Go Notes: Pointers
https://codingpackets.com/blog/go-notes-pointers
Automate Leaf and Spine Deployment – Part2
The 2nd post in the ‘Automate Leaf and Spine Deployment’ series describes process used for validating the variable files format and content. The idea behind this offline pre-validation is to catch any errors in the variable files before device configuration is attempted. Fail fast based on logic instead of failing halfway through a build. It wont catch everything but will eliminate a lot of the needless errors that would break a fabric build.
The Role of Security in a Future Full of Cloud Services
The future of work will revolve around effectively using cloud technologies to conduct business. Security plays a critical role in that future.Developing NetBox Plugin – Part 4 – Small improvements
Welcome to part 4 of the tutorial on developing NetBox plugin. By now BgpPeering plugin is functional but there are few things here and there that could make it better. In this post, we'll go through many improvements that will make the plugin look better and increase its functionality.
Developing NetBox Plugin tutorial series
- Developing NetBox Plugin - Part 1 - Setup and initial build
- Developing NetBox Plugin - Part 2 - Adding web UI pages
- Developing NetBox Plugin - Part 3 - Adding search panel
- Developing NetBox Plugin - Part 4 - Small improvements
- Developing NetBox Plugin - Part 5 - Permissions and API
Contents
- Updating display name of BgpPeering objects
- Enforce the same network for local and remote IPs
- Allowing objects to be deleted
- Allowing objects to be edited
- Prettifying field labels
- Conclusion
- Resources
- BGP Peering Plugin GitHub repository
Updating display name of BgpPeering objects
We'll start improvements by changing default display name of BgpPeering Continue reading
Worth Reading: Visualizing BGP-LS Tables
When I’d first seen BGP-LS I immediately thought: “it would be cool to use this to fetch link state topology data from the network and build a graph out of it”. In those days the only open-source way I could find to do it involved Open DayLight controller’s BGP-LS-to-REST-API converter, and that felt like deploying an aircraft carrier to fly a kite.
Things have improved dramatically since then. In Visualizing BGP-LS Tables, HB described how he solved the challenge with GoBGP, gRPC interface to GoBGP, and some Python code to parse the data and draw the topology graph with NetworkX. Enjoy!
An IPv6 Update for 2020
The common theme of many of reviews of the Internet in 2020 has been that the Internet has been used to plug the gap caused by shutting down many of our physical venues where we previously worked and played. No matter what aspect of the Internet you look at, its clear that we all made much more use of the Internet this year. Here I would like to ask the inevitable IPv6 question: What role did IPv6 play in 2020?Juniper to Mikrotik – MPLS Commands
About the Juniper to MikroTik series
In the world of network engineering, learning a new syntax for a NOS can be daunting if you need a specific config quickly. Juniper is a popular option for service providers/data centers and is widely deployed across the world.
This is a continuation of the Rosetta stone for network operating systems series. In this article we will be covering multi-protocol label switching (MPLS) using label distribution protocol (LDP). We are sticking with LDP as MikroTik does not have wide support for RSVP-TE.
You can find the first two articles of the series here:
Juniper to MikroTik – BGP commands
Juniper to MikroTik – OSPF commands
While many commands have almost the exact same information, others are as close as possible. Since there isn’t always an exact match, sometimes you may have to run two or three commands to get the information needed.
Using EVE-NG for testing
We conducted utilized EVE-NG for all of the testing with the topology seen below.
| Juniper Command | MikroTik Command |
|---|---|
| show ldp neighbor | mpls ldp neighbor print |
| show ldp interface | mpls ldp interface print |
| show route forwarding-table family mpls | mpls forwarding-table print |
| show ldp database | mpls Continue reading |
Worth Reading: Finding Bugs in C and C++ Compilers
Something to keep in mind before you start complaining about the crappy state of network operating systems: people are still finding hundreds of bugs in C and C++ compilers.
One might argue that compilers are even more mission-critical than network devices, they’ve been around for quite a while, and there might be more people using compilers than configuring network devices, so one would expect compilers to be relatively bug-free. Still, optimizing compilers became ridiculously complex in the past decades trying to squeeze the most out of the ever-more-complex CPU hardware, and we’re paying the price.
Keep that in mind the next time a vendor dances by with a glitzy slide deck promising software-defined nirvana.
Friction Finders
Do you have a door that sticks in your house? If it’s made out of wood the odds are good that you do. The kind that doesn’t shut properly or sticks out just a touch too far and doesn’t glide open like it used to. I’ve dealt with these kinds of things for years and Youtube is full of useful tricks to fix them. But all those videos start with the same tip: you have to find the place where the door is rubbing before you can fix it.
Enterprise IT is no different. We have to find the source of friction before we can hope to repair it. Whether it’s friction between people and hardware, users and software, or teams going at each other we have to know what’s causing the commotion before we can repair it. Just like with the sticking door, adding more force without understand the friction points isn’t a long-term solution.
Sticky Wickets
Friction comes from a variety of sources. People don’t understand how to use a device or a program. Perhaps it’s a struggle to understand who is supposed to be in charge of a change control or a provisioning process. It could even Continue reading
Tempered Networks Tempts Users With Free Remote Access Offering
Tempered Networks lets you set up encrypted remote access for 25 devices for free with its new Airwall Teams offering.
The post Tempered Networks Tempts Users With Free Remote Access Offering appeared first on Packet Pushers.
Heavy Networking 560: Moving Big Data Sets From Far-Off Locations
Construction sites generate tons of data but often lack network connectivity. Today's Heavy Networking explores how one CTO has found ways to move huge data sets to HQ and the cloud using everything from Free Space Optics to LTE to consumer broadband. There are also stories about flying drones and robot dogs, and the operational impacts of SD-WAN. Our guest is Michael Shepherd, CTO of Rogers-O’Brien Construction.Heavy Networking 560: Moving Big Data Sets From Far-Off Locations
Construction sites generate tons of data but often lack network connectivity. Today's Heavy Networking explores how one CTO has found ways to move huge data sets to HQ and the cloud using everything from Free Space Optics to LTE to consumer broadband. There are also stories about flying drones and robot dogs, and the operational impacts of SD-WAN. Our guest is Michael Shepherd, CTO of Rogers-O’Brien Construction.
The post Heavy Networking 560: Moving Big Data Sets From Far-Off Locations appeared first on Packet Pushers.
How SASE Will Transform How We Do Secure Security Systems in 2021
SASE offers organizations edge computing-based security frameworks that ensure secure and holistic networking for distributed teams.Notes on Pushing Ansible-generated FortiOS Configs
I’m working on a project to push out configuration files to Fortigates using the ‘configuration restore’ capability in FortiOS. The configs are generated using Jinja2 templates and then restored to the remote device via SCP. This post is to collect together a few of the pitfalls and things I learned in the process. Hopefully it will help someone else out of a hole.
Why use SCP in the first place?
I had every intention of using the FortiOS Ansible modules for this process, specifically fortinet.fortios.fortios_system_config_backup_restore. The issue with doing so is that it operates over the REST API. To use the API, you have to go on to the box and generate an API token. The issue here is that you only see the token in cleartext at the point of creation, after which it is stored cryptographically in the config. This means that on the script host you need to keep a vault with both versions – cleartext to push to the API, and cryptotext to insert into the config file you are pushing.
Instead, it is easier to enable SCP on the devices, put an admin PKI user’s public key in every config and restore over Continue reading
Video: Finding Paths Across the Network
Regardless of the technology used to get packets across the network, someone has to know how to get from sender to receiver(s), and as always you have multiple options:
- Almighty controller
- On-demand dynamic path discovery (example: probing)
- Participation in a routing protocol
For more details, watch Finding Paths Across the Network video.
The video is part of How Networks Really Work webinar and available with Free ipSpace.net Subscription.
Member News: Mali Chapter Works to Get Women Online
Lending a hand: The Mali Chapter of the Internet Society is focusing on helping women who aren’t digitally literate connect to the Internet. The chapter is providing training to help these women, including women with disabilities, earn income through online services like Facebook and WhatsApp. Participants have included small business operators, including caterers and hairdressers.
Antisocial networks: A recent survey by Internet Society chapter the Israeli Internet Association has found that about half of the people in the country refrain from responding on social networks for fear of encountering violent reactions. The survey also found that 86 percent of Israelis believe that discourse on social networks is violent, and 80 percent believe that public figures and politicians share violent discourse on social media.
Talking governance: Netherlands chapter board member Ruben Brave was recently invited by the Ministry of Foreign Affairs and the FreedomLab think tank to give a speech about Internet governance and respond to a recent position paper. He focused on recognizing human rights during debates about Internet governance. “Invest again in the explicit contribution of human rights in the re-design and management of Internet protocols by making people and resources available to knowledge institutions and invest in training for Continue reading