Day Two Cloud 113: Multi-Cloud Network Visibility And Automation With Aviatrix (Sponsored)
Today's Day Two Cloud episode dives into multi-cloud networking with sponsor Aviatrix. Aviatrix offers a cloud network platform with a common data plane and operational model that works across public clouds and supports visibility and automation. We dig into the product with Aviatrix guests and a customer.
The post Day Two Cloud 113: Multi-Cloud Network Visibility And Automation With Aviatrix (Sponsored) appeared first on Packet Pushers.
The API Gateway: Networking at Layer 8
As the network stack expands to support the API economy, network architecture must expand its domain to include APIs.MikroTik RouterOS Advanced Configuration
In the previous tutorial, we installed and configured a brand new MikroTik hAP ac³ router for connection to the Internet. We also improved the overall security of the router by implementing simple steps to harden it. These include things like disabling unused services, enabling HTTPS for device management, updating RouterOS, and reconfiguring the firewall rules. […]Continue reading...
netsim-tools: Python Package and Unified CLI
One of the major challenges of using netsim-tools was the installation process – pull the code from GitHub, install the prerequisites, set up search paths… I knew how to fix it (turn the whole thing into a Python package) but I was always too busy to open that enormous can of worms.
That omission got fixed in summer 2021; netsim-tools is now available on PyPI and installed with pip3 install netsim-tools.
netlab Python Package and Unified CLI
One of the major challenges of using netsim-tools (now renamed to netlab) was the installation process – pull the code from GitHub, install the prerequisites, set up search paths… I knew how to fix it (turn the whole thing into a Python package) but I was always too busy to open that enormous can of worms.
That omission got fixed; netlab is now available on PyPI and installed with pip3 install networklab.
Outdated Data Center Risks: How Organizational Mandates Help
Organizations should create mandates requiring upgrades to their outdated data centers at a regular cadence to avoid risks.Lucky Webapp Add Pagination
In this post I will show you how to add pagination to a Lucky webapp and also style the pagination links with Bootrap and Font Awesome Icons. Software The following software versions were used in this post. Lucky - 0.28.0 Font Awesome (Free) - 5.15.4 Bootstrap - 5.1.0 Enable...continue reading
Calico integration with WireGuard using kOps
It has been a while since I have been excited to write about encrypted tunnels. It might be the sheer pain of troubleshooting old technologies, or countless hours of falling down the rabbit hole of a project’s source code, that always motivated me to pursue a better alternative (without much luck). However, I believe luck is finally on my side.
In this blog post we will explore using open-source WireGuard, a new technology that offers encrypted tunnels with remarkable performance and an effortless implementation, to establish secure encrypted tunnels between workloads in K8s clusters.
Introduction: WireGuard
With the release of open-source Calico 3.14 back in June of 2020, Tigera announced a tech preview of its WireGuard integration, which allows node-to-node traffic to be encrypted using WireGuard.
Other encryption methods (e.g. TLS) were available to encrypt workloads’ traffic at higher TCP/IP layers (in this case, the Application Layer). However, WireGuard targets traffic at a lower layer (the Transport Layer), which makes it effective for a wider range of applications, and also reduces complexity for the user.
WireGuard is an open-source project that implements virtual private network (VPN) techniques to establish secure point-to-point connections leveraging Linux Continue reading
Netdev 0x15
Network wide visibility with Linux networking and sFlow describes the Linux switchdev driver used to integrate network hardware with Linux. The talk focuses on network telemetry, showing how standard Linux APIs are used to configure hardware instrumentation and stream telemetry using the industry standard sFlow protocol for data center wide visibility.
Switchdev in the wild describes Yandex's experience of deploying Linux switchdev based switches in production at scale. The diagram from the talk shows the three layer leaf and spine network architecture used in their data centers. Yandex operates multiple data centers, each containing up to 100,000 servers.
Switchdev Offload Workshop provides updates about the latest developments in the switchdev community.
FRR Workshop discusses the latest development in the FRRouting project, the open source routing software that is now a defacto standard on Linux network operating systems.
The Best Technologists First Try To Solve Their Own Problems
Every once in a while, I get questions from random internet folks who want me to do their homework for them. They want me to provide them with detailed technical information, solve their complex design problem, or curate content on a difficult topic so that they don’t have to do the sifting.
While I like to help folks out as much as anyone (and often do), I usually ignore these sorts of questions. Why? Partly, I don’t have enough time to fix the internet. Partly, I like to get paid for consulting. But more importantly, the best technologists first try to solve their own problems.
A Manager’s Perspective
When interviewing candidates for technical positions, one of my questions is, “If you run into a problem you’ve never faced before, how do you solve it?” There are two typical answers.
- “I’ll ask someone else for help. Probably you.”
- “I’ll search the internet, company wiki, and product documentation. I’ll set up a lab. If I’m still stuck, I’ll ask for help.”
I prefer to hire a person who first tries to figure things out. While I want neither a cowboy nor science experiments making their way into production, I Continue reading
The EPYC journey continues to Milan in Cloudflare’s 11th generation Edge Server
When I was interviewing to join Cloudflare in 2014 as a member of the SRE team, we had just introduced our generation 4 server, and I was excited about the prospects. Since then, Cloudflare, the industry and I have all changed dramatically. The best thing about working for a rapidly growing company like Cloudflare is that as the company grows, new roles open up to enable career development. And so, having left the SRE team last year, I joined the recently formed hardware engineering team, a team that simply didn’t exist in 2014.
We aim to introduce a new server platform to our edge network every 12 to 18 months or so, to ensure that we keep up with the latest industry technologies and developments. We announced the generation 9 server in October 2018 and we announced the generation 10 server in February 2020. We consider this length of cycle optimal: short enough to stay nimble and take advantage of the latest technologies, but long enough to offset the time taken by our hardware engineers to test and validate the entire platform. When we are shipping servers to over 200 cities around the world with a variety of regulatory Continue reading