Note: RFC1925, rule 11, reminds us that: “Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.” Understanding the past not only helps us to understand the future, it also helps us to take a more balanced and realistic view of the technologies being created and promoted for current and future use.
The Open Systems Interconnect (OSI) model is the most often taught model of data transmission—although it is not all that useful in terms of describing how modern networks work. What many engineers who have come into network engineering more recently do not know is there was an entire protocol suite that went with the OSI model. Each of the layers within the OSI model, in fact, had multiple protocols specified to fill the functions of that layer. For instance, X.25, while older than the OSI model, was adopted into the OSI suite to provide point-to-point connectivity over some specific kinds of physical circuits. Moving up the stack a little, there were several protocols that provided much the same service as the widely used Internet Protocol (IP).
The Connection Oriented Network Service, or CONS, ran on top Continue reading
Today's Full Stack Journey podcast explores AWS Controllers for Kubernetes (ACK). Currently available as a developer preview, the ACK project lets customers manage their AWS services directly from Kubernetes. Our guide to ACK is Justin Garrison, a container advocate at AWS and author.
The post Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK) appeared first on Packet Pushers.
Many network engineers and other professionals are transitioning their skills set to include programming and automation. Commonly, their previous programming experience comes from a few programming courses they attended in university a long time ago. I am one of those professionals and I created this Python programming guide for people like you and me.
In this guide, I explain the absolute minimum amount you need to learn about Python in order to create useful programs. Follow this guide to get a very short, but functional, overview of Python programming in less than one hour.
I omit many topics from this text that you do not need to know when you begin using Python; you can learn them later, when you need them. I don’t want you to have to unlearn misconceptions later, when you become more experienced, so I do include some Python concepts that other beginner guides might skip, such as the Python object model. This guide is “simple” but it is also “mostly correct”.
In this guide, I will explore the seven fundamental topics you need to know to create useful programs almost immediately. These topics are:
Tigera is pleased to announce that we have open-sourced Calico for Windows and made it immediately available for all to use for free. With the launch of open-source Calico for Windows, the vast ecosystem of Windows users now has unprecedented access to Kubernetes via the industry’s de-facto standard for Kubernetes networking and network security.
We have been collaborating with Microsoft and our joint customers over the past few years to bring Project Calico to the Windows platform, and have seen increasing demand for Windows nodes ever since the release of Kubernetes 1.14. Most enterprises have a Windows footprint, and Windows workloads are increasingly being modernized and migrated to containers and orchestrated with Kubernetes. Enterprise users want to deploy a single solution for network security that works across both Linux and Windows workloads. Open-sourcing Calico for Windows provides those users with the best and only solution available, and for free.
“We are seeing an influx in interest in Windows Kubernetes workloads, as well as interest in securing those workloads. Calico has been a key means of deploying network security policies across both Windows and Linux platforms, however, their Windows support has been commercially licensed by Tigera until today,“ said Continue reading
Getting Docker to work with IPv6 is an interesting and under-documented (trying to stay diplomatic) adventure, but there’s a shortcut to the promised land: even if your Docker environment is pure IPv4 morass, you can still reach published container ports over IPv6 thanks to the userland proxy I described last week. The performance is obviously commensurate with traversing kernel-user boundary too many times.
New to this rabbit hole? Start here.
Finally, you don’t have to tell me (again) that Docker is dead and we should all use K8s. It’s as useful as telling me CloudStack is dead and we should all use OpenStack. Different challenges deserve different tools.
The RPKI, for those who do not know, ties the origin AS to a prefix using a certificate (the Route Origin Authorization, or ROA) signed by a third party. The third party, in this case, is validating that the AS in the ROA is authorized to advertise the destination prefix in the ROA—if ROA’s were self-signed, the security would be no better than simply advertising the prefix in BGP. Who should be able to sign these ROAs? The assigning authority makes the most sense—the Regional Internet Registries (RIRs), since they (should) know which company owns which set of AS numbers and prefixes.
The general idea makes sense—you should not accept routes from “just anyone,” as they might be advertising the route for any number of reasons. An operator could advertise routes to source spam or phishing emails, or some government agency might advertise a route to redirect traffic, or block access to some web site. But … if you haven’t found the tradeoffs, you haven’t looked hard enough. Security, in particular, is replete with tradeoffs.
Every time you deploy some new security mechanism, you create some new attack surface—sometimes more than one. Deploy a stateful packet filter to protect a Continue reading
It's a baker's dozen of tech news in today's Network Break episode. We analyze Nvidia's $40 billion bid for Arm, Broadcom's banishment of Cumulus, vSphere's Kubernetes injection via Tanzu, a new hardware strategy from Extreme, new products from Palo Alto and Juniper, and more!
The post Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere appeared first on Packet Pushers.
Turning plastic into access: Students in a Jakarta, Indonesia, neighborhood are collecting discarded plastic and trading it for access at a WiFi station that sells the plastic waste, the World Economic Forum website says. The owner of the WiFi station uses the profits from selling the plastic to purchase access for small groups of students who need Internet access during continuing COVID-19 lockdowns.
No access here: About 54 percent of households in rural Bangladesh lack Internet access, according to a new survey featured at The Daily Star. Nearly six in 10 don’t have access to a smart phone. The survey also found that about eight in 10 rural households have very limited digital skills.
Trump vs. TikTok: U.S. President Donald Trump’s administration has moved to ban Chinese apps TikTok and WeChat as of 20 September, Reuters reported. The U.S. Department of Commerce was planning to issue an order on Friday that would prohibit app stores available in the U.S. from offering the two apps. TikTok owner ByteDance was still exploring a sale of the video-sharing app to U.S. companies.
Rockets on boats: SpaceX is planning to test its proposed Starlink satellite Internet network by using a Continue reading
If you are getting this message appearing repeatedly on a Juniper switch (e.g. an EX4300), check you don’t have an IRB interface that is not attached to a VLAN. Alternatively, check your IRBs all have IP addresses.
Remember my rants about VMware and firewall vendors promoting crazy solutions that work best in PowerPoint and cause more headaches than anything else (excluding increased vendor margins and sales team bonuses, of course)?
Here’s another we-don’t-need-all-that-complexity real-life story coming from one of my long-term subscribers: