Archive

Category Archives for "Networking"

Getting started with EKS and Calico

Cloud-native applications offer a lot of flexibility and scalability, but to leverage these advantages, we must create and deploy a suitable environment that will enable cloud-native applications to work their magic.

Managed services, self-managed services, and bare metal are three primary categories of Kubernetes deployment in a cloud environment. Our focus in this article will be on Amazon Web Service’s (AWS) managed Kubernetes service, Elastic Kubernetes Service (EKS), and capabilities that Calico Open Source adds to the EKS platform.

Managed services

A managed cluster is a quick and easy way to deploy an enterprise-grade Kubernetes cluster. In a managed cluster, mundane operations such as provisioning new nodes, upgrading the OS/Kubernetes, and scaling resources are transferred to the cloud provider, which allows you to expand your application with ease.

EKS is a managed service by AWS that offers a fault-tolerant Kubernetes control plane endpoint and automates worker node maintenance and deployment process.

Comparing popular CNI options in EKS

Most popular managed services, such as EKS, come with an official CNI that offers networking and other features for your cluster. While these CNIs are highly integrated with the underlying system, they can introduce some limitations. To remedy these limitations and unlock the Continue reading

who me?

This blog is to share knowledge and experiences I come across within the trials and tribulations of networking and automation. As we all know the Internet is built on plagiarism. I do try and mention any sources I use, but if I do miss you out please don’t get offended, feel less important or come after me. Plagiarism is just confirmation of your superior knowledge. Some of the information maybe wrong, I am certain the grammar is wrong, but it is written with the best interests at heart.

OCP spec for silicon security could help reduce vendor lock-in

A new specification from the Open Compute Project could mean more choices for IT pros when it comes time to replace server cards.The spec defines a block of code that, when used in processors, establishes root of trust (RoT) boot security. Because the spec is open, any chip maker can use it, and it will provide interoperability with chips made by other chip makers that also use it. This can help eliminate being locked into a single vendor because of proprietary RoT code.By standardizing on OCP hardware, for example, it’s possible to replace a bad smartNIC from one vendor with one from another vendor, says Bill Chen, general manager of server product management at Supermicro, an OCP member.To read this article in full, please click here

OCP spec for silicon security could help reduce vendor lock-in

A new specification from the Open Compute Project could mean more choices for IT pros when it comes time to replace server cards.The spec defines a block of code that, when used in processors, establishes root of trust (RoT) boot security. Because the spec is open, any chip maker can use it, and it will provide interoperability with chips made by other chip makers that also use it. This can help eliminate being locked into a single vendor because of proprietary RoT code.By standardizing on OCP hardware, for example, it’s possible to replace a bad smartNIC from one vendor with one from another vendor, says Bill Chen, general manager of server product management at Supermicro, an OCP member.To read this article in full, please click here

Tech Bytes: Aruba Enhances Security Capabilities In EdgeConnect SD-WAN (Sponsored)

Today on the Tech Bytes podcast we’re talking SD-WAN. We dive into new features and capabilities in Aruba EdgeConnect SD-WAN, including new security and segmentation features, licensing options, and more. Our sponsor is Aruba, a Hewlett Packard Enterprise company.

The post Tech Bytes: Aruba Enhances Security Capabilities In EdgeConnect SD-WAN (Sponsored) appeared first on Packet Pushers.

Ubuntu 20.04 Docker image – Python For Network Engineers

This is an updated Docker image of Python For Network Engineers (PFNE) based on Ubuntu 20.04 (minimal server distro). It contains all necessary tools for network / devops engineers to test automation and learn Python: OpensslNet-toolsIPutilsIProuteIPerfTCPDumpNMAPPython 2Python 3ParamikoNetmikoAnsiblePyntcNAPALMNetcatSocat If you notice a missing package which could be a value added for the scope of the … Continue reading Ubuntu 20.04 Docker image – Python For Network Engineers

BGP Configuration on FortiOS

I’ve never done a post on Forti-anything, but I’m really appreciating the products Fortinet is putting out lately. They’re transitioning from “run your SMB off of our stuff” to “actually, we’re pretty good for larger companies”, so their GUI lacks features to keep the SMB from blowing stuff up, The advanced features are there in the CLI, and I wanted to use it to show that difference between the GUI and the real config.

Let’s review some of the basic configuration elements of BGP first. You need an autonomous system (AS) number and a router ID for your side. You also need the AS number of the remote system. You need the IP address on their side (usually the interface facing you). That looks something like this. We’re going to be ‘Fortigate 1’ for this exercise.

With just this information, we can turn up a BGP neighbor that does absolutely nothing. To actually send some routes, you need to tell BGP what to send. We’ll keep this simple and add just connected networks. Adding to the diagram, we get this.

Now we have something of value (though choosing BGP over OSPF or RIP for this little scenario is pretty horrible). Continue reading

The Cloud Gets Foggy

The explosion of sensor and IoT data at the edge is forcing organizations to rethink the location of their data processing infrastructure, “bringing down” the cloud to the ground in the form of fog computing.

Network Break 405: Tech And Geopolitics Collide; Juniper Posts Record Q3 Results

Take a Network Break! This week we discuss a trio of stories at the intersection of tech and global political power struggles. Plus, startup Versa Networks lands $120 million investment in a pre-IPO round, and tech companies including Juniper Networks, Intel, and Google/Alphabet release financial results.

The post Network Break 405: Tech And Geopolitics Collide; Juniper Posts Record Q3 Results appeared first on Packet Pushers.

BGP Configuration on FortiOS

I’ve never done a post on Forti-anything, but I’m really appreciating the products Fortinet is putting out lately. They’re transitioning from “run your SMB off of our stuff” to “actually, we’re pretty good for larger companies”, so their GUI lacks features to keep the SMB from blowing stuff up, The advanced features are there in the CLI, and I wanted to use it to show that difference between the GUI and the real config.

Let’s review some of the basic configuration elements of BGP first. You need an autonomous system (AS) number and a router ID for your side. You also need the AS number of the remote system. You need the IP address on their side (usually the interface facing you). That looks something like this. We’re going to be ‘Fortigate 1’ for this exercise.

With just this information, we can turn up a BGP neighbor that does absolutely nothing. To actually send some routes, you need to tell BGP what to send. We’ll keep this simple and add just connected networks. Adding to the diagram, we get this.

Now we have something of value (though choosing BGP over OSPF or RIP for this little scenario is pretty horrible). Continue reading