Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored)
Today's Tech Bytes podcast from the Packet Pushers is a conversation with Node4, a managed security service provider that's deploying and operating Fortinet’s Secure SD-WAN for its customers. Fortinet is our sponsor. Our guest from Node4 is Glenn Akester, Lead Network Services Architect.Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored)
Today's Tech Bytes podcast from the Packet Pushers is a conversation with Node4, a managed security service provider that's deploying and operating Fortinet’s Secure SD-WAN for its customers. Fortinet is our sponsor. Our guest from Node4 is Glenn Akester, Lead Network Services Architect.
The post Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored) appeared first on Packet Pushers.
Rant: Don’t Ever Compare Enterprise IT Shenanigans with Apollo 13
Here’s a recent tweet by my friend Joe Onisick that triggered this blog post:
My favorite people are the ones that start with “how could we make that work?” Before jumping into all of their preconceived bs on why it won’t work.
I couldn’t agree more with that sentiment. The number of people who would invent all sorts of excuses just to avoid turning on their brains and keep to their cozy old methods is staggering. Unfortunately, someone immediately had the urge to switch into what I understood to be a heroic MacGyver mode (or maybe it was just my lack of caffeine, in which case I apologize for the misquote… but you might still like the rest of the rant):
Networking and Infrastructure News Roundup: February 12 Edition
In the news this week: Solutions and partnerships to help with the transition to cloud and support for Kubernetes.Install azruntime as a CLI program using pipx
azruntime, the Python program I wrote to manage virtual machines in my Azure subscriptions, is more convenient to use when run as a command from the Linux prompt instead of as a Python program in its virtual environment. You can install Python packages as command-line-programs using pipx.
To make azruntime work after using pipx to install it, I had to organize the project into a proper Python package folder structure, add an entry point in the setup.py file, and change the authentication class used by azruntime.
This post describes what I learned about pipx and Python packaging to enable me to install azruntime as a CLI application.
Changing the package directory structure
I originally structured the azruntime package so all its files were in one folder. I know this is not the standard way that packages are organized but I thought it was simpler and it worked with pip. However, pipx requires the correct package folder structure.
Below, I show the new folder structure I created.
azruntime/
├── LICENSE
├── README.md
├── azruntime
│ ├── __init.py__
│ ├── __main__.py
│ └── azruntime.py
├── requirements.txt
└── setup.py
At the top level, I have Continue reading
Worth Reading: Internet of Trash
I love the recent Internet of Trash article by Geoff Huston, in particular this bit:
“Move fast and break things” is not a tenable paradigm for this industry today, if it ever was. In the light of our experience with the outcomes of an industry that became fixated on pumping out minimally viable product, it’s a paradigm that heads towards what we would conventionally label as criminal negligence.
Of course it’s not just the Internet-of-Trash. Whole IT is filled with examples of startups and “venerable” companies doing the same thing and boasting about their disruptiveness. Now go and read the whole article ;)
Worth Reading: Advice(s) for Engineering Managers
Just in case you were recently promoted to be a team leader or a manager: read these somewhat-tongue-in-cheek advices:
- How do I feel worthwhile as a manager when my people are doing all the implementing? by Charity Majors
- The Non-psychopath’s Guide to Managing an Open-source Project by Kode Vicious.
Need more career advice? How about The Six Year Rule by Bryan Sullins… or you could go and reread my certifications-related blog posts.
Building your own SD-WAN with Envoy and Wireguard
When using a personal VPN at home, one of the biggest problems I’ve faced was the inability to access public streaming services. I don’t care about watching Netflix from another country, I just want to be able to use my local internet connection for this kind of traffic while still encrypting everything else. This problem is commonly known in network engineering as “local internet breakout” and is often implemented at remote branch/edge sites to save costs of transporting SaaS traffic (e.g. Office365) over the VPN infrastructure. These “local breakout” solutions often rely on explicit enumeration of all public IP subnets, which is a bit cumbersome, or require “intelligent” (i.e. expensive) DPI functionality. However, it is absolutely possible to build something like this for personal use and this post will demonstrate how to do that.
Solution Overview
The problem scope consists of two relatively independent areas:
Traffic routing - how to forward traffic to different outgoing interfaces based on the target domain.
VPN management - how to connect to the best VPN gateway and make sure that connection stays healthy.
Each of one these problem areas is addressed by a separate set of components.
VPN management is solved Continue reading
Automate Leaf and Spine Deployment – Part3
The 3rd post in the ‘Automate Leaf and Spine Deployment’ series goes the through the variables from which the core fabric declaration is made and how this transposes into a dynamic inventory. This uses only the base and fabric roles to create the fabric ready for the service sub-roles (tenant, interface and route) to be deployed on top of the fabric at a later stage.
Announcing the Candidate Slates for the 2021 Board of Trustees Elections
As Chair of the Internet Society Nominations Committee, I am pleased to announce the slates of candidates for the 2021 Board of Trustees elections. The candidates for each slate are listed below in alphabetical order by last name.
Chapters Election (one seat available)
- Leiska Evanson
- Luis Martinez
- Rao Naveed Bin Rais
- Muhammad Shabbir
- Niels ten Oever
Organization Members Election (two seats available)
- Paul Ebersman
- Robert Pepper
- Wei Wang
- Heather West
Additional nominations for election to the Board of Trustees may be made by petition by the nominee, and filed with the Chair of the Nominations Committee using the online form available at the Petitions page: https://www.internetsociety.org/board-of-trustees/elections/2021/petitions/
The deadline for receipt of petition requests is 15:00 UTC on Friday, 26 February 2021. The deadline for petition signatures is Friday, 5 March 2021 at 15:00 UTC. The names of any successful petitioners will be placed on the ballot.
The final candidate slate will be announced on Monday, 8 March, and voting will open on Friday, 9 April.
Learn more about the candidates and the elections, including the petition process at: https://www.internetsociety.org/board-of-trustees/elections/
The Committee thanks all of the nominees who expressed interest and willingness to serve on the Internet Continue reading
Heavy Networking 561: Modeling Your Network For Intent-Based Assurance With IP Fabric (Sponsored)
In today's podcast, sponsored by IP Fabric, we dive into the IP Fabric Network Assurance platform. This platform gathers network configuration and state, and then builds a network model using a graph database. The result is a "digital twin" of the network that engineers and security teams can use for troubleshooting, to plan and verify changes, for network and security analysis, and to enable closed-loop automation. Our guests from IP Fabric are Pavel Bykov, CEO; and Daren Fulwell, Network Automation Evangelist.Heavy Networking 561: Modeling Your Network For Intent-Based Assurance With IP Fabric (Sponsored)
In today's podcast, sponsored by IP Fabric, we dive into the IP Fabric Network Assurance platform. This platform gathers network configuration and state, and then builds a network model using a graph database. The result is a "digital twin" of the network that engineers and security teams can use for troubleshooting, to plan and verify changes, for network and security analysis, and to enable closed-loop automation. Our guests from IP Fabric are Pavel Bykov, CEO; and Daren Fulwell, Network Automation Evangelist.
The post Heavy Networking 561: Modeling Your Network For Intent-Based Assurance With IP Fabric (Sponsored) appeared first on Packet Pushers.
Solutions In Search of a Problem
During a few recent chats with my friends in the industry, I’ve heard a common refrain coming up about technologies or products being offered for sale. Typically these are advanced ideas given form that are then positioned as products for sale in the market. Overwhelmingly the feedback comes down to one phrase:
This is a solution in search of a problem.
We’ve probably said this a number of times about a protocol or a piece of hardware. Something that seems to be built to solve a problem we don’t have and couldn’t conceive of. But why does this seem to happen? And what can we do to fix this kind of mentality?
Forward Looking Failures
If I told you today that I was creating software that would revolutionize the way your autonomous car delivers music to the occupants on their VR headsets you’d probably think I was crazy, right? Every one of the technologies I mentioned in the statement is a future thing that we expect may be big down the road. We love the idea of autonomous vehicles and VR headsets and such.
Now, let’s change the statement. I’m working on a new algorithm for HD-DVD players to produce Continue reading
Keeping Pakistan’s Internet Exchange Points Running
Internet Exchange Points (IXPs) are a vital element of Internet infrastructure. They can be found at physical and neutral locations where different IP networks meet to exchange local traffic via a switch. Implementing an IXP within a country helps bring faster, more affordable, and better performing Internet to people.
Frustrated by poor quality of service and high-cost connectivity, local Internet stakeholders started off the process of setting up an IXP in Pakistan. With the adoption of the 2015 telecoms policy, there was a new drive to foster interconnection and keep local traffic within the country.
Led by the Pakistan Telecom Authority (PTA), the telecom regulator, the government-initiated consultations on how to set up an IXP. To develop an informed opinion about IXPs, PTA reached out to the Internet Society, the Asia Pacific Network Information Center (APNIC), the local Internet community, and civil society.
The consultations led to the formation of an IXP board; comprised of all stakeholders. The new board decided to establish IXPs at Islamabad, Karachi, and Lahore. The IXP board first set up an IXP in Pakistan at a neutral venue, the Higher Education Commission of Pakistan (HEC), Islamabad in 2016. HEC was ideal because it provided a Continue reading