Tailscale VPN – A Network Engineer’s Perspective
Before we get into what Tailscale is or how it compares to a traditional remote access VPN, let’s take a quick look at Tailscale in action. The main problem Tailscale solves is remote access to your internal workloads.
In my homelab, I have a server running Linux. When I’m on my home network, I can access it directly without any issues. But if I step outside and want to access the same server over the Internet, Tailscale makes that much easier and you can have it up and running in about 10 minutes for free.
Typically, you would set up some kind of a VPN, either running on a server or a dedicated firewall. Then, you’d install a VPN client on the devices and point them to the public IP of your VPN server or firewall. That’s exactly what I have at the moment.
Tailscale takes a completely different approach, and you don’t need any of that. I’m not saying one is better than the other, I’m just pointing this out for comparison. I’ve shared my thoughts on the pros and cons of each solution at the end of this post.
Tailscale Installation and Setup
Head over to the Tailscale Continue reading
From Python to Go 016. Advanced SSH Interaction With Network Devices.
Hello my friend,
This blog continues discussion of how to manage devices (network switches and routers, servers, virtual machines, etc) using SSH, which we started in previous blog. In this discussion we’ll cover advanced interaction with devices, which include multiple commands, change of contexts and validations. Let’s dive in.
If You Say “From Python to Go”, Shall I Learn Python?
Each programming language has its strong and weak capabilities. Golang, by virtue being a low level (or at least much lower level compared to Python) is very good, when performance and efficiency are paramount. However, you don’t need it for all applications. Python give quicker time to market, possibility to iteratively develop your code with Jupyter and vast ecosystem of existing libraries. Both programming languages are important and both of them play crucial role in IT and network infrastructure management. So if you are good with Python, learn Go (Golang) using our blog series.
And if you are not, or you want to have good intro to IT and network automation holistically, enroll to our training programms:
We offer the following training programs in network automation for you:
Auto-expanding aliases in Zsh
To avoid needless typing, the fish shell features command abbreviations to expand some words after pressing space. We can emulate such a feature with Zsh:
# Definition of abbrev-alias for auto-expanding aliases typeset -ga _vbe_abbrevations abbrev-alias() { alias $1 _vbe_abbrevations+=(${1%%\=*}) } _vbe_zle-autoexpand() { local -a words; words=(${(z)LBUFFER}) if (( ${#_vbe_abbrevations[(r)${words[-1]}]} )); then zle _expand_alias fi zle magic-space } zle -N _vbe_zle-autoexpand bindkey -M emacs " " _vbe_zle-autoexpand bindkey -M isearch " " magic-space # Correct common typos (( $+commands[git] )) && abbrev-alias gti=git (( $+commands[grep] )) && abbrev-alias grpe=grep (( $+commands[sudo] )) && abbrev-alias suod=sudo (( $+commands[ssh] )) && abbrev-alias shs=ssh # Save a few keystrokes (( $+commands[git] )) && abbrev-alias gls="git ls-files" (( $+commands[ip] )) && { abbrev-alias ip6='ip -6' abbrev-alias ipb='ip -brief' } # Hard to remember options (( $+commands[mtr] )) && abbrev-alias mtrr='mtr -wzbe'
Here is a demo where gls is expanded to git ls-files after pressing space:
gls to git ls-filesI don’t auto-expand all aliases. I keep using regular aliases when slightly modifying the behavior of a command or for well-known abbreviations:
alias df='df -h' alias du='du -h' alias rm='rm -i' alias mv='mv -i' alias ll='ls -ltrhA'
HN771: Is The CCIE Still Worth It In 2025?
The CCIE remains the gold standard for networking certifications. But these days there are lots of other avenues for developing your skills and advancing your networking career, including network automation, cloud networking, and yes, even AI. So is the CCIE still worth it? We chew on this topic with Eman Conde. Eman has been known... Read more »TNO019: A Look At NetOps Inside a Colocation Facility
Ever wonder what network operations are like inside a colocation facility? Today we talk with Scott Brookshire, CTO of OpenColo. Scott shares his journey into networking, how OpenColo was founded, and the evolution of the company from a few servers to a significant data center operation. We delve into what it means to run a... Read more »Dynamically optimize, clip, and resize video from any origin with Media Transformations
Today, we are thrilled to announce Media Transformations, a new service that brings the magic of Image Transformations to short-form video files wherever they are stored.
Since 2018, Cloudflare Stream has offered a managed video pipeline that empowers customers to serve rich video experiences at global scale easily, in multiple formats and quality levels. Sometimes, the greatest friction to getting started isn't even about video, but rather the thought of migrating all those files. Customers want a simpler solution that retains their current storage strategy to deliver small, optimized MP4 files. Now you can do that with Media Transformations.
For customers with a huge volume of short video, such as generative AI output, e-commerce product videos, social media clips, or short marketing content, uploading those assets to Stream is not always practical. Furthermore, Stream’s key features like adaptive bitrate encoding and HLS packaging offer diminishing returns on short content or small files.
Instead, content like this should be fetched from our customers' existing storage like R2 or S3 directly, optimized by Cloudflare quickly, and delivered efficiently as small MP4 files. Cloudflare Images customers reading this will note that this sounds just like their existing Image Transformation Continue reading
netlab 1.9.5: New Cumulus Linux(NVUE) and Junos Features
Jeroen van Bemmel and Stefano Sasso contributed tons of new device features for the netlab release 1.9.5:
Cumulus Linux (NVUE):
- VXLAN and EVPN
- VLAN-aware router (VLAN subinterfaces) functionality
- VRF route leaking
- VRF-aware BGP and full RFC 8950 support (IPv4 BGP AF over regular IPv6 BGP session)
- BGP allowas_in and EBGP multihop
IPB170: RFC 7050 vs RFC 8781 for IPv6 Prefix Discovery
In this episode of the IPv6 Buzz, we dive into two RFCs for discovering IPv6 prefixes: 7050 and 8781. Why these two? First, 8781 is being proposed as preferential to 7050. Second, co-host Nick Buraglio is an author on 8781 and has insights to share. We start with some background on RFC 7050, including the... Read more »Docker Series – Networking and IP Addresses
It’s a bit embarrassing as a Network Engineer that we’ve made it this far into the Docker series without looking into Docker Networking and IP Addresses. So, in this part of the series, let’s take a quick look at the basics of Docker Networking. There’s a lot more to Docker networking than what we’ll cover here, but this should be enough to get most people started. We can always explore advanced topics in future posts.
If you haven’t been following the Docker series and just landed on this post, don’t worry; you can still follow along without any issues. If you’re curious about the previous posts, feel free to check them out below.
Docker Series - Hello Docker
As always, my goal here is to explain what Docker is using plain language and relatable examples, I hope to give you a clear understanding of what Docker is.
Suresh Vina
As always, if you find this post helpful, press the ‘clap’ button. It means a lot to me and helps me know you enjoy this type of content.
Docker Networking Basics
Container networking refers to the ability for containers to connect to and communicate with each other or Continue reading
N4N016: Routers Are Not Switches…Are They?
The line between switches and routers can get a little blurry. On today’s N Is For Networking, we try to clear things up. We start by defining what a router and switch are, and then provide some historical and technical context to better understand the differences. Then we discuss how modern switches have evolved to... Read more »New Networking Fundamentals Page
I wrote dozens of posts describing various fundamentals of networking technologies. They were a bit hard to find, so I organized them into subcategories and created a summary page to display them. I hope you like the new format.
D2DO266: How AI Affects the Developer Experience
Let’s talk about how AI affects the developer experience, particularly for open source tools such as Terraform. We’re joined by guests Welly Siauw and Tyler Lynch to examine a project that leverages AI to automate the generation of documentation and examples for AWS Terraform providers. We delve into the iterative development process with AI, the... Read more »Comparing IP and CLNP: Reaching Off-Subnet Nodes
The previous blog post in this series discussed how TCP/IP and CLNP reach adjacent nodes and build ARP/ND/ES caches. Now let’s move one step further: how do nodes running IPv4/IPv6 or CLNP discover the first-hop router that could forward their traffic to off-subnet nodes they want to communicate with?
Capture to pcap file using sflowtool
Replay pcap files using sflowtool describes how to capture sFlow datagrams using tcpdump and replay them in real time using sflowtool. However, using tcpdump for the capture has the downside of requiring root privileges. A recent update to sflowtool now makes it possible to use sflowtool to capture sFlow datagrams in tcpdump pcap format without the need for root access.
docker run --rm -p 6343:6343/udp sflow/sflowtool -M > sflow.pcapEither compile the latest version of sflowtool or, as shown above, use Docker to run the pre-built sflow/sflowtool image. The -M option outputs whole UDP datagrams received to standard output. In either case, type CNTRL + C to end the capture.
Transforming Cloud with Oracle’s Dedicated Region Cloud Innovations
Image – https://www.oracle.com/cloud/cloud-at-customer/dedicated-region/
Note : All opinions and writings are of my own understanding and may not represent latest or historical product development facts, please consult Oracle Documentation and Sales teams for accurate information.
Oracle’s Dedicated Region Cloud@Customer (DRCC) has emerged as a transformative solution for organisations requiring cloud capabilities within their own data centers. Recent advancements in DRCC, particularly those announced in 2024 and 2025, have introduced groundbreaking features that redefine network architecture, scalability, and edge computing. This article delves into the technical nuances of these innovations, focusing on their implications for network engineers tasked with designing, deploying, and managing hybrid and multi-cloud environments.
Architectural Evolution of DRCC: From Regional Deployment to Edge Scalability
Dedicated Region25: Compact Footprint and Modular Scalability
Oracle’s introduction of Dedicated Region25 marks a significant shift in on-premises cloud deployment. With a 75% smaller physical footprint compared to previous iterations, this configuration starts at three racks and scales incrementally, enabling organizations to deploy cloud infrastructure in constrained spaces while maintaining access to over 150 OCI services. For network engineers, this modularity necessitates a reevaluation of data center design principles.
The reduced footprint simplifies integration into existing network topologies but requires meticulous planning for Continue reading