Archive

Category Archives for "Ethan Banks"

Is Sticking With A Networking Vendor As Risky As Changing?

The networking industry has had a bumper crop of startup companies including a few unicorns, new and novel solutions, and fresh standards-driven tech in the last decade. There’s been enough churn that you’d think the landscape would be unrecognizable from what it was ten years back. And yet, a dominant vendor supplying networks to enterprises remains Cisco.

Data networking folks sometimes wonder why Cisco remains such a dominant force after all these years. With all the churn in the industry, with all the fancy new products, companies and approaches, with the cloud changing how computing is done, and with software eating the world, there are many more options than Cisco to meet networking needs. Of course, Cisco has always had competition. Cisco’s never gotten 100% of the pie, but, depending on market segment, there’s rarely been a second juggernaut in the enterprise networking space. The choice has typically been between Cisco and everyone else.

But in 2021, the networking market is increasingly fragmented with more startups than I’ve even heard of chasing after slivers of the diverse networking pie. Sure, that impacts Cisco. Still, Cisco tends to dominate, even if their share isn’t quite what it was depending on which Continue reading

Learning In Public Helps Everyone

The tradition of technology blogging is built on the idea of learning in public, something Matt’s encouraging with Red Hat’s Enable Architect blog linked in his tweet above. We encourage it at Packet Pushers, too. We think everyone has at least one blog post in them worth sharing with the community. Let us know, and we’ll set you up with an author account.

Starting a blog, especially for the technically savvy, is not overly difficult, though. Maybe Matt and I are hoping to make it even easier to share by offering our platforms, but I don’t think the time it takes to stand up a blog is necessarily the barrier.

I think the biggest barrier is the “in public” part. Architects and engineers tend to be introverts who are at times unsure of themselves. We don’t want to be learning in public. We want to be left alone to figure it out. When we’ve figured it out, maybe then will we share, once we’re supremely confident that we’ve got it 110% right. We just don’t Continue reading

If You Haven’t Checked Your Backups, They Probably Aren’t Working

This is a pleasant reminder to check your backups. I don’t mean, “Hey, did the backup run last night? Yes? Then all is well.” That’s slightly better than nothing, but not really what you’re checking for. Instead, you’re determining your ability to return a system to a known state by verifying your backups regularly.

Backups are a key part of disaster recovery, where modern disasters include ransomware, catastrophic public cloud failures, and asset exposure by accidental secrets posting.

For folks in IT operations such as network engineers, systems to be concerned about include network devices such as routers, switches, firewalls, load balancers, and VPN concentrators. Public cloud network artifacts also matter. Automation systems matter, too. And don’t forget about special systems like policy engines, SDN controllers, wifi controllers, network monitoring, AAA, and…you get the idea.

Don’t confuse resiliency for backup.

When I talk about backups, I’m talking about having known good copies of crucial data that exist independently of the systems they normally live on.

  • Distributed storage is not backup.
  • A cluster is not backup.
  • An active/active application delivery system spread over geographically diverse data centers is not backup.

The points above are examples of distributed computing. Distributed computing Continue reading

A Networking Perspective On Zero Trust Architecture (ZTA)

Zero Trust Architecture (ZTA) is a security point of view that has gathered enough momentum in 2020 and 2021 to frequently appear in marketing literature. The big idea of zero trust in network computing is roughly, “I confidently know who you are and have applied an appropriate security policy, but I still don’t trust you.”

My understanding of ZTA continues to evolve. This post represents my understanding today, with an emphasis on what ZTA means for network engineers.

How Is ZTA Different From Firewall Rules?

At first glance, zero trust sounds mostly like a firewall policy. Of course I don’t trust you. That’s why we apply all these filtering rules to the VPN tunnel, network interface, etc. Yes, but simple filtering implies a level of trust. The trust comes in the assumption that if you get through the filter, what you’re saying is trustworthy.

Zero trust does away with that assumption. For example…

  1. ZTA could mean that just because a VPN user passed a complex authentication scheme, their transactions are not assumed to be wholesome. Well done–your username and password check out, and we’ve applied a filtering policy to your tunnel. With that completed, we’re now going to monitor Continue reading

Why Being A Late Technology Adopter Pays Off

As a technologist helping an organization form an IT strategy, I’m usually hesitant to recommend new tech. Why? Because it’s new. Adopting technology early in its lifecycle is a risky endeavor. For most organizations, I find that shiny new tech isn’t worth the risk.

Emerging products and protocols are often accompanied by great fanfare. Talks are delivered at conferences, whitepapers are written, and Gartner Cool Vendor designations are awarded. The idea is to make you and me believe that this new tech solves a problem in a novel way that’s never been done before. This is the thing we’ve been waiting for. This is so much better than it used to be in the bad old times. Right. I’m sure it is.

Despite my cynical tone, I am hopeful when it comes to new tech. I really am. In part, technologists are employed because of tech’s ever-changing landscape. But I am also dubious during any technology’s formative years. I take a wait-and-see approach, and I’ve never been sorry for doing so. I believe that being a late, not early, adopter of technology pays off for most organizations.

You Aren’t Stuck With Abandoned Tech

If you adopt early, you are hoping Continue reading

When Stretching Layer Two, Separate Your Fate

On the Packet Pushers YouTube channel, Jorge asks in response to Using VXLAN To Span One Data Center Across Two Locations

if stretching the layer 2 is not recommended, then what is the recommendation if you need to fault over to a different physical location and still got to keep the same IP addresses for mission critical applications?

TL;DR

That video is a couple of years old at this point, and I don’t recall the entire discussion. Here’s my answer at this moment in time. If DCI is required (and I argue that it shouldn’t be in most cases), look at VXLAN/EVPN. EVPN is supported by several vendors. If you are a multi-vendor shop, watch for EVPN inter-vendor compatibility problems. Also look for vendor EVPN guides discussing the use case of data center interconnect (DCI).

Also be aware (and beware) of vendor-proprietary DCI technologies like Cisco’s OTV. I recommend against investing in OTV and similar tech unless you already have hardware that can do it and can turn the feature on for free. Otherwise, my opinion, for what it’s worth, is to stick with an EVPN solution. EVPN is a standard that’s been running in production environments for Continue reading

It’s Not What You Say. It’s How You’re Heard.

In written communication, technical people can sometimes come across as impolite. I see this on Slack (talking down), Twitter (the angry tweeter), in emails (blunt and terse), in blog comments (bitter sarcasm or pedantry), Hacker News discussions (aggressive confrontation), and other places IT builders gather online.

Perhaps you, as just such a technical person, don’t mean to be impolite. Maybe your focus is on efficiency. Get to the point. Say what needs saying, however it comes out. Click send. Job done. Go back to facepalming at the Swagger docs explaining this ill-considered API you need to use.

Here’s the problem with your communications approach. To the person receiving your missive, you might sound like you’re upset. Or tone-deaf. Or maybe just a jerk. You’re presumably none of those things, at least not intentionally. We’re all nice folks who want to get along with our fellow humans, right?

It’s not what you say. It’s how you’re heard.

You need to communicate in such a way that you’re heard as you mean to be heard. If you’re not good at this and want to be, you can improve your messaging.

Before hitting send, engage in role reversal. If you received a Continue reading

Free Networking ArubaOS-CX Lab Image From Aruba Networks

This is a continuation of my post documenting hassle-free, virtualized network operating system images you can download for labbing and learning.

Aruba Networks (HPE) ArubaOS-CX

What is it?

While you probably think of wireless networking first when Aruba Networks comes up, ArubaOS-CX is a ground-up network operating system for switches built by the former HPE ProCurve team, if memory serves me correctly. Aruba has been a part of HPE for some time, and the networking folks within HPE fall under the Aruba hierarchy as I understand it.

I wrote an overview of ArubaOS-CX as part of a series on the Aruba 8400 switch launch back in October 2017.

Aruba offers a virtual version of ArubaOS-CX delivered as an OVA. You can use the OVA as-is, or extract the OVA tarball to get to the vmdk and convert the vmdk to a qcow2 image, all depending on what your hypervisor needs.

How do I obtain the image?

  1. Create an Aruba Support Portal account & log in via https://asp.arubanetworks.com/.
  2. Head to Software and Documents, currently https://asp.arubanetworks.com/downloads.
  3. In the left pane, filter on…
    1. File type: Software
    2. Product: Aruba Switches
    3. File Category: OVA
  4. Sort by: Version New To Old
  5. That Continue reading

Free Networking Lab Images From Arista, Cisco, nVidia (Cumulus)

Here’s my current list of no cost, minimal headache, easily obtainable networking images that work in a virtual lab environment such as EVE-NG or GNS3. My goal is to clearly document what these images are and how to obtain them, as this data is less obvious than I’d like.

I missed some. Probably a bunch. Let me know on the Packet Pushers Slack channel or Twitter DM, and I’ll do additional posts or update this list over time. Make sure your recommendations are for images which are freely available from the vendor for lab use with no licensing requirements or other strings attached. Use those same channels if you just want to tell me I’m wrong about whatever you come across in this post that’s…you know…wrong. I’m all about fixing the wrong stuff.

The list is vendor-neutral, sorted alphabetically. I have no personal allegiance to any of these operating systems. I’ve worked with both EOS and NX-OS in production environments. JUNOS, too, although I don’t have a Juniper virtual device on this list currently. I haven’t worked with Cumulus in production, although it’s been a passive interest for a while now.

Remember–configuration is the boring part. Select a NOS Continue reading

Don’t Be Complex When Simple Will Do

Let’s say you’re a consultant working on a couple of internet edge design projects.

In the first scenario, you are designing an internet connection for a factory.

  1. There are a few hundred workers who access AWS using the internet-as-WAN for critical apps related to factory operations.
  2. The factory is automated, and metrics related to production line health and performance are analyzed in AWS.
  3. There is an IoT network used for physical security that relies on an internet-based SaaS product to run reports and distribute alerts.
  4. A group of executives have offices at one end of the factory. Because of the pandemic, they don’t use them right now, but they do remotely access workstations with highly sensitive data that reside in those offices.

In the second scenario, you are designing an internet connection for an executive’s home.

  1. The executive has been working from home since the pandemic started, and finds the internet connection is unreliable for video calls. The video lags and gets pixelated. There are audio dropouts and audible jitter.
  2. The executive’s family members are also demanding internet users. The kids are in Zoom school. The spouse has a digital editing business and shares large files with clients.

Continue reading

You Can’t Think If You’re Always Thinking

On the March 25, 2021 edition of his Daily Check-In podcast, Ned Bellavance talks about feeling like he’s putting too many inputs into his brain, and not leaving enough time to hear his own thoughts. I have had similar concerns for myself.

I tend to have something going most of the time. Podcasts in the morning before settling into my office. Music during the day, typically something familiar or non-intrusive so that it’s not too distracting while I write and research. YouTube or a Boston Celtics basketball game in the evenings while I eat dinner and unwind from Zoomday. (Zoomday is everyday! ???) Before I go to bed, I read mentally engaging things. Books, a mix of fiction and non-fiction, currently Aldous Huxley’s Brave New World. Blogs like Astral Codex Ten plus a myriad of tech writers. When the sleepies finally hit, I turn off the glowing doom rectangle and hope my dreams aren’t unfathomable. Like the one two days ago where I was inside a commercial jet taxing rapidly through a city, the jet being chased by emergency vehicles that kept inexplicably bursting into flames. My dreams are fun. But I digress.

Like Ned outlined in his podcast, Continue reading

New Tech Skills In Two Hours

How long does it take to learn a new skill? It’s like…a really long time, right? You never have that much time to learn whatever it is. Most people who learn new skills are dedicated super humans who put in 25 hour days doing labs and reading books and taking courses and sniffing markers. Those folks sacrifice everything to stay ahead and command the respect of their peers. Right? Isn’t that how it’s supposed to work?

Don’t overthink it.

New skills come from one thing. Focus. That’s it. That’s the secret. Focus to learn a skill comes in blocks of a few undistracted hours at a time. Not dramatic sacrifice. Not bragging to social media about how you’re crushing it on your studies because you’ve given up your personal life.

Let the public drama queen masochists do what they feel they must to impress…whomever. They are not your role model. You don’t need to be them. You just need to find a few consecutive hours on your calendar. Block them off. Use them to focus on a single thing you want to learn. During the blocked off time, learn the thing. Do not do any of the other things that Continue reading

Buying Used Cisco Gear From eBay For Your Lab

While most of the lab work I do is with virtualized networking gear, once in a while, I need actual hardware. For instance, to fully explore QoS, hardware is key. Many QoS commands won’t be available to you in a virtual network device.

eBay offers lots of older networking gear for pennies or even fractions of a penny of what the gear was worth new. Why so cheap? Mostly, older networking gear is too slow for modern LANs and WANs. That’s a win for learners who don’t care about the speed as long as they can still use the old box to learn the fundamentals of routing and switching.

There are caveats to eBay networking gear, though, not unlike buying a used car. Know what you’re getting into.

You’re buying someone else’s junk.

Why is it junk? It could be the gear aged out, but still works fine. It could be that the gear broke, but you’ll be able to fix it. It could be that the gear broke, and you won’t be able to fix it. Sometimes, folks who move out of a data center sell pallets of retired gear by weight to whoever will take it just because Continue reading

Jassy’s Replacement At AWS Matters

As Andy Jassy takes over the CEO role at Amazon, the question is asked, “Does it matter who takes over at AWS, the position Jassy is vacating?” The idea is that AWS is such a dominant force in public cloud, an untrained monkey could sit at the helm and AWS would continue printing billions of dollars. So who cares who replaces Jassy? Whoever the new human is, they can’t get it wrong.

That might be exactly right, but for the thought exercise, I decided to go a different direction. For purposes of this opinion article, I choose to entertain the idea that Jassy’s replacement does matter, and matters a lot.

Growing A Gargantuan Gorilla

We can all agree that AWS is the 800 pound gorilla of public cloud. However, I believe AWS will see increasing pressure from all quarters. By way of comparison, let’s consider Cisco Systems of the last ten years.

Cisco has dominated the networking space in a variety of categories for a very long time. The last decade has seen them as the target all of their competitors aim at. In that context, did it matter who replaced John Chambers when he moved on? You Continue reading

The Dystopian Reality Of Human Data Trafficking

Amazon Alexa wants me to know that they celebrate International Data Privacy Day. I’m awestruck at the chutzpah of this claim.

Reviews of a Samsung smart television I’m considering express frustration at the crapware loaded onto the system because it is difficult to navigate and tracks viewing habits.

An app I need for my Mac immediately requests access to my Documents and Downloads folders for no obvious reason. Denying the request has no impact on the functioning of the app.

A phone app I use to help me track strength exercises wants me to share my data with the Health app. It won’t stop asking me about it, even though I’ve repeatedly denied the request. Why? It’s not just for my own well-being, I’m certain.

Garmin shares my workout data, all highly personal containing health & location information, with various third parties, and there’s no way to opt out if you want to use their hardware.

Twitter delivers customized ads, even though I had at one time opted out, at a rate of 1 in 3 or 1 in 4 tweets to my timeline.

Facebook rages against Apple for daring to require that apps hosted in the Apple store contain Continue reading

The Attention Economy And The IT Talent Dearth

In IT operations, finding talent is difficult. For years, there has been a shortage of folks who are capable of maintaining complex infrastructure. To be sure, some of this is geographical. And certainly, the rate of technology change makes it difficult to find people with specific product skills. Hard to find a Kubernetes expert with ten years of experience. ?

But I suspect there’s a couple of other things going on that, when combined, make the talent dearth even worse.

The Brutality Of Complexity

When I was studying for Novell Netware 3 (before directory services) certifications decades ago, there was a lot to know. Networking with IPX. Architecture of x86 servers. NLMs. Storage strategies. Mail systems. Whatever else was in those red books many of us had on our shelves.

Pre-AD Microsoft certifications were similarly challenging. Domain controllers. Backup domain controllers. File & print systems. User permissions and design strategies. The GINA. Networking with IP, IPX, and NetBEUI. Mail systems. IIS. So much more.

That was before the addition of directory services to Novell and Microsoft operating systems. Directory services changed the game for file, print, email, and more back in the day, and it put a major burden on IT Continue reading

Freeze Your Credit Reports Before Identity Thieves Open Credit In Your Name

I found out today that I’m a victim of identify theft. Specifically, the bad guys have gotten a hold of my name, SSN, and probably other fun tidbits of my personal information. My best guess is that this is a result of the Equifax breach, not that it matters.

How Did I Notice The Identity Theft?

I am enrolled in a free credit monitoring service that notifies me when things happen on my credit report. (I’m not recommending a particular monitoring service. The one I’m using is tied to a bank where I’m a customer, and it’s good enough.) There were two “hard inquiries” listed within a few days of each other.

There are hard and soft inquiries. As I understand it, a hard inquiry means you’ve applied for credit, and the lending institution is trying to figure out whether or not they’ll extend you the money. If you see a hard inquiry and you’re not applying for credit, that’s a red flag. Soft inquiries are for things like pre-approved credit card offers that you didn’t ask for but receive in the mail anyway.

One of the hard inquiries was from the Small Business Association government agency. The thief Continue reading

Vendor Lock-In. Maybe Not So Evil. (Video)

Is vendor lock-in all that bad? Many argue yes. You’re tied to a vendor because you’ve used some of their proprietary technology, and so you’re (apparently) stuck with it forever, limiting your future business agility. I think that’s an incomplete argument, though.

 

You Can’t Do Everything, And That’s Okay

You’re a responsible human–a reliable person who does everything that’s expected and more. Congratulations! Here’s more work to do.

Yep, that’s the rub. If you’re good at your job and other people notice, you get never-ending opportunities to prove once again how good you are. More work to do, and more work to do, and more. The balance in your life is lost as you drown under a pile of opportunities and challenges with deliverables, due dates, and project managers scheduling recurring meetings to get status updates.

No Good Deed Goes Unpunished

If you’ve been through a few jobs, no doubt you’re familiar with this cycle. You leave the old job with a sense of relief, having transitioned your projects to others in a ceremony known as “the hand-off.” You chuckle a bit to yourself as your co-workers and manager who clearly didn’t grasp what all you were handling go glassy-eyed as you talk them through it.

You start the new job with a lightness in your heart. No projects. No due dates. No recurring meetings. The anxiety of getting familiar with a new company, figuring out your role, learning the politics, sure–there’s all that to contend with. But Continue reading

1 2 3 10