Tech Bytes: Diagnosing SaaS Outages When It’s Not The Network (Sponsored)
Today on the Tech Bytes podcast we explore two outages of big-time cloud applications with sponsor ThousandEyes, a Cisco company. These outages share a common thread, in that the network was up and the applications were reachable, but problems on the backend meant the applications weren’t available. We discuss what happened and offer takeaways to minimize business disruptions.
The post Tech Bytes: Diagnosing SaaS Outages When It’s Not The Network (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Diagnosing SaaS Outages When It’s Not The Network (Sponsored)
Today on the Tech Bytes podcast we explore two outages of big-time cloud applications with sponsor ThousandEyes, a Cisco company. These outages share a common thread, in that the network was up and the applications were reachable, but problems on the backend meant the applications weren’t available. We discuss what happened and offer takeaways to minimize business disruptions.Network Break 410: AWS Previews Secure Remote Access; Broadcom Promises Not To Raise VMware Prices
On today's Network Break we discuss new AWS previews for secure remote access and for connecting applications and services across VPCs. We also discuss a serious outage at Hive Social, Open RAN 5G coming to fighter jets, a promise from Broadcom not to raise prices if the VMware acquisition goes through, and more IT news.
The post Network Break 410: AWS Previews Secure Remote Access; Broadcom Promises Not To Raise VMware Prices appeared first on Packet Pushers.
Network Break 410: AWS Previews Secure Remote Access; Broadcom Promises Not To Raise VMware Prices
On today's Network Break we discuss new AWS previews for secure remote access and for connecting applications and services across VPCs. We also discuss a serious outage at Hive Social, Open RAN 5G coming to fighter jets, a promise from Broadcom not to raise prices if the VMware acquisition goes through, and more IT news.Decoding TCP flags in NetFlow and IPFIX.
The post Decoding TCP flags in NetFlow and IPFIX. appeared first on Noction.
Review: S5648X-2Q4Z Switch – Part 1: VxLAN/GENEVE/NvGRE
After receiving an e-mail from a newer [China based switch OEM], I had a chat with their founder and learned that the combination of switch silicon and software may be a good match for IPng Networks. You may recall my previous endeavors in the Fiberstore lineup, notably an in-depth review of the [S5860-20SQ] which sports 20x10G, 4x25G and 2x40G optics, and its larger sibling the S5860-48SC which comes with 48x10G and 8x100G cages. I use them in production at IPng Networks and their featureset versus price point is pretty good. In that article, I made one critical note reviewing those FS switches, in that they’e be a better fit if they allowed for MPLS or IP based L2VPN services in hardware.
I got cautiously enthusiastic (albeit suitably skeptical) when this new vendor claimed VxLAN, GENEVE, MPLS and GRE at 56 ports and line rate, on a really affordable budget (sub-$4K for the 56 port; and sub-$2K for the 26 port switch). This reseller is using a less known silicon vendor called [Centec], who have a lineup of ethernet silicon. In this device, the CTC8096 (GoldenGate) is used for cost effective high density 10GbE/40GbE applications Continue reading
netlab: VRF Lite over VXLAN Transport
One of the comments I received after publishing the Use VRFs for VXLAN-Enabled VLANs claimed that:
I’m firmly of the belief that VXLAN should be solely an access layer/edge technology and if you are running your routing protocols within the tunnel, you’ve already lost the plot.
That’s a pretty good guideline for typical data center fabric deployments, but VXLAN is just a tool that allows you to build multi-access Ethernet networks on top of IP infrastructure. You can use it to emulate E-LAN service or to build networks similar to what you can get with DMVPN (without any built-in security). Today we’ll use it to build a VRF Lite topology with two tenants (red and blue).
netlab: VRF Lite over VXLAN Transport
One of the comments I received after publishing the Use VRFs for VXLAN-Enabled VLANs claimed that:
I’m firmly of the belief that VXLAN should be solely an access layer/edge technology and if you are running your routing protocols within the tunnel, you’ve already lost the plot.
That’s a pretty good guideline for typical data center fabric deployments, but VXLAN is just a tool that allows you to build multi-access Ethernet networks on top of IP infrastructure. You can use it to emulate E-LAN service or to build networks similar to what you can get with DMVPN (without any built-in security). Today we’ll use it to build a VRF Lite topology with two tenants (red and blue).
Data Privacy and Protection in the Age of Cloud
With more data on more cloud platforms being subject to increasingly stringent regulations, traditional approaches to protecting data fall short.Decoding TCP flags in NetFlow and IPFIX.
The post Decoding TCP flags in NetFlow and IPFIX. appeared first on Noction.
Automation 18. LibreNMS to NetBox Sync for Brownfield Automation Deployment
Dear friend,
Today we’ll look into a question, which is raising quite often on various meetups related to network automation or various threads that is the addition of any automation components (say, NetBox) to the existing networking managing suit, where you already have some inventory (say, LibreNMS). We’ll take a look into multiple approaches and, as usual, will share some code snippets how you can do that.
2
3
4
5
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
What Is Integration Between Different Automation Tools?
Integrating different automation tools is typically the most labor-intensive work, as it requires understanding of the tools you are integrating, their internal hierarchy and APIs capabilities. That is not even saying that you shall be proficient with a variety of technologies, such as REST API or GRPC API, JSON/Protobuf/XML, Postman and many other tools. That’s a lot, and may be not easy to start with.
The good news is that all these things you can learn at out Network Automation Training programs:
Steady State Markov Process
A Markov chain or Markov process is a stochastic model describing a sequence of possible events in which the probability of each event depends only on the state attained in the previous event. It is named after the Russian mathematician Andrey Markov.
Markov chains help model many real-word processes, such as queues of customers arriving at the airport, queues of packets arriving at a Router, population dynamics. Please refer to this link for a quick intro to Markov chains.
Problem
Let’s use a simple example to illustrate the use of Markov Chains. Assume that you own a barber shop, and You notice that Customers don’t wait if there is no room in the waiting room and will take their business elsewhere. You want to invest to avoid this, and you have the following info in hand:
- You have two barber chairs and two barbers.
- You have a waiting room for four people.
- You usually observe 10 Customers arriving per hour.
- Each barber takes about 15mins to serve a single customer. So each barber can serve four customers per hour.
You have finite space in the shop, so add two more chairs in the waiting room or add another barber. Now Continue reading
Broken commit diff on Cisco IOS XR
TL;DR
Never trust show commit changes diff on Cisco IOS XR.
Cisco IOS XR is the operating system running for the Cisco ASR, NCS, and
8000 routers. Compared to Cisco IOS, it features a candidate
configuration and a running configuration. In configuration mode, you can
modify the first one and issue the commit command to apply it to the running
configuration.1 This is a common concept for many NOS.
Before committing the candidate configuration to the running configuration, you
may want to check the changes that have accumulated until now. That’s where the
show commit changes diff command2 comes up. Its goal is to show the
difference between the running configuration (show running-configuration) and
the candidate configuration (show configuration merge). How hard can it be?
Let’s put an interface down on IOS XR 7.6.2 (released in August 2022):
RP/0/RP0/CPU0:router(config)#int Hu0/1/0/1 shut RP/0/RP0/CPU0:router(config)#show commit changes diff Wed Nov 23 11:08:30.275 CET Building configuration... !! IOS XR Configuration 7.6.2 + interface HundredGigE0/1/0/1 + shutdown ! end
The + sign before interface HundredGigE0/1/0/1 makes it look like you did
create a new interface. Maybe there was a typo? No, the diff is just broken. If
you Continue reading
Worth Reading: Egress Anycast in Cloudflare Network
Cloudflare has been using ingress anycast (advertising the same set of prefixes from all data centers) for ages. Now they did a giant leap forward and implemented another “this thing can never work” technology: egress anycast. Servers from multiple data centers use source addresses from the prefix that’s advertised by all data centers.
Not only that, in the long-established tradition they described their implementation in enough details that someone determined enough could go and implement it (as opposed to the typical look how awesome our secret sauce is approach from Google).
Worth Reading: Egress Anycast in Cloudflare Network
Cloudflare has been using ingress anycast (advertising the same set of prefixes from all data centers) for ages. Now they did a giant leap forward and implemented another “this thing can never work” technology: egress anycast. Servers from multiple data centers use source addresses from the prefix that’s advertised by all data centers.
Not only that, in the long-established tradition they described their implementation in enough details that someone determined enough could go and implement it (as opposed to the typical look how awesome our secret sauce is approach from Google).