Friday Mobility Field Day Thoughts
I’m finishing up Mobility Field Day 7 this week and there’s been some exciting discussion here around a lot of technology. I think my favorite, and something I’m going to talk about more, is the continuing battle between 5G and Wi-Fi. However, there’s a lot going on that I figured I’d bring up to whet your appetite for the videos.
- What is mission critical? When you think about all the devices that are in your organization that absolutely must work every time what does that look like? And what are you prepared to do to make them work every time? If it’s a safety switch or some other kind of thing that prevents loss of life are you prepared to spend huge amounts of money to make it never fail?
- Operations teams don’t need easier systems. They need systems that remove complexity. The difference in those two things is subtle but important. Easier means that things are simplified to the point of almost being unusable. Think Apple Airport or even some Meraki devices. Whereas reduced complexity means that you’ve made the up front configuration easy but enabled the ability to configure other features in different places. Maybe that’s by giving Continue reading
Advizex: Automating Security Audits & Remediation with Gluware: LiveStream June 28, 2022 (2/7) – Video
Advizex, a reseller and Gluware customer, discusses how it uses Gluware for security audits and remediation with its clients. This includes network and device discovery, addressing configuration drift, and managing multiple vendors using the Gluware platform. Packet Pushers host Greg Ferro is joined by Michael Burns, Network Architect at Advizex to discuss real-world use cases. […]
The post Advizex: Automating Security Audits & Remediation with Gluware: LiveStream June 28, 2022 (2/7) – Video appeared first on Packet Pushers.
Ansible For Network Automation Lesson 6: Ansible Vault And Loops – Video
In this lesson on using Ansible for network automation, Josh VanDeraa looks at how to get started with Ansible Vault, re-using tasks in multiple playbooks with include_tasks, and leveraging loops in your playbooks. Josh has created a GitHub repo to store additional material, including links and documentation: https://github.com/jvanderaa/AnsibleForNetworkAutomation You can subscribe to the Packet Pushers’ […]
The post Ansible For Network Automation Lesson 6: Ansible Vault And Loops – Video appeared first on Packet Pushers.
Heavy Networking 638: Don’t Block DNS Over TCP
DNS is our subject on today's Heavy Networking. More specifically, DNS transport over TCP. We talk with John Kristoff, one of the forces behind RFC9210, which covers the operational requirements for DNS transport over TCP. This is not an esoteric document covering a tiny, nuanced DNS use case. Instead this doc will likely affect most of you listening, whether you’re a network operator or a name server operator. We talk with John about the implications of this RFC.
The post Heavy Networking 638: Don’t Block DNS Over TCP appeared first on Packet Pushers.
Heavy Networking 638: Don’t Block DNS Over TCP
DNS is our subject on today's Heavy Networking. More specifically, DNS transport over TCP. We talk with John Kristoff, one of the forces behind RFC9210, which covers the operational requirements for DNS transport over TCP. This is not an esoteric document covering a tiny, nuanced DNS use case. Instead this doc will likely affect most of you listening, whether you’re a network operator or a name server operator. We talk with John about the implications of this RFC.Setting Up Public-Private Keys For SSH Authentication
This post originally appeared on the Packet Pushers’ Ignition site on February 18, 2020. The more pedantic in the tech community argue about the merits of public-private key authentication vs. simple password authentication when logging into an SSH host. I have no strong opinion regarding your security posture when using one vs. the other. […]
The post Setting Up Public-Private Keys For SSH Authentication appeared first on Packet Pushers.
Working in public — our docs-as-code approach
Docs-as-code is an approach to writing and publishing documentation with the same tools and processes developers use to create code. This philosophy has become more popular in recent years, especially in tech companies. Automatic link checking is part of this process, which ensures that writer's changes are sound and safe to deploy. By setting the stage with a docs-as-code approach, technical writers can focus on what they do best: ensure that our readers get useful and accurate information that is easy to find, and our documentation speaks a single language.
Besides following a docs-as-code approach, at Cloudflare we handle our documentation changes in public, in our cloudflare-docs GitHub repository. Having our documentation open to external contributions has helped us improve our documentation over time — our community is great at finding issues! While we need to review these contributions and ensure that they fit our style guide and content strategy, the contributions provided by the Cloudflare community have been instrumental in making our documentation better every day. While Cloudflare helps build a better Internet, our community helps build better documentation.
Docs-as-code at Cloudflare
At Cloudflare, we follow a docs-as-code approach to create and publish product documentation in Developer Docs.
Such Continue reading
Worth Exploring: Akvorado Flow Collector and Visualizer
The results you can get when you know how to apply proper glue to a bunch of open-source tools never cease to amaze me. The latest entrant in that category: Akvorado, a Netflow/IPFIX collector and analyzer by Vincent Bernat.
Some of the sample graphs (shown in the GitHub repo) are not far off from those that knocked our socks off during the first Kentik Networking Field Day presentation. Definitely a tool worth exploring ;)
Worth Exploring: Akvorado Flow Collector and Visualizer
The results you can get when you know how to apply proper glue to a bunch of open-source tools never cease to amaze me. The latest entrant in that category: Akvorado, a Netflow/IPFIX collector and analyzer by Vincent Bernat.
Some of the sample graphs (shown in the GitHub repo) are not far off from those that knocked our socks off during the first Kentik Networking Field Day presentation. Definitely a tool worth exploring ;)
Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes
On today's Kubernetes Unpacked podcast we explore tradeoffs that come with using Terraform to manage Kubernetes. My guest is Luke Orellana, an SRE who uses Kubernetes. He's also a HashiCorp Ambassador. We also discuss differences between managing VMs and Kubernetes, Kubernetes benefits including self-healing, and downsides such as dealing with the complexity that comes from containers and microservices.
The post Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes appeared first on Packet Pushers.
Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes
On today's Kubernetes Unpacked podcast we explore tradeoffs that come with using Terraform to manage Kubernetes. My guest is Luke Orellana, an SRE who uses Kubernetes. He's also a HashiCorp Ambassador. We also discuss differences between managing VMs and Kubernetes, Kubernetes benefits including self-healing, and downsides such as dealing with the complexity that comes from containers and microservices.Marketing Docs Are Not Written For Engineers
When reading marketing literature as an engineer, you must always be careful to parse the words correctly. For example, I was reviewing a vendor’s pitch deck on a new hardware switch. The switch was described as having the following attributes.
- Cloud-native
- AI-driven
- Secure
- Next-generation
From an engineering perspective, nothing of value has been described to you in that list.
I have no idea what they are trying to get at with cloud-native. I can think of no greater antithesis to “cloud-native” than a chunk of hardware you bolt into a rack to do network things. Someone on Twitter suggested that because the switch supports ZTP, it’s cloud-native…which, if so, is comedy gold.
AI-driven means…what, exactly? That there is some AI on the switch itself doing data analysis and changing the network configuration in response to whatever the algorithm thinks is best? It could mean that, although then we’d have to discuss what’s meant by AI, whether or not the “AI” is happening off- or on-box, and why that’s different from software-defined.
Secure is a word you sprinkle over every technology product. Because of course it’s secure. But again, what does secure mean in this context? That the switch was built Continue reading
Cloud, Data, and Political Protests Mark the 2022 AWS Summit
The return of the in-person event to New York City also saw a revival of disruptions by protesters calling out the cloud provider’s various government contracts.Transit VPC — AWS — Advanced Networking
What is Transit Gateway in AWS used for ? a. Interconnect One or more VPC's eliminating need for full mesh b. customer gateway in only one region c. Enhanced NAT gateway d. Can be used to Connect SD-Wan with VPC's Answer is at the end of the post, feel free to skip it, I just did not want to make a spoiler residing just below the question
The post from transitive routing in AWS had a few different solutions at the end, the one which is most efficient and future-proof would be transit-gateway implementation for inter-VPC communication without needing a full mesh.
https://raaki-88.medium.com/transitive-routing-aws-advanced-networking-984ca492d2d7
We will first explore an example and then come back to some of the concepts
Consider below VPCs, by default, there is no VPC peering and if we want to achieve connectivity we need to do n*(n-1)/2 number of peerings, this will quickly get out of hand as the VPCs increase.
The easiest way to achieve connectivity will be in 3 steps
- Create transit gateway
- Attach all the VPCs as attachments in the Transit gateway
- Most Importantly, create a route in the sub-net table for the destination sub-net via Transit gateway else connectivity will never work.
