Worth Reading: You Probably Don’t Need AI
Here’s another rant to spice up your weekend: focus on fixing your company’s problems instead of chanting the AI mantra. Have fun ;)
Worth Reading: You Probably Don’t Need AI
Here’s another rant to spice up your weekend: focus on fixing your company’s problems instead of chanting the AI mantra. Have fun ;)
VPP with loopback-only OSPFv3 – Part 2
Introduction
When I first built IPng Networks AS8298, I decided to use OSPF as an IPv4 and IPv6 internal gateway protocol. Back in March I took a look at two slightly different ways of doing this for IPng, notably against a backdrop of conserving IPv4 addresses. As the network grows, the little point to point transit networks between routers really start adding up.
I explored two potential solutions to this problem:
- [Babel] can use IPv6 nexthops for IPv4 destinations - which is super useful because it would allow me to retire all of the IPv4 /31 point to point networks between my routers.
- [OSPFv3] makes it difficult to use IPv6 nexthops for IPv4 destinations, but in a discussion with the Bird Users mailinglist, we found a way: by reusing a single IPv4 loopback address on adjacent interfaces
In May I ran a modest set of two canaries, one between the two routers in my house (chbtl0 and
chbtl1), and another between a router at the Daedalean colocation and Interxion datacenters (ddln0
and chgtg0). AS8298 has about quarter of a /24 tied up in these otherwise pointless point-to-point
transit networks (see what Continue reading
Consistency – Making Progress One Step at a Time
People often ask me how I manage to write so many blog posts. With 5-6 posts a month, it might seem like a lot, but my answer is always the same, consistency. I’ve been blogging for over three years now, and writing has become a part of my daily life. It’s all about sticking to it day after day. In this post, I’ll share how maintaining consistency has not only improved my blogging but can also help you in any area of your life.
I want to start off by acknowledging that while it’s easy to talk about being consistent, actually implementing it can be really tough. Take my own struggle with running, for example. I’ve been trying to make it a consistent part of my life for the past few years, but it’s been a real challenge. I might run for a week, then give up, start again, and then stop. It’s a cycle that’s hard to break. So, I understand that being consistent isn’t always straightforward or easy. I just wanted to get that out of the way before we proceed into this topic.
Palo Alto Firewall Packet Capture
Packet capture is very useful when you troubleshoot network connectivity issues or monitor suspicious activity.
Diagram
Few things to consider
- Four packet capture filters can be added with a variety of attributes.
- Packet captures are session/flow based, so having a single filter is enough for capturing both inbound and outbound traffic.
Packet Capture Stages
There are four stages:
- drop - where packets get discarded. Example, security polciy denying the traffic
- firewall - captures packets in the firewall stage.
- receive - captures the packets as they ingress the firewall interface before they go into the firewall engine (pre-NAT)
- transmit - captures packets as they egress out of the firewall engine (post-NAT)
Example 1 - Packet Capture without NAT
Initiate a ping from CLIENT to the SERVER and capture both ICMP echo request and ICMP echo reply.
You can configure packet capture by going to Monitor > Packet Capture
- Packets 1 & 2 are ingressing the firewall
- Packets 3 & 4 are egressing the firewall
- Packets 1 & 3 are the same
- Packets 2 & 4 are the same
Step 1 - Configure capture filters
The filter shown below captures both echo request and echo reply on Continue reading
Patrick Finn: why I joined Cloudflare as VP Sales for the Americas
I’m delighted to be joining Cloudflare as Vice President of Sales in the US, Canada, and Latin America.
I’ve had the privilege of leading sales for some of the world’s most iconic tech companies, including IBM and Cisco. During my career I’ve led international teams numbering in the thousands and driving revenue in the billions of dollars while serving some of the world's largest enterprise customers. I’ve seen first-hand the evolution of technology and what it can achieve for businesses, from robotics, automation, and data analytics, to cloud computing, cybersecurity, and AI.
I firmly believe Cloudflare is well on its way to being one of the next iconic tech companies.
Why Cloudflare
Cloudflare has a unique opportunity to help businesses navigate an enduring wave of technological change. There are few companies in the world that operate in the three most exciting fields of innovation that will continue to shape our world in the coming years: cloud computing, AI, and cybersecurity. Cloudflare is one of those companies. When I was approached for this role, I spoke to a wide range of connections across the financial sector, private companies, and government. The feedback was unanimous that Cloudflare is poised on the edge Continue reading
Introducing Stream Generated Captions, powered by Workers AI
With one click, customers can now generate video captions effortlessly using Stream’s newest feature: AI-generated captions for on-demand videos and recordings of live streams. As part of Cloudflare’s mission to help build a better Internet, this feature is available to all Stream customers at no additional cost.
This solution is designed for simplicity, eliminating the need for third-party transcription services and complex workflows. For videos lacking accessibility features like captions, manual transcription can be time-consuming and impractical, especially for large video libraries. Traditionally, it has involved specialized services, sometimes even dedicated teams, to transcribe audio and deliver the text along with video, so it can be displayed during playback. As captions become more widely expected for a variety of reasons, including ethical obligation, legal compliance, and changing audience preferences, we wanted to relieve this burden.
With Stream’s integrated solution, the caption generation process is seamlessly integrated into your existing video management workflow, saving time and resources. Regardless of when you uploaded a video, you can easily add automatic captions to enhance accessibility. Captions can now be generated within the Cloudflare Dashboard or via an API request, all within the familiar and unified Stream platform.
This feature is designed with Continue reading
NAN066: Operationalize Your Automations With torero (Sponsored)
When you’re trying to share your cool new network automation with your co-workers, the last thing you want to do is deal with other systems’ different libraries and dependencies gumming it up. That’s where our episode sponsor torero comes into play. As an “automation gateway,” torero dynamically creates an execution environment based on what has... Read more »D2C245: Don’t Fear Database DevOps
Most platform engineers are scared of databases, and most database administrators prefer it that way. But our guest today says it’s time to move forward together toward a future of database linters, observability, and abstraction. Adam Furmanek makes the case that just like how developers had to learn some networking, and networking tools were created... Read more »PP019: The God Accounts: Cloud IAM
Today we discuss how to secure your all-powerful root accounts on the three major public cloud providers: AWS, Azure, and GCP. Our guests today, Ned Bellavance and Kyler Middleton from the Day Two Cloud podcast (soon to be Day Two DevOps podcast), describe the struggle of securely managing several root accounts at once. They take... Read more »HS075: How to Ask Questions
Asking questions is a critical skill whether you’re an outside consultant or on an internal IT team. In today’s episode, Greg and Johna review what kind of questions to ask and how to ask them. They discuss the ‘Five Whys,’ identifying points of invariance, discovering unknown unknowns, and watching out for landmines. They also cover... Read more »
Automated Validation of BGP Labs
In late 2023, I started playing with the idea of having automated validation in netlab. The early implementation was used in BGP labs, and a user liked it so much that he opened an issue saying:
I would suggest providing netlab validate for each lab.
Numerous rounds of yak-shaving later, I merged a humongous commit that adds automated validation to these lab exercises:
Automated Validation of BGP Labs
In late 2023, I started playing with the idea of having automated validation in netlab. The early implementation was used in BGP labs, and a user liked it so much that he opened an issue saying:
I would suggest providing netlab validate for each lab.
Numerous rounds of yak-shaving later, I merged a humongous commit that adds automated validation to these lab exercises:
NB483: Cisco Hopes To Be Ikea For AI Infrastructure; Is Anyone Besides Nvidia Making Money From AI?
Take a Network Break! We start with an announcement from Greg about his impending retirement. After we dust ourselves off from that, we pivot to this week’s tech news. Fortinet acquires a company to bolster its offering in securing cloud deployments and workloads, Cisco announces an Ikea-like kit to build AI infrastructure on prem, and... Read more »Live Training: Build Your Own Networking Lab
This Friday at 1pm ET, Bruce McDougall and I are teaching a live class on using Containerlab to build and automate network labs. From the course description:
This course will guide learners through the tools and techniques to build virtual labs either locally or on common cloud services, so you can become more proficient at understanding, designing, monitoring, and troubleshooting networks. The course begins with obtaining and starting the basic tools required to build and test network labs using open-source and freely available tools. The instructors will build a variety of network topologies, including data center and campus, to help learners understand how to test in different environments.
Tech Bytes: Journey to SSE with HPE Aruba Networking (Sponsored)
When it comes to SSE, it’s helpful to know the vendor’s history and approach to understand if it’s the best fit for your organization. HPE Aruba’s SSE journey started when it acquired Axis Security, a company focused on solving the problem of third party access. Because of that focus, HPE Aruba says its SSE is... Read more »netlab 1.8.3: RIPv2, BGP Route Servers
During the ITNOG8 netlab presentation, I jokingly said something along the lines “all that’s missing is RIPv2 and Babel.” That’s no longer true; someone asked me how hard it would be to add RIPv2 to netlab, and I said, “give me a few days 😎”
Other new features in netlab release 1.8.3 include support for BGP route servers (and route server clients), BGP Link Bandwidth community, and OSPF/BGP validation plugins for Arista EOS, Cumulus Linux and FRR. We also fixed the installation scripts to work with Ubuntu 24.04 and Debian Bookworm.
For more details, read the release notes.
netlab 1.8.3: RIPv2, BGP Route Servers
During the ITNOG8 netlab presentation, I jokingly said something along the lines “all that’s missing is RIPv2 and Babel.” That’s no longer true; someone asked me how hard it would be to add RIPv2 to netlab, and I said, “give me a few days 😎”
Other new features in netlab release 1.8.3 include support for BGP route servers (and route server clients), BGP Link Bandwidth community, and OSPF/BGP validation plugins for Arista EOS, Cumulus Linux and FRR. We also fixed the installation scripts to work with Ubuntu 24.04 and Debian Bookworm.
For more details, read the release notes.
Network Observability with SuzieQ: Part Three
In part 2 of this multipart series on network observability with SuzieQ, we looked at how to setup SuzieQ using docker compose. In this part, we will look at how to interact with the data collected by SuzieQ using the command line interface (CLI) and its REST API.
If you have not read Part One and Part Two yet, I recommend you read it first before proceeding with this part.
SuzieQ CLI
SuzieQ provides a command line interface to interact with the data it has collected. Like any Linux CLI, SuzieQ CLI providers command completion when options are available and also provides help for each command. All commands follow a common structure <table_name> <verb> <filters>. This will make more sense when we start looking at some examples.
Let us start by running the SuzieQ CLI. If you have been following along with the previous parts, you should have the SuzieQ docker container running and you can connect to the SuzieQ CLI by running the docker attach suzieq_cli command. Once you are connected, you will see a prompt like this suzieq>. This is the SuzieQ CLI prompt.
root@sudarshanv:/suzieq/suzieq# docker attach suzieq_cli
suzieq>Connecting to SuzieQ CLI
From here you can get Continue reading