Show 321: Did Anything Change In 2016?
For the past 12 months weve discussed technology that could transform networking. But did anything really change? Three guests join the Packet Pushers to discuss. The post Show 321: Did Anything Change In 2016? appeared first on Packet Pushers.
Quickly Adding an NMS to VIRL
I’ve spent the last few days experimenting with APIC-EM and the path trace capabilities. My lab environment is currently leveraging VIRL (Virtual Internet Routing LAB). Since it wasn’t obvious how to integrate APIC-EM with the lab platform, I wanted to share my configuration.
TL;DR–When building the topology, click the background and view the properties for the Topology. Change the Management Network to “Shared flat network”. This will put the all of the devices ‘Mgmt-intf’ vrf on the ‘flat’ (172.16.1.0/24 by default) network when the topology is built.
When I started this process, I really didn’t realize how easy it could be. I actually tried to leverage a manual connection to L2 External (FLAT) to do the management in-band for the topology. This is certainly possible, but there is a much easier way. As most VIRL users have noticed, there is a management IP address that gets assigned to each device. There is a simple configuration change that will allow that address to be one from the ‘FLAT’ pool and connected externally to the ‘L2 External (FLAT)’ network.
My configuration
- APIC-EM built with IP address 172.16.1.2/24 (172.16.1.2-49 are unassigned and part of the Continue reading
Automating Your Job Away Isn’t Easy
One of the most common complaints about SDN that comes from entry-level networking folks is that SDN is going to take their job away. People fear what SDN represents because it has the ability to replace their everyday tasks and put them out of a job. While this is nowhere close to reality, it’s a common enough argument that I hear it very often during Q&A sessions. How is it that SDN has the ability to ruin so many jobs? And how is it that we just now have found a way to do this?
Measure Twice
One of the biggest reasons that the automation portion of SDN has become so effective in today’s IT environment is that we can finally measure what it is that networks are supposed to be doing and how best to configure them. Think about the work that was done in the past to configure and troubleshoot networks. It’s often a very difficult task that involves a lot of intuition and guesswork. If you tried to explain to someone the best way to do things, you’d likely find yourself at a loss for words.
However, we’ve had boring, predictable standards for many years. Instead of Continue reading
2017 and the Internet: our predictions
An abbreviated version of this post originally appeared on TechCrunch
Looking back over 2016, we saw the good and bad that comes with widespread use and abuse of the Internet.
In both Gabon and Gambia, Internet connectivity was disrupted during elections. The contested election in Gambia started with an Internet blackout that lasted a short time. In Gabon, the Internet shutdown lasted for days. Even as we write this countries like DR Congo are discussing blocking specific Internet services, clearly forgetting the lessons learned in these other countries.
CC BY 2.0 image by Aniket Thakur
DDoS attacks continued throughout the year, hitting websites big and small. Back in March, we wrote about 400 Gbps attacks that were happening over the weekend, and then in December, it looked like attackers were treating attacks as a job to be performed from 9 to 5.
In addition to real DDoS, there were also empty threats from a group calling itself Armada Collective and demanding Bitcoin for sites and APIs to stay online. Another group popped up to copycat the same modus-operandi.
The Internet of Things became what many had warned it would become: an army of devices used for attacks. A botnet Continue reading
When IOS XR Licenses Don’t Activate, What Then?
I came across a small but irritating issue with ASR / IOS XR licensing today, and since I found a way to fix it, I’m sharing my results.
Licensing IOS XR on the ASR9k
I have an ASR9006 with two A9K-MOD160-TR linecards on which I need to run VRFs, so I purchased two of the A9K-IVRF-LIC linecard-based VRF licenses. I got the PAK keys from my reseller, and went to Cisco’s licensing portal to fulfill both of them following the usual process with the PID and S/N information taken from admin show license udi. I downloaded the license file and transferred it to an accessible jump server, then from the regular privileged exec mode (rather than the admin exec mode), I used sftp to transfer the file to the router.
Why not use the admin exec to transfer the licenses?
Simple: to transfer the license file within the admin exec means using tftp or ftp:
RP/0/RSP0/CPU0:asr9006-1(admin)#copy ? /recurse Recursively list subdirectories encountered WORD Copy from file bootflash: Copy from bootflash: file system disk0: Copy from disk0: file system disk0a: Copy from disk0a: file system disk1: Copy from disk1: file system disk1a: Copy from disk1a: file system disk2: Copy from disk2: file system Continue reading
Cisco Executive Diaspora: Where are They Now? (Part 2)
Under the control of Chuck Robbins, Cisco has seen quite a few rearrangements.
Cisco Executive Diaspora: Where Are They Now?
Under the control of Chuck Robbins, Cisco has seen quite a few rearrangements.
Unprecedented Change Transforming Data Centers
Data center designs are undergoing massive transformation due to cloud and IoT.
Enable Source-Specific Multicast in Iperf
How Does Internet Work - We know what is networking
I was preparing lab environment to test configuration of Source-Specific Multicast on Juniper SRX Equipment and needed a tool to generate and measure Source-Specific Multicast streams. I was aware that Iperf is a good enough tool to generate and measure multicast and unicast traffic but support for SSM was missing from current version. Fortunately there are always some developers which are interested in networking so one of them developed a special Iperf version 2.0.5 with SSM support. The idea here is to show how to make this version of Iperf work on your Cent OS or similar Linux machine. Here
OpenBSD on the Sixth Generation Intel NUC
I recently decided it would be fun to upgrade the hardware on my main OpenBSD machine at home (because, you know, geek). These Intel NUC machines are pretty interesting. They are pretty powerful, support a decent amount of RAM, certain models support internal storage, and they are very low power and low noise. Perfect for a machine that is a shell/email/development box.
The model I chose is the NUC6i3SYH.
- Core i3 processor (because my machine is not at all CPU bound)
- Very low power consumption (15W)
- Supports a 2.5″ SSD
OpenBSD 6.0 boots with the GENERIC kernel; no tuning or tweaking required. Full dmesg is at the end of this post. Hightlights of the hardware include:
- Wired network: Intel I219-V using the
em(4)driver - Wireless network: Intel Dual Band Wireless AC 8260 using the
iwm(4)driver (no support for 802.11ac in OpenBSD at the time of this writing so it’s 802.11n only) - Dual-core CPU with hyperthreading (be sure to boot GENERIC.MP)
The kernel recognizes the Intel SpeedStep capabilities of the CPU and will adjust the CPU’s clock speed as needed (further keeping the power consumption of the machine at a very Continue reading
Technology Short Take #75
Welcome to Technology Short Take #75, the final Technology Short Take for 2016. Fortunately, it’s not the final Technology Short Take ever, as I’ll be back in 2017 with more content. Until then, here’s some data center-related articles and links for your enjoyment.
Networking
- Ajay Chenampara has some observations about running Ansible at scale against network devices.
- Andrey Khomyakov shares some information on automating the setup of whitebox switches running Cumulus Linux in part 2 of this series on learning network automation.
- Russell Bryant has shared the results of some testing comparing ML2+OVS and OVN as backends for OpenStack networking. As Russell indicates in his post, some additional analysis is needed to truly understand what’s happening, but early looks at the results of his tests show performance improvements in OVN versus ML2+OVS when it comes to total time required to boot a VM.
- Ivan Pepelnjak shares a Python script that creates Ansible inventory from Vagrant’s SSH configuration. Handy.
Servers/Hardware
Nothing this time around!
Security
- James Green shares some information on Docker Bench, a tool designed to help secure Docker environments.
- Via Mike Foley, the community now has a new resource to help educate on VM escapes.
- Gordon Turner Continue reading
A Broken Process Placing Consumers at Risk
Below is a chat session I had with Pearson Vue several months ago as I attempted to schedule a recertification exam. Apparently, I have two accounts with them and that prevents next day test scheduling. To put it mildly, I don’t think they adequately explain how they could possibly guarantee non-disclosure of data with email as a transport. Moreover, this seems to indicate a serious disconnect between security and business operations.
Image Link – for FULL Size View
I’m not going to explain the problems with this, PacketU readers understand why email is not [in and of itself] a secure method for file transport. When I experience an exchange like this, I see how segregated business practices can be and what a negative impact it can have from an information security perspective. Its not a matter of if, but a matter of when, bad things will happen as a result of not taking security seriously.
—
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.
The post A Broken Process Placing Consumers at Risk appeared Continue reading