to generate those log messages.
Flask has a large community of active users built around it and as a result, there's tons of best practice information out there on scaling, talking to a database, and even whole tutorials on how to Continue reading
Lifting the Hood on Cisco Software Defined Access
If you're an IT professional and you have at least a minimal awareness of what Cisco is doing in the market and you don't live under a rock, you would've heard about the major launch that took place in June: “The network. Intuitive.” The anchor solution to this launch is Cisco's Software Defined Access (SDA) in which the campus network becomes automated, highly secure, and highly scalable.
The launch of SDA is what's called a “Tier 1” launch where Cisco's corporate marketing muscle is fully exercised in order to generate as much attention and interest as possible. As a result, there's a lot of good high-level material floating around right now around SDA. What I'm going to do in this post is lift the hood on the solution and explain what makes the SDA network fabric actually work.
How I’ve Attempted to Blog More in 2017
This post has been sitting in the “drafts” folder for a while now. Clearly, since it's August and is therefore a little late to be deciding on a plan that is supposed to carry through all 12 months of 2017. Regardless, I think it's still worth sharing how I've attempted to increase the frequency of my blogging. My basic goal for 2017 is:
Create more content in 12 months than I ever have before in order to a) significantly build up the depth and breadth of knowledge on my blog, b) increase my skills as a writer, and c) continue to build this blog and the readership as a key part of my online persona and brand.
In order to achieve this goal, I've identified a couple of tactical objectives:
- Reduce the friction between me and the keyboard; make it possible to “just write”.
- Be able to “just write” anywhere. At home. On vacation. In a waiting room. On an airplane. I should also be able to start a post in one location and pick it up again in another. Indirectly this means I need to be able to write on any of my computers or mobile devices.
In order Continue reading
Troubleshooting Cisco Network Elements with the USE Method
I want to draw some attention to a new document I've written titled “Troubleshooting Cisco Network Elements with the USE Method". In it, I explain how I've taken a model for troubleshooting a complex system-the USE Method, by Brendan Gregg-and applied it to Cisco network devices. By applying the USE Method, a network engineer can perform methodical troubleshooting of a network element in order to determine why the NE is not performing/acting/functioning as it should.Troubleshooting Cisco Network Elements with the USE Method
The USE Method is a model for troubleshooting a system that is in distress when you don't know exactly what the nature of the problem is. For example, if users within a specific part of your network are complaining of slowness, disconnects and poor application performance, you can probably isolate your troubleshooting to 2-3 switches or routers. However, since the problem description is so vague (we all love the “it's slow!Tools for TE with EIGRP
In response to my article about what would cause a directly connected route to be overridden, Matt Love (@showflogi) made a good observation:
Good stuff - LPM rule can be a useful tool if you want to manipulate paths without mucking with metrics, esp if using multiple protocols
— Matt Love (@checktheroads) July 13, 2017
What Matt is saying is that longest prefix match (LPM) is a mechanism that can be used to steer traffic around the network in order to meet a technical or business need. This type of traffic steering is called traffic engineering (TE).
When is a Connected Route Not Used?
I ran into this situation on a recent project and thought it would make an excellent question on an exam. It could be worded something like this:
What is the behavior of a router or Layer 3 switch when a dynamic route is learned that partially overlaps with a directly connected network?
- The router reboots
- The network reboots
- That's um-possible
- None of the above
Reflecting On My First Cisco Live! Presentation
Well, I got to tick a big item off my list of goals last week. I successfully delivered a presentation at Cisco Live! in front of a large group of people. It didn't kill me and I didn't trip over anything and embarrass myself so no matter what, I have those two points to feel good about :-)
Me starting my presentation
All joking aside, it actually went a whole lot better than that.
OpenVPN 2.3.17 on OpenBSD 6.0
On Jun 21, the OpenVPN team released an update for the 2.3.x and 2.4.x branches that resolved some newly discovered security vulnerabilities. The OpenVPN team recommends that users “upgrade to OpenVPN 2.4.3 or 2.3.17 as soon as possible". OpenBSD 6.0-which was released Sep 1 2016 and is still receiving security updates to the base system as per OpenBSD's policy-shipped with a package for OpenVPN 2.3.11. Below you will find a patch and instructions for using the ports system to upgrade to version 2.I Will Be Presenting For the First Time at CLUS 2017!
Well, it looks like another major item will get struck from my bucket list this year. I've been accepted to present at Cisco Live in Las Vegas this summer! ? This session is designed to walk through an enterprise network and look at how EIGRP can be engineered with purpose to best suit the needs of the different areas of the network. I will focus a lot on stability and scaling EIGRP and will show the audience how, where, and when to leverage common EIGRP features such as summarization, fast timers, BFD, and wide metrics.Five Functional Facts About OSPF
It's funny, in my experience, OSPF is the most widely used interior gateway protocol because it “just works” and it's an IETF standard which means it inter-ops between different vendors and platforms. However, if you really start to look at how OSPF works, you realize it's actually a highly complex protocol. So on the one hand you get a protocol that likely works across your whole environment, regardless of vendor/platform, but on the other you're implementing a lot of complexity in your control plane which may not be intuitive to troubleshoot.
This post isn't a judgement about OSPF or link-state protocols in general. Instead it will detail five functional aspects of OSPF in order to reveal-at least in part-how this protocol works, and indirectly, some of the complexity lying under the hood.
Why I Enthusiastically Switched from Cacti to Zabbix for System Monitoring
Cacti is a “complete network graphing solution” according to their website. It has also been a thorn in my side for a long time.
See what I did there? Thorn… because it's a cactus… never mind.
When Cacti is in a steady state-when I could get it to a steady state-it was good. Not great, because there was a lot of effort to get it into what I consider “steady state”, but good. The rest of the time… thorny.
There are five major things that have driven me up the wall. In no particular order:
How I Relearned the Consequences of Improper Monitoring
I had just lost the RAID array that hosts my ESXi data store. I didn't yet know that's what had happened, but with some investigation, some embarrassment, and a bit of swearing, I would find out that an oversight on my part three years ago would lead to this happening.
Big Changes in 2017
This past June when I was in North Carolina at Cisco's CPOC lab, I learned that there was a chance-albeit a slim one, but a chance nonetheless-that a position would be opening up on the CPOC team in the fall. By that point I had been to CPOC three times and knew many of the engineers who worked there. I spoke to them to get their feedback, met with the newly-hired manager of the team, and just generally did all the things I thought I should be doing to take advantage of my time being face to face with these folks.My Personal Look Back on 2016
I haven't ever written a “year in review” type of post before. Sure, I do a post to summarize how the blog has done over the year but I've never done a personal look back. Last night-New Years Eve-I was thinking about everything that I was involved in during 2016 and I realized “I should write this down! I was involved in or a participant of some amazing things last year!”
So here we go. In an effort to show a more personal side and not just my geeky side, here is my personal 2016 year in review.
2016 End of Year Blog Statistics
Happy New Year! I just realized the other day that this blog turned 5 years old in 2016. It's been a lot of fun and has paid me back for my time in terms of building my brand and being a means to explore and learn new topics. I have plans to put more focus on my writing in 2017 and reduce the friction between starting with a blank page and hitting that “Publish” button.
Anyways! Here's a look back at 2016 on packetmischief.ca.
OpenBSD on the Sixth Generation Intel NUC
Sixth Generation Intel NUC
I recently decided it would be fun to upgrade the hardware on my main OpenBSD machine at home (because, you know, geek). These Intel NUC machines are pretty interesting. They are pretty powerful, support a decent amount of RAM, certain models support internal storage, and they are very low power and low noise. Perfect for a machine that is a shell/email/development box.
L3 vPC Support on Nexus 5k
So… I'm a little embarrased to admit this but I only very recently found out that there are significant differences in how Virtual Port Channels (vPC) behave on the Nexus 5k vs the Nexus 7k when it comes to forming routing adjacencies over the vPC.
Take the title literally!
I've read the vPC Best Practice whitepaper and have often referred
others to it and also referred back to it myself from time to time. What I failed to realize is that I should've been taking the title of this paper more literally: it is 100% specific to the Nexus 7k. The behaviors the paper describes, particularly around the data plane loop prevention protections for packets crossing the vPC peer-link, are specific to the n7k and are not necessarily repeated on the n5k.
So Your Username and Password Where in a Data Dump. Now What?
Whether it's Dropbox, LinkedIn, MySpace, PlayStation, or whatever the latest breach happens to be, it's almost inevitable that you will be caught up in one of these breaches and have your username, password and possibly other information exposed in a data dump. Here's how to respond when that happens.
SSH Agent on OS X
There's a lot of information on the intertoobs about getting ssh-agent “working” in OS X and even more articles about when and how the stock behavior of ssh-agent changed (mostly with respect to how ssh-agent interacted with the Keychain).
This article doesn't cover or care about any of that.
This article is concerned with:
- Enabling ssh-agent in such a way that I can “ssh-add” in one terminal window and that same agent (and the loaded keys) is available in all of my other terminal windows.
- Enabling use of ssh-agent from MacPorts and/or Homebrew and not the older ssh-agent that OS X ships with in /usr/bin.
- To avoid having to put my keys in the Keychain (just a matter of preference).