Bringing SWAG to Enterprise Campus Networking!
As client users, devices, and IoT continue to proliferate, the need for switching management and workload optimization across domains increases. Many sub-optimal and closed approaches have been designed in the past. Arista was founded to build the best software and hardware, equating to the highest performance and density in cloud/data centers, and now evolving to campus switches. In 2020, we introduced the smallest footprint of Arista CCS 750 and 720 series switches as a fitting example of the highest density and lowest footprint.
NB506: Billions Flow for US Chips; FCC Lets T-Mobile, SpaceX Make Phone Calls from Orbit
Take a Network Break! We’ve got a full menu for our post-Thanksgiving episode. We start with a host of critical CVEs affecting Veritas and a couple more for QNAP. Cisco announces EOL for two version of its ACI software, Verizon runs field trials for 1.6Tbps throughput in a single wavelength (with Ciena optical transceivers), and... Read more »netlab: Sample Cisco ASAv Topology
A happy netlab user asked for a sample Cisco ASAv topology that would include an inside and an outside router.
We don’t have anything similar in the netlab examples yet, so let’s build a simple topology with two routers, a firewall, and a few hosts.
However, we have to start with a few caveats:
How AI Chatbots Improve Network Configuration Management
Templating and Data Representation: Aspect of Network Automation using a tailor made AI Chatbot just to handle this scenario
In today’s exploration, we’ll dive into the fascinating world of automation frameworks and how different data formats work together to create powerful, maintainable solutions. Drawing from extensive hands-on experience, I’ll share insights into how XML, JSON, and YAML complement each other in modern automation landscapes.
The Three Pillars of Automation Data Handling
- Expression Through XML XML has long served as the backbone of structured data expression. Its verbose yet precise nature makes it particularly valuable for scenarios requiring strict schema validation and complex hierarchical relationships. Think of XML as the detailed blueprints of your automation architecture.
- Serialisation with JSON JSON has revolutionised data interchange in modern applications. Its lightweight structure and native compatibility with JavaScript have made it the de facto standard for API communications. Consider JSON as your data’s travel format – efficient, universally understood, and easy to process.
- Presentation via YAML YAML brings human-readability to configuration management. Its clean syntax and support for complex data structures make it ideal for writing and maintaining configuration files. Think of YAML as your user interface to data representation – intuitive, clean, and Continue reading
Example: Multi-AS netlab Topology
A few weeks ago, Urs Baumann posted a nice example illustrating the power of netlab: a 10-router topology running OSPF, IS-IS, and BGP:
He didn’t post the underlying topology file, so let’s create a simple topology to build something similar.
From Python to Go 005. Code Flow Control: Loops and Conditionals.
Hello my friend,
In the previous blog post we briefly touched on the conditionals, when we talked about looking for presence of some element in Python list or Go slice. So I thought, it would make sense to introduce now the key concept of the code flow control, which are conditionals and loops. These items are essential for any production code, so let’s see how it works.
Does Automation Come Last?
Surfing through the LinkedIn today I’ve found an interesting picture, which was attributed to Elon Musk and Twitter (or X, how is that called now):
I don’t if that is really related to Mr Musk and Twitter in any capacity, but thoughts it contains are quite important: your first remove all unnecessary steps and optimize everything you can, before you start any automation. That’s very true and in our network automation trainings we talk about how to optimize network operations processes to ensure that they are viable for automation. Join our network trainings to learn how to build viable automation:
We offer the following training programs in network automation for you:
Configuring the Cisco Aironet AP 1142
The Cisco Aironet AIR-AP1142N-E-K9 is a versatile, legacy dual-band access point that uses 802.11n (Wi-Fi […]
The post Configuring the Cisco Aironet AP 1142 first appeared on Brezular's Blog.
Lab: Dual-Stack IS-IS Routing
Contrary to the OSPF world, where we have to use two completely different routing protocols to route IPv4 and IPv6 (unless you believe in the IPv4 address family in OSPFv3), IS-IS provided multi-protocol support from the very early days of its embracement by IETF. Adding IPv6 support was only a matter of a few extra TLVs, but even there, IETF gave us two incompatible ways of making IPv6 work with IS-IS.
Want to know more? You’ll find the details in the Dual-Stack (IPv4+IPv6) IS-IS Routing lab exercise.
IPv6 Support for Multiple Routers and Multiple Interfaces
Fernando Gont published an Individual Internet Draft (meaning it hasn’t been adopted by any IETF WG yet) describing the Problem Statement about IPv6 Support for Multiple Routers and Multiple Interfaces. It’s so nice to see someone finally acknowledging the full scope of the problem and describing it succinctly. However, I cannot help but point out that:
- I was ranting about that problem in 2009 (15 years ago) and did a summary of older rants in 2015.
- It was evident to everyone but the religious zealots that the only solution we have at the moment is either NAT (because stuff simply does not work otherwise) or host-based solutions that never got implemented (apart from a few rare cases of multipath TCP).
Anyway, Fernando wraps up his draft with:
Post-Quantum Cryptography
If we ever get to the point of being able to build capable quantum computers when much of the security infrastructure of today's digital world is at risk. For some its not "if" but "when" and if that's the case then its already time to prepare.D2DO258: How System Initiative Rethinks Infrastructure as Code
System Initiative is a new product that aims to improve on Infrastructure as Code (IaC). On today’s episode we talk with System Initiative creator Adam Jacob to find out why he wanted to improve on IaC, how System Initiative works, how it compares to other platforms in the market, how it handles key features such... Read more »HW041: Dealing with Client and AP Power Mismatch
Today on Heavy Wireless we dive into how to address power mismatches that can arise between wireless clients and APs. We talk about how to measure output from antennas and APs, regulations that affect your deployment, why cranking up the output on an AP doesn’t necessarily result in better coverage, and more. Guest Connor Burke... Read more »PP041: Cyber Insurance from a Policyholder Perspective
Cyber insurance provides compensation if a company suffers financial loss due to a security incident such as a ransonware payment, costs of data recovery, legal expenses or fines, or damage to a company’s reputation. Today on the Packet Protector podcast, we discuss the ins and outs of cyber insurance with a policy holder. Joe Stern... Read more »Cloudflare incident on November 14, 2024, resulting in lost logs
On November 14, 2024, Cloudflare experienced an incident which impacted the majority of customers using Cloudflare Logs. During the roughly 3.5 hours that these services were impacted, about 55% of the logs we normally send to customers were not sent and were lost. We’re very sorry this happened, and we are working to ensure that a similar issue doesn't happen again.
This blog post explains what happened and what we’re doing to prevent recurrences. Also, the systems involved and the particular class of failure we experienced will hopefully be of interest to engineering teams beyond those specifically using these products.
Failures within systems at scale are inevitable, and it’s essential that subsystems protect themselves from failures in other parts of the larger system to prevent cascades. In this case, a misconfiguration in one part of the system caused a cascading overload in another part of the system, which was itself misconfigured. Had it been properly configured, it could have prevented the loss of logs.
Cloudflare’s network is a globally distributed system enabling and supporting a wide variety of services. Every part of this system generates event logs which contain detailed metadata about what’s happening with our systems around Continue reading
NB505: NetBox Makes Lateral Moves with New Products; Submarine Cable Cuts Raise Suspicions
Take a Network Break! We start with a brief follow-up on our CVE coverage, and then dive into a serious one-two set of vulnerabilities being exploited in Palo Alto Networks software, VMware taking a second crack at patching a vCenter vulnerability, and notable CVEs in D-Link and HPC gear. An AI company loses a quarter... Read more »Palo Alto Auto-Tagging to Automate Security Actions
Auto-tagging allows the firewall to tag a policy object when it receives a log that matches specific criteria, creating an IP-to-tag or user-to-tag mapping. For example, when the firewall generates a traffic or threat log, you can configure it to tag the source IP address or User associated with that log using a specific tag name. These tags can then be used to automatically populate policy objects like Dynamic User Groups or Dynamic Address Groups, which in turn can automate security actions within security policies.
For example, let's say I have a policy that denies traffic from the Internet to the firewall's public IP or subnet whenever someone attempts to access random ports. This policy blocks the traffic and generates a traffic log. Now, if someone tries to target our public IP on port 22 (SSH), we might want to add them to a blacklist, which is a Dynamic Address Group. We can then create another policy that references this Dynamic Address Group to block any further traffic from this IP address.
A Realistic Use Case
A realistic use case is when you want to block a source IP after multiple failed authentication attempts to GlobalProtect. Typically, you can use Continue reading
Tech Bytes: Converge Networking and Security with Fortinet APs and Switches (Sponsored)
Today on the Tech Bytes podcast we talk Ethernet switches and wireless APs with sponsor Fortinet. Yes, Fortinet. Best known for firewalls and other security products, Fortinet has a full line of switches for the campus and data center, as well as a robust portfolio of wireless APs. Fortinet is here to make its case... Read more »Topology aware flow analytics with NVIDIA NetQ
NVIDIA Cumulus Linux 5.11 for AI / ML describes how NVIDIA 400/800G Spectrum-X switches combined with the latest Cumulus Linux release deliver enhanced real-time telemetry that is particularly relevant to the AI / machine learning workloads that Spectrum-X switches are designed to handle.
This article shows how to extract Topology from an NVIDIA fabric in order to perform advanced fabric aware analytics, for example: detect flow collisions, trace flow paths, and de-duplicate traffic.
In this example, we will use NVIDIA NetQ, a highly scalable, modern network operations toolset that provides visibility, troubleshooting, and validation of your Cumulus and SONiC fabrics in real time.
netq show lldp jsonFor example, the NetQ Link Layer Discovery Protocol (LLDP) service simplifies the task of gathering neighbor data from switches in the network, and with the json option, makes the output easy to process with a Python script, for example, lldp-rt.py.
The simplest way to try sFlow-RT is to use the pre-built sflow/topology Docker image that packages sFlow-RT with additional applications that are useful for monitoring network topologies.
docker run -p 6343:6343/udp -p 8008:8008 sflow/topologyConfigure Cumulus Linux to steam sFlow telemetry to sFlow-RT on UDP port 6343 (the default for Continue reading