Rant: Cisco ACI Complexity
A while ago Antti Leimio wrote a long twitter thread describing his frustrations with Cisco ACI object model. I asked him for permission to repost the whole thread as those things tend to get lost, and he graciously allowed me to do it, so here we go.
I took a 5 days Cisco DCACI course. This is all new to me. I’m confused. Who is ACI for? Capabilities and completeness of features is fantastic but how to manage this complex system?
Using the Cloud as WAN Transport
By integrating virtualized SD-WAN appliances within the various cloud transit gateways, SD-WAN can communicate optimal path selection routing data to and from a public cloud to a customer's private infrastructure.Flow-based monitoring for Magic Transit
Network-layer DDoS attacks are on the rise, prompting security teams to rethink their L3 DDoS mitigation strategies to prevent business impact. Magic Transit protects customers’ entire networks from DDoS attacks by placing our network in front of theirs, either always on or on demand. Today, we’re announcing new functionality to improve the experience for on-demand Magic Transit customers: flow-based monitoring. Flow-based monitoring allows us to detect threats and notify customers when they’re under attack so they can activate Magic Transit for protection.
Magic Transit is Cloudflare’s solution to secure and accelerate your network at the IP layer. With Magic Transit, you get DDoS protection, traffic acceleration, and other network functions delivered as a service from every Cloudflare data center. With Cloudflare’s global network (59 Tbps capacity across 200+ cities) and <3sec time to mitigate at the edge, you’re covered from even the largest and most sophisticated attacks without compromising performance. Learn more about Magic Transit here.
Using Magic Transit on demand
With Magic Transit, Cloudflare advertises customers’ IP prefixes to the Internet with BGP in order to attract traffic to our network for DDoS protection. Customers can choose to use Magic Transit always on or on demand. With always Continue reading
Juniper Rebuilds Its Enterprise SD-WAN Strategy With The Session-Smart Router
Juniper Networks is rebuilding its enterprise SD-WAN strategy around the Session-Smart Router (SSR) from 128 Technology, which Juniper acquired in October 2020. The Session-Smart Router integrates with Juniper's Mist AI platform and will replace Contrail Service Orchestration as its enterprise SD-WAN play.
The post Juniper Rebuilds Its Enterprise SD-WAN Strategy With The Session-Smart Router appeared first on Packet Pushers.
Heavy Networking 564: Seven Engineers At The Community Roundtable
Today's Heavy Networking episode is a grab bag of topics delivered in our community roundtable format. Five engineers join Ethan Banks and Greg Ferro to talk about subjects including IPv6, SmartNICs, firewall rule management, becoming a manager, and other topics.
The post Heavy Networking 564: Seven Engineers At The Community Roundtable appeared first on Packet Pushers.
Heavy Networking 564: Seven Engineers At The Community Roundtable
Today's Heavy Networking episode is a grab bag of topics delivered in our community roundtable format. Five engineers join Ethan Banks and Greg Ferro to talk about subjects including IPv6, SmartNICs, firewall rule management, becoming a manager, and other topics.Building Snowflakes On Purpose
We all know that building snowflake networks is bad, right? If it’s not a repeatable process it’s going to end up being a problem down the road. If we can’t refer back to documentation to shows why we did something we’re going to end up causing issues and reducing reliability. But what happens when a snowflake process is required to fix a bigger problem? It’s a fun story that highlights where process can break down sometimes.
Reloaded
I’ve mentioned before that I spent about six months doing telephone tech support for Gateway computers. This was back in 2003 so Windows XP was the hottest operating system out there. The nature of support means that you’re going to be spending more time working on older things. In my case this was Windows 95 and 98. Windows 98 was a pain but it was easy to work on.
One of the most common processes we had for Windows 98 was a system reload. It was the last line of defense to fix massive issues or remove viruses. It was something that was second nature to any of the technicians on the help desk:
- Boot from the Gateway tools CD and use GWSCAN Continue reading
Why Customers Always Escalate To Tech Support
Responding to Eyvonne's piece on escalation
Video: High-Level Technology Guidelines
I concluded the Focus on Business Challenges First presentation (part of Business Aspects of Networking Technologies webinar) with a few technology guidelines starting with:
- Be vendor-agnostic (always look around to see what others are doing);
- Try to understand how the technology you’re evaluating really works (it will help you spot the potential problems before they crash your network);
- Always select what’s best for your business, not for the sales quota of your friendly $vendor account manager.
For more guidelines, watch the video (available with Free ipSpace.net Subscription).
Looking at What’s Driving Edge Computing’s New Security Strategy
As edge computing grows, security teams must address the requirement for visibility and control across the LAN, WAN, and cloud edges.JNCIE-DC remote lab exam resources
Due to the COVID-19 pandemic the exam centers of Juniper are at time of this writing closed for external visitors. Fortunately the Juniper Education team did a great job and made JNCIE lab exams available from your own home! Now this does impact how you make the test and also what resources you have available […]
The post JNCIE-DC remote lab exam resources first appeared on Rick Mur.Creating serendipity with Python
We've been experimenting with breaking up employees into random groups (of size 4) and setting up video hangouts between them. We're doing this to replace the serendipitous meetings that sometimes occur around coffee machines, in lunch lines or while waiting for the printer. And also, we just want people to get to know each other.
Which lead to me writing some code. The core of which is divide n elements into groups of at least size g minimizing the size of each group. So, suppose an office has 15 employees in it then it would be divided into three groups of sizes 5, 5, 5; if an office had 16 employees it would be 4, 4, 4, 4; if it had 17 employees it would be 4, 4, 4, 5 and so on.
I initially wrote the following code (in Python):
groups = [g] * (n//g)
for e in range(0, n % g):
groups[e % len(groups)] += 1
The first line creates n//g (// is integer division) entries of size g (for example, if g == 4 and n == 17 then groups == [4, 4, 4, 4]). The for loop deals with the 'left over' parts that Continue reading
The Role of Machine Learning and AIOps in Network Performance Management
Nascent AIOps holds the key to a more automated, streamlined, and optimized approach to IT management that can help quickly and effectively identify and resolve network issues.Response: Firefox 86 Introduces Total Cookie Protection – Mozilla Security Blog
Browsers keep users safe from excessive user tracking
Does Unequal-Cost Multipathing Make Sense?
Every now and then I’m getting questions along the lines “why doesn’t X support unequal-cost multipathing (UCMP)?” for X in [ OSPF, BGP, IS-IS ].
To set the record straight: BGP does support some rudimentary form of unequal-cost multipathing with the DMZ Bandwidth community, but it only works across multiple egress points from a single autonomous system. Follow-up nerd knobs described how to use the same community over EBGP sessions; not sure whether anyone implemented that part (comments welcome).