Day Two Cloud 184: Think Multiplatform, Not Multicloud
Today on Day Two Cloud we put on our thinking caps about platforms, cloud, and multicloud. The last ten years or so has been a push for "cloud-first," but any wholesale approach to "X-first" (cloud, edge, digital, etc.) is problematic. We discuss why. We also explore strategies for CTOs, IT managers, and engineers on how to grapple with cloud strategy, implementation, and operation.The Arrival of AI Networking at Petascale
The AI industry has taken us by storm, bringing supercomputers, algorithms, data processing and training methods into the mainstream. The rapid ramp of large language inference models combined with Open AI's ChatGPT has captured the interest and imagination of people worldwide. Generative AI applications promise benefits to just about every industry. New types of AI applications are expected to improve productivity on a wide range of tasks, be it marketing image creation for ads, video games or customer support. These generative large language models with over 100 billion parameters are advancing the power of AI applications and deployments. Furthermore, Moore's law is pushing silicon geometries of TPU/GPU processors that connect 100 to 400 to 800 gigabits of network throughput with parallel processing and bandwidth capacity to match.
HS041 Intelligent Network Automation With BackBox – Sponsored
We talk a lot about automation and orchestration and how they can change your network strategy and smooth network workflows. But not everybody wants to sit around writing code and building test labs. Greg and Johna talk with Josh Stephens and Chanoch Marmorstein from sponsor BackBox about its network automation software, how it fits into a network operations strategy, and how BackBox focuses on the network engineer.
The post HS041 Intelligent Network Automation With BackBox – Sponsored appeared first on Packet Pushers.
HS041 Intelligent Network Automation With BackBox – Sponsored
We talk a lot about automation and orchestration and how they can change your network strategy and smooth network workflows. But not everybody wants to sit around writing code and building test labs. Greg and Johna talk with Josh Stephens and Chanoch Marmorstein from sponsor BackBox about its network automation software, how it fits into a network operations strategy, and how BackBox focuses on the network engineer.
Network simulators for high-school teachers
Educators in secondary schools, who teach students aged 14 to 18, have unique needs for a network simulator. Most would require a simulator or emulator that offers a web interface so students can access it from a web browser running on a Chromebook or iPad. Ideally, the simulator should enable educators to demonstrate fundamental networking topics without requiring students to spend too much time learning to use the tool or to configure virtual network appliances in the tool.
Most of the projects listed below animate the basic functions of a communications network in a way that is easier for young students to understand. While they may not be interesting to a networking professional, these network simulators solve problems that educators may have.
Free and open-source simulators
The following set of network simulators is free and open source. The first two projects, CS4G and ENS, are available via a web browser. The last open-source project, Filius, is a standalone application that must be installed on a student’s computer.
CS4G Network Simulator
CS4G Netsim is a Web-based network simulator for teaching hacking to high-schoolers. It demonstrates some basic security issues that Internet users should be aware of.
OpenVPN Windows Client with MikroTik
In a previous tutorial, we discussed the configuration of an OpenVPN Server on a Mikrotik […]
The post OpenVPN Windows Client with MikroTik first appeared on Brezular's Blog.
Feedback: Microsoft Azure Networking
Numerous networking engineers found my cloud webinars (AWS, Azure) useful when preparing for a cloud migration project. Here’s what one of them wrote:
We are beginning to migrate some of our offerings to Microsoft Azure and I need to get up to speed with Azure products. I found this webinar very informative, and Ivan explained the concepts in a clear manner and easy to follow along. I would recommend watching these webinars and then read Microsoft documentation to get a thorough understanding.
Want to have some hands-on work sprinkled on top of that? You’ll find deployment examples in the Networking in Public Clouds GitHub repository.
Feedback: Microsoft Azure Networking
Numerous networking engineers found my cloud webinars (AWS, Azure) useful when preparing for a cloud migration project. Here’s what one of them wrote:
We are beginning to migrate some of our offerings to Microsoft Azure and I need to get up to speed with Azure products. I found this webinar very informative, and Ivan explained the concepts in a clear manner and easy to follow along. I would recommend watching these webinars and then read Microsoft documentation to get a thorough understanding.
Want to have some hands-on work sprinkled on top of that? You’ll find deployment examples in the Networking in Public Clouds GitHub repository.
Ask JJX: What About the KeePass Vulnerability?
In the midst of LastPass’s repeated barrage of breaches, a pretty serious vulnerability was found in another common password manager — KeePass. This slid under most of our radars, including mine. Professor Cyber Naught of the Mastodons suggested I comment on the situation. I’m so glad he brought this up, because it highlights several critical […]
The post Ask JJX: What About the KeePass Vulnerability? appeared first on Packet Pushers.
What’s new in Calico Enterprise 3.16: Egress gateway on AKS, Service Graph optimizations, and more!
We are excited to announce the early preview of Calico Enterprise 3.16. This latest release extends the active security platform’s support for egress access controls, improves the usability of network-based threat defense features, and scales visualization of Kubernetes workloads to 100s of namespaces. Let’s go through some of the highlights of this release.
Egress gateways for Microsoft Azure and AKS
Egress gateways allow you to identify the source of traffic at the namespace or pod level when it leaves a Kubernetes cluster to communicate to external resources. This makes it highly beneficial for security teams to apply access controls to specific traffic instead of opening up a larger set of IP addresses. Calico Enterprise 3.16 has added egress gateway support for Microsoft Azure and AKS in addition to our support for AWS and EKS. Check out our documentation, Configure egress gateways, Azure, to learn more.
Operator-managed deployments of egress gateways
Calico Enterprise now includes operator-managed deployments of egress gateways. This reduces operational overhead and eliminates additional steps required during software upgrades. With the Tigera Operator, egress gateways will always be automatically upgraded.
UI for workload-based web application firewalls (WAF)
Calico Enterprise’s unique workload-centric web application Continue reading
Planning for the Unexpected: Why Internet Resilience Matters
In a post-pandemic landscape where every business is now effectively an online business, slow is the new down. And so, Internet resilience has become a top priority at the board level.How Rust and Wasm power Cloudflare’s 1.1.1.1
On April 1, 2018, Cloudflare announced the 1.1.1.1 public DNS resolver. Over the years, we added the debug page for troubleshooting, global cache purge, 0 TTL for zones on Cloudflare, Upstream TLS, and 1.1.1.1 for families to the platform. In this post, we would like to share some behind the scenes details and changes.
When the project started, Knot Resolver was chosen as the DNS resolver. We started building a whole system on top of it, so that it could fit Cloudflare's use case. Having a battle tested DNS recursive resolver, as well as a DNSSEC validator, was fantastic because we could spend our energy elsewhere, instead of worrying about the DNS protocol implementation.
Knot Resolver is quite flexible in terms of its Lua-based plugin system. It allowed us to quickly extend the core functionality to support various product features, like DoH/DoT, logging, BPF-based attack mitigation, cache sharing, and iteration logic override. As the traffic grew, we reached certain limitations.
Lessons we learned
Before going any deeper, let’s first have a bird’s-eye view of a simplified Cloudflare data center setup, which could help us understand what we are going to talk Continue reading
Alternatives to IBGP within Multihomed Sites
Two weeks ago I explained why you might want to run IBGP between CE-routers on a multihomed site. One of the blog readers didn’t like my ideas:
In such a small deployment I assume that both ISPs offer transit, so that both CEs would get a default route from their upstream.
In this case I would not iBGP the CEs together but have HSRP running on the two CEs and track the uplink (interface and/of BGP session) to determine the active gateway.
Let’s see what could possibly go wrong with that design.
Alternatives to IBGP within Multihomed Sites
Two weeks ago I explained why you might want to run IBGP between CE-routers on a multihomed site. One of the blog readers didn’t like my ideas:
In such a small deployment I assume that both ISPs offer transit, so that both CEs would get a default route from their upstream.
In this case I would not iBGP the CEs together but have HSRP running on the two CEs and track the uplink (interface and/of BGP session) to determine the active gateway.
Let’s see what could possibly go wrong with that design.
Tech Bytes: ThousandEyes Enhances Data Correlation With OpenTelemetry (Sponsored)
Today on the Tech Bytes podcast we’re talking about OpenTelemetry with sponsor Cisco ThousandEyes. OpenTelemetry is an open collection of tools, APIs, and SDKs to help share telemetry data among different monitoring and analysis platforms to improve data correlation and visibility. ThousandEyes, the first network visibility platform to support OpenTelemetry, joins the podcast to discuss how it works, use cases, and more.
The post Tech Bytes: ThousandEyes Enhances Data Correlation With OpenTelemetry (Sponsored) appeared first on Packet Pushers.
Tech Bytes: ThousandEyes Enhances Data Correlation With OpenTelemetry (Sponsored)
Today on the Tech Bytes podcast we’re talking about OpenTelemetry with sponsor Cisco ThousandEyes. OpenTelemetry is an open collection of tools, APIs, and SDKs to help share telemetry data among different monitoring and analysis platforms to improve data correlation and visibility. ThousandEyes, the first network visibility platform to support OpenTelemetry, joins the podcast to discuss how it works, use cases, and more.Why Do YOU Have To Do It?
One of the things that I’ve seen as a common thread among people in the industry as of late is the subject of burnout. Sure, burnout is a common topic no matter what year we’re in but a lot more of what I’m starting to hear about is self-inflicted burnout. Taking on too many projects, doing more than one job, and even having too many things going on outside of your specific role are all contributors to burnout. How can we keep that from happening?
Atlas and His Burden
For me, one of the biggest reasons why I find myself swimming in frustration is because I am very quick to volunteer to do things. In part it’s because I want to make sure the job is done correctly. In another part it’s because I want to be seen as someone that is always willing to get things done. Add in a dash of people pleasing and you can see how this spirals out of control. I’m sure you’ve even heard that as a career advice at some point. I’ve even railed against it many times on this blog.
How can you overcome the impulse to want to volunteer to do Continue reading