Do We Need Multiple Global IPv6 Addresses Per Interface (RFC 7934)
I was happily munching popcorn while watching the latest season of Lack of DHCPv6 on Android soap opera on v6ops mailing list when one of the lead actors trying to justify the current state of affairs with a technical argument quoted an RFC to prove his rightful indignation with DHCPv6 and the decision not to implement it in Android:
[…not having multiple IPv6 addresses per interface…] is also harmful for a variety of reasons, and for general purpose devices, it’s not recommended by the IETF. That’s exactly what RFC 7934 is about - explaining why it’s harmful.
If you’re new to this discussion, you might want to start with Why Does DHCPv6 Matter blog post
Do We Need Multiple Global IPv6 Addresses Per Interface (RFC 7934)
I was happily munching popcorn while watching the latest season of Lack of DHCPv6 on Android soap opera on v6ops mailing list when one of the lead actors trying to justify the current state of affairs with a technical argument quoted an RFC to prove his rightful indignation with DHCPv6 and the decision not to implement it in Android:
[…not having multiple IPv6 addresses per interface…] is also harmful for a variety of reasons, and for general purpose devices, it’s not recommended by the IETF. That’s exactly what RFC 7934 is about - explaining why it’s harmful.
If you’re new to this discussion, you might want to start with Why Does DHCPv6 Matter blog post
Python Script Pulling AWS IP Prefixes – Part 1
I have been playing around with Python lately with the goal of building basic skills in it. I have found that to make good progress what works best for me is:
- Have a project that I find interesting to work on
- Spend a little time every day on the project
The project I decided on was to get the IP addresses that AWS uses for their services, build an access-list based on these prefixes, and then configure a Cisco ASA with that access-list. The final result looks like this:
In a series of blog posts, I will cover how I built this script. Keep in mind that my focus was to get a script that works and then improve on it. I have some plans for getting an experienced Python coder to go through the code with me and to work on improvements. Stay tuned for that!
As with any coding project, you need to come up with some general guidelines on how to get data and what is good enough. These are some of the considerations I had:
- I will get the configuration needed from a YAML file rather than a CLI (good enough for Continue reading
Zero Trust — Not a Buzzword
Over the last few years, Zero Trust, a term coined by Forrester, has picked up a lot of steam. Zero Trust, at its core, is a network architecture and security framework focusing on not having a distinction between external and internal access environments, and never trusting users/roles.
In the Zero Trust model, the network only delivers applications and data to authenticated and authorized users and devices, and gives organisations visibility into what is being accessed and to apply controls based on behavioral analysis. It gained popularity as the media reported on several high profile breaches caused by misuse, abuse or exploitation of VPN systems, breaches into end-users’ devices with access to other systems within the network, or breaches through third parties — either by exploiting access or compromising software repositories in order to deploy malicious code. This would later be used to provide further access into internal systems, or to deploy malware and potentially ransomware into environments well within the network perimeter.
When we first started talking to CISOs about Zero Trust, it felt like it was just a buzzword, and CISOs were bombarded with messaging from different cybersecurity vendors offering them Zero Trust solutions. Recently, another term, SASE (Secure Continue reading
Aruba Puts DPUs Into New Top-of-Rack Switch – 5 Questions
Aruba Networks has announced a new top-of-rack switch that includes two Data Processing Units from Pensando that can offload and accelerate functions such as stateful firewalling and DDoS protection. How does Aruba's approach compare to other methods for distributing services in a data center?
The post Aruba Puts DPUs Into New Top-of-Rack Switch – 5 Questions appeared first on Packet Pushers.
How to Improve Remote Network Reliability
Home workers deserve the same level of network reliability as their on-site counterparts. Fortunately, reaching this goal is probably easier than you think.Backwards-compatibility in Cloudflare Workers
Cloudflare Workers is our serverless platform that runs your code in 250+ cities worldwide.
On the Workers team, we have a policy:
A change to the Workers Runtime must never break an application that is live in production.
It seems obvious enough, but this policy has deep consequences. What if our API has a bug, and some deployed Workers accidentally depend on that bug? Then, seemingly, we can't fix the bug! That sounds… bad?
This post will dig deeper into our policy, explaining why Workers is different from traditional server stacks in this respect, and how we're now making backwards-incompatible changes possible by introducing "compatibility dates".
TL;DR: Developers may now opt into backwards-incompatible fixes by setting a compatibility date.
Serverless demands strict compatibility
Workers is a serverless platform, which means we maintain the server stack for you. You do not have to manage the runtime version, you only manage your own code. This means that when we update the Workers Runtime, we update it for everyone. We do this at least once a week, sometimes more.
This means that if a runtime upgrade breaks someone's application, it's really bad. The developer didn't make any change, so won't be watching for Continue reading
Graceful Restart and BFD
The whole High Availability Switching series started with a question along the lines of “does it make sense to run BFD together with Graceful Restart”. After Non-Stop Forwarding 101, Graceful Restart 101, and Graceful Restart and Convergence Speed we finally have enough information to answer that question.
TL&DR: Most probably not.
A more nuanced answer depends (as always) on a gazillion implementation details.
Graceful Restart and BFD
The whole High Availability Switching series started with a question along the lines of “does it make sense to run BFD together with Graceful Restart”. After Non-Stop Forwarding 101, Graceful Restart 101, and Graceful Restart and Convergence Speed we finally have enough information to answer that question.
TL&DR: Most probably not.
A more nuanced answer depends (as always) on a gazillion implementation details.
Tech Bytes: What’s New With Palo Alto Networks Prisma SD-WAN 5.6 (Sponsored)
Today on Tech Bytes podcast we look at new features in Palo Alto Networks Prisma SASE and Prisma SD-WAN, including digital experience management for home and branch users, new Cloudblades, a new appliance, and enhanced AI Ops capabilities.
The post Tech Bytes: What’s New With Palo Alto Networks Prisma SD-WAN 5.6 (Sponsored) appeared first on Packet Pushers.
Tech Bytes: What’s New With Palo Alto Networks Prisma SD-WAN 5.6 (Sponsored)
Today on Tech Bytes podcast we look at new features in Palo Alto Networks Prisma SASE and Prisma SD-WAN, including digital experience management for home and branch users, new Cloudblades, a new appliance, and enhanced AI Ops capabilities.How to Break into a Cloud Engineering Career?
So, “How do you check the MAC address of the NIC in your favorite Linux distro?” was the question, which my mentee had failed to answer, and the interviewer had ended the conversation much earlier. Not a good sign. In fact, his problem wasn’t just the fact that he didn’t know the command, but he […]
The post How to Break into a Cloud Engineering Career? appeared first on Packet Pushers.