The BackBox network automation platform comes with many pre-built functions to make routine tasks performed by network administrators simple & foolproof. In this demo, BackBox’s Senior Product Manager Perry Greenwood shows Packet Pushers’ Ethan Banks how to automate network device upgrades using BackBox. We look at the entire lifecycle of the upgrade process, including scheduling, […]
The post Demo Bytes: Upgrading Network Devices With BackBox – Video appeared first on Packet Pushers.
Dell Technologies and VMware have partnered on a turnkey HCI-based VxRail solution that integrates VMware’s vSphere Distributed Services Engine and DPU hardware from NVIDIA and AMD Pensando. In this video, Ethan Banks from the Packet Pushers and Joseph White, Fellow at Dell Technologies, discuss how the software and hardware come together to take advantage of […]
The post Building A Turnkey DPU Solution – Packet Pushers Livestream With Dell Technologies – Video appeared first on Packet Pushers.
As a network operator, I want to describe in plain language what I need a network to do, and the network is configured accordingly. Then I want the network to monitor itself, and when things aren’t going well, the network will repair itself with no involvement from me. Hey, daydreaming is fun.
In the real world, plain language describing my network requirements isn’t going to conjure a relevant network. I must perform hard work to create a network design that’s useful for a business. I have to think through issues like capacity needs under peak load, redundancy to survive a network failure, and resiliency to support business operations in the face of a catastrophic outage. I need to understand individual application requirements, and be sure the network can support those requirements. I have to consider modularity, repeatability, and supportability. I must work within a budget.
My design will translate into an arcane collection of devices, interfaces, interconnections, protocols, and topologies. I’ll rely on education, experience, and experimentation to fine-tune the design, and then I’ll put it into production. Depending on your personality, this arduous task likely falls somewhere between “fun” and “frightening” for you. But no matter who you are, Continue reading
My boss stepped into our shared cubicle space and rested his arm on top of the fabric wall. He peered down at me. “Hey.” He always started with a quiet “hey” when he was about to ask me to do something new. I glanced at my whiteboard filled with projects and statuses, and steeled myself for the fresh request.
“Hey. I just got out of a meeting with Lewis.” I groaned inwardly. Lewis was my boss’s boss, and while Lewis was a fantastic human being, meetings with him were usually in the context of projects. Big ones. I put on a fake smile to mask creeping despair. “Oh? How did that go?”
My boss ripped off the band-aid. “Lewis wants a monthly summary from everyone of what they’ve been doing. So, on the last Friday of the month, make sure you have all your project statuses updated, including key milestones. Your whiteboard is great for you and me since we share this space, but now you’re going to need to log your statuses into the project database.” He smirked. “Like a big boy.”
I died a little inside. One of the reasons I’d left consulting Continue reading
When reading marketing literature as an engineer, you must always be careful to parse the words correctly. For example, I was reviewing a vendor’s pitch deck on a new hardware switch. The switch was described as having the following attributes.
From an engineering perspective, nothing of value has been described to you in that list.
I have no idea what they are trying to get at with cloud-native. I can think of no greater antithesis to “cloud-native” than a chunk of hardware you bolt into a rack to do network things. Someone on Twitter suggested that because the switch supports ZTP, it’s cloud-native…which, if so, is comedy gold.
AI-driven means…what, exactly? That there is some AI on the switch itself doing data analysis and changing the network configuration in response to whatever the algorithm thinks is best? It could mean that, although then we’d have to discuss what’s meant by AI, whether or not the “AI” is happening off- or on-box, and why that’s different from software-defined.
Secure is a word you sprinkle over every technology product. Because of course it’s secure. But again, what does secure mean in this context? That the switch was built Continue reading
This post originally appeared on the Packet Pushers’ Ignition site on March 24, 2020. In both OSPFv2 (IPv4) and OSPFv3 (IPv6), the router ID (RID) is a 32-bit number assigned to the router. The RID must be unique within the OSPF network, as a RID provides a point of origin for link state advertisements (LSAs). […]
The post Understanding OSPF Router ID (RID) Assignment appeared first on Packet Pushers.
ED, HIS TLS COURSE, AND THE FREE OPENSSL CHEATSHEET Twitter @ed_pracnet https://practicalnetworking.net Practical TLS course: https://pracnet.net/tls OpenSSL Cheatsheet: https://pracnet.net/openssl FILES FOR THE CERT/KEY MATCHING EXERCISE: ZIP VERSION: packetpushers-pracnet-openssl.zip https://ln5.sync.com/dl/1f1f63d90/kqztwkp9-hkcz3yvq-tuzx79ke-aewxgaip TAR.GZ VERSION: packetpushers-pracnet-openssl.tar.gz https://ln5.sync.com/dl/0791b8d50/q973jpyb-qrmz3cpd-xeiar9zn-qu99gi5w FOR MORE INFO Hashing, Hashing Algorithms, and Collisions – Cryptography Symmetric Encryption vs Asymmetric Encryption Public & Private Keys – Signatures & […]
The post Using OpenSSL With Ed Harmoush 6/6 Troubleshooting: Client Side Certificate Issues – Video appeared first on Packet Pushers.
ED, HIS TLS COURSE, AND THE FREE OPENSSL CHEATSHEET Twitter @ed_pracnet https://practicalnetworking.net Practical TLS course: https://pracnet.net/tls OpenSSL Cheatsheet: https://pracnet.net/openssl FILES FOR THE CERT/KEY MATCHING EXERCISE: ZIP VERSION: packetpushers-pracnet-openssl.zip https://ln5.sync.com/dl/1f1f63d90/kqztwkp9-hkcz3yvq-tuzx79ke-aewxgaip TAR.GZ VERSION: packetpushers-pracnet-openssl.tar.gz https://ln5.sync.com/dl/0791b8d50/q973jpyb-qrmz3cpd-xeiar9zn-qu99gi5w FOR MORE INFO Hashing, Hashing Algorithms, and Collisions – Cryptography Symmetric Encryption vs Asymmetric Encryption Public & Private Keys – Signatures & […]
The post Using OpenSSL With Ed Harmoush 5/6 Inspecting Certificates: Invalid Certificates – Video appeared first on Packet Pushers.
ED, HIS TLS COURSE, AND THE FREE OPENSSL CHEATSHEET Twitter @ed_pracnet https://practicalnetworking.net Practical TLS course: https://pracnet.net/tls OpenSSL Cheatsheet: https://pracnet.net/openssl FILES FOR THE CERT/KEY MATCHING EXERCISE: ZIP VERSION: packetpushers-pracnet-openssl.zip https://ln5.sync.com/dl/1f1f63d90/kqztwkp9-hkcz3yvq-tuzx79ke-aewxgaip TAR.GZ VERSION: packetpushers-pracnet-openssl.tar.gz https://ln5.sync.com/dl/0791b8d50/q973jpyb-qrmz3cpd-xeiar9zn-qu99gi5w FOR MORE INFO Hashing, Hashing Algorithms, and Collisions – Cryptography Symmetric Encryption vs Asymmetric Encryption Public & Private Keys – Signatures & […]
The post Using OpenSSL With Ed Harmoush 4/6 Inspecting Certificates: Valid Certificates – Video appeared first on Packet Pushers.
ED, HIS TLS COURSE, AND THE FREE OPENSSL CHEATSHEET Twitter @ed_pracnet https://practicalnetworking.net Practical TLS course: https://pracnet.net/tls OpenSSL Cheatsheet: https://pracnet.net/openssl FILES FOR THE CERT/KEY MATCHING EXERCISE: ZIP VERSION: packetpushers-pracnet-openssl.zip https://ln5.sync.com/dl/1f1f63d90/kqztwkp9-hkcz3yvq-tuzx79ke-aewxgaip TAR.GZ VERSION: packetpushers-pracnet-openssl.tar.gz https://ln5.sync.com/dl/0791b8d50/q973jpyb-qrmz3cpd-xeiar9zn-qu99gi5w FOR MORE INFO Hashing, Hashing Algorithms, and Collisions – Cryptography Symmetric Encryption vs Asymmetric Encryption Public & Private Keys – Signatures & […]
The post Using OpenSSL with Ed Harmoush 3/6 Troubleshooting: Matching Keys To Certificates – Video appeared first on Packet Pushers.
ED, HIS TLS COURSE, AND THE FREE OPENSSL CHEATSHEET Twitter @ed_pracnet https://practicalnetworking.net Practical TLS course: https://pracnet.net/tls OpenSSL Cheatsheet: https://pracnet.net/openssl FILES FOR THE CERT/KEY MATCHING EXERCISE: ZIP VERSION: packetpushers-pracnet-openssl.zip https://ln5.sync.com/dl/1f1f63d90/kqztwkp9-hkcz3yvq-tuzx79ke-aewxgaip TAR.GZ VERSION: packetpushers-pracnet-openssl.tar.gz https://ln5.sync.com/dl/0791b8d50/q973jpyb-qrmz3cpd-xeiar9zn-qu99gi5w FOR MORE INFO Hashing, Hashing Algorithms, and Collisions – Cryptography Symmetric Encryption vs Asymmetric Encryption Public & Private Keys – Signatures & […]
The post Using OpenSSL with Ed Harmoush 2/6 Generating Certificates – Video appeared first on Packet Pushers.
I’m attending Cisco Live US 2022 in Las Vegas this June. I’ll be there on the Explorer Pass, crawling the World Of Solutions and chatting with anyone and everyone my introverted nature can handle. If you’ll be there and want to meet up, DM me on Twitter or ping me on LinkedIn.
I’m especially looking to connect with…
The networking & cloud community. Maybe you listen to a podcast I host or read something I wrote and want to meet up. Yup, I’m all for that. Let’s do it. I’m always looking for new podcast guests, so if you’ve got a story to tell or opinion to share, let’s discuss. No pressure, though. I’d be just as happy to shake hands bump air-gapped fists and make your acquaintance.
Vendors with new shinies. Brief me on your latest and greatest. Show off your nifty thing.
Stealth companies getting close to launch. I focus on IT operations and infrastructure–networking and cloud especially. I’d like to hear about what you’re coming to market with.
For many years, I’ve been working with B2B IT vendors who sponsor content with my company to market their offerings. My co-founder and I have learned many lessons–some the hard way–about dealing with these vendors and the content they create with us.
In this article, I’ll focus on handling a specific scenario. You’ve got a niche blog where you write as a deeply technical expert in a IT field such as cloud, networking, storage, development, or security. Your audience is made up of fellow nerds in similar orbits. You’ve been writing for years, and have developed a faithful audience who reads most of your stuff. After all this time, a real-deal vendor appears, wanting to place a sponsored blog post on your hallowed site. Now what?
You might think the sponsored content itself would be the most complicated part, and that once you hit publish, you’re mostly done. Not really. Back end logistics will likely take up more of your time. There are other considerations, too. Consider them carefully before trying to monetize your blogging hobby.
If this is your first sponsored post, you might feel weird about it. The temptation can be to hide Continue reading
When parsing Apache web server logs on Linux, I find it interesting to monitor access requests resulting in HTTP status codes other than 200s. An HTTP status code in the 200s mean the request was successful, and hey–that’s boring.
I want to see the requests that my dear Apache instance is upset about. So the question becomes…how do I filter the logs to show me every entry that doesn’t have a status code in the 200s?
Let’s back our way into this. We’ll start with the answer, then explain how we got there.
This CLI incantation will get the job done.
sudo grep -E '\" [1345][01235][0-9] [[:digit:]]{1,8} \"' /var/log/apache2/access.log
If you’d like to watch the log entries scroll by in real time, try this.
sudo tail -f /var/log/apache2/access.log | grep -E '\" [1345][01235][0-9] [[:digit:]]{1,8} \"'
Let’s focus on the regular expression (regex) grep is using to find the matches. In plain English, the grep utility is using an extended -E regex to display all lines in the file /var/log/apache2/access.log matching the regex.
The regex portion of the command is as follows.
'\" [1345][01235][0-9] [[:digit:]]{1,8} \"'
The regex is enclosed in single quotes Continue reading
Fantastical Openings can’t replace Calendly for my scheduling needs yet, but it’s close.
I use Calendly so that folks can schedule me for appointments. I send people a Calendly link, and they choose an available time slot. Calendly creates calendar invitations and sends them to me and the requestor. Calendly also integrates with Zoom, so that an invite comes with a Zoom meeting already attached.
In my years of Calendly use, I’ve found it to be…
I also use Fantastical by Flexibits. In my few months as a Fantastical user, I’ve found it to be…
Start that business. You have sufficient technical & business skills, and you can figure out what you don’t know. Take the chance now while you have little at risk.
You’re not the standard everyone else is supposed to live up to. Work on your own faults. They are legion.
Your boss is your boss for a reason. You’re not the boss for a reason, too. When you understand and accept those reasons, you’ll reduce the workplace friction you keep experiencing.
Meritocracy doesn’t mean what you think it means. Being good at your job doesn’t mean you deserve a promotion.
More responsibility comes easy, because no one wants it. More compensation comes hard, because everyone wants it.
Business owners who cheat their partners & customers will cheat their employees, too. Run at the first sign of dishonest business dealings.
Define your goals so you know when you’ve reached them. Otherwise, you’ll exhaust yourself with endless effort.
You are your own worst critic. Take yourself less seriously.
When you work for someone else, you are a replaceable component in a larger machine. This is by design.
You don’t Continue reading
When running ‘apt update’ on Ubuntu 18.04 to prepare for routine system patching, the system kicked back the following error.
N: Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository
'http://nginx.org/packages/ubuntu bionic InRelease' doesn't support architecture 'i386'
The issue is that the existing sources list file for NGINX has gone stale, and appears to be requesting the i386 package. NGINX does not support i386 on Ubuntu 18.04 (Bionic). The solution is to update the sources list file for NGINX.
deb http://nginx.org/packages/ubuntu bionic nginx
deb [arch=amd64] http://nginx.org/packages/mainline/ubuntu/ bionic nginx
After this change, the error should be gone when running ‘apt update’.
NGINX update issue (Ubuntu 18.04 Bionic) – Vesta Control Panel Forum
Ubuntu Server 18.04 Nginx i386 – StackOverflow
Python gives you the ability to write a bit of code and the call that code as a function. You can call the function from within the same script where the function is defined, or you can save the function in a separate script and then import the function inside of other scripts.
Writing and calling functions is a key component of the Don’t Repeat Yourself (DRY) principle of software development. Creating a function in a single script and calling that function from other scripts is preferable to performing copypasta of the same bit of code throughout several scripts. When a function lives in a single script, it only needs to be updated in that one place when it inevitably needs updating.
While Python functions can perform isolated tasks, my typical use cases send values into the function and receive a value returned from the function. In this example, I’ll import a Python function used to refresh an access token required to authenticate to a remote API endpoint. I’ll pass other tokens required to refresh the access token into the function, and the function will return the refreshed access token back to the calling script.
The names of Continue reading
If there’s an IPv6 netblock you’d like your host to stop responding to, one tactic is to blackhole the traffic. That is, send any traffic from your host destined to the troublesome IPv6 netblock into a blackhole. Blackholes are also called null routes.
Let’s say I’m getting repeated SQL injection attacks from various hosts in IPv6 block 2a09:8700:1::/48. Just a totally random example with no basis in reality whatsoever, whoever you are in Belize. There are various ways I can defend against this, but one (sorta ugly) option (I don’t actually recommend, read to the bottom to see my logic) is to create a blackhole aka a null route.
On many flavors of Linux, including Ubuntu 18.04, 20.04, and 22.04, I can accomplish this task with the ip route utility. Let’s take a look at our existing host routing table.
user@host:~$ ip route
default via 123.94.146.1 dev enp1s0 proto dhcp src 123.94.146.227 metric 100
169.254.169.254 via 123.94.146.1 dev enp1s0 proto dhcp src 123.94.146.227 metric 100
123.94.146.0/23 dev enp1s0 proto kernel scope link src 123.94.146. Continue reading
An ‘r’ before a string tells the Python interpreter to treat backslashes as a literal (raw) character. Normally, Python uses backslashes as escape characters. Prefacing the string definition with ‘r’ is a useful way to define a string where you need the backslash to be an actual backslash and not part of an escape code that means something else in the string.
1. In this example, Python will interpret each ‘\t’ found in this string as a tab. That is, the backslash+t is interpreted as an escape sequence with a special purpose.
>>> 'path\to\the\thing' 'path\to\the\thing' >>> print('path\to\the\thing') path o he hing >>>
2. By adding the leading r, Python will know that the backslashes are to be interpreted as literal characters and not escape sequences. Interestingly, note how Python represents the literal backslash–as an escape sequence of backslash + backslash.
>>> r'path\to\the\thing' 'path\\to\\the\\thing' >>> print(r'path\to\the\thing') path\to\the\thing >>>
3. This means another way to handle the literal backslash problem is to use backslash + backslash in your string definition. However, this feels like a clunkier way to define the string to me when compared to using ‘r’. Using ‘r’ makes for, I think, more readable Continue reading