Archive

Category Archives for "Networking"

Making Segment Routing user-friendly

Segment Routing was supposed to make MPLS easier and give more power to network operators. Sadly, vendors decided to make it harder by selling weird protocols and over-engineered controller bloatware.

MPLS is actually great

Despite some anti-MPLS marketing from SD-WAN …

AWS Networking Fundamentals for Beginners

AWS Networking Fundamentals for Beginners

Welcome to today's blog post where we're focusing on AWS Networking fundamentals. If you're new to AWS or just want to better understand AWS Networking, you've come to the right place.

We'll start by talking about Regions and Availability Zones (AZ). These are the building blocks of AWS infrastructure. Next, we'll cover how to set up your own Virtual Private Cloud (VPC). This will be your private space in the AWS cloud where you can launch resources. From there, we'll discuss subnets, breaking down the difference between public and private ones. Knowing this will help you better plan your network architecture.

To wrap it all up, we'll go through the steps of creating an EC2 instance (Linux server). Not only that, but we'll also walk you through accessing this instance over the Internet. This will give you a full-circle understanding of AWS networking basics.

Audience

If you're brand new to AWS, don't worry. This blog post focuses on AWS basic networking, so having some general networking knowledge is a plus but not a requirement. I'll explain things in clear detail to make sure everyone can follow along.

For those of you who are Network Engineers or familiar with another cloud Continue reading

Netlab Examples in GitHub Codespaces

A few days ago, someone asked me about the IPv4 next-hop details of running interface EBGP sessions. I pointed him to a blog post explaining them, adding, “And of course, you can test that in netlab.” A few minutes later, it hit me: instead of asking him to set up netlab locally, I could enable him to do that in a minute with GitHub codespaces.

Setting that up was easy: copy the .devcontainer directory from the BGP labs repository into the netlab examples repository and commit the change. After a short yak-shaving exercise (writing README files and rearranging a few folders), I successfully started the codespace and was ready for this blog post. There was just one gotcha…

Read more …

Netlab Examples in GitHub Codespaces

A few days ago, someone asked me about the IPv4 next-hop details of running interface EBGP sessions. I pointed him to a blog post explaining them, adding, “And of course, you can test that in netlab.” A few minutes later, it hit me: instead of asking him to set up netlab locally, I could enable him to do that in a minute with GitHub codespaces.

Setting that up was easy: copy the .devcontainer directory from the BGP labs repository into the netlab examples repository and commit the change. After a short yak-shaving exercise (writing README files and rearranging a few folders), I successfully started the codespace and was ready for this blog post. There was just one gotcha…

Read more …

Switching Jobs When You Love Your Current One

Switching Jobs When You Love Your Current One

How many times have you found yourself perfectly comfortable in your current job, only to be tempted by a new opportunity? We’ve all been there. It’s tough to leave a place where you know everyone and everything feels familiar. The new job might turn out to be fantastic, or it could be less than ideal. So, how do we overcome these fears and make the right choice? In this post, I’ll share my own journey, exploring what I learned from my experiences. Hopefully, my story can help you navigate your own career decisions with a bit more confidence.

💡
Please keep in mind that I’m sharing from my own experiences. While I hope you find my insights helpful, it’s important to make decisions based on your personal circumstances. What worked for me might not work for everyone, so consider your unique situation when planning your next career move 🙂

Early in My Career

I kicked off my career back in 2017, filled with an eagerness to learn and make rapid progress. During those early days, I was truly engaged in my work, often pulling long hours because all I could think about was advancing in my field. After spending a Continue reading

Palo Alto Load Partial Configuration

Palo Alto Load Partial Configuration

Hi all, welcome back to yet another Palo Alto Firewall blog. Have you ever wanted to load partial config from one Palo Alto Firewall to another or from a Firewall to Panorama and vice versa? There could be times when you just want to import all address objects from one Firewall to another, for example. We could do this in multiple ways, but there is a simple way of doing this. Let’s get into how you can achieve this with just a few steps.

To demonstrate this, I have a firewall and Panorama. On the firewall, there are a few address objects, address groups, and a security policy that I want to import into Panorama, inside a specific device group. Let’s walk through the steps.

  1. Export the configuration - Start by exporting the configuration from the firewall.
  2. Import it to Panorama - Next, import that configuration into Panorama.
  3. Identify the XPath of the objects - You'll need to find where the objects you want to copy are located in both the firewall and Panorama. Keep in mind, the XPath for these objects might be slightly different between the firewall and Panorama.
  4. Copy them over with a command - Finally, run Continue reading

How to Create Custom Jinja2 Filters?

How to Create Custom Jinja2 Filters?

Hi everyone, welcome back to another blog post on Jinja2 and Python. I'm not an expert in Jinja2; I know enough to get by and I'm always learning new things. I'm familiar with using Jinja2's built-in filters like upper, lower, and capitalize, but just a few days ago, I discovered something new. I can make my own filters! It was a real "wow, how did I not know that?" moment. In this post, let's dive into an example of how to do just that.

Generating Cisco Interface Configurations with Jinja2 Template
In this blog post, we will explore the process of generating Cisco interface configurations using Python and Jinja2. An interface configuration can vary depending on
How to Create Custom Jinja2 Filters?PacketswitchSuresh Vina
How to Create Custom Jinja2 Filters?

A Very Simple Example

Let's break down a very simple example of creating a custom Jinja2 filter. First, you need to understand the basic steps and the syntax involved. To start, you'll need to define a custom filter function in Python. This function will take an input, manipulate it as you specify, and return the modified output. In our example, the custom function will convert text to uppercase and add three exclamation marks at the end.

from  Continue reading

Oracle OCI Traffic Mirroring and Monitoring: VTAP Implementation and Analysis

Disclaimer: All writings and opinions are my own and are interpreted solely from my understanding. Please contact the concerned support teams for a professional opinion, as technology and features change rapidly.

My name is Stephen King, and you are reading my novel. Absolutely Not! He is the most incredible author of all time! And you are reading my blog! One of my many, many, many interests is traffic mirroring and monitoring in public clouds, especially inter-VCN/VPC traffic. Traffic from an instance is mirrored and sent for any analysis, whether regulatory or troubleshooting. I quickly set up something in my OCI; the results and learnings are fascinating.

TLDR: Traffic Mirroring and Monitoring in Oracle OCI using VTAPs

The diagram shows a sample implementation of a VTAP. Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/vtap.htm

Topology and a refresher

IGW helps us connect to the Internet, NLB helps us send traffic to VTAP-HOST mirrored from VTAP, and a DRG helps us communicate with other VCNs.

What is the end goal? Mirror and send all the traffic from Host-1 with IP 192.168.1.6 to VTAP-Host for further analysis.

Below is generated by OCI Network Visualiser, which is very cool.

A few things Continue reading

Terraform for Network Engineers: Part One

Terraform for Network Engineers: Part One

When I mention to my industry peers that I use Terraform to manage parts of my on-premise network infrastructure, I often get blank stares or a look of surprise. It's understandable — Terraform is usually associated with cloud infrastructure, not on-premise network devices. A quick Google search for "Terraform for Network Engineers" mostly brings up results about creating AWS VPCs, Azure VNETs, or deploying Palo Alto firewalls in AWS. There's not much out there about using Terraform for network devices like routers, switches, firewalls, and load balancers.

In this blog post series, I'll share my experience using Terraform to manage network devices and explain how it can benefit network engineers. While I'm not sure how many parts this series will have, I'll keep each post concise and informative, giving you the essentials to get started. If you have questions or need help, feel free to reach out.

Throughout the series, I'll use Palo Alto Network (Panorama) as the target, but the concepts can be applied to any network device that supports Terraform.

In Part One of this series, we'll cover the following topics:

  1. Introduction to Terraform.
  2. Understanding Terraform Terminology.
  3. Terraform Workflow.
  4. Deciding if Terraform is the Right Tool.
  5. Installing Terraform

Continue reading

Case Study: IPng at Coloclue

Coloclue

I have been a member of the Coloclue association in Amsterdam for a long time. This is a networking association in the social and technical sense of the word. [Coloclue] is based in Amsterdam with members throughout the Netherlands and Europe. Its goals are to facilitate learning about and operating IP based networks and services. It has about 225 members who, together, have built this network and deployed about 135 servers across 8 racks in 3 datacenters (Qupra, EUNetworks and NIKHEF). Coloclue is operating [AS8283] across several local and international internet exchange points.

A small while ago, one of our members, Sebas, shared their setup with the membership. It generated a bit of a show-and-tell response, with Sebas and other folks on our mailinglist curious as to how we all deployed our stuff. My buddy Tim pinged me on Telegram: “This is something you should share for IPng as well!”, so this article is a bit different than my usual dabbles. It will be more of a show and tell: how did I deploy and configure the Amsterdam Chapter of IPng Networks?

I’ll make this article a bit more picture-dense, to show the look-and-feel of Continue reading

Weekend Reads 062824


Often the scourge of tech execs in the US, Britain’s competition regulator has a new potential target in its sights: HPE’s proposed $14 billion purchase of Juniper Networks.


Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it?


Comparing social media with tobacco use is bizarre. Smoking cigarettes is a known danger, whereas social media is a generally positive development that has troubling side effects for some young people who spend too much time on the platforms.


The Biden administration today banned the sale of Kaspersky Lab products and services in the United States, declaring the Russian biz a national security risk.


Meta has identified another reason AI might produce rubbish output: Hardware faults that corrupt data.


During the 59th BEREC plenary meeting (6 June 2024), the Board of Regulators approved the Draft BEREC Report on the IP Interconnection Ecosystem (BoR (24) 93) for public consultation.


Is there any company out there who has hurt young people more than Mark Zuckerberg’s gargantuan Meta empire?


At Continue reading

How the first 2024 US presidential debate influenced Internet traffic and security trends

Key findings:

  • The Biden vs. Trump debate influenced Internet traffic at the state level in the US, with drops in traffic as high as 17% (in Vermont) during the debate.
  • Microblogging and video streaming platforms saw traffic changes during the debate.
  • Trump-related sites, including donation platforms, gained much more traction than Biden’s during and after the debate.
  • Emails with “Trump” in the subject had higher rates of spam and malicious content compared to those with “Biden.”
  • No increase in cyberattacks during the debate, but frequent DDoS attacks targeted government and political sites in the preceding months.

Internet traffic ebbs and flows usually follow human patterns, and high visibility events that are broadcast on TV usually have an impact. Let’s take a look at the first of the 2024 United States presidential debates between the two major presumptive candidates, Joe Biden and Donald Trump, for the November presidential election.

2024 has been dubbed “the year of elections,” with elections taking place in over 60 countries, as we have mentioned before (1, 2, 3). We are regularly updating our election report on Cloudflare Radar, including analysis of recent elections in South Africa, India, Iceland, Mexico, Continue reading

Supporting Postgres Named Prepared Statements in Hyperdrive

Hyperdrive (Cloudflare’s globally distributed SQL connection pooler and cache) recently added support for Postgres protocol-level named prepared statements across pooled connections. Named prepared statements allow Postgres to cache query execution plans, providing potentially substantial performance improvements. Further, many popular drivers in the ecosystem use these by default, meaning that not having them is a bit of a footgun for developers. We are very excited that Hyperdrive’s users will now have access to better performance and a more seamless development experience, without needing to make any significant changes to their applications!

While we're not the first connection pooler to add this support (PgBouncer got to it in October 2023 in version 1.21, for example), there were some unique challenges in how we implemented it. To that end, we wanted to do a deep dive on what it took for us to deliver this.

Hyper-what?

One of the classic problems of building on the web is that your users are everywhere, but your database tends to be in one spot.  Combine that with pesky limitations like network routing, or the speed of light, and you can often run into situations where your users feel the pain of having your Continue reading

1 35 36 37 38 39 3,411