PP040: Personal Privacy Tools
Surveillance is a fact of life with modern technology, be it corporate data harvesting or government snooping. If you’re thinking about personal privacy, today’s episode covers common tools for communication and Web browsing. We dig into the end-to-end encryption capabilities of the messaging tools Signal and WhatsApp, look at the capabilities and limits of the... Read more »SC24 SCinet traffic
The real-time dashboard shows total network traffic at The International Conference for High Performance Computing, Networking, Storage, and Analysis (SC24) conference being held this week in Atlanta. The dashboard shows that 31 Petabytes of data have been transferred already and the conference has just started.
The conference network used in the demonstration, SCinet, is described as the most powerful and advanced network on Earth, connecting the SC community to the world.
Finally, check out the SC24 Dropped packet visibility demonstration to learn about one of newest developments in sFlow monitoring and see a live demonstration.
Cisco ISE – Admin GUI Account Locked After 45 Days
This is a quick post to describe the default behavior of the admin user GUI access in ISE, which gets locked after 45 days, if you haven’t changed the password. You’ll get something like this in the GUI:
While GUI access is prevented, you can still login via SSH and that’s how you’re going to recover the account. SSH to ISE using the admin account. Then issue the following command:
ise01/admin#application reset-passwd ise admin Enter new password: Confirm new password: Password reset successfully.
If you want to change the password policy, go to Administration -> Admin Access under System and click Password Policy:
Notice the checkbox that says that the account expires after 45 days:
Uncheck this box if you don’t want to have the account expire:
Don’t forget to click Save. That’s it! That’s how you recover the account and prevent it from happening again. Note that this is for a private lab. You should adhere to any policies you have on password rotation in your organization.
Domain Joining a Windows Computer
In this post we’ll domain join a Windows 10 VM to test the GPOs that were created in a previous post. First, let’s verify that the computer is not joined to a domain:
There is currently no user certificate:
There is also no computer certificate:
To domain join the computer, we’ll go to Control Panel -> System and Security -> System and the click Advanced system settings:
Go to Computer Name and click Change…:
Select Member of Domain and enter the domain name (iselab.local in my lab):
Click OK. You’ll then be prompted for credentials with permission to join the domain:
The computer has been joined to the domain:
The computer will have to be restarted as part of joining the domain:
Select Restart Now to restart:
It will take some time…:
After logging in, certificates will be created for both the user and computer. We can verify this on the CA:
You can also use the cert manager on the client to verify the certificates. Below is the computer certificate:
The trusted root CA for computer certificates:
The user certificate:
Trusted root CA for user certs:
Before I got my setup working, I had to do Continue reading
Modifying Default User and Computer Organizational Unit In Active Directory
By default, users and computers will be placed in containers in AD. These containers don’t support the use of GPOs, which is one of the reasons to create OUs to hold the objects instead. To verify what the default user and computer container is, we’ll leverage Powershell. First, we’ll check the computers container:
PS C:\Users\Administrator> Get-ADDomain | select computerscont* ComputersContainer ------------------ CN=Computers,DC=iselab,DC=local
Then, we’ll check the users container:
PS C:\Users\Administrator> Get-ADDomain | select userscont* UsersContainer -------------- CN=Users,DC=iselab,DC=local
Now, in my lab I have created iselab users and iselab computers where I want the user- and computer objects to be placed:
We’re going to user some Powershell to modify where the user- and computer objects get placed, but first we’ll get the Distinguished Name (DN) of these OUs. To do this, we’ll first have to enable Advanced Features under View:
This will display some additional containers:
Now right click the OU, such as iselab computers, and select Properties:
This will display the following window:
Now go to Attribute Editor tab, double click distinguishedName and right click and select Copy:
Then, we’ll user Powershell to redirect to this OU:
PS C:\Users\Administrator> redircmp "OU=iselab computers,DC=iselab,DC=local" Redirection was successful.
Let’s verify what Continue reading
DNS OARC 43
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. The most recent DNS OARC workshop was held in Prague, October 2024. Here are my thoughts on some of the material that was presented and discussed at this workshop.NB504: Cisco Updates Licensing, Branding with Wi-Fi 7; Google Cloud To Require MFA
Take a Network Break! This week we get an update on SonicWall’s new firewall warranty. We also cover Cisco’s Wi-Fi 7 launch; in addition to new APs, Cisco also updates its branding and rolls out “simplified” licensing that bundles features you might not want. Aviatrix adds a PaaS option for its cloud networking software, but... Read more »NVIDIA Cumulus Linux 5.11 for AI / ML
NVIDIA Cumulus Linux 5.11 includes major upgrades to the sFlow agent that fully exposes the advanced instrumentation built into NVIDIA Spectrum-X silicon. The enhanced real-time telemetry is particularly relevant to the AI / machine learning workloads that Spectrum-X is designed to handle.
With Cumulus Linux 5.11, the sFlow agent is easily configured using nvue commands, see Monitoring System Statistics and Network Traffic with sFlow:
nv set system sflow dropmon hw nv set system sflow poll-interval 20 nv set system sflow collector 192.0.2.1 nv set system sflow state enabled nv config apply
Note: In this case, enabling dropmon ensures that every dropped packet is captured, along with ingress port and drop reason (e.g. ttl_exceeded).
The same commands should be applied to every switch in the fabric for comprehensive visibility.
Tech Bytes: MinIO Optimizes Object Storage for AI Infrastructure (Sponsored)
Today on the Tech Bytes podcast we welcome back sponsor MinIO to talk about how AI is altering the data infrastructure landscape, and why organizations are looking to build AI infrastructure on-prem. We also dig into MinIO’s AIStor, a software-only, distributed object store that offers simplicity, scalability, and performance for AI infrastructure and other high-performance... Read more »SC24 Dropped packet visibility demonstration
The real-time dashboard is a joint InMon / Arista demonstration at The International Conference for High Performance Computing, Networking, Storage, and Analysis (SC24) conference being held this week in Atlanta.
The conference network used in the demonstration, SCinet, is described as the most powerful and advanced network on Earth, connecting the SC community to the world.
The sFlow Packet Drop Monitoring In High Performance Networks dashboard combines telemetry from all the Arista switches in the SCinet network to provide real-time network-wide view of performance. Each of the three charts demonstrate a different type of measurement in the sFlow telemetry stream:
- Counters: Total Traffic shows total traffic calculated from interface counters streamed from all interfaces. Counters provide a useful way of accurately reporting byte, frame, error and discard counters for each network interface. In this case, the chart rolls up data from all interfaces to trend total traffic on the network.
- Samples: Top Flows shows the top 5 largest traffic flows traversing the network. The chart is based on sFlow's random packet sampling mechanism, providing a scaleable method of determining the hosts and services responsible for the traffic reported by the counters. Visibility into top flows is essential if one Continue reading
From Python to Go 003. Functions, External Modules, And Linux/MAC Environment.
Hello my friend,
We continue our journey in the realm of software development, or how some people call it programming. In the previous blog post we’ve introduced you to variables, which are the storage containers for your data. Today we’ll take a look into functions, which are next essential building of any application.
How Is Automation Important Today?
Interviewing people to various roles at high-profiles companies, I was sadly surprised that there is very low number of people who really understand network and IT infrastructure automation and are capable to write the Python code to do so. And I’m talking about companies, who are genuinely interested in good automation engineers. Don’t waste your chance, start learning network automation today:
We offer the following training programs in network automation for you:
- Zero-to-Hero Network Automation Training
- High-scale automation with Nornir
- Ansible Automation Orchestration with Ansble Tower / AWX
- Expert-level training: Closed-loop Automation and Next-generation Monitoring
During these trainings you will learn the following topics:
- Success and failure strategies to build the automation tools.
- Principles of software developments and the most useful and convenient tools.
- Data encoding (free-text, XML, JSON, YAML, Protobuf).
- Model-driven network automation with YANG, NETCONF, RESTCONF, GNMI.
- Full Continue reading
HN758: How Selector Built an AI Language Model for Networking (Sponsored)
On today’s episode, artificial intelligence with sponsor Selector.AI. If you’re curious and maybe still skeptical about the value AI brings to network operations, listen to this episode. Selector is on the forefront of AIOps for networking, building models that are customized and specifically targeted at networks. What Selector is doing is NOT simply the low-hanging... Read more »Introduction to Arista PyeAPI
The Python Client for eAPI (pyeapi) is a Python library that simplifies working with Arista eAPI, removing the need to deal with the specifics of its implementation. It's straightforward to configure and use. In this blog post, we'll look at how to install pyeapi and go through some examples.
If you're familiar with Arista's eAPI, you know that you can browse to the device's IP in a browser, run commands, and get the output directly. You can also achieve the same result using Python, but it typically requires understanding which libraries to use and how to construct the REST API requests.
However, pyeapi simplifies all of this. You don't need to worry about what's happening behind the scenes. Below is a screenshot of running show vlan command via the REST API, and in the following examples, we'll see how to get the same output using pyeapi.
PyeAPI Installation
To install pyeapi, you can use pip, which is the standard package manager for Python. It's a good practice to use a virtual environment (venv) to keep your dependencies isolated and avoid conflicts with other projects. First, create and activate a virtual environment. Once your virtual Continue reading
TNO008: Demystifying AI: Essential Concepts for Network Operators
AI can support network operations, but it can also be complex, mysterious, and steeped in vendor hype. On today’s episode, guest Phil Gervasi clarifies some of the terminology and concepts of AI, including distinctions among concepts like generative AI, general AI, and large language models (LLMs). Phil shares tips for getting beyond the hype to... Read more »Hedge 250: Reacting to the Hype
It’s roundtable time! Tom, Eyvonne, and Russ discuss several different topics, including the broader market implications for the changes going on at Broadcom and VMWare, balancing the cloud (they float!), reacting to the hype, and whether IP addresses will even be important in ten years.