Ansible For Network Automation Lesson 6: Ansible Vault And Loops – Video
In this lesson on using Ansible for network automation, Josh VanDeraa looks at how to get started with Ansible Vault, re-using tasks in multiple playbooks with include_tasks, and leveraging loops in your playbooks. Josh has created a GitHub repo to store additional material, including links and documentation: https://github.com/jvanderaa/AnsibleForNetworkAutomation You can subscribe to the Packet Pushers’ […]
The post Ansible For Network Automation Lesson 6: Ansible Vault And Loops – Video appeared first on Packet Pushers.
Heavy Networking 638: Don’t Block DNS Over TCP
DNS is our subject on today's Heavy Networking. More specifically, DNS transport over TCP. We talk with John Kristoff, one of the forces behind RFC9210, which covers the operational requirements for DNS transport over TCP. This is not an esoteric document covering a tiny, nuanced DNS use case. Instead this doc will likely affect most of you listening, whether you’re a network operator or a name server operator. We talk with John about the implications of this RFC.
The post Heavy Networking 638: Don’t Block DNS Over TCP appeared first on Packet Pushers.
Heavy Networking 638: Don’t Block DNS Over TCP
DNS is our subject on today's Heavy Networking. More specifically, DNS transport over TCP. We talk with John Kristoff, one of the forces behind RFC9210, which covers the operational requirements for DNS transport over TCP. This is not an esoteric document covering a tiny, nuanced DNS use case. Instead this doc will likely affect most of you listening, whether you’re a network operator or a name server operator. We talk with John about the implications of this RFC.Setting Up Public-Private Keys For SSH Authentication
This post originally appeared on the Packet Pushers’ Ignition site on February 18, 2020. The more pedantic in the tech community argue about the merits of public-private key authentication vs. simple password authentication when logging into an SSH host. I have no strong opinion regarding your security posture when using one vs. the other. […]
The post Setting Up Public-Private Keys For SSH Authentication appeared first on Packet Pushers.
Working in public — our docs-as-code approach
Docs-as-code is an approach to writing and publishing documentation with the same tools and processes developers use to create code. This philosophy has become more popular in recent years, especially in tech companies. Automatic link checking is part of this process, which ensures that writer's changes are sound and safe to deploy. By setting the stage with a docs-as-code approach, technical writers can focus on what they do best: ensure that our readers get useful and accurate information that is easy to find, and our documentation speaks a single language.
Besides following a docs-as-code approach, at Cloudflare we handle our documentation changes in public, in our cloudflare-docs GitHub repository. Having our documentation open to external contributions has helped us improve our documentation over time — our community is great at finding issues! While we need to review these contributions and ensure that they fit our style guide and content strategy, the contributions provided by the Cloudflare community have been instrumental in making our documentation better every day. While Cloudflare helps build a better Internet, our community helps build better documentation.
Docs-as-code at Cloudflare
At Cloudflare, we follow a docs-as-code approach to create and publish product documentation in Developer Docs.
Such Continue reading
Worth Exploring: Akvorado Flow Collector and Visualizer
The results you can get when you know how to apply proper glue to a bunch of open-source tools never cease to amaze me. The latest entrant in that category: Akvorado, a Netflow/IPFIX collector and analyzer by Vincent Bernat.
Some of the sample graphs (shown in the GitHub repo) are not far off from those that knocked our socks off during the first Kentik Networking Field Day presentation. Definitely a tool worth exploring ;)
Worth Exploring: Akvorado Flow Collector and Visualizer
The results you can get when you know how to apply proper glue to a bunch of open-source tools never cease to amaze me. The latest entrant in that category: Akvorado, a Netflow/IPFIX collector and analyzer by Vincent Bernat.
Some of the sample graphs (shown in the GitHub repo) are not far off from those that knocked our socks off during the first Kentik Networking Field Day presentation. Definitely a tool worth exploring ;)
Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes
On today's Kubernetes Unpacked podcast we explore tradeoffs that come with using Terraform to manage Kubernetes. My guest is Luke Orellana, an SRE who uses Kubernetes. He's also a HashiCorp Ambassador. We also discuss differences between managing VMs and Kubernetes, Kubernetes benefits including self-healing, and downsides such as dealing with the complexity that comes from containers and microservices.
The post Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes appeared first on Packet Pushers.
Kubernetes Unpacked 004: Pros And Cons Of Using Terraform With Kubernetes
On today's Kubernetes Unpacked podcast we explore tradeoffs that come with using Terraform to manage Kubernetes. My guest is Luke Orellana, an SRE who uses Kubernetes. He's also a HashiCorp Ambassador. We also discuss differences between managing VMs and Kubernetes, Kubernetes benefits including self-healing, and downsides such as dealing with the complexity that comes from containers and microservices.Marketing Docs Are Not Written For Engineers
When reading marketing literature as an engineer, you must always be careful to parse the words correctly. For example, I was reviewing a vendor’s pitch deck on a new hardware switch. The switch was described as having the following attributes.
- Cloud-native
- AI-driven
- Secure
- Next-generation
From an engineering perspective, nothing of value has been described to you in that list.
I have no idea what they are trying to get at with cloud-native. I can think of no greater antithesis to “cloud-native” than a chunk of hardware you bolt into a rack to do network things. Someone on Twitter suggested that because the switch supports ZTP, it’s cloud-native…which, if so, is comedy gold.
AI-driven means…what, exactly? That there is some AI on the switch itself doing data analysis and changing the network configuration in response to whatever the algorithm thinks is best? It could mean that, although then we’d have to discuss what’s meant by AI, whether or not the “AI” is happening off- or on-box, and why that’s different from software-defined.
Secure is a word you sprinkle over every technology product. Because of course it’s secure. But again, what does secure mean in this context? That the switch was built Continue reading
Cloud, Data, and Political Protests Mark the 2022 AWS Summit
The return of the in-person event to New York City also saw a revival of disruptions by protesters calling out the cloud provider’s various government contracts.Transit VPC — AWS — Advanced Networking
What is Transit Gateway in AWS used for ? a. Interconnect One or more VPC's eliminating need for full mesh b. customer gateway in only one region c. Enhanced NAT gateway d. Can be used to Connect SD-Wan with VPC's Answer is at the end of the post, feel free to skip it, I just did not want to make a spoiler residing just below the question
The post from transitive routing in AWS had a few different solutions at the end, the one which is most efficient and future-proof would be transit-gateway implementation for inter-VPC communication without needing a full mesh.
https://raaki-88.medium.com/transitive-routing-aws-advanced-networking-984ca492d2d7
We will first explore an example and then come back to some of the concepts
Consider below VPCs, by default, there is no VPC peering and if we want to achieve connectivity we need to do n*(n-1)/2 number of peerings, this will quickly get out of hand as the VPCs increase.
The easiest way to achieve connectivity will be in 3 steps
- Create transit gateway
- Attach all the VPCs as attachments in the Transit gateway
- Most Importantly, create a route in the sub-net table for the destination sub-net via Transit gateway else connectivity will never work.
How the James Webb Telescope’s cosmic pictures impacted the Internet
“Somewhere, something incredible is waiting to be known.” — Carl Sagan
In the past few years, space technology and travel have been trending with increased attention and endeavors (including private ones). In our 2021 Year in Review we showed how NASA and SpaceX flew higher, at least in terms of interest on the Internet.
This week, NASA in collaboration with the European Space Agency (ESA) and the Canadian Space Agency (CSA), released the first images from the James Webb Telescope (JWST) which conducts infrared astronomy to “reveal the unseen universe”.
So, let’s dig into something we really like here at Cloudflare, checking how real life and human interest has an impact on the Internet. In terms of general Continue reading
Transitive Routing — AWS — Advanced Networking
Before understanding the way AWS does transitive routing, let us try to wrap our head on transitive property in mathematics
What is Transitive Property?A property is called transitive property, if x, y and z are the three quantities, and if x is related to y by some rule, and y is related to z by the same rule, then we can say x is related to z by the same rule.
Alright, now let’s look at the following scenario
So Connectivity from VPC3-VPC1 would work just fine, VPC2-VPC1 will also work just fine while VPC2-VPC3/VPC3-VPC2 via VPC1 will never work in AWS, this is the first thing that we should remember.
I see only downsides! — well not everything is lost in this case, there are security benefits as well, large part of it plays a role in IP Address spoofing. Imagine someone is trying to send a packet to your VPC, check to make sure that the instance won’t accept the packet as that is not locally configured and also instance cannot send any of the packets with any source IP as well, that is one of the preliminary reasons why Source and Destination checks are turned off.
Computer-Related Neck Pains? Try an Acupressure Pillow
Do you ever get neck pains after sitting in front of the computer for too long? If so, you’re not alone. According to a recent study, nearly two-thirds of Americans experience some form of neck pain each year. And with the average person spending over eight hours a day staring at a screen, it’s no wonder that so many of us are suffering.
But there is some good news. If you’re looking for a way to relieve your computer-related neck pain, you may want to try an acupressure pillow. Acupressure is an ancient Chinese healing practice that involves applying pressure to specific points on the body. And according to Traditional Chinese Medicine, there are certain points on the neck that can help relieve pain.
The best part about acupressure is that it’s completely safe and there are no side effects. So if you’re looking for a natural way to ease your neck pain, an acupressure pillow may be just what you need.
Symptoms of Computer-Related Neck Pain
There are a few different symptoms that are associated with computer-related neck pain. If you’re experiencing any of the following, it may be time to try an acupressure pillow:
Neck stiffness
This Continue reading