Tech Bytes: Enhancing CI/CD Pipelines With Nokia’s Digital Sandbox (Sponsored)
Today we welcome sponsor Nokia back to the Tech Bytes podcast to get more information about its Digital Sandbox, and how this software, part of Nokia’s Fabric Services System, helps enable a continuous integration/continuous delivery, or CI/CD framework, for network engineers. Our guest is Erwan James, Product Line Manager at Nokia.Join me at PlatformCon 2022 to learn how to secure could-native applications using open source tools
PlatformCon 2022 is just around the corner and I’m excited to be speaking at the conference alongside other platform practitioners and pioneers. My talk, Using open-source software to secure cloud-native applications, will examine—you guessed it—how to use open-source software like Kubernetes to secure cloud-native applications.
I’m looking forward to giving this talk because I think this topic is extremely relevant to the Platform Engineering community. Cloud-native microservices applications bring so many amazing advantages for many software application needs, but they also bring lots of security challenges, and if those are handled incorrectly it can be a minefield. Ephemeral workloads appear and disappear, workload network addressing is transient, and traditional firewalls can’t police the data path effectively.
Open-source orchestration solutions like Kubernetes define an application-centric component called ‘NetworkPolicy,’ but they do not implement it. In my session I’ll discuss how, with a change of tools and mindset, open-source software can help to implement security for cloud-native applications whilst still allowing the user to benefit from all the advantages. I’m excited to help people understand how to get on the right path and give them enough information to make their own informed decision on how to proceed
What’s special Continue reading
How BGP Really Converges
This lesson in Russ White’s BGP course gets into withdrawing a route, MRAI time, implicit withdraws, BGP Hunt, graceful restart, and other topics.
The Downside of SD-WAN and How to Avoid It
While the benefits of SD-WAN for enterprise networks are well-documented, the approach also presents some challenges.Network Break 384: Broadcom To Buy VMware; DuckDuckGo Slammed For Microsoft Tracking Deal
On today's Network Break we dig into Broadcom's proposed acquisition of VMware for about $61 billion. We also cover a serious VMware vulnerability that is being exploited in the wild, and criticism of DuckDuckGo for a deal with Microsoft that allows some data to be collected from the privacy browser. We also cover the latest financial results from Dell Technologies and Broadcom.Platform Week wrap-up
A comprehensive developer platform includes all the necessary storage, compute, and services to effectively deliver an application. Compute that runs globally and auto-scales to execute code without having to worry about the underlying infrastructure; storage for user information, objects, and key-value pairs; and all the related services including delivering video, optimizing images, managing third-party components, and capturing telemetry.
Whether you’re looking to modernize legacy backend infrastructure or are building a brand-new application from the ground up the Cloudflare Developer Platform provides all the building blocks you need to deliver an application on the edge.
Recently, during Platform Week, we made a number of announcements expanding what’s possible with the Developer Platform. Let’s take a look at some of the announcements we made and what this enables you to build. For a complete list visit the Platform Week hub.
Compute
The core of our compute offering is Workers, our serverless runtime. Workers integrates with other Cloudflare offerings helping you route requests, take action on bots, send an email, or route and filter emails, just to name a few.
There are times when you’ll want to use multiple Workers to perform an action, Workers now have the ability to call another Continue reading
VXLAN-Focused Design Clinic in June 2022
ipSpace.net subscribers are probably already familiar with the Design Clinic: a monthly Zoom call in which we discuss real-life design- and technology challenges. I started it in September 2021 and it quickly became reasonably successful; we covered almost two dozen topics so far.
Most of the challenges contributed for the June 2022 session were focused on VXLAN use cases (quite fitting considering I just updated the VXLAN Technical Deep Dive webinar), including:
- Can we implement Data Center Interconnect (DCI) with VXLAN? (Yes, but…)
- Can we run VXLAN over SD-WAN (and does it make sense)? (Yes/No)
- What happened to traditional MPLS/VPN Enterprise core and can we use VXLAN/EVPN instead? (Still there/Maybe)
- Should we use routers or switches as data center WAN edge devices, and how do we integrate them with VXLAN/EVPN data center fabric? (Yes 😊)
For more details, join us on June 6th. There’s just a minor gotcha: you have to be an active ipSpace.net subscriber to do it.
VXLAN-Focused Design Clinic in June 2022
ipSpace.net subscribers are probably already familiar with the Design Clinic: a monthly Zoom call in which we discuss real-life design- and technology challenges. I started it in September 2021 and it quickly became reasonably successful; we covered almost two dozen topics so far.
Most of the challenges contributed for the June 2022 session were focused on VXLAN use cases (quite fitting considering I just updated the VXLAN Technical Deep Dive webinar), including:
- Can we implement Data Center Interconnect (DCI) with VXLAN? (Yes, but…)
- Can we run VXLAN over SD-WAN (and does it make sense)? (Yes/No)
- What happened to traditional MPLS/VPN Enterprise core and can we use VXLAN/EVPN instead? (Still there/Maybe)
- Should we use routers or switches as data center WAN edge devices, and how do we integrate them with VXLAN/EVPN data center fabric? (Yes 😊)
For more details, join us on June 6th. There’s just a minor gotcha: you have to be an active ipSpace.net subscriber to do it.
What To Do When Containers are Attacked: An Incident Response Plan
Containers introduce a new attack surface that requires different security measures, incident response tactics, and forensics approaches.“Much more than just writing.” How I got started as a content designer
Content design is a relatively new discipline, but one that deeply affects how users perceive, choose, and use products. People who work in content design can take many names (content designers, UX writers, product writers, just to name a few) but in a nutshell, our job is to help users accomplish goals on an interface by providing them with the right guidance at the right time. Unlike visual designers, content designers are not responsible for the graphic layout or the look and feel of a given interface — instead, we own what we call the conversation between product and user along each journey to ensure that the user has all the information they need to reach their goal.
The interesting thing is — when interfaces are concerned, the more effective the text, the less noticeable it will be to users. Great content on an interface “just works”; it disappears into a delightful user experience while leading happy users to success, whatever it is they’re trying to get done with a given product. Content designers achieve that by making sure they know user needs inside out and which problems the product is trying to solve. Next, in partnership with visual designers, Continue reading
netsim-tools Simple VLAN Example
I had no idea how convoluted VLANs could get until I tried to implement them in netsim-tools. We’re not done yet – we have access VLANs, VLAN trunks (including native VLAN support), and VLAN (SVI) interfaces, but we’re still missing routed VLAN subinterfaces – but we have enough functionality to show you a few VLAN examples.
We’ll start with the simplest option: a single VLAN stretched across two bridges switches with two Linux hosts connected to it. netsim-tools can configure VLANs on Arista EOS, Cisco IOSv, VyOS, Dell OS10, and Nokia SR Linux. We’ll use the quickest (deployment-wise) option: Arista EOS on containerlab.
netlab Simple VLAN Example
I had no idea how convoluted VLANs could get until I tried to implement them in netlab.
We’ll start with the simplest option: a single VLAN stretched across two bridges switches with two Linux hosts connected to it. netlab can configure VLANs on Arista EOS, Cisco IOSv, Cisco Nexus OS, VyOS, Dell OS10, and Nokia SR Linux. We’ll use the quickest (deployment-wise) option: Arista EOS on containerlab.
Simple VLAN topology
Worth Reading: ACI Terraform Scalability
Using Terraform to deploy networking elements with an SDN controller that cannot replace the current state of a tenant with the desired state specified in a text file (because nobody ever wants to do that, right) sounds like a great idea… until you try to do it at scale.
Noël Boulene hit interesting scalability limits when trying to provision VLANs on Cisco ACI with Terraform. If you’re thinking about doing something similar, you REALLY SHOULD read his article.
Worth Reading: ACI Terraform Scalability
Using Terraform to deploy networking elements with an SDN controller that cannot replace the current state of a tenant with the desired state specified in a text file (because nobody ever wants to do that, right) sounds like a great idea… until you try to do it at scale.
Noël Boulene hit interesting scalability limits when trying to provision VLANs on Cisco ACI with Terraform. If you’re thinking about doing something similar, you REALLY SHOULD read his article.