Archive

Category Archives for "Networking"

Network Break 350: Intel Pledges Billions For European Chip Factories; Facebook Reveals New Data Center Design

This week's Network Break podcast wonders what Intel wants in return for a multi-year, multi-billion pledge to build European chip factories, marvels at Facebook's newly revealed data center designs, analyzes Comcast's Masergy acquisition, and more.

The post Network Break 350: Intel Pledges Billions For European Chip Factories; Facebook Reveals New Data Center Design appeared first on Packet Pushers.

VMware CEO looks to accelerate enterprise multicloud expansion

Since he helped build the highly successful ship that is VMware, it is widely expected the company’s CEO Raghu Raghuram, appointed in June, won’t rock that boat too much, at least in the near term.  VMware Raghuram is credited with helping build and grow the company’s core virtualization and multicloud  business as well as its software-defined data center strategy. VMware also credits Raghuram with driving partnerships with Dell Technologies and hyper-scaler customers.To read this article in full, please click here

Lenovo and VMware partner for resilient edge servers

VMware and Lenovo have collaborated on edge computing systems, with the goal of making  them more robust and resilient. Tech Spotlight: Edge Computing 4 essential edge computing use cases (Network World) Edge computing's epic turf war (CIO) Securing the edge: 5 best practices (CSO) Edge computing and 5G give business apps a boost (Computerworld) Amazon, Google, and Microsoft take their clouds to the edge (InfoWorld) As part of the deal, Lenovo's Infrastructure Solutions Group (ISG) will pre-load VMware's edge software on its ThinkSystem SE350 Edge servers, a pair of ruggedized servers designed specifically for edge deployments. This includes vSphere, vSan, and Tanzu.To read this article in full, please click here

Lenovo and VMware partner for resilient edge servers

VMware and Lenovo have collaborated on edge computing systems, with the goal of making  them more robust and resilient. Tech Spotlight: Edge Computing 4 essential edge computing use cases (Network World) Edge computing's epic turf war (CIO) Securing the edge: 5 best practices (CSO) Edge computing and 5G give business apps a boost (Computerworld) Amazon, Google, and Microsoft take their clouds to the edge (InfoWorld) As part of the deal, Lenovo's Infrastructure Solutions Group (ISG) will pre-load VMware's edge software on its ThinkSystem SE350 Edge servers, a pair of ruggedized servers designed specifically for edge deployments. This includes vSphere, vSan, and Tanzu.To read this article in full, please click here

11 Tips on Gaining Experience in Network Design

For people that want to pursue a career in network design, it can be tough getting the experience needed for such a role. How do you get design experience if your current role does not involve design? There are still many things you can do and I will give you tips on gaining that experience.

Network fundamentals – I always bring this up because it’s easy to overlook the need for network fundamentals. Being an Architect you still need to have technical chops and hopefully some operational experience as well. How can you design for something you are not familiar with? You can’t! You need to know OSPF, ISIS, BGP, etc. to understand when you should use each protocol. Spend a lot of time building these fundamentals before you move into design. How do you do that? Ivan Pepelnjak has training in this area. There is also the Computer Networking Problems and Solutions book by Russ White and Ethan Banks.

Books – There are several excellent books on network design. Some of them are geared towards network design certifications but they are great reads even if you are not pursuing any certification. One of my favourite books is The Art Continue reading

Configuring NSX-T Firewall with a CI/CD Pipeline

Initial implementation of Noël Boulene’s automated provisioning of NSX-T distributed firewall rules changed NSX-T firewall configuration based on Terraform configuration files. To make the deployment fully automated he went a step further and added a full-blown CI/CD pipeline using GitHub Actions and Terraform Cloud.

Not everyone is as lucky as Noël – developers in his organization already use GitHub and Terraform Cloud, making his choices totally frictionless.

Configuring NSX-T Firewall with a CI/CD Pipeline

Initial implementation of Noël Boulene’s automated provisioning of NSX-T distributed firewall rules changed NSX-T firewall configuration based on Terraform configuration files. To make the deployment fully automated he went a step further and added a full-blown CI/CD pipeline using GitHub Actions and Terraform Cloud.

Not everyone is as lucky as Noël – developers in his organization already use GitHub and Terraform Cloud, making his choices totally frictionless.

TLS with a side of DANE

These are some notes I took from the DNS OARC meeting held in September 2021. This was a short virtual meeting, but for those of us missing a fix of heavy-duty DNS, it was very welcome in any case!

Short feedback on Cisco pyATS and Genie Parser

Cisco pyATS is a framework for network automation and testing. It includes, among other things, an open-source multi-vendor set of parsers and models, Genie Parser. It features 2700 parsers for various commands over many network OS. On the paper, this seems a great tool!

>>> from genie.conf.base import Device
>>> device = Device("router", os="iosxr")
>>> # Hack to parse outputs without connecting to a device
>>> device.custom.setdefault("abstraction", {})["order"] = ["os", "platform"]
>>> cmd = "show route ipv4 unicast"
>>> output = """
... Tue Oct 29 21:29:10.924 UTC
...
... O    10.13.110.0/24 [110/2] via 10.12.110.1, 5d23h, GigabitEthernet0/0/0/0.110
... """
>>> device.parse(cmd, output=output)
{'vrf': {'default': {'address_family': {'ipv4': {'routes': {'10.13.110.0/24': {'route': '10.13.110.0/24',
       'active': True,
       'route_preference': 110,
       'metric': 2,
       'source_protocol': 'ospf',
       'source_protocol_codes': 'O',
       'next_hop': {'next_hop_list': {1: {'index': 1,
          'next_hop': '10.12.110.1',
          'outgoing_interface': 'GigabitEthernet0/0/0/0.110',
          'updated': '5d23h'}}}}}}}}}}

First deception: pyATS is closed-source with some exceptions. This is quite annoying if you run into some issues outside Genie Parser. For example, although pyATS is using the ssh command, Continue reading

Welcome to Speed Week and a Waitless Internet

Welcome to Speed Week and a Waitless Internet
Welcome to Speed Week and a Waitless Internet

No one likes to wait. Internet impatience is something we all suffer from.

Waiting for an app to update to show when your lunch is arriving; a website that loads slowly on your phone; a movie that hasn’t started to play… yet.

But building a waitless Internet is hard. And that’s where Cloudflare comes in. We’ve built the global network for Internet applications, be they websites, IoT devices or mobile apps. And we’ve optimized it to cut the wait.

If you believe ISP advertising then you’d think that bandwidth (100Mbps! 1Gbps! 2Gbps!) is the be all and end all of Internet speed. That’s a small component of what it takes to deliver the always on, instant experience we want and need.

The reality is you need three things: ample bandwidth, to have content and applications close to the end user, and to make the software as fast as possible. Simple really. Except not, because all three things require a lot of work at different layers.

In this blog post I’ll look at the factors that go into building our fast global network: bandwidth, latency, reliability, caching, cryptography, DNS, preloading, cold starts, and more; and how Cloudflare zeroes in on Continue reading

Worth Reading: Ops Questions in Software Engineering Interviews

Charity Majors published another must-read article: why every software engineering interview should include ops questions. Just a quick teaser:

The only way to unwind this is to reset expectations, and make it clear that:

  • You are still responsible for your code after it’s been deployed to production, and
  • Operational excellence is everyone’s job.

Adhering to these simple principles would remove an enormous amount of complexity from typical enterprise IT infrastructure… but I’m afraid it’s not going to happen anytime soon.

Worth Reading: Ops Questions in Software Engineering Interviews

Charity Majors published another must-read article: why every software engineering interview should include ops questions. Just a quick teaser:

The only way to unwind this is to reset expectations, and make it clear that:

  • You are still responsible for your code after it’s been deployed to production, and
  • Operational excellence is everyone’s job.

Adhering to these simple principles would remove an enormous amount of complexity from typical enterprise IT infrastructure… but I’m afraid it’s not going to happen anytime soon.

Fast Friday – Podcasts Galore!

It’s been a hectic week and I realized that I haven’t had a chance to share some of the latest stuff that I’ve been working on outside of Tech Field Day. I’ve been a guest on a couple of recent podcasts that I loved.

Art of Network Engineering

I was happy to be a guest on Episode 57 of the Art of Network Engineering podcast. AJ Murray invited me to take part with all the amazing co-hosts. We talked about some fun stuff including my CCIE study attempts, my journey through technology, and my role at Tech Field Day and how it came to be that I went from being a network engineer to an event lead.

The interplay between the hosts and I during the discussion was great. I felt like we probably could have gone another hour if we really wanted to. You should definitely take a listen and learn how I kept getting my butt kicked by the CCIE open-ended questions or what it’s like to be a technical person on a non-technical briefing.

IPv6, Wireless, and the Buzz

I love being able to record episodes of Tomversations on Youtube. One of my latest was all about Continue reading

What is MPLS: What you need to know about multi-protocol label switching

The thing about MPLS is that it’s a technique, not a service — so it can deliver anything from IP VPNs to metro Ethernet. It's expensive, so with the advent of SD-WAN enterprises are trying to figure how to optimize its use vs. less expensive connections like the internetDid you ever order something online from a distant retailer and then track the package as it makes strange and seemingly illogical stops all over the country.That’s similar to the way IP routing on the Internet works. When an internet router receives an IP packet, that packet carries no information beyond a destination IP address. There is no instruction on how that packet should get to its destination or how it should be treated along the way.To read this article in full, please click here

Palo Alto launches an enterprise-grade security pack for remote workers

Palo Alto Networks has rolled out a Wi-Fi based package that the company says provides remote workers with enterprise-class security features.Called Okyo Garde, the bundle incuds Wi-Fi-6-based hardware and mobile application-security software that includes threat-intelligence updates, and sells the hardware and software to enterprises as a customizable subscription. The package also offers malware and ransomware prevention, phishing protection, infected device detection, and suspicious-activity monitoring and control, the company said.Linux security: Cmd provides visibility, control over user activity Workers’ homes are becoming enterprise “branches of one” with multiple devices without IT teams or a deep set of cybersecurity protections, yet they face the same threat landscape as any enterprise, said Mario Queiroz, executive vice president of Palo Alto Networks. Threat actors may even see them as more vulnerable and therefore attractive entry points into the corporate network,  Queiroz said.To read this article in full, please click here

Palo Alto launches an enterprise-grade security pack for remote workers

Palo Alto Networks has rolled out a Wi-Fi based package that the company says provides remote workers with enterprise-class security features.Called Okyo Garde, the bundle incuds Wi-Fi-6-based hardware and mobile application-security software that includes threat-intelligence updates, and sells the hardware and software to enterprises as a customizable subscription. The package also offers malware and ransomware prevention, phishing protection, infected device detection, and suspicious-activity monitoring and control, the company said.Linux security: Cmd provides visibility, control over user activity Workers’ homes are becoming enterprise “branches of one” with multiple devices without IT teams or a deep set of cybersecurity protections, yet they face the same threat landscape as any enterprise, said Mario Queiroz, executive vice president of Palo Alto Networks. Threat actors may even see them as more vulnerable and therefore attractive entry points into the corporate network,  Queiroz said.To read this article in full, please click here