Managing AWS Complexity: Insights from Dr. Werner Vogels
https://www.youtube.com/watch?v=aim5x73crbM
Dr. Werner Vogels’ keynote at AWS re:Invent 2024 explores how simplicity can lead to complexity, highlighting innovations in AWS services and the importance of maintaining manageable systems.
Highlights
Simplicity breeds complexity: AWS services like S3 exemplify the journey from simple beginnings to complex systems.
The Two-Pizza Team: Small, autonomous teams enhance innovation while managing complexity effectively.
Continuous learning: Emphasis on adapting structures and processes to accommodate growth and change.
Global scalability: AWS focuses on building technologies that enable businesses to expand effortlessly across regions.
Importance of observability: Understanding and managing system complexity through effective monitoring and metrics.
Security by design: Embedding security measures from the outset to ensure robust systems.
Community involvement: Encouraging tech professionals to support initiatives that address global challenges.
Simplicity breeds complexity: AWS services like S3 exemplify the journey from simple beginnings to complex systems.
The Two-Pizza Team: Small, autonomous teams enhance innovation while managing complexity effectively.
Continuous learning: Emphasis on adapting structures and processes to accommodate growth and change.
Global scalability: AWS focuses on building technologies that enable businesses to expand effortlessly across regions.
Importance of observability: Understanding and managing system complexity through effective monitoring and metrics.
Security by design: Embedding security measures from the outset to ensure robust systems.
Community involvement: Encouraging tech professionals to support initiatives that address global challenges.Key Insights
Managing Complexity: Systems evolve over time, and complexity is inevitable. Organizations must strategically manage this complexity to avoid fragility while ensuring functionality.
Evolvability as a Requirement: Building systems with the ability to evolve in response to user needs is essential. Flexibility in architecture allows for future changes without major disruptions.
Decoupling Systems: Breaking down monolithic systems into smaller, independently functioning components enhances Continue reading
Managing Complexity: Systems evolve over time, and complexity is inevitable. Organizations must strategically manage this complexity to avoid fragility while ensuring functionality.
Evolvability as a Requirement: Building systems with the ability to evolve in response to user needs is essential. Flexibility in architecture allows for future changes without major disruptions.
Decoupling Systems: Breaking down monolithic systems into smaller, independently functioning components enhances From Python to Go 006. Dictionaries and Maps.
Hello my friend,
We continue our journey from Python to Go (Golang), or more right to say with Python and Go (Golang) together. Today we are going to talk about a data structure, which is by far the most widely used in Python when it comes to a network and IT infrastructure automation and management. This data structure is called dictionaries in Python, or Map in Go (Golang).
Black Friday Is Over, Can I Still Buy Your Trainings?
Of course, you can. Our self-paced network automation trainings are the perfect place to start your journey in network and IT infrastructure automation or to upskill yourself further if you are seasoned engineer. There is no such thing as excessive knowledge, therefore we encourage you to join our network automation programs and start your study today:
We offer the following training programs in network automation for you:
- Zero-to-Hero Network Automation Training
- High-scale automation with Nornir
- Ansible Automation Orchestration with Ansble Tower / AWX
- Expert-level training: Closed-loop Automation and Next-generation Monitoring
During these trainings you will learn the following topics:
- Success and failure strategies to build the automation tools.
- Principles of software developments and the most useful and convenient tools.
- Data Continue reading
TNO010: Navigating Network Automation Complexities: Insights from AutoCon 2 (Sponsored)
On today’s show, we recap some highlights of AutoCon2 with guest Jeremy Rossbach from sponsor Broadcom. Jeremy gives some background on his career, and then elaborates on conversations he had at AutoCon2. He also shares observations on the present and future of network automation, which include AI and robust observability solutions that integrate with the... Read more »Why You Should Change Palo Alto Master Key?
Palo Alto firewalls come with a default master key used to encrypt passwords, secrets, and certificates. If your firewall is compromised or someone gains unauthorized access, they can easily decrypt these secrets, posing a significant security risk. In this blog post, let's explore why you should change the master key, important considerations, and how to configure it. Let's get started.
Why Change the Master Key?
Palo Alto firewalls come with a default master key. Anyone with unauthorized access to the firewall can easily decrypt your secrets or export the configuration to another firewall to retrieve those secrets. For this reason, Palo Alto strongly recommends changing the master key as soon as possible.
Master Key Considerations
Configuring the master key isn’t something you can just set and forget; it requires careful consideration. Here are some important points to keep in mind.
- The new master key must be exactly 16 characters long.
- If your firewalls are in an HA pair, you need to disable 'Config Sync' before configuring the key, as the key does not sync across the pair. You must configure the exact same key on each firewall individually.
- If the master key expires, the firewall or Panorama will Continue reading
HN760: Mitigate IoT/OT Vulnerabilities with Guided Virtual Patching (Sponsored)
Today on Heavy Networking, sponsored by Palo Alto Networks, we explore how virtual patching can be used to protect IoT and OT devices. Virtual patching leverages intrusion detection and intrusion prevention, combined with threat research, to block exploits targeting IoT and OT devices. Why would you use virtual patching? When it comes to IoT and... Read more »Cutting to the Quick
No doubt you’ve seen the news that Intel has parted ways with Pat Gelsinger. There is a lot of info to unpack on that particular story but we did a good job of covering it on the Rundown this week. What I really wanted to talk about was a quote that I brought up in the episode that I heard from my friend Michael Bushong a couple of months ago:
No one cuts their way back into relevance.
It’s been rattling around in my head for a while and I wanted to talk about why he’s absolutely right.
Outcomes Need Incomes
Do you remember the coupon clipping craze of ten years ago? I think it started from some show on TLC about people that were ultra crazy couponers. They would do the math and they could buy like 100 lbs of rice for $2. They would stock up on a year’s worth of toothpaste at a time because you could pay next to nothing for it. However, the trend died out after a year or so. In part, that was because the show wasn’t very exciting after the shock of buying two years of hand soap wore off. The other Continue reading
Hedge 252: The African IXP Association
Internet Exchange Points (IXPs) are one of the key centers of Internet infrastructure. How do IXPs work together to build this critical infrastructure? Through ICP associations, such as the African IXP Association. Ricardo Simba joins Tom Ammon and Russ White to talk about a recent meeting of the African IXP Association.
download
IPB165: IPv6 Basics – Address Planning
Continuing the IPv6 Basics series, today’s podcast addresses IPv6 address planning. Special “guest” Tom Coffeen who literally wrote the book, IPv6 Address Planning, helps answer questions and gives advice on how to effectively plan IPv6 addresses. We discuss topics such as the importance of long-term planning and understanding prefix sizes, common design pitfalls, and the... Read more »N4N005: The Sort-of-Useful OSI Model
Network engineers should be familiar with the Open Systems Interconnection (OSI) model, a framework for understanding network communications. On today’s show, Ethan and Holly delve into each of the model’s seven layers to discuss their functions, associated protocols, and practical implications for modern networking. They also talk about how the OSI model is, in fact,... Read more »The “simple” 38 step journey to getting an RFC
The “simple” 38 step journey to getting an RFC
The Internet is built on the mutual understanding of network protocols and practices, and most of those protocols are defined using Request For Comments (RFC) or Best Common Practices (BCP) documents.
Worth Reading: Codespaces for Network Engineers
When I discovered GitHub Codespaces (thanks to a pointer by Roman Dodin), I did the absolute minimum of research to get netlab up and running in a container to enable Codespaces-based labs (BGP, IS-IS) and netlab examples.
However, if you want to know the behind-the-scenes details, you MUST read the Codespaces for Network Engineers and Educators deep dive by Julio Perez.
NAN080: Elevating Your Network Automation Skills and the DevNet Expert Track
Ongoing education and training is a constant in a networking career, especially if you want to advance. And certifications are a common path forward. On today’s episode, guest Andreas Baekdahl shares his journey from traditional networking to automation architect and certification instructor. Along the way, he’s had his share of challenges and failures, and he... Read more »D2DO259: See Deep Inside Public Cloud for Greater Visibility and Troubleshooting with ThousandEyes Cloud Insights (Sponsored)
Public cloud networks can be a bit of a black box when it comes to monitoring and troubleshooting. Today on Day Two DevOps we talk with sponsor Cisco ThousandEyes about its Cloud Insights tool, which aims to open that box so you can see exactly what’s going on in your cloud networks, identify problems, help... Read more »Is BGP PIC Edge an Oxymoron?
This blog post discusses an old arcane question that has been nagging me from the bottom of my Inbox for almost exactly four years. Please skip it if it sounds like Latin to you, but if you happen to be one of those readers who know what I’m talking about, I’d appreciate your comments.
Terminology first:
- Prefix Independent Convergence allows entries in the forwarding table to point to shared next hops (or next-hop groups), reducing the FIB update bottleneck when changing the next hop for a large number of prefixes (for example, when dealing with a core link failure). More details in the initial blog post and PIC applicability to fast reroute.
- PIC Edge (as defined by vendor marketing) is the ability to switch to a backup CE route advertised to a backup PE router before the network convergence is complete.
Here’s (in a nutshell) how PIC Edge is supposed to work:
From deals to DDoS: exploring Cyber Week 2024 Internet trends
In 2024, Thanksgiving (November 28), Black Friday (November 29), and Cyber Monday (December 2) significantly impacted Internet traffic, similar to trends seen in 2023 and previous years. This year, Thanksgiving in the US drove a 20% drop in daily traffic compared to the previous week, with a notable 33% dip at 15:45 ET. In contrast, Black Friday and Cyber Monday drove traffic spikes. But how global is this trend, and do attacks increase during Cyber Week?
At Cloudflare, we manage and protect a substantial amount of traffic for our customers, providing a unique vantage point to analyze traffic and attack patterns across the Internet. This perspective reveals insights like Cyber Monday being the busiest Internet traffic day of 2024 globally, followed by Black Friday, with patterns varying across countries. Notably, global HTTP request volume on Cyber Monday 2024 was 36% higher than 2023, with 5% of that traffic blocked as potential attacks.
For this analysis, we examined anonymized and aggregated HTTP requests and DNS queries across our network to uncover key patterns. Cyber Monday, December 2, was the day with peak traffic, and key findings for that day include:
Cloudflare processed a peak of 99.8 million HTTP requests per Continue reading
PP042: CISO Liability Insurance, A Seriously Dangerous Menu Hack, and more Security News
Our monthly news roundup discusses liability insurance for CISOs (if you are one, you should get it), serious intrusions of US telecom companies by Chinese state actors (according to the FBI), and a novel attack that leapt across multiple Wi-Fi networks. We also discuss significant vulnerabilities affecting Palo Alto Networks’ Expedition migration product, how fake... Read more »HS090: AI Regulations: What You Don’t Know CAN Hurt You!
This has been a big year for AI regulation, from the EU AI Act to the much hyped California SB1047, currently in limbo. With things bubbling along across the country, and at the federal level, and internationally, there’s a lot going on and IT folks should be keeping current and planning to meet a changing... Read more »
Bringing SWAG to Enterprise Campus Networking!
As client users, devices, and IoT continue to proliferate, the need for switching management and workload optimization across domains increases. Many sub-optimal and closed approaches have been designed in the past. Arista was founded to build the best software and hardware, equating to the highest performance and density in cloud/data centers, and now evolving to campus switches. In 2020, we introduced the smallest footprint of Arista CCS 750 and 720 series switches as a fitting example of the highest density and lowest footprint.
NB506: Billions Flow for US Chips; FCC Lets T-Mobile, SpaceX Make Phone Calls from Orbit
Take a Network Break! We’ve got a full menu for our post-Thanksgiving episode. We start with a host of critical CVEs affecting Veritas and a couple more for QNAP. Cisco announces EOL for two version of its ACI software, Verizon runs field trials for 1.6Tbps throughput in a single wavelength (with Ciena optical transceivers), and... Read more »netlab: Sample Cisco ASAv Topology
A happy netlab user asked for a sample Cisco ASAv topology that would include an inside and an outside router.
We don’t have anything similar in the netlab examples yet, so let’s build a simple topology with two routers, a firewall, and a few hosts.
However, we have to start with a few caveats: