Managing network devices with Golang using Netrasp
Have you let the Gophers into your network yet? With Netrasp, you can let them roam wild. Netrasp is a Go package that connects to network devices with SSH to allow you to send commands and configuration to them. The rasping sound as your network gets screenscraped would come from Netrasp. For people coming from the Python world, you could compare Netrasp to Netmiko. Continue reading
Troubleshooting steps
Introduction
Troubleshooting network issues is one of the common skills of every network engineer. And usually, we don’t think about it. We don’t study and train this skill especially. I tell about troubleshooting as a formal process. We just get experience from our daily routine or follow company workflow. I will try to formalize some basic notions. Hope it will be helpful.
Of course, it depends on the situation and business constraints but when we try to resolve some issue we should follow the next steps:
Preparing -> Information-gathering -> Isolating -> Resolving -> Escalating
Let's look at every step.
Preparing
Every network has infrastructure tools (monitoring, inventory, etc), but we should continuously improve and keep up to date them. Try to develop and integrate a new one. This stack of tools is our source of truth. If we have it, we can easily fetch a full amount of information before, during, and after problems. It’s an enormous topic but without these tools, we can’t successfully troubleshoot our network.
Mandatory tools:
- Syslog (at least simple Syslog server. And good to have e.g. Elastic stack)
- Alarm management system (e.g. Zabbix)
- Statistics collector (e. Continue reading
Developers, Developers, Developers: Welcome to Developer Week 2021
Runtimes, serverless, edge compute, containers, virtual machines, functions, pods, virtualenv. All names for things developers need to go from writing code to running code. It’s a painful reality that for most developers going from code they’ve written to code that actually runs can be hard.
Excruciatingly, software development is made hard by dependencies on modules, by scaling, by security, by cost, by availability, by deployment, by builds, and on and on. All the ugly reality of crystallizing thoughts into lines of code that actually run, successfully, somewhere, more than once, non-stop, and at scale.
And so… Welcome to Developer Week 2021!
Like we have done in previous Innovation Weeks (such as Security Week or Privacy Week), we will be making many (about 20) announcements of products and features to make developers’ lives easier. And by easy I mean removing the obstacles that stop you, dear developer, from writing code and deploying it so it scales to Internet size.
And Cloudflare Workers, our platform for software developers who want to deploy Internet-facing applications that start instantly and scale Internetly, has been around since 2017 (or to put it in perspective, since iPhone 8) and helping developers code and deploy in seconds Continue reading
Worth Reading: Fail-Fast is Failing… Fast
Here’s an interesting fact: cloud-based stuff often refuses to die; it might become insufferably slow, but would still respond to the health checks. The usual fast failover approach used in traditional high-availability clusters is thus of little use.
For more details, read the Fail-Fast is Failing… Fast ACM Queue article.
AWS Cloud Development Kit: Now I Get It
The AWS Cloud Development Kit (CDK) is an "open source software development framework to define your cloud application resources using familiar programming languages". When CDK launched in 2019, I remember reading the announcement and thinking, "Ok, AWS wants their own Terraform-esque tool. No surprise given how popular Terraform is." Months later, my friend and colleague Matt M. was telling me how he was using CDK in a project he was working on and how crazy cool it was.
I finally decided to give CDK a go for one of my projects. Here is what I discovered.
A Near 2 year Part Time Project Done – A sustaining Model!
Ever since I got interested in plants getting some sort of metrics has been a part time obsession.
Iteration 1 – No wireless and no outdoor model with always on usb power.
Iteration 2 – Learnt about ESP8266 microcontroller and deep sleep feature
Iteration 3 – Saving battery through deep sleep and battery power instead of usb mains, Adding ESP32 Microcontroller.
Iteration 4 – Study about Lithium Ion batteries
Iteration 5 – Making model wireless and usb free power, running on batteries
Iteration 6 – Containerising the entire software and integration with AWS and Telnyx
Iteration 7 – Making the model sustaining on itself through solar power and making it weather resistant
This completes an End to End IOT Model with a micro controller , a moisture sensor and two lithium ION batteries which get charged based on a small solar panel. Am going to extend this to LoRa Wan and will try to achieve ultra low power long distance.
The idea is that there is an allotment 6 kms from the place I live and I will see if AWS and LoRa Wan Supports me for protocol needs.
Docker containers associated with this project
Worth Reading: Data Manipulation in Jinja2
Ansible and Jinja2 are not an ideal platform for data manipulation, but sometimes it’s easier to hack together something in Jinja2 than writing a Python filter. In those cases, you might find the Data Model Transformation with Jinja2 by Philippe Jounin extremely useful.
Notes on Aviatrix
Miscellaneous notes on Aviatrix.
Usually updated on Fridays.
New and updated notes are placed at the top.
Updating the Aviatrix Controller IAM Policy:
When deploying the Aviatrix controller in AWS for the first time, the AWS CloudFormation template that launched your controller may not have the most current IAM policy definitions for the IAM roles it creates for the controller to use. To remedy this, right after your controller is launched and you’ve logged on for the first time, do the following:
- Define your Primary access account. Go to Onboarding > AWS > Create Primary Access Account. This is the AWS account that your controller lives in.
- Now go to Accounts > Access Accounts. Highlight the Primary access account you just created and click “Update Policy”. This will update the IAM policy applied to the IAM roles your controller will be using to the latest and greatest.
How to use an AWS ACM Certificate with your Aviatrix controller:
To apply an ACM public certificate to your UI sessions with the Aviatrix controller you’ll need to use a Load Balancer and attach your certificate to it. Here’s what I did:
- Create a Network Load Balancer (NLB)
- Create a TLS:443 listener on Continue reading
After Two Decades, the Party Is Ready for the IXP in El Salvador
The history of El Salvador’s Internet exchange point (IXSal) is perhaps the longest and most complex, beginning at the end of the last century, in 1999, explains its founder, Lito Ibarra, with a smile. “It started out as a utopia after I started hearing about the experiences of other countries.” Ibarra wrote proposals and received […]
The post After Two Decades, the Party Is Ready for the IXP in El Salvador appeared first on Internet Society.
When Stretching Layer Two, Separate Your Fate
On the Packet Pushers YouTube channel, Jorge asks in response to Using VXLAN To Span One Data Center Across Two Locations…
TL;DR
That video is a couple of years old at this point, and I don’t recall the entire discussion. Here’s my answer at this moment in time. If DCI is required (and I argue that it shouldn’t be in most cases), look at VXLAN/EVPN. EVPN is supported by several vendors. If you are a multi-vendor shop, watch for EVPN inter-vendor compatibility problems. Also look for vendor EVPN guides discussing the use case of data center interconnect (DCI).
Also be aware (and beware) of vendor-proprietary DCI technologies like Cisco’s OTV. I recommend against investing in OTV and similar tech unless you already have hardware that can do it and can turn the feature on for free. Otherwise, my opinion, for what it’s worth, is to stick with an EVPN solution. EVPN is a standard that’s been running in production environments for Continue reading
Heavy Networking 572: How First Bank Leverages Aruba SD-WAN For Network And Security Transformation (Sponsored)
Today's Heavy Networking explores how First Bank uses Aruba’s SD-WAN to advance its cloud migration, support remote workers, and provide secure segmentation for IoT devices. We also discuss the growing trend of SASE and First Bank’s strategy around cloud-delivered security services. Our guests are Marc Ashworth, CISO at First Bank; and Damon Ennis, VP of Engineering at Aruba Networks.
The post Heavy Networking 572: How First Bank Leverages Aruba SD-WAN For Network And Security Transformation (Sponsored) appeared first on Packet Pushers.
Heavy Networking 572: How First Bank Leverages Aruba SD-WAN For Network And Security Transformation (Sponsored)
Today's Heavy Networking explores how First Bank uses Aruba’s SD-WAN to advance its cloud migration, support remote workers, and provide secure segmentation for IoT devices. We also discuss the growing trend of SASE and First Bank’s strategy around cloud-delivered security services. Our guests are Marc Ashworth, CISO at First Bank; and Damon Ennis, VP of Engineering at Aruba Networks.Debunk the Junk- The case for App Acceleration with SD-WAN
In this episode we will discuss the idea of SD-WAN vs. Application Acceleration and WANop. With the proliferation of SD-WAN we’ve heard a lot of people say that SD-WAN gives you the traffic control, but does it negate the need for application acceleration or WAN optimization tools? We attack this common misconception and discuss our stance on the matter in this episode.
Reference Links:
- https://www.riverbed.com/blogs/sd-wan-or-wan-optimization.html
- https://community.riverbed.com
- https://riverbed.com
Phil Gervasi
Host
Brandon Carroll
Host
John Pittle
Guest
The post Debunk the Junk- The case for App Acceleration with SD-WAN appeared first on Network Collective.
Five Disruptive Features of Tomorrow’s 6G Networks
The international 6G standards are still in development. But one thing is clear: 6G will leave its predecessors far behind.Per Origin Host Header Override
Load Balancing as a concept is pretty straightforward. Take an existing infrastructure and route requests to the available origin servers so no single server is overwhelmed. Add in some health monitoring to ensure each server has a heartbeat/pulse so proactive decisions can be made. With two steps, you get more effective utilization of your existing resources… simple enough!
As your application grows, however, load balancing becomes more complicated. An example of this — and the subject of this blog post — is how load balancing interacts with the Host header in an HTTP request.
Host headers and load balancing
Every request to a website contains a unique piece of identifying information called the Host header. The Host header helps route each request to the correct origin server so the end user is sent the information they requested from the start.
For example, say that you enter example.com into my URL bar in my browser. You are sending a request to ‘example.com’ to send you back the homepage located within that application. To make sure you actually get resources from example.com, your browser includes a Host header of example.com. When that request reaches the back-end infrastructure, Continue reading
Cisco SD-WAN – Part III: Overlay Management Protocol
Introduction
This chapter introduces the operation of the Overlay Management Protocol (OMP). It starts by introducing TLOC Routes which are used for establishing tunnels between vEdges. Next, it explains OMP Routes which in turn are used for advertising client VPN-specific networks reachability information. I am also going to show the data plane encapsulation when data is sent between the hosts in site 10 and site 30. The purpose of the data plane section is to show how the label attribute advertised within OMP routing advertisements is used to identify customer VPN. In order to see inside captured packets, I am using GRE tunnels instead of IPSec. Figure 3-1 illustrates the example topology used in this chapter. The customer VPN 10 is used on both sites. Site 10 subnet is 172.16.10.0/24 and site 30 subnet is 172.16.30.0/24. Interface ge0/0 in both vEdges is connected to the Public-Internet, and interface ge0/1 is the connected to MPLS transport network where the customer has its dedicated MPLS VPN.
Figure 3-1: SD-WAN Example Topology.
Bringing New Engineers into Networking on Software Gone Wild
As I started Software Gone Wild podcast in June 2014, I wanted to help networking engineers grow beyond the traditional networking technologies. It’s only fitting to conclude this project almost seven years and 116 episodes later with a similar theme Avi Freedman proposed when we started discussing podcast topics in late 2020: how do we make networking attractive to young engineers.
Elisa Jasinska and Roopa Prabhu joined Avi and me, and we had a lively discussion that I hope you’ll find interesting.