Hello my friend,
We have already reviewed how to collect the operational and configuration data from Nokia SR OS devices, and even how to structure it in YANG trees, as well as how to configure network devices with Python and pySROS. You may think, that all the interesting things about Nokia pySROS are already covered. Well, we have some more aces in the pocket for you. Today you will learn some new things, such as MicroPython and how to run the pySROS code directly on Nokia SR OS based network functions.
1
2
3
4
5 No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Network Automaton is indeed getting more and more popular. There are a few reasons for that: one the one hand, networks getting more complex with all fancy SDx technologies (SDN, SD-WAN, SDA, etc); on the other hand, it is required to deliver new services quicker and quicker. Doing the things manually Continue reading
Flexible infrastructure choices and application architectures are changing the way that modern enterprises run their distributed environments (see Figure 1). Enterprises have become application-centric, investing significant effort and resources in continuous delivery goals and DevOps practices in order to automate routine IT and operations tasks.
Hardware-based application delivery controllers (ADCs) have been the staple of application delivery in data centers for the last two decades. However, these legacy load balancing solutions aren’t keeping up with the changes in modern, dynamic capacity and automation needs. Legacy hardware-based ADCs have become inflexible in the face of changing requirements, delaying application rollouts and causing overspending and overprovisioning in many cases. Most enterprises experience the “do more with less but faster” challenges shown in Figure 2 when it comes to rolling out new applications or updates, which can often take weeks.
With aggressive continuous delivery goals and ever-greater customer expectations, businesses are pushing back against delays due to hardware provisioning and manual configurations of ADCs that slow time to market for application deployments and updates.
Figure 1: Computing today: Evolving app architectures and infrastructure heterogeneity.
Figure 2: Legacy hardware-based load balancing solutions are not keeping up with the modern pace of business.
Virtualized Continue reading
It's always better to catch misconfigurations and security issues earlier in your pipeline rather than later. That's especially true for cloud services where a simple configuration error can expose sensitive assets to the entire Internet. On today's Day Two Cloud podcast we discuss how to incorporate security checks into your Infrastructure-as-Code (IaC) workflows. Our guest is Christophe Tafani-Dereeper, a cloud security engineer.
The post Day Two Cloud 125: Scanning Infrastructure-as-Code For Security Issues appeared first on Packet Pushers.
I got into an interesting debate after I published the Anycast Works Just Fine with MPLS/LDP blog post, and after a while it turned out we have a slightly different understanding what anycast means. Time to fall back to a Wikipedia definition:
Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops.
Based on that definition, any transport technology that allows the same IP address or prefix to be announced from several locations supports anycast. To make it a bit more challenging, I would add “and if there are multiple paths to the anycast destination that could be used for multipath forwarding1, they should all be used”.
I got into an interesting debate after I published the Anycast Works Just Fine with MPLS/LDP blog post, and after a while it turned out we have a slightly different understanding what anycast means. Time to fall back to a Wikipedia definition:
Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops.
Based on that definition, any transport technology that allows the same IP address or prefix to be announced from several locations supports anycast. To make it a bit more challenging, I would add “and if there are multiple paths to the anycast destination that could be used for multipath forwarding1, they should all be used”.
A single Kubernetes cluster expends a small percentage of its total available assigned resources on delivering in-cluster networking. We don’t have to be satisfied with this, though—achieving the lowest possible overhead can provide significant cost savings and performance improvements if you are running network-intensive workloads. This article explores and explains the improvements that can be achieved in Microsoft Azure using Calico eBPF in AKS, including reducing CPU usage, decreasing complexity, enabling easier compliance and troubleshooting, and more.
Before going into details about how exactly Calico takes advantage of eBPF, it is important to note that in the context of this article, Calico is viewed as an additional networking layer on top of Azure CNI, providing functionality that turbocharges its performance. In particular, the standard instructions for installing Calico’s network policy engine with AKS use a version of Calico that pre-dates eBPF mode.
To show how Calico accelerates AKS network performance using eBPF, the Calico team ran a series of network performance benchmarks based on the k8s-bench-suite. These performance benchmarks compared the latest Calico eBPF data plane (using the iptables data plane) with a vanilla AKS cluster.
Tests were run using Standard_D2s_v3 nodes, which are a Continue reading
When building out network labs, often multiple people will need access to the lab. The main way right now is to use something like EVE-NG or GNS3 to provide access.
There are 2 downsides to this method. The first is that your server is exposed to the internet and if your usernames/passwords aren’t strong enough, your server can become compromised. The second is that sometimes you may not want everyone to be able to add or edit to the lab topology.
The solution to this is using Containerlab and ZeroTier. This setup is great for things like testing new hires, training classes, or for providing lab access to others on a limited basis.
Containerlab is a container orchestrating tool for managing container-based networking labs. It doesn’t just support Container based Network Operating Systems though. Through vrnetlab, there is support for a wide variety of commonly used NOSes: Mikrotik RouterOS, Nokia SROS, Juniper vMX and vQFX, and many more.
Configs are text based making it easy to add/update links between nodes. The lab does need to be destroyed and redeployed when adding/removing links. With some tools to generate configs, it’s easy to spin up a 500+ node Continue reading
Today we're excited to announce the general availability of Argo for Spectrum, a way to turbo-charge any TCP based application. With Argo for Spectrum, you can reduce latency, packet loss and improve connectivity for any TCP application, including common protocols like Minecraft, Remote Desktop Protocol and SFTP.
When people think of the Internet, many of us think about using a browser to view websites. Of course, it’s so much more! We often use other ways to connect to each other and to the resources we need for work. For example, you may interact with servers for work using SSH File Transfer Protocol (SFTP), git or Remote Desktop software. At home, you might play a video game on the Internet with friends.
To help people that protect these services against DDoS attacks, Spectrum launched in 2018 and extends Cloudflare’s DDoS protection to any TCP or UDP based protocol. Customers use it for a wide variety of use cases, including to protect video streaming (RTMP), gaming and internal IT systems. Spectrum also supports common VoIP protocols such as SIP and RTP, which have recently seen an increase in DDoS ransomware attacks. A lot of Continue reading
When I wrote the Why Does Internet Keep Breaking? blog post a few weeks ago, I claimed that FRR still uses single-threaded routing daemons (after a too-cursory read of their documentation).
Donald Sharp and Quentin Young politely told me I was an idiot I should get my facts straight, I removed the offending part of the blog post, promised to write another one going into the details, and Quentin improved the documentation in the meantime, so here we are…
When I wrote the Why Does Internet Keep Breaking? blog post a few weeks ago, I claimed that FRR still uses single-threaded routing daemons (after a too-cursory read of their documentation).
Donald Sharp and Quentin Young politely told me I was an idiot I should get my facts straight, I removed the offending part of the blog post, promised to write another one going into the details, and Quentin improved the documentation in the meantime, so here we are…
Today on the Tech Bytes podcast we’re diving into SASE, which provides firewalling, Web filtering, and more as a cloud-delivered service. Sponsor Palo Alto Networks is here to make that case that how the service is architected matters, and how Palo Alto integrates SD-WAN and digital experience management into the service.
The post Tech Bytes: Why Customers Should Care About SASE Architecture (Sponsored) appeared first on Packet Pushers.
This week's Network Break podcast examines why Facebook has chosen Cisco and Broadcom ASICS for new Open Compute Project switch designs, Apple will allow self-service repair of two iPhone models, Fortinet partners with Azure on SD-WAN and firewalls, Cisco and NVIDIA announce quarterly earnings, and more tech news.
The post Network Break 360: Facebook Chooses Cisco ASIC For OCP; Apple To Allow Limited Self-Service Repair appeared first on Packet Pushers.