Tech Bytes: HashiCorp’s Consul Tackles Network Infrastructure Automation (Sponsored)

Welcome to this sponsored Tech Bytes episode with HashiCorp, where we focus on how HashiCorp's Consul product helps automate network infrastructure. We also dig into what’s included in the Enterprise version of Consul. Joining us today is Hari Sankaran from the Consul product team.

The post Tech Bytes: HashiCorp’s Consul Tackles Network Infrastructure Automation (Sponsored) appeared first on Packet Pushers.

Tech Bytes: HashiCorp’s Consul Tackles Network Infrastructure Automation (Sponsored)

Hedge 131: Easier for the Computer or the Person?

One of the mainstays of scripting—and now network management—are increasingly focused on making things “easier” for the human operator. Does this focus on making things “easier” for the operator produce a better experience, though? Or does it create frustration as humans try to “outguess” the computer’s programming and process? Join Tom Ammon and Russ White as they discuss the problems with scripting, automation, and ease-of-use.

download

Glitch in the Fastly Matrix: It’s about Developer Experience

Cloud computing company Fastly announced last week that it is Simon Wistow, a co-founder and VP of Strategic Initiatives at Fastly. Word on the street…this was an all-cache deal… May 19, 2022 Welcome to the Edge Commenting on LinkedIn about the Glitch acquisition,

Dig through SERVFAILs with EDE

It can be frustrating to get errors (SERVFAIL response codes) returned from your DNS queries. It can be even more frustrating if you don’t get enough information to understand why the error is occurring or what to do next. That’s why back in 2020, we launched support for Extended DNS Error (EDE) Codes to 1.1.1.1.

As a quick refresher, EDE codes are a proposed IETF standard enabled by the Extension Mechanisms for DNS (EDNS) spec. The codes return extra information about DNS or DNSSEC issues without touching the RCODE so that debugging is easier.

Now we’re happy to announce we will return more error code types and include additional helpful information to further improve your debugging experience. Let’s run through some examples of how these error codes can help you better understand the issues you may face.

To try for yourself, you’ll need to run the dig or kdig command in the terminal. For dig, please ensure you have v9.11.20 or above. If you are on macOS 12.1, by default you only have dig 9.10.6. Install an updated version of BIND to fix that.

Let’s start with the output of an example Continue reading

How we improved DNS record build speed by more than 4,000x

This post is also available in 简体中文, 日本語, Español.

Since my previous blog about Secondary DNS, Cloudflare's DNS traffic has more than doubled from 15.8 trillion DNS queries per month to 38.7 trillion. Our network now spans over 270 cities in over 100 countries, interconnecting with more than 10,000 networks globally. According to w3 stats, “Cloudflare is used as a DNS server provider by 15.3% of all the websites.” This means we have an enormous responsibility to serve DNS in the fastest and most reliable way possible.

Although the response time we have on DNS queries is the most important performance metric, there is another metric that sometimes goes unnoticed. DNS Record Propagation time is how long it takes changes submitted to our API to be reflected in our DNS query responses. Every millisecond counts here as it allows customers to quickly change configuration, making their systems much more agile. Although our DNS propagation pipeline was already known to be very fast, we had identified several improvements that, if implemented, would massively improve performance. In this blog post I’ll explain how we managed to drastically improve our DNS record propagation speed, and the Continue reading

What is a VLAN and how does it work?

A VLAN is a logical subnetwork of devices in a broadcast domain that is partitioned by network switches and/or network management software to act as its own distinct LAN. Switches that support VLANs give network managers the ability to create flexible virtual network segments that are independent of the underlying physical wired or wireless topology.VLANs operate at either Layer 2 (data-link layer) or Layer 3 (network layer), depending on the design of the network. Several different network protocols support VLANs, most notably Ethernet and Wi-Fi.To read this article in full, please click here

What is a VLAN and how does it work?

A VLAN is a logical subnetwork of devices in a broadcast domain that is partitioned by network switches and/or network management software to act as its own distinct LAN. Switches that support VLANs give network managers the ability to create flexible virtual network segments that are independent of the underlying physical wired or wireless topology.VLANs operate at either Layer 2 (data-link layer) or Layer 3 (network layer), depending on the design of the network. Several different network protocols support VLANs, most notably Ethernet and Wi-Fi.To read this article in full, please click here

ipSpace.net Blog Is in a Public GitHub Repository

I migrated my blog to Hugo two years ago, and never regretted the decision. At the same time I implemented version control with Git, and started using GitHub (and GitLab for a convoluted set of reasons) to host the blog repository.

After hesitating for way too long, I decided to go one step further and made the blog repository public. The next time a blatant error of mine annoys you fork it, fix my blunder(s), and submit a pull request (or write a comment and I’ll fix stuff like I did in the past).

ipSpace.net Blog Is in a Public GitHub Repository

I migrated my blog to Hugo two years ago, and never regretted the decision. At the same time I implemented version control with Git, and started using GitHub (and GitLab for a convoluted set of reasons) to host the blog repository.

After hesitating for way too long, I decided to go one step further and made the blog repository public. The next time a blatant error of mine annoys you fork it, fix my blunder(s), and submit a pull request (or write a comment and I’ll fix stuff like I did in the past).

Nvidia announces HPC and edge reference designs, liquid cooling plans

Nvidia unveiled high-performance computing (HPC) reference designs and new water-cooling technology for its GPUs at the annual Computex tradeshow in Taipei, Taiwan.The reference designs employ Nvidia's forthcoming Grace CPU and Grace Hopper Superchips, due next year. Grace is an Arm-based CPU – Nvidia’s first for the server market. Hopper is Nvidia’s next generation of GPU processors. Read more: Highflying Nvidia widens its reach into enterprise data centersTo read this article in full, please click here

Nvidia announces HPC and edge reference designs, liquid cooling plans

Nvidia unveiled high-performance computing (HPC) reference designs and new water-cooling technology for its GPUs at the annual Computex tradeshow in Taipei, Taiwan.The reference designs employ Nvidia's forthcoming Grace CPU and Grace Hopper Superchips, due next year. Grace is an Arm-based CPU – Nvidia’s first for the server market. Hopper is Nvidia’s next generation of GPU processors. Read more: Highflying Nvidia widens its reach into enterprise data centersTo read this article in full, please click here

Another way MPLS breaks traceroute

I recently got fiber to my house. Yay! So after getting hooked up I started measuring that everything looked sane and performant.

I encountered two issues. Normal people would not notice or be bothered by either of them. But I’m not normal people.

I’m still working on one of the issues (and may not be able to disclose the details anyway, as the root cause may be confidential), so today’s issue is traceroute.

In summary: A bad MPLS config can break traceroute outside of the MPLS network.

What’s wrong with this picture?

$ traceroute -q 1 seattle.gov
traceroute to seattle.gov (156.74.251.21), 30 hops max, 60 byte packets
 1  192.168.x.x (192.168.x.x)  0.302 ms     <-- my router
 2  194.6.x.x.g.network (194.6.x.x)  3.347 ms
 3  10.102.3.45 (10.102.3.45)  3.391 ms
 4  10.102.2.29 (10.102.2.29)  2.841 ms
 5  10.102.2.25 (10.102.2.25)  2.321 ms
 6  10.102.1.0 (10.102.1.0)  3.454 ms
 7  10.200.200.4 (10.200.200.4)  2. Continue reading

Introducing our brand new (and free!) Calico Azure Course

Calico Open Source is an industry standard for container security and networking that offers high-performance cloud-native scalability and supports Kubernetes workloads, non-Kubernetes workloads, and legacy workloads. Created and maintained by Tigera, Calico Open Source offers a wide range of support for your choice of data plane whether it’s Windows, eBPF, Linux, or VPP.

We’re excited to announce our new certification course for Azure, Certified Calico Operator: Azure Expert! This free, self-paced course is the latest in our series of four courses. If you haven’t had a chance to complete our previous courses, I highly recommend enrolling in them in the following order (or as you prefer).

1. Certified Calico Operator: Level 1
2. Certified Calico Operator: AWS Expert
3. Certified Calico Operator: eBPF

What will you gain from this course?

Whether you have little to no experience with cloud concepts, have entry-level DevOps and engineering experience, are keen to learn more about Azure or are already an Azure expert looking for a cloud networking and security solution, you will benefit from this course.

The course provides an introduction to Azure cloud, learnings about managed, self-managed and hybrid cluster deployment using Calico in Azure, and offers hands-on labs to help you explore most of Continue reading

What is Wi-Fi 6 (802.11ax), and why do we need it?

Wi-Fi has become an indispensable technology in enterprise networks, supporting enough bandwidth and individual channels to make all-wireless LANs feasible, thanks in large part to 802.11ax, the standard more commonly called Wi-Fi 6.What is 802.11ax (Wi-Fi 6)? Wi-Fi 6 was officially certified in 2020 and has quickly become the de facto standard for wireless LAN technology (WLAN), superseding Wi-Fi 5 (802.11ac). Wi-Fi 6 delivers improved performance, extended coverage and longer battery life compared to Wi-Fi 5.Wi-Fi 6 was originally designed to address bandwidth problems associated with dense, high-traffic environments such as airports, stadiums, trains and offices. However, the explosion of IoT devices that need to connect wirelessly to edge devices, and the ever-increasing bandwidth needs of new data-thirsty applications has rendered Wi-Fi 6 not exactly obsolete on arrival, but certainly not sufficient for some use cases.To read this article in full, please click here

HYAS brings security threat detection, response to production networks

HYAS Confront uses domain expertise and proprietary machine learning to monitor and detect anomalies in production network environments and improve visibility as applications move to the cloud.

HYAS brings security threat detection, response to production networks

HYAS Confront uses domain expertise and proprietary machine learning to monitor and detect anomalies in production network environments and improve visibility as applications move to the cloud.

Exium expands SASE, 5G-based security for midsize enterprise networks

California-based secure networking company Exium is adding a new, on-premises SASE ( secure access service edge) node to its cloud-based network management and security platform, bringing that system's capabilities directly to end users' data centers.SASE is a Gartner-defined model that combines SD-WAN with cloud services. It aims to provide a single, cloud-based service that can dramatically simplify the deployment of modern, identity-based security technology. Gartner's definition of SASE mandates the use of five specific security technologies, including secure web gateways, SD-WAN, firewall-as-a-service, a zero-trust network access model and a cloud access security broker to keep data in cloud systems secure.To read this article in full, please click here

Learning BGP Module 2 Lesson 4: Best Path – Video

This installment of Russ White’s BGP course discusses how the BGP protocol calculates the best path for a route. Topics include: -Routes to discard -Weighting -Shortest AS path -Origin type -Multi-Exit Discriminator (MED) -Oldest eBGP Path -Tiebreakers You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a […]

The post Learning BGP Module 2 Lesson 4: Best Path – Video appeared first on Packet Pushers.

What is NFV – Network Function Virtualization