Short feedback on Cisco pyATS and Genie Parser

Cisco pyATS is a framework for network automation and testing. It includes, among other things, an open-source multi-vendor set of parsers and models, Genie Parser. It features 2700 parsers for various commands over many network OS. On the paper, this seems a great tool!

>>> from genie.conf.base import Device
>>> device = Device("router", os="iosxr")
>>> # Hack to parse outputs without connecting to a device
>>> device.custom.setdefault("abstraction", {})["order"] = ["os", "platform"]
>>> cmd = "show route ipv4 unicast"
>>> output = """
... Tue Oct 29 21:29:10.924 UTC
...
... O    10.13.110.0/24 [110/2] via 10.12.110.1, 5d23h, GigabitEthernet0/0/0/0.110
... """
>>> device.parse(cmd, output=output)
{'vrf': {'default': {'address_family': {'ipv4': {'routes': {'10.13.110.0/24': {'route': '10.13.110.0/24',
       'active': True,
       'route_preference': 110,
       'metric': 2,
       'source_protocol': 'ospf',
       'source_protocol_codes': 'O',
       'next_hop': {'next_hop_list': {1: {'index': 1,
          'next_hop': '10.12.110.1',
          'outgoing_interface': 'GigabitEthernet0/0/0/0.110',
          'updated': '5d23h'}}}}}}}}}}

First deception: pyATS is closed-source with some exceptions. This is quite annoying if you run into some issues outside Genie Parser. For example, although pyATS is using the ssh command, Continue reading

Welcome to Speed Week and a Waitless Internet

No one likes to wait. Internet impatience is something we all suffer from.

Waiting for an app to update to show when your lunch is arriving; a website that loads slowly on your phone; a movie that hasn’t started to play… yet.

But building a waitless Internet is hard. And that’s where Cloudflare comes in. We’ve built the global network for Internet applications, be they websites, IoT devices or mobile apps. And we’ve optimized it to cut the wait.

If you believe ISP advertising then you’d think that bandwidth (100Mbps! 1Gbps! 2Gbps!) is the be all and end all of Internet speed. That’s a small component of what it takes to deliver the always on, instant experience we want and need.

The reality is you need three things: ample bandwidth, to have content and applications close to the end user, and to make the software as fast as possible. Simple really. Except not, because all three things require a lot of work at different layers.

In this blog post I’ll look at the factors that go into building our fast global network: bandwidth, latency, reliability, caching, cryptography, DNS, preloading, cold starts, and more; and how Cloudflare zeroes in on Continue reading

Worth Reading: Ops Questions in Software Engineering Interviews

Charity Majors published another must-read article: why every software engineering interview should include ops questions. Just a quick teaser:

The only way to unwind this is to reset expectations, and make it clear that:

• You are still responsible for your code after it’s been deployed to production, and
• Operational excellence is everyone’s job.

Adhering to these simple principles would remove an enormous amount of complexity from typical enterprise IT infrastructure… but I’m afraid it’s not going to happen anytime soon.

Fast Friday – Podcasts Galore!

It’s been a hectic week and I realized that I haven’t had a chance to share some of the latest stuff that I’ve been working on outside of Tech Field Day. I’ve been a guest on a couple of recent podcasts that I loved.

Art of Network Engineering

I was happy to be a guest on Episode 57 of the Art of Network Engineering podcast. AJ Murray invited me to take part with all the amazing co-hosts. We talked about some fun stuff including my CCIE study attempts, my journey through technology, and my role at Tech Field Day and how it came to be that I went from being a network engineer to an event lead.

The interplay between the hosts and I during the discussion was great. I felt like we probably could have gone another hour if we really wanted to. You should definitely take a listen and learn how I kept getting my butt kicked by the CCIE open-ended questions or what it’s like to be a technical person on a non-technical briefing.

IPv6, Wireless, and the Buzz

I love being able to record episodes of Tomversations on Youtube. One of my latest was all about Continue reading

Heavy Networking 597: Why Enterprises Want Private 5G (Sponsored)

Heavy Networking 597: Why Enterprises Want Private 5G (Sponsored)

Today's Heavy Networking podcast discusses the pros and cons of building a private 5G network in the enterprise. We examine use cases, contrast 5G with Wi-Fi, unpack the hardware and software required, and more. Intel is our sponsor for this episode.

The post Heavy Networking 597: Why Enterprises Want Private 5G (Sponsored) appeared first on Packet Pushers.

What is MPLS: What you need to know about multi-protocol label switching

The thing about MPLS is that it’s a technique, not a service — so it can deliver anything from IP VPNs to metro Ethernet. It's expensive, so with the advent of SD-WAN enterprises are trying to figure how to optimize its use vs. less expensive connections like the internetDid you ever order something online from a distant retailer and then track the package as it makes strange and seemingly illogical stops all over the country.That’s similar to the way IP routing on the Internet works. When an internet router receives an IP packet, that packet carries no information beyond a destination IP address. There is no instruction on how that packet should get to its destination or how it should be treated along the way.To read this article in full, please click here

Palo Alto launches an enterprise-grade security pack for remote workers

Palo Alto Networks has rolled out a Wi-Fi based package that the company says provides remote workers with enterprise-class security features.Called Okyo Garde, the bundle incuds Wi-Fi-6-based hardware and mobile application-security software that includes threat-intelligence updates, and sells the hardware and software to enterprises as a customizable subscription. The package also offers malware and ransomware prevention, phishing protection, infected device detection, and suspicious-activity monitoring and control, the company said.Linux security: Cmd provides visibility, control over user activity Workers’ homes are becoming enterprise “branches of one” with multiple devices without IT teams or a deep set of cybersecurity protections, yet they face the same threat landscape as any enterprise, said Mario Queiroz, executive vice president of Palo Alto Networks. Threat actors may even see them as more vulnerable and therefore attractive entry points into the corporate network,  Queiroz said.To read this article in full, please click here

Palo Alto launches an enterprise-grade security pack for remote workers

Palo Alto Networks has rolled out a Wi-Fi based package that the company says provides remote workers with enterprise-class security features.Called Okyo Garde, the bundle incuds Wi-Fi-6-based hardware and mobile application-security software that includes threat-intelligence updates, and sells the hardware and software to enterprises as a customizable subscription. The package also offers malware and ransomware prevention, phishing protection, infected device detection, and suspicious-activity monitoring and control, the company said.Linux security: Cmd provides visibility, control over user activity Workers’ homes are becoming enterprise “branches of one” with multiple devices without IT teams or a deep set of cybersecurity protections, yet they face the same threat landscape as any enterprise, said Mario Queiroz, executive vice president of Palo Alto Networks. Threat actors may even see them as more vulnerable and therefore attractive entry points into the corporate network,  Queiroz said.To read this article in full, please click here

Weekend Reads 091021

At some point, don’t be surprised if IBM ends up acquiring Nutanix. But not now, with Nutanix having a nearly $8 billion market capitalization and possibly commanding a $10 billion acquisition cost.

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period.

If you were hit by ransomware, you are part of the rapidly growing number of organizations that have had to decide how to respond — legally, quickly and often quietly.

As the pandemic unfolded in spring 2020, many Americans saw their lives swiftly reshaped by stay-at-home orders, school closures and the onset of remote work.

With increased demands placed on home internet connections and the nation’s internet infrastructure during the pandemic, the quality and affordability of home internet connections became a focus for users on several fronts.

The graphics card inside your computer is a powerful tool for gaming and creative work, but it can also potentially serve as a Trojan horse for malware.

Decentralized solutions, in our case, which come with the ambitious promise of providing everything their centralized counterpart Continue reading

Cisco adds specializations to its CCNP cert

Cisco’s network certification lineup underwent a major overhaul last year, and one of the big changes is that specialization options appear at the professional level with the Cisco Certified Network Professional (CCNP).Before Cisco rearchitected its certifications, there were 10 concentrations associated with Cisco Certified Network Associate (CCNA), Cisco’s foundational certification. As of last year, the CCNA no longer has different tracks. It’s focused on networking fundamentals, and there’s only one exam.To read this article in full, please click here

How to execute an object file: Part 3

Dealing with external libraries

In the part 2 of our series we learned how to process relocations in object files in order to properly wire up internal dependencies in the code. In this post we will look into what happens if the code has external dependencies — that is, it tries to call functions from external libraries. As before, we will be building upon the code from part 2. Let's add another function to our toy object file:

obj.c:

#include <stdio.h>
 
...
 
void say_hello(void)
{
    puts("Hello, world!");
}

In the above scenario our say_hello function now depends on the puts function from the C standard library. To try it out we also need to modify our loader to import the new function and execute it:

loader.c:

...
 
static void execute_funcs(void)
{
    /* pointers to imported functions */
    int (*add5)(int);
    int (*add10)(int);
    const char *(*get_hello)(void);
    int (*get_var)(void);
    void (*set_var)(int num);
    void (*say_hello)(void);
 
...
 
    say_hello = lookup_function("say_hello");
    if (!say_hello) {
        fputs("Failed to find say_hello function\n", stderr);
        exit(ENOENT);
    }
 
    puts("Executing say_hello...");
    say_hello();
}
...

Let's run it:

$ gcc -c obj.c
$ gcc -o loader loader.c
$ ./loader
No runtime base address for section

Seems something went Continue reading

How to use the export command: 2-Minute Linux Tips

In this Linux tip, learn how to use the export command. It's a bash built-in that allows command line variables to be available to a child process – a second shell or a script that you run.

Lessons Learned: Fundamentals Haven’t Changed

Here’s another bitter pill to swallow if you desperately want to believe in the magic powers of unicorn dust: laws of physics and networking fundamentals haven’t changed (see also: RFC 1925 Rule 11).

Whenever someone is promising a miracle solution, it’s probably due to them working in marketing or having no clue what they’re talking about (or both)… or it might be another case of adding another layer of abstraction and pretending the problems disappeared because you can’t see them anymore.

How Artificial Intelligence Will Change IT Jobs

IPv6 Buzz 084: Wi-Fi 6E Adoption And IPv6

In this episode of IPv6 Buzz, we compare IPv6 adoption to Wi-Fi 6E adoption (and talk about IPv6 Wi-Fi at large) with guest Tom Hollingsworth of Gestalt IT and Tech Field Day.

The post IPv6 Buzz 084: Wi-Fi 6E Adoption And IPv6 appeared first on Packet Pushers.

IPv6 Buzz 084: Wi-Fi 6E Adoption And IPv6

Native Rust support on Cloudflare Workers

You can now write Cloudflare Workers in 100% Rust, no JavaScript required. Try it out: https://github.com/cloudflare/workers-rs

Cloudflare Workers has long supported the building blocks to run many languages using  WebAssembly. However, there has always been a challenging “trampoline” step required to allow languages like Rust to talk to JavaScript APIs such as fetch().

In addition to the sizable amount of boilerplate needed, lots of “off the shelf” bindings between languages don’t include support for Cloudflare APIs such as KV and Durable Objects. What we wanted was a way to write a Worker in idiomatic Rust, quickly, and without needing knowledge of the host JavaScript environment. While we had a nice “starter” template that made it easy enough to pull in some Rust libraries and use them from JavaScript, the barrier was still too high if your goal was to write a full program in Rust and ship it to our edge.

Not anymore!

Introducing the worker crate, available on GitHub and crates.io, which makes Rust developers feel right at home on the Workers platform by running code inside the V8 WebAssembly engine. In the snippet below, you can see how the worker crate does all the heavy Continue reading

HelloKitty: The Victim’s Perspective

In the past few months, we have witnessed several indiscriminate attacks targeting big companies. Whereas years ago different threat actors focused on specific sectors, nowadays the same techniques, tactics, and procedures (e.g., how the perimeter is penetrated, which tools are used for lateral movement) are consistently applied regardless of company size, location, or industry. Target selection is much more dependent on an organization’s IT infrastructure: for example, recent trends show several actors (among them REvil, HelloKitty, or what was known as Darkside) increasingly targeting companies running workloads on VMware ESXi by adding to their ransomware capabilities to gracefully stop virtual machines before encrypting them (see Figure 1).

Figure 1: HelloKitty stopping virtual machines gracefully

Another important trend we have seen growing in the last few months is the use of ransomware to seize sensitive customer data — first by exfiltrating it, then encrypting it, and later pressuring the victim into paying a ransom under the threat of disclosing such data publicly (a technique called “double extortion”). Notable victims include CD Projekt RED, which faced the leak of the source code of some of its most famous video games.

While many threat reports have already dissected the technical Continue reading

netsim-tools Overview

In December 2020, I got sick-and-tired of handcrafting Vagrantfiles and decided to write a tool that would, given a target networking lab topology in a text file, produce the corresponding Vagrantfile for my favorite environment (libvirt on Ubuntu). Nine months later, that idea turned into a pretty comprehensive tool targeting networking engineers who like to work with CLI and text-based configuration files. If you happen to be of the GUI/mouse persuasion, please stop reading; this tool is not for you.

During those nine months, I slowly addressed most of the challenges I always had creating networking labs. Here’s how I would typically approach testing a novel technology or software feature: