0

MUST READ: Deploy AWS Security Rules in a GitOps World with AWS, Terraform, GitLab CI, Slack, and Python

I know the title sounds like a buzzword-bingo-winning clickbait, but it’s true. Adrian Giacometti decided to merge the topics of two ipSpace.net online courses and automated deployment of AWS security rules using Terraform within GitLab CI pipeline, with Slack messages serving as manual checks and approvals.

Not only did he do a great job mastering- and gluing together so many diverse bits and pieces, he also documented the solution and published the source code:

• Part 1: Cloud & Network automation challenge: Deploy Security Rules in a DevOps/GitOps world with AWS, Terraform, GitLab CI, Slack, and Python (special guest FastAPI)
• Part 2: AWS, Terraform and FastAPI
• Part 3: GitLab CI, Slack, and Python
• Source code: aegiacometti/devops_cloud_challenge · GitLab

Want to build something similar? Join our Network Automation and/or Public Cloud course and get started. Need something similar in your environment? Adrian is an independent consultant and ready to work on your projects.

0

IPv4 in the Headlines

The world of IPv4 addresses is a relatively obscure backwater of the Internet. All that drama of IPv4 address exhaustion happened with little in the way of mainstream media attention. So it came as a bit of a surprise to see a recent headline in the Washington Post about IPv4 addresses.

0

And Again, About 5G Network Security

The security of 5G networks should encompass joint efforts of mutually trusting parties including standards developers, regulators, vendors, and service providers.

0

Wi-Fi in 2025: It could be watching your every move

I consider myself a techno-optimist. Technology has improved life for humanity in countless ways, like the wheel, the printing press, selfie sticks—these marvels have enriched us all.So too has Wi-Fi. If not for Wi-Fi, no one could idly stream YouTube videos on company laptops through rogue hotspots at a busy-but-socially-distanced coffeeshop when we’re supposed to be doing our jobs. Which is to say none of us could fully leverage the remote network-connectivity tools that allow enterprise employees to be productive any time and from anywhere.To read this article in full, please click here

0

Wi-Fi in 2025: It could be watching your every move

I consider myself a techno-optimist. Technology has improved life for humanity in countless ways, like the wheel, the printing press, selfie sticks—these marvels have enriched us all.So too has Wi-Fi. If not for Wi-Fi, no one could idly stream YouTube videos on company laptops through rogue hotspots at a busy-but-socially-distanced coffeeshop when we’re supposed to be doing our jobs. Which is to say none of us could fully leverage the remote network-connectivity tools that allow enterprise employees to be productive any time and from anywhere.To read this article in full, please click here

0

If you haven’t found the tradeoffs …

One of the big movements in the networking world is disaggregation—splitting the control plane and other applications that make the network “go” from the hardware and the network operating system. This is, in fact, one of the movements I’ve been arguing in favor of for many years—and I’m not about to change my perspective on the topic. There are many different arguments in favor of breaking the software from the hardware. The arguments for splitting hardware from software and componentizing software are so strong that much of the 5G transition also involves the open RAN, which is a disaggregated stack for edge radio networks.

If you’ve been following my work for any amount of time, you know what comes next: If you haven’t found the tradeoffs, you haven’t looked hard enough.

This article on hardening Linux (you should go read it, I’ll wait ’til you get back) exposes some of the complexities and tradeoffs involved in disaggregation in the area of security. Some further thoughts on hardening Linux here, as well. Two points.

First, disaggregation has serious advantages, but disaggregation is also hard work. With a commercial implementation you wouldn’t necessarily think about these kinds of supply chain issues. Continue reading

0

Tech Bytes: Rethinking Network Automation Using Nokia Fabric Services System (Sponsored)

Operating a data center fabric is a substantial challenge. Nokia Fabric Services System embraces automation to manage your data center fabric. In today's episode, sponsored by Nokia, we dive into Fabric Services System and SR Linux to learn how they bring intent-based automation to your data center.

The post Tech Bytes: Rethinking Network Automation Using Nokia Fabric Services System (Sponsored) appeared first on Packet Pushers.

0

Tech Bytes: Rethinking Network Automation Using Nokia Fabric Services System (Sponsored)

Operating a data center fabric is a substantial challenge. Nokia Fabric Services System embraces automation to manage your data center fabric. In today's episode, sponsored by Nokia, we dive into Fabric Services System and SR Linux to learn how they bring intent-based automation to your data center.

0

Learning In Public Helps Everyone

I’m happy to coach through write about network architecture too. Learning in public helps everyone https://t.co/ckMdHUnwt4

— Matt Broberg (@mbbroberg) April 23, 2021

The tradition of technology blogging is built on the idea of learning in public, something Matt’s encouraging with Red Hat’s Enable Architect blog linked in his tweet above. We encourage it at Packet Pushers, too. We think everyone has at least one blog post in them worth sharing with the community. Let us know, and we’ll set you up with an author account.

Starting a blog, especially for the technically savvy, is not overly difficult, though. Maybe Matt and I are hoping to make it even easier to share by offering our platforms, but I don’t think the time it takes to stand up a blog is necessarily the barrier.

I think the biggest barrier is the “in public” part. Architects and engineers tend to be introverts who are at times unsure of themselves. We don’t want to be learning in public. We want to be left alone to figure it out. When we’ve figured it out, maybe then will we share, once we’re supremely confident that we’ve got it 110% right. We just don’t Continue reading

0

The Week in Internet News: New York State to Require High-Speed Internet at Low Cost

Cheap Internet required: New York state will require large Internet services providers to offer a $15-a-month subscription to low-income families starting in June, WSKG reports. The state will also partner with philanthropic organizations to provide free high-speed Internet access to 50,000 students in low-income school districts for one year. Not enough chips: A global semiconductor […]

The post The Week in Internet News: New York State to Require High-Speed Internet at Low Cost appeared first on Internet Society.

0

Network Break 330: VMware Stitches Together A SASE Offering; Nvidia’s Arm Purchase On Hold

This week's Network Break podcast examines VMware's new SASE offering for the distributed workforce, Nvidia's Arm-based accelerators, why the United Kingdom de-accelerated Nvidia's Arm acquisition, new routers from Juniper Networks, and more nerdy IT news.

0

Network Break 330: VMware Stitches Together A SASE Offering; Nvidia’s Arm Purchase On Hold

This week's Network Break podcast examines VMware's new SASE offering for the distributed workforce, Nvidia's Arm-based accelerators, why the United Kingdom de-accelerated Nvidia's Arm acquisition, new routers from Juniper Networks, and more nerdy IT news.

The post Network Break 330: VMware Stitches Together A SASE Offering; Nvidia’s Arm Purchase On Hold appeared first on Packet Pushers.

0

Dictionary : Shadow Purchasing

The hidden cloud cost of implementing spend control and cost auditing

0

Project Jengo Redux: Cloudflare’s Prior Art Search Bounty Returns

Here we go again.

On March 15, Cloudflare was sued by a patent troll called Sable Networks — a company that doesn’t appear to have operated a real business in nearly ten years — relying on patents that don’t come close to the nature of our business or the services we provide. This is the second time we’ve faced a patent troll lawsuit.

As readers of the blog (or followers of tech press such as ZDNet and TechCrunch) will remember, back in 2017 Cloudflare responded aggressively to our first encounter with a patent troll, Blackbird Technologies, making clear we wouldn’t simply go along and agree to a nuisance settlement as part of what we considered an unfair, unjust, and inefficient system that throttled innovation and threatened emerging companies. If you don’t want to read all of our previous blog posts on the issue, you can watch the scathing criticisms of patent trolling provided by John Oliver or the writers of Silicon Valley.

We committed to fighting back against patent trolls in a way that would turn the normal incentive structure on its head. In addition to defending the case aggressively in the courts, we also founded Project Jengo — Continue reading

0

7 Ways to Save Costs on Amazon EC2 Instances

When creating Amazon EC2 instances, you can choose from 28 types depending on your budget and needs. Here are seven ways to significantly cut your Amazon EC2 costs.

0

5G research by DARPA will lead to commercial applications

The U.S. military is devoting time and resources into research on improving the signal quality and security of 5G--efforts that, if history is any indication, eventually will result in technologies that are available to commercial enterprises. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises As Breaking Defense reports, the Defense Advanced Research Projects Agency (DARPA) has awarded roughly $500,000 in “exploratory” funding to wireless startup MixComm to demonstrate whether silicon-based millimeter wave (mmWave) power amplifiers can economically boost radio signals so the Department of Defense (DoD) can leverage 5G wireless connectivity globally.To read this article in full, please click here

0

Everything Is a Graph

One of the viewers of Rachel Traylor’s excellent ‌Graph Algorithms in Networks webinar sent me this feedback:

I think it is too advanced for my needs. Interesting but difficult to apply. I love math and I find it interesting maybe for bigger companies, but for a small company it is not possible to apply it.

While a small company’s network might not warrant a graph-focused approach (I might disagree, but let’s not go there), keep in mind that almost everything we do in IT rides on top of some sort of graph:

0

Microsoft’s Nuance deal might trigger a new IT spending wave

OK, help me understand this. Microsoft just spent almost $20 billion to buy Nuance, the company that supplies the popular Dragon speech-to-text tool. Microsoft already has speech-to-text available in Windows 10 and through Azure, and even a partnership with Nuance. Nuance’s single big jump in stock price in its history coincides with Covid and WFH, which is now (hopefully) passing. Nuance revenue boom? Apparently, ending. The Dragon product? Incremental to Microsoft’s current position. Health care vertical? Interesting, but not a cash cow.To read this article in full, please click here

0

SD-WAN Part V: Hub and Spoke with Restrected Spoke Sites

 

 

Introduction

 

Cisco Viptela SD-WAN solution builds a full-mesh topology between vEdge devices by default when there are no Control Policies implemented. This means that vEdges tries to build an IPSec/GRE tunnel to every reachable TLOC public IP addresses no matter which site or color (transport network) TLOCs belong to. We have already change the default behavior by using the restrictoption (chapter 2) under tunnel interfaces. In this way, tunnels are only established between TLOCs belonging to the same color. In this chapter, we are going to create a Hub and Spoke topology by implementing a Control Policy where the vSmart advertises TLOC/OMP routes from site 30 to sites 10 and 20 and TLOC/OMP routes from sites 10 and 20 to site 30. vSmart doesn’t advertise TLOC/OMP routes between sites 10 and 20. Site 10 and 20 will be our Branch/Remote sites and site 30 will be the Hub/DataCenter site.

 

Figure 5-1 recaps the operation of the Overlay Management Protocol (OMP). vEdge1 in site 10 advertises TLOC route advertisement to vSmart where it describes its System Id, transport color, and encapsulation method as well as Public/Private IP and restricts attributes (among several other attributes). vSmart forwards TLOC routes received from vEdge1 to both vEdge2 (site 20) and vEdge3 (site 30). vEdge1 also advertises OMP routes where it describes the reachability information about its local subnet 172.16.10.0/24 bound to VPN10.

Figure 5-1: TLOC Route advertisement.

 

Continue reading

0

Worth Reading: Understand Your Single Points of Failure

I’ve been saying the same thing for years, but never as succinctly as Alastair Cooke did in his Understand Your Single Points of Failure (SPOF) blog post:

The problem is that each time we eliminated a SPOF, we at least doubled our cost and complexity. The additional cost and complexity are precisely why we may choose to leave a SPOF; eliminating the SPOF may be more expensive than an outage cost due to the SPOF.

Obviously that assumes that you’re able to follow business objectives and not some artificial measure like uptime. Speaking of artificial measures, you might like the discussion about taxonomy of indecision.